Most enterprise digital transformation initiatives embrace a cloud-first strategy for hosting today’s evolving mix of applications. They need flexibility to provide secure connectivity of their users to corporate applications from anywhere and across any type of WAN and from any device.
For many enterprises, the optimal route is to turn to a service provider for a managed SD-WAN service. Managed SD-WAN services pave the way for service providers to compete for additional managed service opportunities outside of their footprint, provide opportunities to acquire new customers and improve customer retention with agile service delivery.
The Silver Peak Unity EdgeConnect™ SD-WAN edge platform enables service providers to build high-performance managed SD-WAN services to drive new revenue streams, expand market reach and deliver SD-WAN services with SLAs in and out-of-region quickly and cost effectively.
Unity EdgeConnect Solution
Three components comprise the Unity EdgeConnect SD-WAN edge platform:
- Unity EdgeConnect physical or virtual appliances (supporting any common hypervisors and public clouds) that support SD-WAN locations ranging from a small branch office to a large datacenter or campus site. deployed in branch offices to create a secure, virtual network overlay. This enables service providers to offer flexible managed SD-WAN solutions which can augment their MPLS services by leveraging broadband or LTE whether site-by- site, or via a hybrid WAN approach.
- Unity OrchestratorSP is a secure, cloud-hosted, multi-tenant management Software-as-a-Service that enables service providers to globally manage and monitor their managed SD-WAN service offering. An intuitive user interface provides unprecedented levels of visibility and control for global customer management with a unique ability to centrally configure and manage secure SD-WAN deployments that are customized per enterprise customer.
- Unity Orchestrator™, included with the EdgeConnect solution provides full visibility, control, and management of a tenant’s enterprise-wide SD-WAN service deployment, including the unique ability to centrally assign policies based on business intent to secure and control all WAN traffic. Service providers can create value-added reports leveraging Orchestrator’s extensive real-time and historical application visibility and reporting capabilities.
- Unity Boost™ WAN Optimization is an optional WAN optimization performance pack that combines Silver Peak WAN optimization technologies with EdgeConnect to create a single, unified WAN edge platform
EdgeConnect Key Features
- > Zero-Touch Provisioning: A plug-and-play deployment model enables EdgeConnect to be deployed at a branch office in seconds, automatically connecting with other Silver Peak instances in the data center, other branches, or in cloud Infrastructure as a Service (IaaS) such as Amazon Web Services, Microsoft Azure, Oracle Cloud Infrastructure and Google Cloud Platform.
- > Virtual WAN Overlays: The EdgeConnect SD-WAN solutions is built upon an application specific virtual WAN overlay model. Multiple overlays may be defined to abstract the underlying physical transport services from the virtual overlays, each supporting different QoS, transport, and failover characteristics. Applications are mapped to different overlays based upon business intent. Virtual WAN overlays may also be deployed to extend micro-segmentation of specific application traffic from the data center across the WAN to help maintain security compliance mandates.
- > Tunnel Bonding: Configured from two or more physical WAN transport services, bonded tunnels form a single logical overlay connection, aggregating the performance of all underlying links. If a link fails, the remaining transport links continue to carry all traffic avoiding application interruption. Network traffic traversing an EdgeConnect SD-WAN can be tuned for availability, quality, throughput and efficiency. This is accomplished on a per-application basis through the use of Business Intent Overlays. Multiple business intent policies can be created, each with its own specific bonding policy. As part of this policy definition, the service provider customers have the ability to customize the link prioritization and traffic steering policies based on multiple criteria, including physical performance characteristics, link economics, link resiliency characteristics and customer-definable attributes.
- > Dynamic Path Control (DPC): Real-time traffic steering is applied over any broadband or MPLS link, or any combination of links, based on company-defined policies based upon business intent. In the event of an outage or brownout, EdgeConnect automatically continues to carry traffic on the remaining links or switches over to a secondary connection.
- > Path Conditioning: This feature provides private-line-like performance over the public internet. Includes techniques to overcome the adverse effects of dropped and out-of-order packets that are common with broadband internet and MPLS connections to improve application performance.
- > Routing: EdgeConnect supports standard Layer 2 and Layer 3 open networking protocols such as VLAN (802.1Q), LAG (802.3ad), IPv4 and IPv6 forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP (version 4), OSPF.
- > First-packet iQ™ Application Classification: EdgeConnect First-packet iQ application classification identifies applications on the first packet to deliver trusted SaaS and web traffic directly to the internet while directing unknown or suspicious traffic to the data center firewall or IDS/ IPS. Identifying applications on the first packet is especially important when branches are deployed behind Network Address Translation (NAT); the correct path must be selected based on the first packet to avoid session interruption.
