SD-WAN Built for the Modern Workforce
Elasticity That Meets Business Demands
When deploying SD-WAN through a network functions virtualization (NFV) model, capacity can dynamically scale up or down without replacing or adding proprietary hardware.
For example, branch bandwidth can be doubled in minutes either automatically or using commands from the central provisioning portal – with no truck roll or appliance swap-out. If a branch needs more capacity due to a network traffic spike, the SD-WAN can automatically scale up to meet the demand. When the network spike subsides, the SD-WAN will scale down as needed.
Genuine Multi-Tenancy at the Branch
Multi-Tenancy enables the partitioning of a single network to support multiple customers, departments, and job functions, with each customer or user only able to see and manage their tenant segment. Secure SD-WAN is a carrier-grade solution with full multi-tenancy at both the head-end and branch. Service providers operating SD-WAN managed services and large enterprises operating different SD-WANs for separate business entities can support up to 250 customers per single 1RU server running the Secure SD-WAN controller.
At the branch, a single Secure SD-WAN software instance can support multiple local tenants or business entities. Also, each tenant can support role-based access control. The result is much lower infrastructure costs, better security, and more agile service delivery.
Network Segmentation to Reduce Risk
Cyberattacks and network breaches are on the rise as the attack surface of an enterprise branch office increase exposure. SD-WAN can reduce these attack surfaces by segmenting the network by a class of traffic and based on responsibilities or job functions. However, this can only be implemented with an SD-WAN that has full network and security services within a single edge device or image. To achieve segmentation, SD-WAN almost needs to require multi-tenancy across the entire enterprise network perimeter.
A Flexible and Distributed Service Architecture
With NFV, service providers and large enterprises have the flexibility to decide where to deploy and run each layer of network or security functions – either on-premises in the branch office or centrally through the enterprise data center or service provider point-of-presence (PoP).
For example, compute-intensive services such as anti-virus and IPS can run centrally, while services that are key in the branch, like application identification, SD-WAN, routing, and firewall, can run locally. Also, Secure SD-WAN can integrate critical network services using service chain definitions for local and remote functions, depending on the business need.
Centralized, Automated Operations
A software-defined and NFV-based approach to SD-WAN simplifies the provisioning of branch devices and delivers network and security services from a single point of control. This avoids the need for technical personnel on-site to deploy and configure the solution. Instead, SD-WAN services can be deployed (bandwidth and service capacity increased or enhanced with additional functions automatically) all without requiring any on-site presence, hardware refreshes, or manual interaction.
Additionally, if a branch site(s) requires a unique set of network or security functions, the branch can be serviced individually and automatically from a single management portal. The management portal needs to allow for role-based administration for flexible configuration and ongoing policy management.