The SD-WAN space has been quite overcrowded recently, with all WAN accelerators and WAN providers wishing to attend. I think SD-WAN startups with a clear vision like velocloud certification are most likely to come up with a solid, comprehensive solution.
One of the key features of SD-WAN products is the ability to DETECT CONNECTION PROBLEMS AUTOMATICALLY and selectively redirect application flows on the second path to meet the business needs / SLAs. To find out how well they do it, they would need to be thoroughly tested.
Within such a product, GUI reporting about app traffic and “weather conditions” (path quality) is very important – if you can not say what it does and why it does it, it would be wrong.
ROUTES RELATING TO SD-WAN
There are (at least) two ways to make SD-WAN. One is the implementation of your own. THIS IS THE ADVANTAGE OF BEING INDEPENDENT OF WAN / ISP BUT REQUIRES PARTIAL WORK. The second is an outsourcing and SD-WAN manage solution to buy through your favorite Internet service provider or Wan.
(Hmm, your favorite word “Hmm” – I haven’t met anyone who likes its ISP or its WAN.
VeloCloud’s presentation highlighted the ability of many tenants to resolve that a service provider may wish to manage physical or virtual peripheral devices for many clients. specifically:
- VeloCloud is a multi-tenant graphical management interface coordinating and implementing SD-WAN and policies from tenant web portals.
- VeloCloud Gate is a multi-user virtual device suitable for use in the cloud or distribution. MPLS and Internet access ends.
- VeloCloud Edge is a high-level CPE device or a virtual CPE device – consider a peripheral device.
As a result of pressure on managed suppliers and services, VeloCloud is also focusing on scaling its products.
For years I have seen the tension between routers and firewalls due to the edge functionality. I have often dreamed of a device with the best of both. We now have SD-WAN devices (physical or virtual), which are mainly routers that support applications with encryption and tunneling.
they need to run the routing protocol to be a router. Some SD-WAN devices may make on OpenFlow / Forwarding tables, which are centrally control. Another good question you should ask the seller: Is there a distributed routing under the hood, eg. For example, if applications or flow-related controls are not available?
Currently, SD-WAN devices / virtual devices are not as many firewalls, but there are ways to combine a firewall and other security features.
In particular, combining or inserting services works well with service providers who want to offer Network Function Virtualization (NFV). Both VeloCloud and Viptela (another SD-WAN provider on # NFD13) work with virtualized firewalls and anti-malware software providers to help bundle services.
If you decentralize Internet access in your organization, you probably do not need to install and manage firewalls and SD-WAN devices in specific locations.
SD-WAN may remain recycled with localized (distributed) Internet access. However, they have a distributed firewall and anti-malware devices that you are struggling with or services like Zscaler. They can cause administrative delays and overheads, sometimes only through numbers.
Instead, the SD-WAN device can support NFV by running a virtual partner device, such as a virtual Palo Alto, on a physical SD-WAN device or as a shared virtual machine. If you like this approach, you should look for integrated management. This is not an innovative concept: Cisco does the same with NFV: you can buy a router with a virtual firewall (etc.) or a device with a virtual router and a virtual firewall (etc.).
Another SD-WAN alternative, especially for managed offerings, is that traffic is routed to regional POP addresses (yours or those of your suppliers) and routed through firewalls and anti-malware. It has the advantage that fewer physical or virtual devices require licenses and management. It provides accelerated Internet access and a low-latency regional WAN.
Another possible element on the wish list is the direct remote access to trusted SaaS services. While the other Internet traffic is sent centrally to the company’s or SME’s ‘Internet washing machine. With CDN as part of the mix, you can not just use IP addresses to identify SaaS servers. It would be a constant problem in maintaining IP-ACL. Cisco promotes the idea of DNS interception and dynamically creates firewall/router rules to allow traffic to/from the IP address to which SaaS resolves. ACLs shape this based on dynamic DNS names.