- > Local Internet Breakout: Intelligently steer trusted internet-bound application traffic from the branch directly to the internet, eliminating inefficient backhaul of all HTTP traffic to the data center. The solution eliminates the potential for wasted bandwidth and performance bottlenecks for trusted SaaS and web traffic. Trusted traffic is sent directly across the internet while unknown or suspicious traffic may be sent automatically to more robust security services in accordance with corporate security policies
- > Cloud Intelligence: Real-time updates on the best performing path to reach hundreds of Software-as-a-Service (SaaS) applications, ensuring users connect to those applications in the fastest, most intelligent way available. Additionally, automated daily updates of the application IP address database to EdgeConnect appliances keep pace with SaaS and web address changes.
- > WAN Hardening: Each WAN overlay is secured edge-to-edge via 256-bit AES encrypted tunnels. No unauthorized outside traffic can enter the branch. With the option to deploy EdgeConnect directly onto the internet, WAN hardening secures branch offices without the appliance sprawl and operating costs of deploying and managing dedicated firewalls.
- > Zone Based Firewall: Centrally visualize, define and orchestrate granular security policies and create secure end-to-end zones across any combination of users, application groups and virtual overlays, pushing configuration updates to sites in accordance with business intent. Using simple templates to create unique zones that enforce granular perimeter security policies across LANWAN-LAN and LAN-WAN-Data Center use cases.
- > Service Chaining: EdgeConnect supports simplified service chaining, using a drag-and-drop interface, to enable service providers to automate and accelerate the integration of security partners’ advanced services like Check Point, Forcepoint, McAfee, Netskope, OPAQ, Palo Alto Networks, Symantec, Zscaler, and secure DNS (e.g. Infoblox) utilizing private secure encrypted IPsec tunnels.
- > High Availability (HA): The EdgeConnect HA cluster architecture protects from hardware, software and transport failures. High Availability is achieved by providing fault tolerance on both the network side (WAN) and on the equipment side. The EdgeConnect appliances are interconnected with a HA link that allows tunnels over each underlay to connect to both.
OrchestratorSP Key Features
- > Single Screen Administration: Automates the implementation of network-wide business intent policies for each enterprise customer, eliminating manual configuration of devices at individual branch locations and enabling secure global administration of deployment assets (appliances and licenses)
- > Multi-tenant Management and Administration: Scales to support SD-WAN deployments for hundreds to thousands of enterprise customers
- > Live View: Monitors real-time throughput, loss, latency and jitter across SD-WAN overlays and the underlying transport services to proactively identify potential performance impacts
- > Real-Time Enterprise Customer Monitoring and Historical Reporting: Provides specific details into application, location, and network statistics, including continuous performance monitoring of loss, latency, and packet ordering for each enterprise customers’ network paths
Accelerate Managed SD-WAN Deployments
Service providers face unprecedented demand for managed SD-WAN services and choosing an SD-WAN management platform that is intuitive and flexible can accelerate service deployments
OrchestratorSP generates unique customer Orchestrator tenants to ensure flexibility in tailoring deployments to individual customer requirements. It securely isolates each customer’s SD-WAN configuration and performance statistics providing to assure robust security. Each tenant Orchestrator enables secure zero-touch provisioning of Unity EdgeConnect appliances in each customer’s branch sites, providing full visibility, control and management of the entire SD-WAN service deployment.
Orchestrator automates the assignment of business intent policies for applications groups to accelerate connectivity across multiple branches, eliminating the configuration drift that can result from manually updating rules and access control lists (ACLs) on a site-by-site basis.
When branch offices are deployed as part of an SD-WAN or hybrid WAN, some applications may require higher performance levels, like accelerating replication data over distance for disaster recovery.
The optional Boost WAN optimization performance pack enables service providers to create tiered WAN service offerings that can be offered as a value-added software service on any EdgeConnect appliance. With a single mouse click in the Orchestrator GUI, service providers can enable enterprise customers to utilize Boost to accelerate application performance where and when it is needed.
The EdgeConnect SD-WAN edge platform also offers the option to service chain with third-party security appliances for additional traffic inspection to ensure a robust and secure SD-WAN solution. Orchestrator includes a drag and drop interface that enables service providers to automate and accel-erate the service chaining of industry leading security partners’ advanced services (e.g. Check Point , Fortinet , Palo Alto Networks, Symantec ), secure web gateways (e.g., Zscaler, McAfee, Forcepoint and OPAQ Networks), and secure DNS (e.g., Infoblox) utilizing private secure encrypted IPSec tunnels.
OrchestratorSP delivers granular visibility into thousands of customer branch deployments for both data center and cloud-enabled applications. It provides the unique ability to centrally configure and manage secure SD-WAN deployments for each individual customer, while providing customized, segregated views and reporting.
Each Orchestrator tenant provides specific details of the WAN performance for each individual enterprise customer (Figure 3), including:
- > Detailed reporting on application, location, and network statistics
- > Continuous performance monitoring of throughput, loss, latency, jitter and packet ordering for all network paths
- > Identification of all application traffic by name and location
- > Alarms and alerts allow for faster resolution of network related issues
- > Bandwidth cost savings report that documents the cost savings of migrating to broadband
Gain Control over the Cloud
Gain an accurate picture of how Infrastrature-as-aService (IaaS) and Software-as-a-Service (SaaS) and are being used within your organization.
