Resources Created by Multicloud Defense
The following resources are created by Multicloud Defense when you create a gateway, VPC, or VNet. These are created as part of the process and do not require any additional actions from the user. Note that difference resources are created per each cloud service provider requirements.
GCP Resources
Multicloud Defense creates two service VPCs and four firewalls. See the following for the exact resource allocation:
Service VPC
-
Management
-
Datapath
Firewall Rules
-
Management (ingress)
-
MAnagement (egress)
-
Datapath (egress)
-
Datapath (egress)
Note | The Service VPC CIDR cannot overlap with the Spoke VPC. |
AWS Resources
Multicloud Defense creates three service VPCs to address the supported use cases (ingress, egress/ east-west). Created and affiliated with each of these VPCs is the following:
-
Four subnets in each availability zone.
-
One route table for each of the subnets.
-
Two security-groups: management and datapath.
-
One Transit Gateway.
NoteThis Transit Gateway is created and attached to the gateway during the creation of the service VPC. This gateway can be reused with other service VPCs.
-
A Transit Gateway route table.
NoteThe route table is attache to the Service VPC as part of the creation process.
Note | The AWS Gateway Load Balancer (GWLB) does not support add/remove of availability zones after initial deployment of a GWLB. You will need to redeploy the service VPC if you need to change availability zones. See AWS documentation for more information. |
Azure Resources
Multicloud Defense created one Service VNet with the following resources:
-
One VNet.
-
Two network security groups.
The Service VNet CIDR value must not overlap with spoke VNet.