{"id":20250,"date":"2016-09-30T11:00:32","date_gmt":"2016-09-30T18:00:32","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=20250"},"modified":"2016-10-04T15:43:29","modified_gmt":"2016-10-04T22:43:29","slug":"aws-auto-scaling-integration-another-problem-solved-through-innovation","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2016\/09\/aws-auto-scaling-integration-another-problem-solved-through-innovation\/","title":{"rendered":"AWS Auto Scaling Integration- Another Problem Solved Through Innovation"},"content":{"rendered":"<p>We strive to solve customer problems in an innovative manner that doesn't slow business productivity. The core features of our <a href=\"https:\/\/www.paloaltonetworks.com\/products\/secure-the-network\/next-generation-firewall\" target=\"_blank\">next-generation firewall<\/a> solved the inadequacies of port-based filtering. <a href=\"https:\/\/www.paloaltonetworks.com\/products\/secure-the-network\/subscriptions\/wildfire\" target=\"_blank\">WildFire<\/a> and <a href=\"https:\/\/www.paloaltonetworks.com\/products\/secure-the-network\/subscriptions\/autofocus\" target=\"_blank\">AutoFocus<\/a> delivered on the promise of a global threat intelligence cloud, preventing unknown threats and helping customers make actionable the intelligence gathered to more effectively protect their network.<\/p>\n<p>Now comes a new feature set for our VM-Series on Amazon Web Services (AWS) that natively integrates with AWS Auto Scaling and Elastic Load Balancing (ELB), allowing the VM-Series on AWS to scale dynamically, yet independently of fluctuating AWS workloads. Auto Scaling the VM-Series on AWS leverages two load balancers, effectively creating a load balancer sandwich that enables VM-Series firewalls to scale independently of AWS workloads, based on metrics.<!--more--><\/p>\n<p>Palo Alto Networks worked with the AWS team to design a solution that uses native AWS services and standard VM-Series (PAN-OS) automation features to dynamically, yet independently, scale the VM-Series on AWS as protected workload demands fluctuate. Here\u2019s a bit more detail on the solution components and how they are used:<\/p>\n<ul>\n<li><strong>AWS CloudFormation Template <\/strong>is used to deploy the entire solution from an AWS CloudFormation template. This creates a simple-to-deploy, all-inclusive Auto Scaling the VM-Series on AWS solution.<\/li>\n<li><strong>AWS Lambda<\/strong> is used for several predefined services, including: add network interfaces (ENIs) on newly deployed VM-Series instances, monitor VM-Series traffic metrics, and communicate with Amazon CloudWatch (via SNS).<\/li>\n<li><strong>AWS S3<\/strong> is used to store the VM-Series bootstrap configuration and the Lambda scripts. S3 storage can also be used to store other types of files, such as other AWS CloudFormation Templates, used for additional automation.<\/li>\n<li><strong>Amazon CloudWatch<\/strong> monitors the AWS workloads, collecting relevant statistics that can be used in conjunction with the VM-Series metrics to initiate the deployment or removal of a VM-Series firewall.<\/li>\n<li><strong>Bootstrapping<\/strong> (<strong>VM-Series\/PAN-OS) <\/strong>allows you to create a fully configured VM-Series firewall instance. Each bootstrapped firewall can include firewall configuration, security policies, content updates, and inclusion in a Panorama network security management device group.<\/li>\n<li><strong>PAN-OS (VM-Series\/PAN-OS) API<\/strong> pulls user-defined metrics from the VM-Series firewall and uses Lambda to send them to CloudWatch.<\/li>\n<li><strong>Panorama <\/strong>can optionally be used to centrally manage the entire solution.<\/li>\n<\/ul>\n<p><strong>How It Works<\/strong><\/p>\n<p>The AWS CloudFormation Template deploys an initial VM-Series firewall Auto Scaling Group using a bootstrapped image stored in AWS S3. The VM-Series bootstrapped image can also automatically attach the VM-Series firewall to Panorama if it has been deployed.<\/p>\n<p>As traffic hitting your web server increases, CloudWatch monitors the traffic, initiating alarms based on user-defined metrics and, ultimately, the addition of a new web server. As the web server traffic increases, so too does the VM-Series traffic, which is where Lambda comes in to play. Lambda collects VM-Series metrics via the XML API and feeds them to CloudWatch as custom metrics, triggering a VM-Series scale-out event using the bootstrapped VM-Series firewall image. As traffic to the web server winds down, a scale-in event is triggered based on defined CloudWatch metrics, and the VM-Series is removed.<\/p>\n<p>The Auto Scaling the VM-Series on AWS feature set is production ready, meaning if you use the scripts and templates as they are designed and run into a challenge, you can call the support team for assistance.<\/p>\n<p>To learn more about the innovative way in which we solved the scaling challenge:<\/p>\n<ul>\n<li>Watch the <a href=\"https:\/\/www.youtube.com\/watch?v=xiPZHzdNRmI&amp;feature=youtu.be\" rel=\"nofollow,noopener\"  target=\"_blank\">Auto Scaling the VM-Series on AWS Lightboard and demo<\/a>.<\/li>\n<\/ul>\n<p style=\"text-align: center;\"><div class=\"styleIt\" style=\"width:500px;height:315px;\"><lite-youtube videoid=\"xiPZHzdNRmI\" ><\/lite-youtube><\/div><\/p>\n<ul>\n<li>Visit the <a href=\"https:\/\/aws.paloaltonetworks.com\/\" target=\"_blank\">VM-Series for AWS resource page<\/a><\/li>\n<li>Access all the necessary <a href=\"https:\/\/github.com\/PaloAltoNetworks\/aws-elb-autoscaling\" rel=\"nofollow,noopener\"  target=\"_blank\">Auto Scaling the VM-Series in AWS resources<\/a> if you\u2019re already using the VM-Series and ready to give it a try.<\/li>\n<\/ul>\n<p><em>Auto Scaling the VM-Series on AWS uses AWS Marketplace Bundle 1 or Bundle 2, in either an annual or an hourly subscription. BYOL is not supported for Auto Scaling the VM-Series on AWS.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We strive to solve customer problems in an innovative manner that doesn't slow business productivity. The core features of our next-generation firewall solved the inadequacies of port-based filtering. WildFire and AutoFocus delivered &hellip;<\/p>\n","protected":false},"author":4,"featured_media":20592,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[113,155],"tags":[2721,897,111,309],"coauthors":[800],"class_list":["post-20250","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-computing-2","category-cybersecurity-2","tag-auto-scaling","tag-aws","tag-ngfw","tag-vm-series"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2015\/10\/blog-generic-banner.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/20250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=20250"}],"version-history":[{"count":3,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/20250\/revisions"}],"predecessor-version":[{"id":20607,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/20250\/revisions\/20607"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/20592"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=20250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=20250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=20250"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=20250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}