- > Name-based identification and reporting of all cloud applications.
- > Tracking of SaaS provider network traffic.
- > Cloud Intelligence provides internet mapping of optimal egress to SaaS services.
Strengthening WAN Security
Advanced capabilities provide cloud-first service providers with the control to centralize and automate security policy governance and safely connect users directly to applications. They enable service providers to centrally segment distributed enterprises’ users, applications and WAN services into secure zones and automate application traffic steering across the LAN and WAN in compliance with predefined security policies, regulatory mandates and business intent (Figure 4). To support enterprises with multivendor security architectures, Orchestrator offers service providers a seamless drag and drop service chaining to next-generation security infrastructure and service.
Boost Application Performance as Needed
Boost WAN Optimization is an optional WAN optimization performance module that includes:
- > Latency Mitigation: TCP and other protocol acceleration techniques are applied to all traffic, minimizing the effects of latency on application performance and significantly improving application response times across the WAN.
- > Data Reduction: Data compression and deduplication eliminates the repetitive transmission of duplicate data. Silver Peak software inspects WAN traffic at the byte-level and stores content in local data stores. Advanced finger-printing techniques recognize repetitive patterns for local delivery. Data Reduction can be applied to all IP-based protocols, including TCP and UDP
Why Add Boost?
Boost enables service providers to create tiered WAN service offering for SD-WAN that includes an optional WAN optimization service that can be offered as a value-added software service on the EdgeConnect appliance.
Silver Peak EdgeConnect appliances alone provide enhanced application performance for broadband or hybrid WAN deployments, utilizing the included packet-based tunnel bonding, Dynamic Path Control (DPC) for real-time traffic steering over multiple WAN links, and Path Conditioning for overcoming the adverse effects of dropped and out-of-order packets that are common with internet connections.
However, sometimes additional performance is needed for specific applications or locations. As distance between locations increases over the WAN, application performance degrades.
This has less to do with the available bandwidth, and is more about the time it takes to send and receive data packets over distance, and the number of times data must be re-sent.
Boost Use Case Examples
- > Customers replicating to a disaster recovery (DR) site thousands-of-miles away might want to add Boost to ensure recovery point objectives (RPOs) are not compromised.
- > Enterprises with remote sites located in rural areas, or with sites that are exceptionally farther away from the company’s data center, might want to add Boost to overcome the effects of high latency. With Boost, customers gain the flexibility to enable enhanced WAN optimization capabilities where and when it is needed in a fully integrated solution.
Overcome Effects of Latency
The time it takes for information to go from sender to receiver and back is referred to as network latency. Since the speed of light is constant, WAN latency is directly proportional to the distance traveled between the two network endpoints. Silver Peak offers a variety of TCP acceleration techniques to mitigate WAN latency, including Window Scaling, Selective Acknowledgement, Round-Trip Measurement, and High Speed TCP.
Windows and other applications that rely on the Common Internet File System (CIFS) often take longer to perform common file operations over distance, such as retrieving and sharing files. Boost helps these applications not only by improving the underlying TCP transport, but also by accelerating CIFS through CIFS read- ahead, CIFS write-behind, and CIFS metadata optimizations.
As packets flow through EdgeConnect appliances, Boost inspects WAN traffic at the byte-level and stores content in local data stores. As new packets arrive, Silver Peak computes fingerprints of the data contained within the packets and checks to see whether these fingerprints match data that is stored locally.
If the remote appliance contains the information, there is no need to resend it over the WAN. Instead, specific start-stop instructions are sent to deliver the data locally.
>> Unity EdgeConnect Technical Support
Flexible Deployment Models
EdgeConnect Virtual (EC-V) — Download and install EdgeConnect from anywhere in the world. The software runs on all common hypervisors, including VMware ESXi, Microsoft Hyper-V, Citrix XenServer, and KVM. Silver Peak customers who have an IaaS presence in AWS, Microsoft Azure, Oracle Cloud Infrastructure or Google Cloud Platform can deploy EdgeConnect within their hosted cloud environment.
EdgeConnect Physical (EC) — For enterprises that are not virtualized in the branch, choose one of the EdgeConnect hardware appliance models for plugand-play deployment.
EdgeConnect Subscription Licensing
Silver Peak offers a Metered Licensing (ML) model. It provides service providers with a flexible pay-as-yougo licensing model that is based on how much bandwidth is consumed per appliance for each month, based on provisioned aggregate WAN bandwidth, and viewed in arrears. Unity Boost™ WAN Optimization is an optional WAN Optimization performance pack that may be ordered and deployed flexibly to sites that require application acceleration. Boost is offered in 100Mbps or 10G blocks.