secure sd-wan architectures - zk research & velocloud

© 2011 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING© 2016 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING

Presented by Zeus KerravalaPrincipal Analyst

Understanding SD-WAN Architectures

Guest Speaker: Parag ThakoreDirector, Product ManagementVeloCloud Networks, Inc.


About ZK Research • Founded by 30+ year veteran industry

analyst Zeus Kerravala

• Exclusive focus on network and communications technology that are in market transitions

• Background on Kerravala – 10+ years as a Yankee Group Analyst

– 10+ years in corporate IT and consulting

– Holds many technical certifications

2


Business Is Now About Speed

CIOs must think differently to compete in

the digital era


Cloud Services Are Exploding

020,00040,00060,00080,000

100,000120,000140,000

2012

2013

2014

2015

2016

2017

2018

2019

SaaS

PaaS

IaaS

Source: ZK Research Global Cloud Forecast

• Cloud services will grow at an 18% CAGR from 2012-2019

• Overall IT spend will grow at 3% in the same time period

• $1 of every $4 spent on apps will be cloud

• 80% of the Global 2000 has at least 10% of IT running in cloud today. This will be 30% in 2019

• Cloud significantly changes traffic patterns

(USD millions)


Security Remains A Top Network Challenge

5

23%

25%

28%

32%

42%

58%

71%

0% 20% 40% 60% 80%

Improving Visibility

Application Optimization

Scaling Hybrid Cloud

Network Virtualization

Adding Bandwidth

Increasing Network Agility

Improving Network Security• Security is becoming

increasingly difficult• 89% of security

breaches are driven by financial or espionage

• Traditional perimeter security address only part of the challenge

• Cloud, IoT, mobile, etc create more risks


Security By The Numbers

32 50%Chance that at least 1% of devices in

a business are infected

106The average number of malware hits businesses face every hour

90%Of organizations say they have been

breached, 43% say in the last year

The average number of security vendors in an enterprise

The current state of security is not scalable and businesses are falling behind


Legacy WAN Inhibits Business Transformation

• Application rollouts are limited because of expensive MPLS connections

• Network complexity makes branch upgrades challenging

• Static network architectures do not support cloud

• Bandwidth is used inefficiently

• Security is an overlay 7

© 2011 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING© 2016 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING8

Introducing the SD-WAN


SD-WANs Simplify Network Architecture How do you think SD-WAN can help your company? (Check up to three)

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00%

Provide a more programmable network

Replace many hardware components

Enable better network security management

Improved network management

Better network visibility

Save my organization money

Optimized for cloud traffic

Incrase network agility

Simplify network architecture


Business Benefits of SD-WAN

• Lower costs

• Reduced complexity

• Increased agility

• Better alignment with business

• Optimized for cloud

• Better visibility and control

• Consistent application performance

10


Understanding SD-WAN Architectures

• Not all SD-WAN solutions are the same

• Security and quality must be integrated into the solution

• Secure Cloud-Delivered SD-WAN architectures

• On Premises

• Hosted Management

• Hosted Management and Gateway

11


SD-WAN Solution – “Architecture Matters”

Branch Site Enterprise DC

Hub Edge

Branch Edge

Enterprise DC

SaaSHybrid Cloud

Cloud DC

Traditional Private Datacenters

INTERNET

Cloud Gateways

Orchestrator

Private & Internet circuits, Enterprise & SaaS applications, On premise & Cloud deployments

Private - MPLS

VeloCloud Networks Proprietary & Confidential | © Copyright 2015

DynamicBranch-to-branch

Controllers


All on Premises

13

• All infrastructure on premises

• Customers that prefer to backhaul all traffic to the data center

• Typical use cases: Retail, healthcare, financial services, Tier 1 SP

Branch Edges

Edges as Hub

Controller Orchestrator


Use Case: Large Insurance Company

Challenge:

• Deploying activating thousands of sites with a transport-independent secure overlay

• Complexity in managing PKI infrastructure

Solution:

