Network Transformation with 5G: Edge Compute, SD-WAN and SASE
The Promise of 5G
Fifth-generation (5G) mobile network technology promises laser-fast wireless speeds, ultra-low latency and powerful performance exceeding 10s of Gbps.
Despite optimistic consumer expectations of sensational new online gaming and virtual/augmented reality (AR / VR) experiences, the more practical outlook is that 5G is poised to transform enterprise branch networking and the interconnection of enterprise locations, clouds and IoT devices.
Over time, 5G access is expected to increasingly replace older wired WAN and wired internet services, but for the immediate timeframe both legacy and 5G networks must coexist. Enterprises therefore require a sound strategy that encompasses all wired and wireless technologies in a seamless network ecosystem that adhere to established security and performance stipulations.
What is 5G and Multi-Access Edge Computing (MEC)?
5G is the most recent generation of mobile access network technology, superseding earlier 2G, 3G and 4G/LTE networks. 4G/LTE already provided significant enterprise branch connection flexibility, most frequently used for work-from-anywhere (WFA) or mobile employees, temporary edge locations such as kiosks, temporary connectivity while MPLS or other wired technologies are installed, and backup links for wired branch offices. 5G technology not only provides much faster speeds and lower latency, but has the characteristics to become the main—and only—connection for office locations. The ITU specifications for 5G overhauled not only network access capability and speeds, but also the network architecture, enabling new business opportunities that are equally attractive for fixed wireless and mobile wireless use cases.
Multi-Access Edge Computing (MEC) infrastructure reduces network latency by bringing resources closer to the user/edge. Instead of the user accessing cloud resources in a distant data center via mobile access (the 4G/LTE model), 5G/MEC architecture brings distributed data and computing to the edge of the 5G network. SaaS applications using standardized virtualization can be deployed in the MEC.
Why Does 5G/MEC Matter to Your Enterprise?
The highly distributed 5G/MEC environment provides superb end user performance, and significantly more flexible fixed wireless connection options for branch locations. But realizing these benefits also poses new challenges.
- End-to-end orchestration of applications and services across multiple environments
- The need for fundamental multi-tenancy in the fabric of all network components
- Automated instantiation and scaling of applications and services in a highly granular and dynamic manner
- Dynamic, intelligent routing for best-path selection to any number of highly distributed MEC locations, as well as traditional cloud locations
- End-to-end security across different operators, network segments and environments
- A single pane of glass to monitor the end-to-end performance of the front-haul, mid-haul and back-haul network segments, as well as the MEC service nodes
There are several aspects of the 5G transformation to consider in how they may affect, and benefit, your enterprise. Secure SD-WAN technology can help you take best advantage of these 5G opportunities.
- End-to-End Software-Defined 5G Network Infrastructure: Your transport-agnostic SD-WAN architecture allows for flexible inclusion of any transport path, and can monitor and enforce end-to-end SLAs based on your policy settings.
- Software-Defined 5G Network Slicing: 5G Slicing uses network virtualization to divide single network connections into multiple virtual “channels” that provide different SLAs for different applications or traffic types. Your SD-WAN maps and integrates the existing SD-WAN overlays to the appropriate 5G network slices to provide end-to-end control over SLAs assigned to different applications and traffic types, such as IoT or real-time or data application traffic.
- Software-Defined 5G fixed wireless WAN transport: Low-latency, high-bandwidth 5G services with SLAs enable enterprises to use this as fixed wireless transport for branch offices.
- Software-Defined MEC Transformation: For the 5G infrastructure to deliver on its low-latency, high-throughput promises, the compute edge must be very close to the network. The effective use of the highly distributed MEC architecture requires the intelligent and dynamic transport and routing decisions that SD-WAN capabilities deliver.
- Private 5G: Using 5G fixed wireless infrastructure to provide enterprise wireless LAN services can be cost-effective at branch locations. Versa Secure SD-WAN with SASE enables the security required by enterprise locations using 5G for such services.
- Software-Defined SASE-driven Gi/LAN services: SASE architecture can drive a transformation in Gi/LAN service architecture by providing the required dynamic security protection for services running in the Gi/LAN architecture.
How do You Secure 5G/MEC Segments in Your Network?
SASE is the only framework, designed from the ground up, that can enable enterprise-grade security across the 5G ecosystem. The ability of the SASE framework to secure end-to-end sessions based on identity and context, independent of location or transport, is a precondition to secure enterprise transactions and traffic across the entire infrastructure, including wired enterprise, wireless enterprise, internet, traditional mobile (LTE) and 5G transport.
