Simplify Global Security Inspections with AWS Cloud WAN Service Insertion by Amazon Web Services

Simplify Global Security Inspections with AWS Cloud WAN Service Insertion by Amazon Web Services



AWS Cloud WAN is a managed wide-area networking (WAN) service that connects data centers, branch offices, and Amazon Virtual Private Clouds (Amazon VPCs). Customers are increasingly recognizing the service for its ability to create a global network while emphasizing the need for security inspection functions. Traditional security inspection approaches have faced challenges when implemented at scale with AWS Cloud WAN, prompting the need for secure global network design guidance. To address this, AWS has introduced service insertion, allowing customers to easily insert networking and security services using a central policy document for increased operational simplicity.

With service insertion, customers can deploy centralized security architectures on AWS Cloud WAN to consolidate resources, reduce management burdens, and save on security infrastructure costs. This feature enables simplified routing for network services insertion and eases deploying multi-Region security inspection. Key concepts involved in service insertion include network functions groups (NFG) that automatically steer traffic through network functions deployed in VPCs or on-premises networks, allowing customers to specify segments for redirection.

The capability of service insertion simplifies architectures by providing scenarios like intra-Region inter-segment inspection, inter-Region inter-segment dual inspection, and inter-Region inter-segment single inspection. Detailed steps are provided for inserting network functions in the traffic path, ensuring traffic is routed through the specified core network attachments for inspection. Packet walkthroughs illustrate how resources communicate within and between Regions, highlighting the benefits of NFG and service insertion.

Considerations for service insertion include global applicability across AWS Regions, NFG quota consumption, support for attachment types, configuration flexibility, and IPv4/IPv6 compatibility. The service enables stateful inspection through security infrastructure and supports industry-leading partners for enhanced security solutions. Overall, service insertion on AWS Cloud WAN offers a powerful solution for customers to architect secure, interconnected networks with ease and efficiency. For further details, refer to the AWS Cloud WAN documentation.

Article Source
https://aws.amazon.com/blogs/networking-and-content-delivery/simplify-global-security-inspection-with-aws-cloud-wan-service-insertion/