Although the weather feels otherwise, it is officially Fall and the 4th Quarter – which means companies are building budgets for next year and it’s a great time to start a conversation about SD-WAN and SD-Security for 2018.
A differentiator that you have as a Versa Network-as-a-Service provider is something called Secure SD-WAN. Versa defines this as – SD-WAN with integrated security – meaning something beyond stateful firewall capabilities. This integrated offering enables you – to discuss segmentation as part of your SD-WAN conversation.
Now – we’ve been segmenting networks for a long time – through a variety of methods including VLANs (virtual LAN), IP subnets, ACLs (access control list), VRFs (virtual routing functions) and of course using separate physical infrastructures. The goal of segmentation is to isolate access as well as communication between different groups. These groups can be defined in several different ways – lines of business, organizations, devices, applications or zones – to name a few.
Segmentation is important. A few reasons your customer might need segmentation – maybe it’s a complex deployment where lines of business should be segmented – like a bank. In that situation the loan services and mortgage line of business may need to be separate from the retail. Or maybe the customer is going through some sort of M&A where they need firewalls between specific assets. This can also just be something as simple as separating guest Wi-Fi from the rest of the network. The takeaway here is that each of these situations and customers have different requirements in how they need to connect, means of access, levels of security, application topologies, and compliance – to name a few.
Prior to SD-WAN, segmentation was done a few different ways.
These methods have been around for a while and none of them are easy on the branch or the WAN and traffic flows have changed due to DIA, making networks prone to vulnerabilities and compliance challenges.
For a variety of reasons, segmentation needs to evolve. For example, now customer networks have several different means of transport per branch location, there are also lots of different types of networks that need to access to your customers’ network and there are new types of devices on the network, so connectivity and security for them is changing too.
All the above is why Secure SD-WAN – which we defined earlier – is so important, because SD-WAN is ultimately a simpler and more intelligent way to provide connectivity at the branch and across the WAN and as your customers are looking at various applications, and various types of transports, there are multiple segments and multiple tenants that need to place deep level or next-gen advanced security at the point of connectivity.
Securing SD-WAN beyond incrypted overlays and multi-topology capabilities and stateful firewalls can be a huge value add to how you want to architect your customers’ WANs and branch locations.
The most important piece is the contextually based dynamic path selection on a per segment, per tenant basis. Each tenant and segment can have unique policies, topologies, and unique criteria and set up of different types of L2 and L7 services that can be managed separately by unique IT admins and not see what the other sees. They can have different application policies and the method of how they’re driving application steering can also be unique at a very granular segment, tenant or VRF level.
Versa Specific Items Regarding Segmentation
- A single head-end for multi-tenancy (Management, Analytics, Controller)
- Can support multiple tenants and do this across the entire stack from management analytics to the control infrastructure
- Support Role Based Access Controls (RBAC) across the entire spectrum per tenant (Management, Control, Device, Analytics)
- Both edge appliances and edge software are multi-tenant
- Supports unique encryption keys per tenant, per branch
- Supports full services (routing, NAT, SD-WAN, NG-security, QoS, App steering) per tenant per VRF
- Provide visibility on a per-tenant basis
- Easily integrate with legacy networks – not just with SD-WAN gateway nodes
Value benefits of a Secure SD-WAN
- Reduce infrastructure & circuit costs
- Increased bandwidth with a hybrid wan
- Automate operations –
- As a result of Single Pane of Glass (SPOG), Zero-Touch Provisioning (ZTP), one-touch policy control or just self-healing and dynamic adjustments Increased Overall Bandwidth – as a result of a hybrid wan policy
- Reduce Branch Sprawl – device consolidation – with integrated security and multiple services within SD-WAN
- Improve and simplify – how you segment your customers’ networks
- Meet Compliance Requirements – Drive multiple topologies, different types of encryption keys VPN etc. Secure SD-WAN makes it much faster to implement change control and adjust
To learn more about segmentation and protecting the branch, check out the Versa Networks webinar, Protecting the Business with SD-WAN Segmentation.