📞 1300 271 797
🛠ī¸
IT Services
12 services available
â–ŧ
đŸ–Ĩī¸
Managed IT Services
24×7 monitoring, helpdesk & support
🤝
Co-Managed IT Services
Augment your IT team with enterprise expertise
☁ī¸
Cloud Migration
Azure & AWS expertise
📊
IT Consulting & Strategy
Roadmaps, health checks, advisory
đŸ’ŧ
Productivity & Collaboration
Microsoft 365, Teams, SharePoint
🌐
Networking & Telecommunications
Business internet, networks, phone
💾
Data Protection & Recovery
Backup & disaster recovery
🐧
Linux Services & Administration
RHEL, Ubuntu, CentOS, Alma Linux, Rocky Linux, Docker
đŸ–Ĩī¸
Windows Server Administration & Support
Windows Server, Active Directory, Exchange, SQL Server, PowerShell
📧
Professional Email Signatures
Enterprise email signatures, server-side deployment, consistent branding
📋
Compliance Documentation
IT governance documentation, audit preparation, regulatory compliance
🔧
Technical Debt & Legacy Modernisation
Fix abandoned codebases, upgrade legacy systems, modernise web applications
🛡ī¸
Cybersecurity
10 security solutions
â–ŧ
🛡ī¸
Essential Eight Implementation
ACSC framework implementation
🔐
Identity & Access Management
MFA, password management, privileged access
đŸ’ģ
Endpoint Protection
Advanced threat detection & response
🌐
Network Security
Firewalls, intrusion prevention
đŸ‘Ĩ
Security Awareness
Training & phishing simulations
📊
Security Assessments
Audits & penetration testing
🔒
Cybersecurity & Compliance
MFA, firewalls, Essential Eight
📧
Advanced Email Security
Beyond default Microsoft 365 & Google Workspace
📚
Resources
2 resources available
â–ŧ
📚
Insights
IT & cybersecurity articles
🔍
Free IT Health Check
Lightweight assessment to get started
📞
Support & Company
3 quick links
â–ŧ
❓
FAQ
Common questions & answers
📞
Contact Us
Get in touch today
ℹī¸
About Vee Tech
Our story & expertise

Hybrid Cloud Networking: Office to AWS Connection

📅 2024-08-08 ✍ī¸ Vee Tech 🏷ī¸ Case Study
← Back to Insights

Connecting Branch Offices to AWS Cloud

A client of ours in the engineering sector was undergoing a cloud transformation – migrating significant parts of their infrastructure from on-prem data centres into AWS. This included servers and applications that branch offices needed to access. The question was: how do we seamlessly connect multiple branch offices to resources in AWS with security and reliability? Traditional site-to-site VPNs had to be adapted to now connect not just branches to head office, but branches directly to cloud workloads. The client also wanted to use Infrastructure-as-Code for their cloud setup to make deployments repeatable. We stepped in to design and document the hybrid networking approach.

Solution – AWS Integration

We extended the client's existing Palo Alto Networks firewall architecture into AWS. Essentially, we stood up virtual Palo Alto firewalls (VM-Series) in their AWS environment to act as VPN endpoints. Each branch office firewall would establish IPsec VPN tunnels to the AWS cloud firewalls, creating a secure mesh between every site and the cloud.

We leveraged Terraform (in line with the client's DevOps practices) to provision the AWS networking components – VPCs, subnets, route tables, VPN gateways, etc., all defined as code. This ensured that the cloud side of the network could be deployed consistently in dev, test, and prod accounts.

On the branch side, we updated the firewall configurations to add new tunnels to AWS, alongside their existing head-office VPNs. Our team produced updated installation documentation for the branch firewall rollout, which now included detailed instructions for the AWS connectivity portion, reflecting the recent infrastructure changes. This covered how to configure the VPN peer info, authentication (using cloud-friendly methods like certificate or pre-shared keys stored in secure vaults), and how to prioritise cloud-bound traffic.

Execution

The hybrid network came to life first in a pilot site. We configured the branch firewall using the guide and brought up the IPsec tunnel to AWS. Immediately, we saw the branch's local resources securely routing to AWS as intended. For example, the branch's database application, which was migrated to an EC2 instance, became reachable over the VPN with negligible latency.

We also set up monitoring on the VPN tunnels – if one dropped, alerts would be sent – and failover paths in case a tunnel went down (some branches had two tunnels via different ISPs for redundancy). Over a few weeks, we worked with the client to roll this out to all their major offices. The use of Terraform meant the AWS side was largely click-button deployment for each new tunnel, saving time and avoiding manual errors.

Outcome

The client successfully transitioned to a hybrid cloud network architecture. Their offices can now consume AWS-hosted applications as if they were still on the local LAN, with all traffic encrypted in transit. The solution provides flexibility – as they open new branch sites, the VPN setup is templated and straightforward to replicate, and as they expand AWS services, those are easily integrated into the network.

We also helped the client set up some AWS native resiliency (like AWS Backup and snapshots for critical systems) to complement the network work. In the end, the project demystified cloud connectivity for the client's IT team. We documented every step and even the Terraform code references, so they felt in control of their new environment.

This hybrid cloud connectivity project shows how we blend networking know-how with modern infrastructure-as-code principles to achieve a scalable, secure solution. The client's CTO put it best: the project "bridged our old infrastructure with the new" – enabling their digital transformation without leaving the branch offices behind.

Key Components of Hybrid Cloud Networking

  1. Virtual Firewalls in Cloud: VM-Series firewalls in AWS act as VPN endpoints
  2. IPsec VPN Tunnels: Secure encrypted connections between branches and cloud
  3. Infrastructure-as-Code: Terraform automates cloud network provisioning
  4. Centralised Management: Unified firewall management across on-prem and cloud
  5. Monitoring and Failover: Automated alerts and redundant paths for reliability

Benefits of Hybrid Cloud Architecture

  • Seamless Connectivity: Branch offices access cloud resources like local systems
  • Security: Enterprise-grade firewall protection for cloud traffic
  • Scalability: Easy to add new branches or cloud services
  • Consistency: Same security policies across on-prem and cloud
  • Automation: Infrastructure-as-Code reduces manual errors and speeds deployment

Best Practices for Hybrid Cloud Networking

  • Use Infrastructure-as-Code: Automate cloud network provisioning for consistency
  • Centralise Management: Unified firewall management simplifies operations
  • Plan for Redundancy: Multiple VPN tunnels and failover paths
  • Monitor Everything: Set up alerts for tunnel status and performance
  • Document Thoroughly: Keep guides updated as infrastructure evolves

Ready to connect your offices to the cloud? Contact Vee Tech to discuss hybrid cloud networking solutions for your organisation.

Ready to Achieve Similar Results?

See how Vee Tech can help your business transform its IT infrastructure and achieve your technology goals. Get in touch for a free consultation.

Get Started TodayLearn About Cloud Migration