1. Secure Zero-Touch activation and ICOM

2. Business policy framework

3. Device certificates anchored to CA running inside VCO

14


Hosted Management

15

• Management is cloud delivered

• Data continues to flow on premises because SD-WAN nodes are on premises

• Dynamic branch to branch or branch to hub tunnels are supported

• Use cases: Hospitality, insurance, UCaaS providers

Branch Edges

Edges as Hub

VCC VCO


Use Case: Hospitality

Challenge:

• Complexity of installing Controller and Orchestrator on-premise

• Backhaul all traffic to Data Center

• Voice is very critical to business and n0 tolerance for downtime

Solution:

1. Leveraged Hosted controller and management in the Cloud

2. Single-click Network Service Insertion to eliminate 100’s of lines of PBR rules and forward to distributed firewalls from the branch

3. DMPO - Higher WAN Availability for voice application with sub-second blackout & brownout protection and on-demand remediation

16


Hosted Management and Gateway

17

• Management is cloud-delivered

• Cloud traffic is directed to VCG node

• Data center flows into the DC noted

• Users cases: Enterprises and SPs that need access to cloud apps, and M&A

Branch Edges

Edges as Hub

Gateway

VCO


Use Case: Retail CustomerChallenge:

• Lost control and visibility when accessing cloud applications (Office 365)

• Complex integration with cloud web security

• Since some resources in the AWS, 500*5 = 2,500 tunnels security nightmare and lost optimization.

Solution:

1. Inserted VCG and get high performance access to O365 and AWS.

2. Enabled use of ZScaler from our Cloud Gateway in matter of minutes

3. Reduced requirement from 2500 tunnels to 5 tunnels and dramatically reduced Cost and simplified how security was rolled out

18


Cloud-Delivered SD-WAN For NSP/CSP

198/11/2016

CERouter

SaaS

SPCloud

Service

PRIVATE/MPLS

Cloud DC

SP Orchestrator

INTERNET

PE

PE

Branch Site

Enterprise DC

PE

SP Cloud Gateways

SD-WAN CPEOr Virtual Edge

1

3

2

Dynamic Multi-pathOptimization

• Public and private linksSecure Bonded Overlay OnNet/Offnet support

• Gateway/VCO in SP cloud or VeloCloud Hosted

Deliver Rich Services & Maintain Visibility

• WAN ExpansionNo Rip and Replace

• Scalable, Multi-tenant

Architecture

• Thin branch, auto provisioned

• Direct path to Enterprise and cloud apps

3

VNFVNF

VNF


Use Case Service Provider

Challenge:

• Segment customer traffic while delivering SD-WAN as a Service for both on-net and off-net without compromising security and performance

• Reduce truck roll in branch

Solution:

• Three-tier role-based multi-tenant architecture for orchestrator and gateways

• Multitenant architecture keeps the customer traffic segmented

• VNF on the Edge

• Last mile optimization + mid mile + secure overlay

20


Key Considerations for SD-WAN

• Choice of architecture

• Zero Touch provisioning

• Secure connectivity

• Easy roll out with PKI

• Multi-tenancy – simplifies SP architecture and protects customers

• Direct cloud connectivity

• Service insertion and chaining

21


Conclusion • The digitization of business is accelerating the pace of change

and creates new opportunities

• Business and IT leaders must focus on enabling greater business agility

• Software defined networks are bringing unmatched levels of agility and flexibility to the network

• There is no one right answer for SD-WAN - choose the architecture best for you

• Ensure the solution meets your security and performance needs

22


Pioneer in Cloud-Delivered SD-WAN

• #1 Cloud SD-WAN Company– 250+ Paying Customers

– World’s Largest SD-WAN Win

– The Only Genuinely Cloud-Delivered SD-WAN

• Target Market – Large enterprises and

Service Providers

• Largest SD-WAN win… 20,000 sites

• 100+ partners globally

• 100+ employees

• Selected by three Tier 1 Global NSPs

• $49M funding raised

Networking and Cloud/Virtualization

© 2011 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING© 2016 ZK RESEARCH, A DIVISION OF KERRAVALA CONSULTING24

Thank you!

Zeus Kerravala Principal Analyst, ZK [email protected]

Follow me on Twitter @zkerravala

mailto:[email protected]

secure sd-wan architectures - zk research & velocloud

Technology