Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Author: Lino Almojela

Categories
Blogs

Adding IPSec VPN as SD-WAN Member on FortiGate with Performance SLA for Health Checks

Adding IPSec VPN as a Software SD-WAN Member on FortiGate (Pre-7.0) with Performance SLA for Health Checks

Introduction

Welcome! In this tutorial, we’ll walk through how to add an IPSec VPN tunnel as a Software SD-WAN member on a FortiGate firewall (pre-7.0 firmware), and how to configure a Performance SLA for tunnel health checks.

About the Author

I’m Paula Wong, CEO and Founder of Accend Networks, a full-service IT solutions provider specializing in cybersecurity, networking, and cloud services – from power to protection.

Certifications:

C|EH Master, CCIE #13062, PCNSE, C-10/C-7 #1086962, Oracle OCI, AWS Certified Cloud Practitioner

With over 30 years of industry experience, including hands-on roles in Fortune 500 environments, I help clients streamline secure and scalable network infrastructure.

Step 1: Remove Active References to the IPSec Tunnel

Before you can use an existing VPN tunnel as an SD-WAN member, you must remove any active configuration references to it.

  • In this example, we’re using a VPN tunnel named Iperf
  • If your tunnel shows “4” in the references column, click that number to see where it’s in use.
  • Remove those references so the tunnel can be added to an SD-WAN zone.

Step 2: Create an SD-WAN Zone and Add the VPN Tunnel

Once the tunnel is cleared of active bindings:

  • Go to Network > SD-WAN Zones
  • Create a new SD-WAN zone (e.g., IPSec_Zone)
  • Add the Iperf tunnel (or your tunnel name) as a member

Step 3: Configure Performance SLA for Health Checks

Now we configure a Performance SLA to monitor the health of the IPSec tunnel.

  • Go to Network > Performance SLA

  • Add a new SLA and point the server IP to the remote end of the VPN tunnel

  • Protocol options can include Ping, HTTP, DNS, or custom probes

Note: The WAN link field is optional, but specifying it can improve traffic steering.

Step 4: Create an SD-WAN Rule

Finally, create a rule to define how traffic uses the tunnel based on SLA:

  • Set source and destination

  • Define SLA targets (e.g., latency, jitter, packet loss)

  • Apply load balancing logic (e.g., use WAN1 as primary, WAN2 as backup)

When the SLA thresholds are violated, FortiGate will dynamically reroute traffic based on your configuration.

Summary

That’s it! You’ve now:

  1. Cleared references from an existing IPSec tunnel
  2. Added it as a member to your SD-WAN zone
  3. Configured a Performance SLA for health monitoring

Created traffic rules for dynamic failover and load balancing

Contact

Need help with FortiGate SD-WAN, IPSec, or Performance SLA design?

Reach out:

Categories
Blogs

Amazon ECR

Amazon ECR: Managing Docker Images with Elastic Container Registry

Amazon Elastic Container Registry (ECR) is a fully managed container image registry service designed to store, manage, and deploy Docker container images securely. ECR integrates seamlessly with Amazon ECS, EKS, and other AWS services, enabling efficient containerized application deployment and simplifying DevOps workflows. This blog provides an overview of Amazon ECR and how to set it up though the AWS console.

What is Amazon ECR

Amazon Elastic Container Registry (Amazon ECR) is a secure, scalable, and reliable AWS-managed container image registry service that supports private repositories with resource-based permissions using AWS IAM.

Private and Public Repositories

ECR supports two repository types, making it flexible for both internal usage and public sharing.

  • Private Repositories: Suitable for storing proprietary images that are accessible only within your organization. Access is controlled through AWS IAM, ensuring your container images remain secure.
  • Public Repositories: ECR’s Public Gallery allows you to host images publicly, making them available for community use. This is useful for open-source projects or sharing container images with a broad audience.

Using private and public repositories enables a hybrid approach to managing your image distribution, where sensitive applications can remain secure within private repositories while open-source or shareable images can be accessed publicly.

Why Use Amazon ECR?

