Integrating AWS Cloud with SD-WAN Controllers.

In today’s interconnected business landscape, organizations require secure and efficient network connectivity to protect sensitive data and ensure reliable communication. This blog post explores the implementation of a Certificate Authority (CA) server in the AWS cloud and controllers in on-premises environments. By leveraging the power of AWS cloud services and on-premises controllers, businesses can establish a robust and secure network infrastructure.

Understanding the Role of a CA Server:

• A Certificate Authority (CA) server issues and manages digital certificates for secure communication.
• Digital certificates establish trust and encryption between network devices.
• Implementing a CA server ensures the authenticity and integrity of network connections.

Benefits of Implementing a CA Server in AWS Cloud:

• Scalability: AWS cloud enables organizations to meet growing certificate needs without compromising performance.
• Reliability: AWS infrastructure ensures high availability and uptime for the CA server.
• Cost Optimization: Pay-as-you-go pricing model allows efficient scaling of CA server resources.

Setting Up a CA Server in AWS Cloud:

• Choose the appropriate EC2 instance and storage options for hosting the CA server.
• Install and configure the CA server software, ensuring proper certificate management capabilities.
• Generate and manage digital certificates using the CA server for issuance, revocation, and renewal.

TOPOLOGY

================Vmanage===============

system
host-name Vmanage
system-ip 1.1.1.1   
site-id 1
vbond 10.10.10.5
clock timezone Asia/Kolkata
organization-name <>
commit
!
exit
vpn 0
no int eth0
int eth1
ip add 10.10.10.3/28
no shut
tunnel-interface
allow-service all
allow-service sshd
allow-service netconf
commit
!
exit
vpn 512
int eth0
ip add 192.168.163.150/24
no shut
!
ip route 0.0.0.0/0 192.168.163.2
commit
!
exit
!
vpn 512
int eth0
duplex full
commit
exit
!
vpn 0
int eth1
duplex full
commit
exit
!

================Vsmart===============

system
host-name Vsmart
system-ip 1.1.1.2  
site-id 1
vbond 10.10.10.5
clock timezone Asia/Kolkata
organization-name <>
commit
!
exit
vpn 0
no int eth0
int eth1
ip add 10.10.10.4/28
no shut
tunnel-interface
allow-service all
allow-service sshd
allow-service netconf
commit
!
exit
!
vpn 512
int eth0
ip add 192.168.163.151/24
no shut
!
commit
!
exit
exit
!
vpn 512
int eth0
duplex full
commit
exit
!
vpn 0
int eth1
duplex full
commit
exit
!
================Vbond===============

system
host-name Vbond
system-ip 1.1.1.3 
site-id 1
vbond 10.10.10.5 local
clock timezone Asia/Kolkata
organization-name <>
commit
!
exit
vpn 0
no int eth0
int ge0/0
ip add 10.10.10.5/28
no shut
tunnel-interface
allow-service all
allow-service sshd
allow-service netconf
commit
!
exit
vpn 512
int eth0
ip add 192.168.163.152/24
no shut
!
commit
!

Now let’s Configure CA Server in AWS Cloud:

Create a Windows Server EC2.

Apply Inbound Policy

Download RDP Client and Decrypt Password with Downloaded Private Key.

Create a Role.

Select the Server

Select the Active Directory Certificate Services.

Select Certificate Authority and Web Enrollment

Install and Configure.

Select the Role Services.

Select Standalone CA

Select Root CA

Create New Key.

Provide Remaining Details and close.

Open the CA server Portal in web browser.

Download CA Certificate.

Install that CA certificate in Settings.

Generate the CSR Certificate for vManage.

Copy/Download the CSR Certificate.

Paste it in Request Certificate >> Advanced Certificate in CA Portal.

Issue the Certificate in CA Server.

Download the Certificate in issued Certificate.

Install it on Certificates >> Controllers.

If there is no mistakes made it will be successfully installed. If not error will be displayed.

Do the same for all the controllers vSmart and vBond.

Generate CSR and get it issued and install the Certificate. You will be able to see all devices are in sync and certificate Installed.

Dashboard View.

The Goal of Creating a CA Server in AWS and Integrating with on prem SD WAN Controllers has been achieved.

By implementing a CA server in the AWS cloud and deploying on-premises controllers, organizations can establish a secure and efficient network infrastructure. This integration allows businesses to leverage the scalability and reliability of AWS cloud services while maintaining control and security within their on-premises networks. With secure connections, robust encryption, and authentication measures in place, organizations can confidently embrace the advantages of cloud computing while ensuring the protection of their sensitive data and reliable network communication.