Cohesive Blog

 AWS Summit Chicago highlights

We’ve noticed the trend at the last few events with AWS – huge growth. It shouldn’t be surprising since AWS in general is growing a a huge rate. Analysts estimate that the AWS segment of Amazon’s larger business is growing at almost 70% in the latest quarter. AWS’ current growth is the steepest ramp ever seen in tech companies at its scale.

AWS growth

AWS customers get cloud

From our booth at the partner expo, we noticed the questions we got about VNS3 and our company were more “cloud user” questions, and very few “cloud curious.” We heard very few people ask about how AWS works, the mechanics of launching VNS3, and so on. Most people jumped right into questions about underlying technology, features and use cases. Cohesive Networks at AWS Summit Chicago

One of the VNS3 customer use cases that kept popping up was our friends at Geezeo.  Rather than building their own switching tunnel architecture between their AWS-based app and customer data centers, Geezeo found VNS3 back in 2009. They grew one simple IPsec tunnel connection to over 30 encrypted IPsec tunnels connecting 400+ banks and credit unions.

Security is still top priority

With the overwhelming amount of data breach and security news, encryption and security were hot topics at booth 604. Our VNS3 diagram drew people in, and I enjoyed watching as a few people’s eyes got wide as I mentioned the VNS3 plug in system for even more networking and security functions.

News from the Summit

Yesterday’s big announcements were focused on data. Moving data around the cloud (Snowball), and deploying and running apps and services in AWS. A quick rundown of the announcements:

  • Amazon Inspector GA
  • Amazon S3 Transfer Acceleration
  • 80 TB Snowball
  • New Amazon Elastic Block Storage Volume Types
  • AWS Application Discovery Service (ADS)
  • AWS Elastic Beanstalk managed platform updates
  • Remote Access to Devices in Amazon’s Farm
  • Cognito sign up and sign up features
  • Kinesis stream updates

Check out all the announcements from yesterday’s summit from Network World Business Cloud News and the AWS blog.

Slides from the talks are online now, and videos are promised to be out soon.

AWS Chicago meetup groups

On a related note, we help organize, host, and sponsor the AWS user group here in Chicago. Over the last 6 months we’ve seen a huge spike in attendance at meetups as well.

As most of you know the AWS Chicago summit is this week! With all of the excitement of having Amazon in Chicago we wanted to remind you of our upcoming AWS Meetup events!

If you’re in Chicago, make sure to check out the AWS Chicago meetup page to RSVP for our spring and summer events and follow us on Twitter at @awschicago.

Check out this recent video of the most recent Chicago AWS Meetup on Lambda Functions and Serverless Architectures:

1. “AWS Lambda & Serverless Architecture”
Jared Short, Director of DevOps at Trek10 – @ShortJared

2. “The Serverless Framework in Action”
Jared Short, Director of DevOps -at Trek10 – @ShortJared
(Starts at 31:55)

3. “Lambda-fying a Legacy Webapp”
Chris Johnson Bidler, Senior Cloud Computing Engineer at TransUnion – @hlprmnky

Posted by:

- - - -

We’ve connected to pretty much every networking device out there, and we’ve learned the hard way what not to do while routing traffic to, from, and between cloud deployments. Today we’d like to share a few tips we’ve learned while working with the major network vendor “boxes” and some 2,000 VNS3 customers.

First up, Cisco ASAs

Cisco has a concept of “interesting traffic.” If there isn’t any interesting traffic going on, the ASA will not complete the tunnel connection. The ASA also has an idle timeout default setting that closes a tunnel after 30 minutes. That means if you are connecting a VNS3 device to an ASA, you’ll need to keep traffic flowing in order to connect and maintain your connection.

Since you likely just set up your IPsec tunnel connection in the VNS UI, you know for sure that there is a “ping-able” host at the address. In order to keep the ASA from timing out, you can set VNS3 to send a ping to that host every 30 seconds.

From the IPsec page, you can edit the Ping host and add a Ping interval. That should keep the Cisco ASA timeout from kicking in. Or, ideally, you can have your partner/customer set their ASA to idle timeout at 0, meaning the connection will stay open until you need to edit it again.