Key Reasons to Use a Secure SD-WAN/SASE for Enterprise 5G/MEC Adoption
It is essential to use a Secure SD-WAN — along with its integral SASE security capabilities — to realize the benefits of 5G/MEC for your organization.
Improved Infrastructure Rollout and Management
- Automate 5G rollout of 1000’s of devices with true Zero Touch using the SD-WAN orchestrator.
- Leverage elastic auto-scaling and network intelligence to meet real-time capacity demands.
- An SD-WAN consumes powerful big data analytics to deliver granular visibility of IoT, cloud, user, device, application, SLA and security insights.
- An SD-WAN dramatically lowers CAPEX and OPEX by using a small form factor, multi-tenant uCPE architecture.
- SASE delivers end-to-end security, visibility, and telemetry for 5G infrastructure and services.
- SASE enforces compliance through a consistent security posture across public cloud, hybrid cloud, on-premises and MEC.
- SASE provides single pane of glass management to implement effective methodologies to leverage 5G network slicing to meet a wide variety of business use cases, such as creating a secure IoT ecosystem.
- SASE provides technical approaches to effectively manage 5G security risks and the tools to design secure private 5G and Gi/LAN architectures.
Improved Services and Performance
- A Secure SD-WAN interworks with 5G network slicing to guarantee aggressive 5G SLAs with end-to-end security.
- SD-WAN is the enabler to flexibly implement Gi-LAN services in various form factors.
Seven Ways Versa SASE Enables 5G Transformation
1. Software-based, Hardware-neutral
5G architecture requires an open, platform-agnostic environment where individual control- and data-plane components can be flexibly virtualized and consumed in a distributed manner in the front-haul, mid-haul and back-haul segments of the 5G network. Versa SASE is consumable on any cloud or COTS server, and can be flexibly consumed at different segments of the 5G network.
2. Cloud-native Unified Multi-services Stack
Open, programmable 5G networks need advanced security and networking intelligence from the ground up. VOS™ delivers full stack security, carrier class routing, SD-WAN and service chaining across LAN, WAN, cloud, and mobile infrastructure. VOS™ is application-aware, transport-agnostic, cloud-native and multi-tenant. VOS™ SASE architecture supports myriad security services on a single VM instance, including ZTNA, NGFW, UTM, DLP, SWG, IPS, URL filtering, SSL proxy, VPN, malware sandboxing, and DNS security. All services are programmable via a single pane of glass using the Versa Orchestrator.
3. Single-pass Architecture for Best Performance
5G promises very aggressive SLAs that demand networking and security capabilities—such as scanning with inline encryption/decryption—at cloud scale. Dedicated appliances for each different function cannot scale to this level. Versa’s SD-WAN single-pass architecture can, by ensuring that the majority of services are performed in the same cloud-service stack, at the same location and at the same time.
Versa Single Pass Architecture
4. Cloud-agnostic Multi-tenancy
5G infrastructure enables Multiple Virtual Network Operators (MVNOs) to use a shared 5G infrastructure. 5G slicing also provides multiple virtual channels on shared infrastructure to deliver differing SLAs. These capabilities require multi-tenancy in all components. Versa SD-WAN delivers complete segregation per tenant of control-plane, data-plane and management-plane traffic. Each tenant can use a multi-level RBAC structure to manage the network with full segmented security.
5. Dynamic Auto-scaling
One promise of 5G is to enable an IoT ecosystem of a vast number of devices. This requires a scalable fabric based on user, device, or application demands. Versa SD-WAN delivers elastic auto-scaling and network intelligence to meet real-time capacity demands.
6. Globally Distributed Points of Presence
A key requirement of 5G architecture is to decouple its control-plane (such as AMF, SMF, PCF) and data-plane (UPF) components so that they can be separately virtualized, distributed and consumed based on SLA drivers or network slicing requirements. This allows servicing user traffic at the edge of the mobile network to maximize performance, but requires security also to be enforced at the edge. Versa SASE security can be consumed on-premises or in cloud, thus acting as a key enabler for 5G edge compute.
7. Zero-touch Cloud Instantiation
5G architecture demands the need for 100’s of MEC nodes, 1000’s of cell site routers and several 100,000’s (perhaps millions) of connected devices. Irrespective of the use case, the prerequisite for fast and seamless instantiation of different participating components has never been higher. Leveraging Versa automation, enterprises and ISPs can manage the complete lifecycle from creation to termination through a single pane of glass, in just a few clicks. This methodology significantly cuts down on operational involvement and delivers the agility to roll out 5G services.
SASE For Dummies
Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.
Find more research, analysis, and information on SASE (Secure Access Service Edge), networking, security, SD-WAN, and cloud from industry thought leaders, analysts, and experts.