Posts

Lab: Secure public and hybrid clouds with OrionVM and WatchGuard

Welcome to the OrionVM Lab, a new blog post series about solutions you can architect using our Wholesale Cloud infrastructure.

With more clients working remote or from home than ever before, managed service providers, telcos, and system integrators are expected to deliver more resources within ever-tighter budgets and margins. BYO devices, hostile remote networks, and overly-complicated public cloud networks have compounded these challenges for IT teams.

Our sales engineering team have seen a renewed interest in our secure public and hybrid cloud offerings since we announced our WatchGuard partnership, and especially within the last few months. In our inaugural lab blog post we’ll explore several ways in which OrionVM’s public cloud and WatchGuard can be easily deployed for secure, cost-effective public and hybrid clouds in ways you may not have considered.

Mapping your physical infrastructure

Take a typical on-premise example with a WatchGuard Firebox, or your other firewall hardware. Your local infrastructure would connect to the Firebox over your LAN, which would filter traffic, perform QoS, and provide an end-point for VPNs. Here’s an idea of what it’d look like:

This easily maps to OrionVM’s cloud infrastructure for huge cost savings, scalability, and performance. Virtual servers aren’t NATd as with other clouds: VM network interfaces are directly given Internet-routable addresses to closer mimic an on-premise deployment. Unmetered, high-performance private networks can be live attached and detached between running VMs, using the exact network specification you require:

Easily, scalable hybrid-cloud

What if you want to burst to bare metal, or use co-located hardware? OrionVM’s automated networking fabric bridges networks at OSI-layer 2, allowing physical hardware to logically share the same private network as VMs on the public cloud. A WatchGuard FireboxV VM can then be used to secure an entire environment, on the same flat Ethernet network as virtual and physical compute, and without resorting to additional routers.

Okay, but I have my own hardware

For clients with existing hardware, or are looking to migrate workloads into the cloud, our WatchGuard FireboxV templates can be used to bridge disparate networks over secure VPNs. Use the skills you and your IT team have already developed with WatchGuard to deliver best-of-breed security across the public Internet. End devices can be easily configured using WatchGuard’s authentication and security tools to access cloud infrastructure, which you can easily scale with our API, command line tools, and white-labellable portal as required.

How easily can I integrate my own DC infrastructure?

This approach to networking becomes especially game-changing when a true layer-2 hybrid cloud is built with our infrastructure, your own hardware, our bare metal services, or your end points. In this scenario, the partner is using their own cage to host existing services, OrionVM’s public cloud and bare metal for burstable workloads, and their remote customer’s site. OrionVM’s aggressively-priced port costs and layer 2 networking make hybrid clouds affordable and simple. OrionVM peers with Megaport, the Equinix Cloud Exchange, and others to allow VLANs to be trunked into virtual environments, or you can bring in your own x-connects.

Why this is all so cool

OrionVM’s unique network fabric and WatchGuard partnership don’t just make these scenarios feasible, they make them it affordable, fast, and easy. If you want more information or a deeper dive, check out the video of our WatchGuard security webinar from May, where I explored the challenges facing cloud security, and how OrionVM is the perfect platform to deliver secure environments with WatchGuard.

Thanks for joining us in the lab! See you next time.