This guide provides a foundation for securing network infrastructure using Palo Alto Networks® VMSeries virtualized next generation firewalls within the Amazon Web Services (AWS) public cloud. For an organization with a desire to move to public cloud infrastructure, the next question is often “How do I secure my applications in a public cloud?” This guide provides an overview of AWS components and how they can be used to build a scalable and secure public cloud infrastructure on AWS using the VM-Series. The architectures begin with a single virtual private cloud suitable for organizations getting started and scales to thousands to meet any size organization’s operational requirements.
Organizations are rapidly migrating their enterprise applications and data onto Amazon ® Web Services. Just as they would in the data center, applications deployed on AWS ® often require outbound connectivity to applications housed in other virtual private clouds, as well as to resources located on the corporate network or the web. As the numbers of AWS accounts and VPCs grow, managing the many individual connections becomes complex and difficult, often slowing deployments. Another challenge lies in making sure the process of protecting applications and data does not become a bottleneck for new applica - tion deployments.
Whitepaper that provides examples of how Terraform, Ansible and VM-Series automation features allow customers to embed security into their DevOps or cloud migration processes. This whitepaper walks through a “touchless” deployment scenario where a fully configured, VM-Series next generation firewall is deployed on AWS and Azure and dynamically updated using Ansible as the environment expands and contracts.
From a security perspective, moving your applications and data to AWS does not necessarily eliminate or minimize your security challenges. Regardless of their location – public, private cloud or physical data center – your applications and data are an attacker’s target, and protecting them in AWS introduces the same security challenges that are present within your on-premises network. These challenges include a lack of control over your network traffic based on the application and an inability to prevent cyberattacks.
The VM-Series for AWS allows you to securely move your applications and data onto AWS beginning first with a hybrid approach, then expanding security coverage to include segmentation policies, much like the security techniques used on your physical network.
This whitepaper walks through both AWS and VM-Series deployment guidelines for building a hybrid cloud that extends your data center into AWS. For completeness, this paper has been written using a two-tiered application environment (web server and database) that is secured by the VM-Series.