Amazon ECR offers robust capabilities and benefits that make it a preferred choice for Docker image management:

  • Security and Compliance: With encryption in transit, image scanning, and integrated AWS IAM policies, Amazon ECR ensures high security for your Docker images.
  • Scalability: ECR scales automatically, handling large volumes of Docker images without requiring manual configuration or intervention.
  • Integration with AWS Services: ECR seamlessly integrates with Amazon ECS, EKS, CodePipeline, and CodeBuild, enabling automated deployments and CI/CD workflows.
  • Simplified Workflow: ECR eliminates the need to set up and manage your container image registry, reducing operational overhead.

Getting Started with Amazon ECR

Step 1: Setting Up an Amazon ECR Repository

To begin using Amazon ECR, you need to create a repository where your Docker images will be stored.

Open the Amazon ECR Console: Go to the Amazon ECR Console. Then type ECR in the search bar and select ECR under services.

Click on Create Repository.

Configure Settings: Provide a name for your repository and configure settings like image scanning and encryption.

Repository Policies: Set access permissions for your repository. By default, repositories are private, but you can adjust policies for specific users, roles, or accounts.

For Image tag mutability, select immutable. When tag mutability is turned on, tags are prevented from being overwritten.

Step 2: Authenticating Docker to ECR

After creating a repository, you must authenticate Docker to interact with Amazon ECR. AWS provides a simple command to obtain and configure Docker login credentials.

Run Authentication Command:

Copy code

aws ecr get-login-password –region <region> | docker login –username AWS –password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com

Replace <region> and <aws_account_id> with your AWS region and account ID.

Verify Authentication: You should see a “Login Succeeded” message, confirming Docker’s successful authentication with Amazon ECR.

Security and Access Management

ECR is highly secure, leveraging AWS Identity and Access Management (IAM) to control access. Users and roles can be granted specific permissions, ensuring secure access to repositories and images.

  • IAM Policies: Using IAM policies, you can control who has access to view, upload, or delete images.

This control allows fine-grained security, ensuring your images are accessible only to those with explicit permission.

Automating Docker Deployments with Amazon ECR

Integrating Amazon ECR with other AWS services lets you automate container image deployments, providing agility in CI/CD pipelines. Here’s a high-level overview of how ECR can streamline the deployment process.

CI/CD Integration with CodePipeline and CodeBuild: Amazon ECR integrates with CodePipeline and CodeBuild to automate Docker image builds, tests, and deployments.

ECS and EKS Deployments: ECR is the primary image registry for Amazon ECS and Amazon EKS, allowing you to quickly deploy containerized applications.

Scheduled Image Scanning: Regularly scan your images for vulnerabilities with Amazon ECR’s built-in scanning feature, which provides insight into image security.

Best Practices for Managing Docker Images in Amazon ECR

Enable Image Scanning: Regular scanning helps identify vulnerabilities in your Docker images, adding an extra layer of security.

Use Lifecycle Policies: Lifecycle policies allow you to define rules for image retention, which helps optimize storage costs by automatically deleting older, unused images.

Implement Access Control: Use IAM policies to manage permissions, ensuring only authorized users can push or pull images from the repository.

Use Version Tagging: Consistent version tagging helps in identifying and managing different versions of an image efficiently, especially in multi-environment deployments.

Conclusion

Amazon ECR offers a scalable, secure, and fully managed solution for managing Docker images. It streamlines the containerization process, allowing teams to focus on building and deploying applications without worrying about registry management.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.


Thank you!

Categories
Blogs

Amazon Cognito

Amazon Cognito: Empowering User Identity for Your Web and Mobile Applications

In today’s online world, managing user identities securely is very important for any website or mobile app. Amazon Cognito, which is part of Amazon Web Services (AWS), is a strong tool for handling and securing user logins. This blog will explore how Amazon Cognito empowers user identity, enhances security, and simplifies integration, allowing developers to focus on building robust applications.

What is Amazon Cognito?

Amazon Cognito is a fully managed service that provides user identity and access management for web and mobile applications. It enables developers to create secure, scalable authentication flows and manage user profiles. By using Amazon Cognito, you can add sign-up and sign-in features, multi-factor authentication (MFA), and even social sign-in options (like Google and Facebook) to your apps without worrying about the complexities of identity management.

