As enterprise applications migrate from the corporate data center to the cloud, private line connections such as multi-protocol label switching (MPLS) have proven to be overly rigid and expensive. With greater reliance on the internet, the opportunity to achieve “cloud speed” is better served by integrating broadband services into the WAN transport mix.
The Silver Peak Unity EdgeConnect™ SD-WAN edge platform enables enterprises to dramatically reduce the cost and complexity of building a WAN by leveraging broadband to connect users to applications. By empowering customers to use broadband connections to augment or replace their current MPLS networks, Silver Peak improves customer responsiveness, increases application performance, and significantly reduces capital and operational expenses by up to 90%.
Unity EdgeConnect Solution
Three components comprise the Unity EdgeConnect SD-WAN solution:
Unity EdgeConnect physical or virtual appliances (supporting any common hypervisors and public clouds) deployed in branch offices to create a secure, virtual network overlay. This enables customers to move to a broadband WAN at their own pace, whether site-by-site, or via a hybrid WAN approach that leverages MPLS and broadband internet connectivity.
Unity Orchestrator™, included with the EdgeConnect solution, provides unprecedented levels of visibility into both legacy and cloud applications with the unique ability to centrally assign policies based on business intent to secure and control all WAN traffic. Policy automation speeds and simplifies the deployment of multiple branch offices and enables consistent policies across applications.
Unity Boost™ WAN Optimization is an optional WAN optimization performance pack that combines Silver Peak WAN optimization technologies with EdgeConnect to create a single, unified WAN edge platform. Boost allows companies to accelerate performance of latency-sensitive applications and minimize transmission of repetitive data across the WAN in a single, fully integrated SD-WAN solution.
EdgeConnect Key Features
Zero-Touch Provisioning: A plug-and-play deployment model enables Unity EdgeConnect to be deployed at a branch office in seconds, automatically connecting with other Silver Peak instances in the data center, other branches, or in cloud Infrastructure as a Service (IaaS) such as Amazon Web Services, Microsoft Azure, Oracle Cloud Infrastructure and Google Cloud Platform.
Virtual WAN Overlays: The EdgeConnect SD-WAN edge platform is built upon an application-specific virtual WAN overlay model. Multiple overlays may be defined to abstract the underlying physical transport services from the virtual overlays, each supporting different QoS, transport, and failover characteristics. Applications are mapped to different overlays based upon business intent. Virtual WAN overlays may also be deployed to extend micro-segmentation of specific application traffic from the data center across the WAN to help maintain security compliance mandates.
Tunnel Bonding: Configured from two or more physical WAN transport services, bonded tunnels form a single logical overlay connection, aggregating the performance of all underlying links. If a link fails, the remaining transport links continue to carry all traffic avoiding application interruption. Network traffic traversing an EdgeConnect SD-WAN can be tuned for availability, quality, throughput and efficiency. This is accomplished on a per-application basis through the use of Business Intent Overlays. Multiple business intent policies can be created, each with its own specific bonding policy. As part of this policy definition, the service provider customers have the ability to customize the link prioritization and traffic steering policies based on multiple criteria, including physical performance characteristics, link economics, link resiliency characteristics and customer-definable attributes.
Dynamic Path Control (DPC): Real-time traf- fic steering is applied over any broadband or MPLS link, or any combination of links based on company-defined policies based upon business intent. In the event of an outage or brownout, EdgeConnect automatically continues to carry traffic on the remaining links or switches over to a secondary connection.
WAN Hardening: EachWANoverlayissecured edge-to-edge via 256-bit AES encrypted tunnels. No unauthorized outside traffic can enter the branch. With the option to deploy EdgeConnect directly onto the internet, WAN hardening secures branch offices without the appliance sprawl and operating costs of deploying and managing dedicated firewalls.
Zone-based Firewall: Centrally visualize, define and orchestrate granular security policies and create secure end-to-end zones across any combination of users, application groups and virtual overlays, pushing configuration updates to sites in accordance with business intent. Using simple templates to create unique zones that enforce granular perimeter security policies across LAN-WAN-LAN and LAN-WAN-Data Center use cases.
Path Conditioning: This feature provides private-line-like performance over the public internet. Includes techniques to overcome the adverse effects of dropped and out-of-order packets that are common with broadband internet and MPLS connections to improve application performance.
First-packet iQ™ Application Classification: EdgeConnect First-packet iQ application classification identifies applications on the first packet to deliver trusted SaaS and web traffic directly to the Internet while directing unknown or suspicious traffic to the data center firewall or IDS/ IPS. Identifying applications on the first packet is especially important when branches are deployed behind Network Address Translation (NAT); the correct path must be selected based on the first packet to avoid session interruption.
Local Internet Breakout: Granular, intelligent traffic steering enabled by First-packet iQ eliminates the inefficiency of backhauling all HTTP/ HTTPS traffic to the data center. The solution eliminates the potential for wasted bandwidth and performance bottlenecks for trusted SaaS and web traffic. Trusted traffic is sent directly across the Internet while unknown or suspicious traffic may be sent automatically to more robust security services in accordance with corporate security policies.
Routing: EdgeConnect supports standard Layer 2 and Layer 3 open networking protocols such as VLAN (802.1Q), LAG (802.3ad), IPv4 and IPv6 forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP (version 4), OSPF.
Cloud Intelligence: Real-time updates on the best performing path to reach hundreds of Software-as-a-Service (SaaS) applications, ensuring users connect to those applications in the fastest, most intelligent way available. Additionally, automated daily updates of the application IP address database to EdgeConnect appliances keep pace with SaaS and web address changes.
Service Chaining: EdgeConnect supports simplified service chaining, using a drag-and-drop interface, to enable enterprises to automate and accelerate the integration of security partners’ advanced services like Check Point, Forcepoint, McAfee, Netskope, OPAQ, Palo Alto Networks, Symantec, Zscaler, and secure DNS (e.g. Infoblox) utilizing private secure encrypted IPsec tunnels.
High Availability: The EdgeConnect HA cluster protects from hardware, software and transport failures. High Availability is achieved by providing fault tolerance on both the network side (WAN) and on the equipment side. The EdgeConnect appliances are inter-connected with a HA link that allows tunnels over each underlay to connect to both appliances.
Orchestrator Key Features
Single Screen Administration: Enables quick and easy implementation of network-wide business intent policies, which eliminates complex and error-prone policy changes at every branch
Real-Time Monitoring and Historical Reporting: Provides specific details into application, location, and network statistics, including continuous performance monitoring of loss, latency, and packet ordering for each enterprise customers’ network path. All HTTP and native application traffic are identified by name and location, and alarms and alerts allow for faster resolution of network issues
Bandwidth Cost Savings Reports: Documents the cost savings for moving to broadband connectivity