0:12 Let's review Versa SD Wan technology. 0:14 The device group is a group of one or many actual CP devices that share a common configuration or a list of templates associated with them. 0:23 One device group can have one device template, but many service templates. 0:27 In the device template we define common options for similar devices such as VLAN, Wan and LAN interfaces and whether they're static or DHCP, as well a couple of other parameters. 0:36 This is done so that only specific information to a branch needs to be configured during the onboarding process. 0:42 With service templates, we can define more granular pieces of parameters and configurations for things like Ng firewall, UTM, application services, Key West, traffic steering that can be shared across multiple device groups. 0:53 Service templates can be mixed or matched with different device templates. 0:56 In talking about Zerial touch provisioning, when a new device connects for the first time to the network, they'll receive an IP address through DHCP. 1:03 By default, Flex BNF will contact the call home server over a secure IP set connection, inform it that this is a new device and this is its serial number. 1:12 The Versa Global Pre staging server will then inform the device where it needs to connect to. 1:16 Next. 1:17 The device will see an initial configuration and the connection details of how to connect to the head end and controller of the organization or customer belongs to Flexvnet, then establishes an IP SEC tunnel to the appropriate head end controller downloads its final configuration that's been defined in the device group which it has been associated to. 1:38 Now let's see what the initial steps are to enable a Flexvnet device to be on board to the SD Wan network. 1:43 First, we create a device template. 1:45 To do this, we define the template name the organization that belongs to. 1:50 Where it's going to log data, it's SD, Wan controller or controllers and its software subscription level. 2:01 Next we need to find the interfaces and their purpose. 2:04 For example, here 2 Wan interfaces, one for MPLS, 1 is going to be for Internet and we're going to set one interface to be for the LAN. 2:13 Then we need to find what kind of configuration those ports will have. 2:19 That's it. 2:20 And then now the device template is now created. 2:23 So now we need to actually create the actual device and the configuration that will be used on the based off the newly created device template. 2:31 So here we need to provide the serial number of the device, a name of the device, its organization that it belongs to, and a device group to which we're going to the map the device template that we just created in the previous screens. 2:52 So now we need then need to define the device's location information. 3:00 And finally we're going to fill in the variables defined in the device template. 3:04 So here we're going to define the device IP for the LAN interface, its MPLS interface, and then define the gateway address across its MPLS interface. 3:14 And so once we're done, we're now ready to connect to the device network and have it be on boarded using Global ZTP. 3:23 Now we're going to create an application service template where we're going to configure parameters just to guarantee a specific traffic steering behavior. 3:30 So first we create the template and then we give it a name. 3:34 And now here, for example, we're going to find that for voice traffic, no matter the source or destination, voice over IP should always choose the path, the lowest latency, delay variation and lowest packet loss. 3:48 Next, we're going to find that for recreational Internet traffic, such as social media, that Internet will be the primary path and that we're going to failover to MPLS if Internet is unavailable. 4:10 Now we're going to find that for Office 365 traffic, we prefer the Internet and we're going to also failover to MPLS. 4:16 As you can see in the template, you can enable things like FEC or replication based off the application, and you have various other specific parameters you can also define in the template as well. 4:25 Now for Oracle ERP and other Oracle applications, we're going to set MPLS to be primary path and then we're going to have it set to be failed over to Internet if MPLS is unavailable. 4:35 App ID is done utilizing our DPI engine and you can actually create more granular traffic steering profiles utilizing custom forwarding profiles and SLA profiles. 4:44 Now you click deploy and the service template can now be defied to a device or device group. 4:49 Now let's look at how the configure versus security features and policies. 4:53 So we support things based off of device templates to service templates and that's how we configure our security features. 4:59 Here in the networking tab we can configure protection profiles and the DNS proxy based features. 5:06 In the zone protection profiles you can configure protection for general flood traffic port and IP scans, any traffic anomaly for DNS proxy. 5:15 You can also as you see here is configured for Flex VNF. 5:18 We have 5 different rules, internal domains where internal traffic goes to internal DNS server. 5:23 We also have a DNS sinkhole policy and we have a policy set for guest traffic that all we can utilize Google DNS and then the cloud domain policy where we enable policy based forwarding according to Flex VNF's configured SD Wan application traffic policies. 