SD-WAN Technology Overview
SD-WAN technology, built upon cloud principals, makes branch deployments both easy and straightforward. SD-WAN delivered from the cloud encompasses multiple functions and capabilities that ease provisioning, deployment, and ongoing management and monitoring.
SD-WAN ADDS INTELLIGENCE TO A TRADITIONAL HYBRID WAN
Hybrid WAN has very little operational intelligence because it simply directs traffic over the same route each time, only using a different path if the primary path is no longer available. On the other hand, SD-WAN managed hybrid WAN allows for traffic to be automatically manipulated and controlled to ensure that only the right traffic flows over the best possible connections and paths at any given time. The control uses integrated business policies that automatically and proactively adjust traffic based on changing network conditions and application requirements. Multiple connections of any type are virtualized through a software overlay that leverages the entire aggregated bandwidth and orchestrated with granular policies that automate the entire process.
Secure SD-WAN identifies over 2800 specific applications and uses that knowledge to apply a range of network and security policies to all application connections. This includes mapping applications to particular WAN connections (e.g. core business applications to MPLS or consumer web traffic to broadband), prioritizing applications, and assigning application security policies and enforcement (e.g. blocking certain types of web content), etc.
ADVANTAGES OF DEPLOYING SD-WAN FOR MANAGED SERVICES AND ENTERPRISE DEPLOYMENTS
A Secure SD-WAN architecture is a software-based, cloud-native, multi-tenant, multi-service software platform, with primary components including routing, SD-WAN, and multi-layered security functions.
Secure SD-WAN enables organizations to migrate from legacy WANs, transforming them into a software-defined enterprise and branch networks with superior business agility, robust security, and reliability, and lower TCO.
MULTIPLE DEPLOYMENT OPTIONS
Secure SD-WAN is a software-based NFV solution with a broad set of deployment options. Secure SD-WAN can be deployed directly on bare metal x86 servers, white-box appliances, virtual machines (VMware ESXi, KVM), and containers. Customers can select the best infrastructure for their SD-WAN deployment at both the data center/PoP and branch offices, without being constrained by proprietary hardware. This results in significantly lower CapEx and design flexibility.
A SIMPLIFIED, SECURE, AND COST-EFFECTIVE BRANCH NETWORK
Secure SD-WAN is built with a VNF-based architecture that includes network and security functions that eliminate costly and complex single-function appliance sprawl. Customers benefit from zero-touch provisioning when deploying a full-featured set of network and security capabilities, all within a single branch appliance.
FLEXIBLE AND DISTRIBUTED SECURITY SERVICES
IT teams can decide where to run each layer of required security – either on-premises in branch offices or centrally in the data center or co-location point-of-presence (PoP). For example, compute-intensive services such as malware sandboxing, intrusion prevention (IPS), and AV filtering can be run centrally, while key branch services like firewall and secure web gateway, can be run locally, with the overall set of layered security services defined centrally with a simple policy template.
CONTEXT-AWARE SECURITY FABRIC
A key aspect of Secure SD-WAN’s software-defined security is the contextual intelligence and awareness of users, devices, sites, circuits, and clouds. This contextual intelligence enables robust and dynamic policies that support a multi-layered security posture.
For example, IT can deploy contextual network and security policies for specific users and devices, like anti-virus and URL-filtering, when utilizing certain site-to-site or Internet links. The IT security team can even set unique security policies, differentiated services, and security service-chains for guest access, corporate access, and partner access networks at the branch. The ability to understand the context of access enables the enterprise to meet business security and compliance policies – all within a single unified software platform.
SD-WAN Built for the Modern Workforce
ELASTICITY THAT MEETS BUSINESS DEMANDS
When deploying SD-WAN through a network functions virtualization (NFV) model, capacity can dynamically scale up or down without replacing or adding proprietary hardware.
For example, branch bandwidth can be doubled in minutes either automatically or using commands from the central provisioning portal – with no truck roll or appliance swap-out. If a branch needs more capacity due to a network traffic spike, the SD-WAN can automatically scale up to meet the demand. When the network spike subsides, the SD-WAN will scale down as needed.
GENUINE MULTI-TENANCY AT THE BRANCH
Multi-Tenancy enables the partitioning of a single network to support multiple customers, departments, and job functions, with each customer or user only able to see and manage their tenant segment. Secure SD-WAN is a carrier-grade solution with full multi-tenancy at both the head-end and branch. Service providers operating SD-WAN managed services and large enterprises operating different SD-WANs for separate business entities can support up to 250 customers per single 1RU server running the Secure SD-WAN controller.
At the branch, a single Secure SD-WAN software instance can support multiple local tenants or business entities. Also, each tenant can support role-based access control. The result is much lower infrastructure costs, better security, and more agile service delivery.
NETWORK SEGMENTATION TO REDUCE RISK
Cyberattacks and network breaches are on the rise as the attack surface of an enterprise branch office increase exposure. SD-WAN can reduce these attack surfaces by segmenting the network by a class of traffic and based on responsibilities or job functions. However, this can only be implemented with an SD-WAN that has full network and security services within a single edge device or image. To achieve segmentation, SD-WAN almost needs to require multi-tenancy across the entire enterprise network perimeter.
A FLEXIBLE AND DISTRIBUTED SERVICE ARCHITECTURE
With NFV, service providers and large enterprises have the flexibility to decide where to deploy and run each layer of network or security functions – either on-premises in the branch office or centrally through the enterprise data center or service provider point-of-presence (PoP).
For example, compute-intensive services such as anti-virus and IPS can run centrally, while services that are key in the branch, like application identification, SD-WAN, routing, and firewall, can run locally. Also, Secure SD-WAN can integrate critical network services using service chain definitions for local and remote functions, depending on the business need.
CENTRALIZED, AUTOMATED OPERATIONS
A software-defined and NFV-based approach to SD-WAN simplifies the provisioning of branch devices and delivers network and security services from a single point of control. This avoids the need for technical personnel on-site to deploy and configure the solution. Instead, SD-WAN services can be deployed (bandwidth and service capacity increased or enhanced with additional functions automatically) all without requiring any on-site presence, hardware refreshes, or manual interaction.
Additionally, if a branch site(s) requires a unique set of network or security functions, the branch can be serviced individually and automatically from a single management portal. The management portal needs to allow for role-based administration for flexible configuration and ongoing policy management.