Versa SD-WAN/SD-Security Solutions Enable Dynamic AWS VPC Ingress Routing
December 3, 2019
Addressing the optimization and security of branch access to cloud-hosted mission-critical applications and workloads, in a dynamic, simplified and automated manner, is essential for contemporary business operations. Secure SD-WAN services enable enterprises to create an enterprise-wide cloud-network fabric that accelerates modern day application consumption demands and supports enterprise digital agility, speed and security, all while ensuring and improving end-user experience for productivity, collaboration and business services.
Versa Branch (Versa VOS™ (formerly FlexVNF)) and Headend (Director, Analytics, Controller [Versa VOS™ (formerly FlexVNF)]) are supported on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. The process of instantiating the Headend topology can be automated using a Cloud Formation template or a Terraform template respectively.
Versa Director also supports AWS and Azure APIs, which can be used to automate instantiation, configuration and monitoring of the Versa VOS™ (formerly FlexVNF) branch in the customer Virtual Private Cloud (VPC).
Organizations who are thinking of a naked cloud instance, don’t necessarily have visibility into the performance mechanisms that Versa provides with and end-to-end SD-WAN fabric. With Versa, customers are getting the cost benefit of application-level security as well as next-gen firewall into the same package of software that also executes SD-WAN performance monitoring.
Versa SD-WAN with AWS integration is also a new standard for total cost of ownership advantage. The price-per-bit picture becomes much clearer because customers have security and performance, while reducing the number of devices under management on premise, and every function, from on-premise branch to multiple clouds and back, are being reported in a holistic manner through one Versa console.
Amazon VPC Ingress Routing Overview
Customers want the flexibility to control the routing path of their traffic and direct traffic packets through virtual appliances of their choice. Amazon VPC Ingress Routing is a new service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.
Amazon VPC Ingress Routing will address the following use cases:
- Screen all external traffic: Customers can choose to route incoming traffic from the internet on from on-premises environments through security appliances of their choice, such as firewall, before the traffic reaches the subnets.
- Intercept traffic flowing into different subnets with separate appliances: Amazon VPC Ingress Routing allows customers to segment the incoming traffic packets based on the subnets to which these packets are destined and route these packets through appropriate appliances. For example, a customer can enter routes to direct traffic to subnet A to first go through an advanced firewall, traffic to subnet B to pass through intrusion detection, traffic to subnet C to pass through WAN acceleration, etc.
Versa is announcing its support for Amazon VPC Ingress Routing, which was unveiled today at AWS re:Invent 2019. Versa’s disruptive SD-WAN technology is fully integrated with AWS to take advantage of Amazon VPC Ingress Routing, so that mutual customers can associate route tables with the internet gateway and virtual private gateway to redirect ingress traffic through network and security appliances such as Versa VOS™ (formerly FlexVNF).
From an SD-WAN perspective, connecting edge networks and the user experience with the cloud is one of the most critical aspects of a progressive SD-WAN solution, which enables companies to move workloads back and forth from clouds to on-premises as seamlessly as SD-WAN is executed on-premises only. Versa service provider partners are also able to take advantage of Versa support for VPC in order to create the best user experience as possible for their customers.”
Versa-AWS Solution Highlights
- Accelerates cloud migration by allowing you to move data and applications to your new AWS environment fast and efficiently
- Strengthens network security by allowing you to leverage consistent security policies across your local environment and AWS
- Improves network performance by more efficiently utilizing network bandwidth with multi-path WAN connectivity
- Simplifies network management by giving you a single console for managing network policies across branch offices, data centers, and AWS
Versa-AWS Key Features
- Centralized management and policy control: Control both on-premises and AWS policies from the same console. Use zero-touch configuration to deploy additional gateways and scale your AWS-based SD-WAN as needed
- Intelligent routing, traffic prioritization, and network segmentation: Use application-aware routing and the ability to identify more than 2,500 specific applications, to carefully map different applications across MPLS and Internet/broadband based on business policy and app-specific SLAs. Segment networks to meet each one’s individual requirements
- Integrated security: Use next-generation firewall and URL filtering functionality in the branch and malware protection alongside the Versa SD-WAN controller in your AWS environment for an additional layer of protection
Additional technical features of the Versa solution include:
- Access bonding and per-packet load balancing: the ability to support bandwidth-sensitive traffic over two low bandwidth circuits
- Unidirectional measurement and steering: allow an SD-WAN branch to utilize a different path for transmitting and receiving traffic
- Packet replication: distributes the same packet across multiple paths to reduce the impact of packet drops, thus avoiding risk to latency
- MOS–based traffic steering: Dynamic traffic steering for voice and video traffic both on-premises and in the cloud based on real-time experience scoring
For more information about AWS ingress routing, visit the blog link here: