Secure SD-WAN Architecture Overview
May 7, 2020
Why not keep the WAN you already have? Why migrate to Secure SD-WAN? In a nutshell: to remove complexity and inefficiencies from your network operations; to use an architecture tailored specifically to address the heightened security needs and altered traffic patterns in your network.
The typical legacy WAN branch office contains a tall stack of boxes: WiFi, switch, router, WAAS, security appliance. And if you already have an SD-WAN deployed, then also an SD-WAN box. A lot of boxes, consuming power and space. Tracing the path of a packet through this quagmire, fully 60% of the processing is duplicated in every box: get the packet; parse the packet; apply QoS, DPI; route lookups. These boxes also belabor you with independent software streams (often from different vendors), separate management systems, and divergent update and EOL cycles. This is complex, duplicative and inefficient. Not to mention insecure—every box has a separate attack surface.
SD-WANs, being software-defined, solved some of these challenges. However, the inaugural wave of SD-WAN solutions was often not designed for security. They were good at application-based traffic steering, application load balancing and visibility, but often lacked advanced routing and security prowess. Today’s networks fail with a patchwork of add-on security features—they require sophisticated defense security including next-gen firewall, anti-virus, URL filtering, IPS, DNS security, SSL proxy, proxy chaining, and more.
The Versa Secure SD-WAN architecture is designed and architected ab initio with NSS-tested-and-recommended best-of-breed security, advanced and scalable routing, WAN optimization, SD-WAN features like underlay and overlay traffic steering. All of this fully integrated in a single device (be it a white–, grey– or black-box), single software stack with single-pane-of-glass management and visibility. It is a cloud-native, multi-service, software platform with true multi-tenant capabilities—segmentation in the data, control and management planes; RBAC; multiple VRFs within RBAC—that meet the security needs of both enterprises and providers. A multi-core, multi-threaded parallel processing inner architecture provides the scalability and performance required to operate seamlessly in branch, data center, campus, cloud, and 5G environments.
Watch Kumar Mehta, Founder & Chief Development Officer, and myself discuss the attributes of various WAN and SD-WAN architectures and outline the attributes that a Secure SD-WAN must have to provide the simplicity, automation and agility that your network needs.