Part 2 of a 3 part series (read part 1 and part 3)
Now, my journey. I requested a Versa Cloud Services Gateway appliance, specifically the CSG750-WLA (that’s our 750 series appliance with an integrated Wi-Fi AP (Access Point) and an integrated cellular modem for LTE). I submitted a request to our Versa Titan operations team [sent an internal PO] to create my organization and provide me with licenses for 4 sites – each license was the Versa Titan CSG750-Advanced Security software license. The Advanced security license provides routing, SD-WAN, NGFW, URL Filtering, AV and NG-IPS [for those who are curious the Versa Titan Enterprise base software license provides everything but AV and NG-IPS]. Sure, while I am a Versa Networks employee, you could argue acquiring this is straightforward, but I wanted to also test the purchasing and orchestration elements of the Versa Titan Service [similar to how a customer or partner would engage with us]. After submitting the order, I was provided with my “Welcome Email” to do the following:
Login to the Versa Titan Cloud Portal and set my initial password along with download a mobile application [for me I am an Android guy, so I went to the Google Play Store to download the Versa Titan mobile app]. After logging in I simply dragged a license onto the dashboard to create my first site, my home office. My site was pre-configured for everything prior to me even touching any configuration knobs. What was pre-configured you ask?
At this point I only changed a few parameters (LAN side addressing) and NGFW policies to protect lateral communication between two different network segments along with some policies I wanted to explicitly allow. I then hit “Deploy” and selected Bluetooth from a selection of three possible activation methods [Bluetooth, Wi-Fi and GZTP (Global ZTP)]. This took me about 5 minutes from setting up my password, it took me longer to unbox the CSG, power it up, cable it and cable my other in-home devices and switches. I then logged into the mobile application I downloaded on my Google Pixel XL, selected my office [my site] and was presented immediately with a notice to “Activate Device”. With the CSG powered on, I hit activate.
My phone, using the Mobile app, discovered the Versa CSG appliance, authenticated and began to configure it right out of the box out-of-band with the configurations I mentioned above. In about 7 minutes, my CSG had rebooted and the mobile application then indicated to me that my Versa Titan appliance and site was successfully deployed and activated. Voila! In about 12 minutes with minimal touch and effort I had successfully deployed my first Versa Secure SD-WAN site. I replicated this process for a few virtual instances to setup the rest of my fabric and broader network:
This whole process for 3 locations took about 20 minutes [took me longer to launch my CloudFormation template to deploy Versa Operating System VOS™ as a cloud-gateway and wait for AWS to do its thing]
For my fourth site, I needed some help from a colleague at our corporate office to cable up an appliance and activate it for me at headquarters. After creating a temporary Enterprise User account [limited control] in my organization for them, talked them through it over a Zoom with screensharing and again <10 minutes later the corporate Versa Titan site was online.
Logged into the portal and within a few seconds of successful activation notice, I was able to see my sites all online and green. My initial architecture was using our default topology setting which was Full-Mesh (Because of various demos and expanding the team I have moved to a hybrid topology – both Full Mesh for some sites and Hub-and-Spoke for others). What this means is that by default every site I turned up created an SD-WAN IPsec tunnel to each other and began redistributing LAN side routes into the SD-WAN fabric. Route redistribution and updates all happened without me needing to configure anything, our default configuration ensures any site in the same organization will build SD-WAN tunnels. It is also worth noting that the only thing I had to activate or do was the following:
What I did NOT have to do was the following:
Everything above was done already due to the Versa Titan service hosted in the cloud. Leveraging our multitenant capability across the stack, my organization was created as a sub-tenant to the larger Versa Titan Cloud service, which also provided my organization with pre-configured templates to deliver secure branch connectivity (e.g. Secure SD-WAN). I only needed to worry about the branches [sites]
In part 3 I share all the things my home office is equipped to do by default and share details about the advanced features I enabled for my home deployment of Versa Secure SD-WAN.