User Pools and Identity Pools in Amazon Cognito

Amazon Cognito offers two main components for managing user identities: User Pools and Identity Pools.

User Pools: This component manages users’ credentials and profiles. User pools help developers create user sign-up and sign-in functionality with customizable authentication flows, such as multi-factor authentication and account recovery.

Identity Pools: Identity pools allow users to obtain temporary AWS credentials, giving them access to other AWS services. This feature is handy for building secure, serverless applications and is an effective way to manage permissions without requiring complex backend configurations.

Why Use Amazon Cognito for Web and Mobile Authentication?

Security is at the forefront of Amazon Cognito, offering features like multi-factor authentication, secure password policies, and adaptive authentication. This lets you enforce specific security protocols for enhanced user protection while minimizing the risk of unauthorized access. The service also supports OpenID Connect, OAuth 2.0, and SAML, allowing seamless integration with other identity providers for secure, federated authentication.

Customization: With Amazon Cognito, you can customize sign-up and sign-in processes to suit your brand and application needs. This includes customizing email templates, user verification steps, and even the login UI.

Scalability is inherent in Amazon Cognito’s infrastructure, which is built on the AWS cloud. This makes it suitable for applications of all sizes, whether you’re managing a few thousand users or millions.

Implementing Role-Based Access with Amazon Cognito

Amazon Cognito supports role-based access control (RBAC), which enables developers to assign specific permissions to different user groups. For example, you could assign different access roles to administrators, premium users, and regular users, each with distinct access to parts of your application.

RBAC is managed by combining IAM roles with identity pools in Amazon Cognito, where users in different groups can be mapped to IAM roles with varying permissions. This setup helps create a secure, customizable experience for your users without hardcoding permissions.

Using Multi-Factor Authentication (MFA) for Enhanced Security

Multi-factor authentication is a powerful security feature provided by Amazon Cognito. By enabling MFA, you add an extra layer of protection to your application.

Amazon Cognito and Social Identity Providers

One of the major benefits of Amazon Cognito is its seamless integration with social identity providers like Google, Facebook, Apple, and Amazon. This allows your users to log in using their existing social media accounts, making the login process easier and more convenient. For many users, social logins are preferred as they eliminate the need to remember multiple passwords, enhancing user engagement and retention.

Custom Authentication Flows with Amazon Cognito

For applications that require more control, Amazon Cognito supports custom authentication flows. This feature enables you to define unique authentication steps, including conditional verifications, complex challenge responses, and custom error handling.

How Amazon Cognito Supports Serverless Applications

Serverless applications benefit from Identity Pools in Amazon Cognito, which provides temporary AWS credentials that users can use to access other AWS services. This is an efficient way to manage access without requiring a dedicated backend for session management, allowing you to build robust, secure applications while reducing infrastructure costs.

Conclusion

Amazon Cognito is a powerful tool that simplifies identity management. It provides everything from secure logins to multi-factor authentication and social sign-in options.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.


Thank you!

Categories
Blogs

Effortless Job Processing with AWS Batch

Effortless Job Processing with AWS Batch: A Complete Guide to Scaling Compute Workloads

Efficient job processing is essential for organizations handling complex computing workloads. AWS Batch, Amazon Web Services’ fully managed batch processing service, streamlines this process by automating the scheduling, provisioning, and scaling of compute resources.

What is AWS Batch?

AWS Batch is a fully managed service that enables you to run large-scale compute workloads in the cloud without provisioning resources or managing schedulers. The service takes care of infrastructure management, so you can focus on designing your workflows instead of worrying about underlying resources.

AWS Batch dynamically provisions the optimal quantity and type of compute resources (for example, CPU or memory-optimized instances) based on the volume and specified resource requirements of the batch jobs submitted.

It plans, schedules, and executes your batch computing workloads across the full range of AWS compute services and features, such as Amazon EC2 and Spot Instances.

Here’s a breakdown of key components and how AWS Batch works:

Components:

Compute Environments: AWS Batch uses compute environments to manage the infrastructure on which your batch jobs run.