VNS3 screenshot - ping interval
Cisco ASA running versions 8.4.2 to 8.4.4 are just buggy. We’ve had trouble with 8.4.2, 8.4.3 and 8.4.4. Once you upgrade above 8.4.5, we’re fine. Remember to check your ASA updates if you’ve noticed any issues.

Firebox Watchguard

The Watchguard runs into issues with the VNS3 static LAN. To fix this, just add our local private IP (usually or something like that) as your IKE Peer ID.


Surprisingly, as one of the biggest network vendors in the world, Checkpoint does not follow NAT-Traversal standards. If you’re using Checkpoint, you will have to use something like AWS VPC and enable Native IPsec on VNS3 to use Protocol 50 (ESP) to encapsulate traffic.

Check it twice!

Make sure check everything twice! The easiest way to make troubleshooting better is to do it right from the first time. We’ve got a network checklist to share with partners and customers, as well as a Google Forms format. Share the network knowledge.

With EOL’d software, there can be interop issues due to the age of the IPsec standards used. For example, we know that Cisco 1945ios router 15.4TM was end-of-life’d (EOL) in 2005. If we see that listed on your network checklist, we know to look out for some aging hardware and we can help you sort out any issues.

At the end of the day, your best resource is the product resource page (aka Documentation!):

Make sure contact us if you run into any trouble!

Posted by:

- - - -

New VNS3 Network Management Tools Include API Access Controls, Greater Network Visibility

CHICAGO, IL USA – March 1, 2016 – Cohesive Networks today announced the general availability of VNS3:ha for instance-based automated failover of IPsec and Cloud network connections.  Automatic failover is controlled via the VNS3:ms network monitoring and management console, which is also receiving an update.  VNS3:ms was first released in November 2014 to help network administrators secure hybrid cloud resources, save time, and reduce complexity of network management.  Capability updates to the console include increased API controls, authentication and LDAP integration, additional reporting options, and messaging integration for event alerts.

VNS3:ha: Automated high availability, failover in cloud networks

New add-on features in VNS3:ha allow VNS3:ms users to create highly-available network deployments that maintain network connectivity (IPsec VPN, TLS VPN and unencrypted VLAN connections), despite any interruptions. VNS3:ha is the first cloud-based network controller to use Instance-based failover, allowing VNS3 customers to ensure things like IPsec failover without relying on connecting hardware or complex routing protocols

VNS3:ha also ensures cloud systems are connected to both data centers and other cloud regions. International enterprises use VNS3:ha to meet disaster readiness policies, ensure reliable service uptime SLAs, and deliver seamless application delivery to end customers

VNS3:ha updates include:

  • Instance based, automated failover for IPsec VPN connections
  • Instance based automated failover for overlay networks
  • Automated updates of cloud-based route tables
  • New and unique way to handle network failover in the cloud

VNS3:ms: Single pane of glass for virtual network management
With a centralized view of network status and logs, backup, keys, users, passwords and licensing management, VNS3:ms helps an enterprise manage and monitor complex networks, VPNs connections and cloud VLAN components.

VNS3:ms updates include:

  • Addition of VNS3:ha functionality to control the VNS:ha backup instance and trigger failover
  • Improvements to LDAP integration focused on groups and testing
  • Increased safety features around default access credentials
  • Message client integration to provide message alerts for particular events
  • Support https sessions secured via custom SSL certificates
  • API expanded to include programmatic control of all new features


Cohesive Networks is a cloud-native security and network software company. The VNS3 product family is a suite of security and network routing solutions that let enterprises extend virtual networks into public, private and hybrid clouds. Over 2,100 enterprise customers use VNS3 products to protect their applications from exploitation by hackers, criminal gangs, and foreign governments.

Cohesive is a member of the Open Data Center Alliance (ODCA), a member of the Amazon Partner Network, an Amazon Marketplace Seller, Microsoft Azure certified, a Google Cloud Platform Authorized Technology Partner, a CenturyLink Cloud Marketplace Provider, and an IBM Business Partner.

Media Contact:
Heidi Groshelle
Groshelle Communications
Tel +1 415.307.1380

Posted by:

- - - -

Blog Resources