ChannelVision Magazine

VeloCloud’s MW: Security is a key component of SD-WAN. And the beauty of VeloCloud Cloud-De- livered SD-WAN is that we have an established security ecosystem that includes nearly every best-of-breed, on-premises and cloud security vendor, so that our customers who are migrating to SD-WAN can retain their established security relation- ships. VeloCloud supports virtual network functions (VNFs) from each of these vendors in our VeloCloud Edge virtual CPE. Additionally, VeloCloud Cloud- Delivered SD-WAN has built-in firewall capabilities that can aug- ment existing firewall functionality or replace it altogether for a smaller hardware footprint. Versa’s RM: It goes without saying that security is crucial. SD- WAN brings to the enterprise a common encrypted network that provides secure connectivity for their business applications and services. However, secure connec- tivity is only part of handling secu- rity. The enterprise needs to have complete application, user, device and location security – full contex- tual awareness. To that point, the SD-WAN solution should either be native or layered and provide for advanced security like next-gen- eration firewall, DDOS protection, anti-malware and anti-virus, user- access-control and micro-segmen- tation of the network at the edge. Enterprise IT will also need to get their security teams involved early. The move to a distributed in- ternet access architecture changes the point-of-ingress for potential attack vectors, and the security posture completely changes. They need to analyze how they will need to secure site-to-site connec- tivity and secure enterprise assets and data. Query the vendors on how they integrate security, like next-generation firewall or unified threat management. Do they pro- vide it natively? Does the SD-WAN solution need a separate vendor offering to handle security either on-premises or as-a-service? How do they integrate and interoper- ate? Multi-vendor and as-a-service versions can add additional cost and overhead. CV: Is it possible for SD-WAN to be a “simple” implementation? Aryaka’s CP: Yes, but it de- pends on the SD-WAN provider’s deployment model. In the past, global enterprises would construct their own network infrastructure to provide employees with fast and consistent access to data and applications. Install- ing internet-based, do-it-yourself SD-WAN appliances can add more complexity. However, as businesses need to scale, they can find them- selves dealing with multiple provid- ers managing tens of ISP or MPLS contracts, WAN optimization de- vices, SD-WAN appliances, visibility software and an army of network administrators. With an SD-WAN-as-a-service model, enterprises can consume their network the same way they consume SaaS applications like Salesforce or cloud services such as AWS. Global, cloud-native pri- vate connectivity, WAN optimiza- tion, SD-WAN functionality, and network and application visibility are included. The WAN manage- ment is handled in full by the provider. This model is also signifi- cantly faster to deploy than waiting for hardware at each branch office and setting up MPLS. VeloCloud’s MW: Yes, defi- nitely. VeloCloud Cloud-Delivered SD-WAN is built with simplicity in mind, and because we are 100-per- cent channel-driven, we knew the deployment of the solution had to be simple to deploy to gain traction with that market. VeloCloud Edges can be shipped to branches, connected, and with zero touch configuration can be plugged in behind a mo- dem, router or switch, activating full SD-WAN at any site. VeloCloud Gateways are deployed in the cloud, always available and only re- quire that access be given to users. VeloCloud Orchestrators are cloud- delivered with a simple graphical user interface for configuration, management and monitoring. The VeloCloud Orchestrator commu- nicates directly with VeloCloud Edges and VeloCloud Gateways propagating business and security policy network-wide. As an example, we have cus- tomers who get a very short win- dow in which to deploy SD-WAN in a set location, not even know- ing what types of transports will be available in that specific geo- graphic area. They will send a Ve- loCloud Edge to the location and use a 4G LTE connection until a carrier line can be installed. Once the carrier’s line is available, that line is simply plugged into the Ve- loCloud Edge. It really is a simple implementation and very scalable. Versa’s MB: Honestly, yes, but it depends on how complete the SD-WAN solution is. Consuming the technology as a managed ser- vice will ultimately lead to a “sim- pler” implementation for enterprise IT; however, not all enterprises will consume this as a managed service nor as a hosted option. So, simplicity then becomes con- tingent on the inherent automation and unified centralized manage- ment that the SD-WAN solution provides. Being able to templatize and automate the deployment of both networking and security is critical to simplifying implementa- tion. But having a single unified console for handling networking and security policies, configuration and provisioning greatly reduces the complexities of implementa- tion. Having to manage multiple- vendor solutions or multiple virtual reality Channel Vision | March - April, 2018 38