It supports both EC2 instances and AWS Fargate containers as computing resources.

Job Definitions: A job definition specifies how a job is to be run, including the Docker image to be used, the command to be executed, and various parameters.

It encapsulates the information needed for jobs to be submitted to the batch environment.

Job Queues: Job queues are used to submit jobs. You submit a job to a specific queue, and AWS Batch places the job in the queue.

Each queue is associated with one or more priority levels, which determines the order in which jobs are scheduled.

Jobs: Jobs are the unit of work in AWS Batch. Each job is defined by a job definition, and it runs on an Amazon EC2 instance or an AWS Fargate container.

Workflow

Submit Job: Users submit jobs to a specific job queue. The job queue contains a list of jobs that are waiting to run.

Job Scheduler: AWS Batch job scheduler takes care of prioritizing, scheduling, and launching jobs based on the job queue’s priority levels.

Compute Environment Allocation: The job scheduler allocates compute resources from the defined compute environment to run the jobs.

Run Jobs: Jobs are executed on EC2 instances or Fargate containers based on the specifications in the job definition.

 Monitoring and Logging: AWS Batch provides monitoring through Amazon CloudWatch, allowing you to track the progress of jobs, resource utilization, and other relevant metrics.

Scaling: AWS Batch can automatically scale compute resources based on the workload. It can dynamically adjust the number of instances or containers in the computing environment to accommodate changes in demand.

Key Features of AWS Batch

Flexible Compute Workloads: AWS Batch supports both on-demand and Spot Instances in Amazon EC2, and AWS Fargate for serverless compute environments. This allows you to choose the most cost-effective or high-performance resources based on your workload.

Automatic Job Scheduling: With AWS Batch, job scheduling and queue management are automated, ensuring jobs are executed in the most efficient order.

Dynamic Resource Scaling: AWS Batch dynamically scales compute resources to meet the requirements of your jobs.

Seamless AWS Integration: AWS Batch integrates seamlessly with other AWS services like Amazon S3, Amazon RDS, and Amazon CloudWatch.

Benefits of AWS Batch
  • Efficient Job Processing
  • Cost-Effective Batch Processing with AWS Spot Instances
  • High Scalability
  • Easy Integration with Data Pipelines

AWS Batch vs. Other Processing Solutions

When compared to other solutions like Amazon Lambda, Amazon EC2, or traditional on-premises processing, AWS Batch stands out in several ways:

AWS Batch vs. Lambda: AWS Lambda is ideal for lightweight, short-duration tasks, while AWS Batch is designed for long-running, compute-heavy jobs that require scaling across multiple instances.

AWS Batch vs. EC2: AWS Batch is a more efficient choice than manually managing EC2 instances for batch processing, as it automates scaling and job scheduling, reducing the need for administrative overhead.

Batch Processing vs. Real-Time Processing: While AWS Batch excels in handling large-scale, time-independent jobs, real-time processing solutions like AWS Kinesis are better for streaming data and instant analytics.

Common Use Cases for AWS Batch

Data Processing: AWS Batch is ideal for data-intensive tasks such as ETL processes, analytics, and report generation, where jobs are scheduled to process large datasets.

Financial Modeling and Simulations: Financial institutions use AWS Batch for tasks like Monte Carlo simulations, risk assessment, and financial forecasting, which require substantial computing power.

Scientific Research and Analysis: Researchers rely on AWS Batch for simulations, data analysis, and processing large datasets from experiments, which often need parallel computing.

Machine Learning: Data preprocessing for machine learning workflows, such as image processing or data transformation, can be automated and scaled using AWS Batch.

Conclusion

AWS Batch offers a flexible and cost-effective way to manage large computing tasks. It automatically schedules, adjusts, and manages computing resources, making it simpler to handle complex jobs and reducing the need for manual management.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.


Thank you!

Categories
Blogs

Unlocking the Power of Amazon Aurora

Unlocking the Power of Amazon Aurora: A Comprehensive Guide to High-Performance Databases

Amazon Aurora is a fully managed, relational database service that combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open-source databases. In this blog, we’ll explore the key features of Amazon Aurora, its advantages, and how it stands out in the world of cloud databases.

