• AWS Architecture Blog Secure Amazon Elastic VMware Service (Amazon EVS) with AWS Network Firewall Amazon Elastic VMware Service (Amazon EVS) helps organizations migrate, run, and scale VMware workloads natively on AWS. • It delivers a VMware Cloud Foundation (VCF) environment that operates directly within your Amazon Virtual Private Cloud (Amazon VPC) on Amazon EC2 bare-metal instances. • The solution helps customers accelerate cloud migrations and data center exits without needing to refactor existing applications. • For customers considering a hybrid cloud architecture, a unified network security solution is required to protect application traffic across Amazon EVS environments, Amazon VPCs, on-premises data centers and the internet. • It also needs to provide a single point of control for firewall policy management, centralized logging, and monitoring to streamline network security operations. • AWS Network Firewall is a managed firewall and intrusion detection and prevention service (IDS/IPS) that can help address these requirements.
Article Summaries:
- AWS announced how to secure its Amazon Elastic VMware Service (EVS) using AWS Network Firewall. The solution embeds a managed firewall into the VPC traffic path via Transit Gateway route updates, enabling transparent inspection of all packets without altering application flows. Centralized policy management, IDS/IPS, and logging to S3, CloudWatch, or Firehose provide unified visibility across EVS clusters, standard workload VPCs, on‑premises Direct Connect links, and internet egress. The architecture supports east‑west traffic between EVS and workload VPCs and north‑south traffic to on‑premises and the internet, streamlining security operations for hybrid VMware workloads on AWS.
Sources: