Rapidly-growing SaaS company

The client is an industry-leading SaaS provider. The client has built a customer experience Cloud trusted by the world’s top companies. The client’s software enables businesses to have better customer conversations. The clients’ customer’s reps have all the relevant information of their customers right in front of them, in one place when they are on the phone. The important details about customers are no longer hidden from the person trying to serve. Best of all, the client’s software works in real-time and behind the scenes.

Challenge – The client’s enterprise customers connect to the client’s AWS and GCP-based SaaS solution via VPNs. The client’s legacy Cloud VPN solution had several limitations – high-availability, support for the strongest encryption standards, supportability, and complexity during VPN turn-up. The client engaged CloudView Partners to design a new, enterprise-grade, Cloud-native, VPN solution that would enable simple management of VPN connectivity for Enterprise customers and operational simplicity.

CloudView Partners architected a secure, highly-available VPN solution using Cisco CSR-1000V and AWS Lambda.

The design used customized automation to create high-availability and also follows infrastructure-as-code practices. CloudView Partners created a CloudFormation template for the Autoscaling group, the CSR-1000V configuration S3 bucket, and several Lambda functions that handle health checking and configuration updates.

Whenever a new customer datacenter endpoint needs to be added, a new Cisco configuration file is uploaded to S3 and triggers an event to the Config&Provisioning Lambda Function. This function uses the CSR-1000V REST API to update the configuration and enable the new VPN connection.

To maintain high availability and resilience, another Lambda Function is responsible for health checks. A health-checking function tests connectivity to the on-premise customer data-center locations and checks the CSR-1000V connection status to determine the instance health and connection states. On failed health checks, instances are replaced and notifications sent to operators for visibility.