5:38 Next under services where we have denial service authentication, decryption and security policies and profiles. 5:43 And here we have a guest traffic denial of service policy to help prevent someone connected to the guest network and flooding it with denial of service attack that's going to impact the branch. 5:55 Now we're going to go to authentication policies and profiles where we have 4 different policies and profiles based on specific applications. 6:02 And here we can actually enable specific types of authentication based on the app. 6:05 So uses the Kerberos Active Directory sample for single sign on or actually utilize the Flex VNF's local database. 6:11 And then once they're authenticated, we can actually apply specific user group policies. 6:17 Now we're going to show decryption policies when we're going to show you 2 rules first. 6:21 The first rule is all financial healthcare services will not be decrypted and the second policy and rule is going to have everything else encrypted where we then apply a profile to use versus SSL proxy and that SSL proxy could either be a forward or a full proxy and actually support transparent or explicit modes. 6:42 Additionally, as you'll see here, Flex VNF can be configured to be a web proxy where we can actually have where we actually have proxy chaining configured in here for the proxy chain, we actually have two different rules based on application and traffic type. 6:54 So the first rules, Office 365 will break out locally and rule 2 is that going to have all corporate apps will utilize a proxy within the corporate environment. 7:02 Now for our security policy and profiles, we can define a policy based off the zone IP address information headers and schedule layer 7 match conditions based off the application URL category and also user group profiles or policies. 7:18 Once we have our once we have a match, we can then apply some enforcement actions where we can enable logging, packet capture, access control and threat prevention parameters. 7:28 And for threat prevention parameters, you can set it to IP file URL, DNS filtering, antivirus IDs and IPS with specific profiles of their own. 7:36 And then once the profiles are configured and applied to Flex VNF, as you're going to see here, we can then monitor the traffic to see how it's being processed by Flex VNF actually in real time. 7:45 So Versa also provides historical analytics, whether it's for SD Wan security. 7:49 And you can view the data related application URL categories, bandwidth utilization and threats to the site, device and org levels. 7:55 And then each specific category can then be viewed either at a high level or drill down to enable deeper visibility. 8:01 See more details in Verse Analytics we have specific views for application, web traffic, firewall as well as threats. 8:07 And then within the analytic views for threats, we provide insights to the web IP malware vulnerability denial service and then the overall summary on a per site intended basis. 8:15 And then we also provide detailed logs that give greater insights to the user device in the application context. 8:21 With First Analytics you can also generate various reports on services, SD, Wan, security, traffic or monitoring. 8:26 You can get reports like top applications over the last 30 days, top threats as well as a variety of other reports. 8:32 Admins can actually export them either manually right from the dashboard or have it set to be scheduled to be emailed periodically either from Versa Director or Versa. 8:39 Now here we have Flexvnf configured to do device fingerprinting based on Mac address as well as utilizing a RADIUS server for .1 X and then utilizing Mac bypass for a specific device from Versa Directors Monitor tab. 8:51 We can actually show the endpoints discovered on the network at a specific site as well as detailed analytics for every session that gets generated, capturing user, device and as well as location information. 9:01 And then finally, from First Analytics we provide greater visibility with the various different dashboards. 9:06 We actually provide for devices showing information on the device types and models and all these the dashboards can actually be drilled down to as well. 9:19 First Analytics provides extensive visibility in a branch usage Slas and applications that troubleshoot slow to set the branch. 9:25 You can check availability to the site. 9:27 You can check the application performance monitoring dashboard for network response time metrics. 9:31 You can drill down to the application to see its performance over time. 9:35 You can verify the network is the issue by analyzing SLA metrics and plot delay, jitter, and loss to get a better understanding of network conditions. 9:43 You can then isolate applications and then analyze them for congestion and you can actually check usage to actually see if bandwidth levels are actually alarming. 9:50 You can also isolate circuit data and then you can actually check if there's a specific user hogging bandwidth or check for a pattern amongst all the users at a site. 9:58 And so with personal analyzer you can actually troubleshoot if there is a problem and if it's local to the application site or due to network conditions.