What is Amazon Aurora?

A fully managed MySQL and PostgreSQL-compatible relational database built for the cloud that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases.

Two types of DB instances make up an Aurora DB cluster

Primary Instance — Supports read and write operations, and performs all of the data modifications to the cluster volume. Each Aurora DB cluster has one primary DB instance.

Replica Instances— Connects to the same storage volume as the primary DB instance and supports only read operations. Each Aurora DB cluster can have up to 15 Aurora Replicas in addition to the primary DB instance.

Key Points

  • Amazon Aurora architecture gives separation of storage and computing.
  • Automatic failover to reader instance — When a problem affects the primary instance, one of these reader instances takes over as the primary instance.
  • The cluster endpoint always represents the current primary instance in the cluster. To use a connection string that stays the same even when a failover promotes a new primary instance, you connect to the cluster endpoint.
  • Aurora automates and standardizes database clustering and replication, which are typically among the most challenging aspects of database configuration and administration.

Key Features of Amazon Aurora

High-Performance Amazon Aurora is designed to deliver performance that far exceeds traditional MySQL and PostgreSQL databases.

Scalability Aurora’s architecture supports auto-scaling to accommodate growing database needs. You can scale your database up or down with minimal manual intervention.

High Availability and Durability Aurora provides built-in high availability with a replication feature that spans multiple availability zones.

Automated Backups Amazon Aurora automates backups, and these backups are continuous and incremental, ensuring that no data is lost.

SecurityAmazon Aurora provides multiple layers of security. It supports encryption of data both at rest and in transit using SSL. Additionally, it integrates seamlessly with AWS Identity and Access Management (IAM) for access control, Amazon VPC for network isolation, and AWS Key Management Service (KMS) for key management.

Multi-Master Support Amazon Aurora supports multi-master replication, which allows you to write to multiple Aurora instances in different Availability Zones.

Amazon Aurora MySQL vs PostgreSQL

Amazon Aurora is compatible with both MySQL and PostgreSQL, and it provides a high level of performance for both engines. When choosing between Aurora MySQL and Aurora PostgreSQL, businesses should consider their application’s needs:

  • Aurora MySQL is ideal for applications that rely on MySQL’s features and syntax but require more scalability and performance than what standard MySQL can offer.
  • Aurora PostgreSQL provides the performance and scalability of Aurora with the rich feature set of PostgreSQL, making it a great choice for data-intensive applications that need advanced data types and custom functions.

Amazon Aurora Serverless

For applications with unpredictable database workloads, Amazon Aurora Serverless offers an on-demand, auto-scaling configuration. Aurora Serverless automatically adjusts the compute capacity based on application needs, and you only pay for the capacity you use. This makes it a cost-effective option for infrequent or variable workloads, such as development, testing, or low-traffic applications.

Read Replicas

  • Elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.
  • Aurora Replicas connect to the same storage volume as the primary DB instance, but support read operations only.
  • Aurora DB cluster with single-master replication has one primary DB instance and up to 15 Aurora Replicas.

Advantages of Amazon Aurora

Advantages:

  • Global reads with local latency.
  • Scalable secondary Aurora DB clusters.
  • Fast replication from primary to secondary Aurora DB clusters.
  • Recovery from Region-wide outages (lower RTO and RPO).

Use Cases for Amazon Aurora

E-commerce Platforms: With high availability, fault tolerance, and the ability to handle high traffic spikes, Amazon Aurora is perfect for large-scale e-commerce platforms that require database scalability.

Gaming: Games with large player bases can benefit from Aurora’s fast, scalable database capabilities, which can handle millions of transactions per second.

SaaS Applications: Aurora’s flexibility, high performance, and multi-region replication make it a great choice for SaaS companies that need reliable, low-latency access to their databases.

Conclusion

Amazon Aurora is a fully managed relational database engine that’s compatible with MySQL and PostgreSQL which makes it easier, faster, and cost-effective to manage your data and build scalable, reliable, and high-performance applications.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at sales@accendnetworks.com.


Thank you!