Software Defined Wide Area Networks (SD-WAN) with cloud-based Security (SASE)
SD-WAN/SASE
For organisations with multiple sites that are still traditionally connected (MPLS, KPN/Vodafone/Tele2 private network etc) and handle their internet traffic in a central data centre, there are now new options, offering them more flexibility, a better end-user experience, better security and often cost savings.
In those traditional connections, secure internet access is not provided, so all internet traffic is sent back to the central data centre to enter the internet from there. That is centrally manageable (=easy to do) but causes extra load on the connections, the internet connection (and firewall) at the data centre have to be extra large, and there are extra delays.
By deploying SD-WAN as a replacement for the traditional connection and then linking it with Cloud-based security (SASE), all these drawbacks can be removed in 1x, with the added advantage that home workers can also be linked to SASE security.
Users from a location can access central applications in the Data Centre via SD-WAN, and because of the local link to the Cloud SASE solution (where all internet-related security is handled) can also access the internet (also called 'local break-out') super-fast and securely, without having to go to the data centre first (also called 'backhauling')
SD-WAN ('Software Defined Wide Area Network') uses standard connections (usually Internet, via xDSL, cable, fibre, 4G/5G etc) and possibly still available 'traditional connections' such as MPLS etc. The latter seems strange, but is very common in practice, most contracts for those 'traditional connections' cannot be simply terminated but can be reduced/reduced in bandwidth. That 'too small' bandwidth can then still be used for critical applications.
SASE ('Secure Access Service Edge') uses internet connections to link to a Cloud-based infrastructure where security is handled, with connection points (also called POP or Point Of Presence) available all over the world. A user in South America is thus seen from a public IP address from that same region (no problems with Geo Blocking etc), and access to a website from that region is also simply fast because the traffic stays in the region.
Both SD-WAN and also SASE also ensure that new locations can be rolled out super fast, for both connectivity (SD-WAN) just as security (SASE) only internet is needed at that location, where one can start with 4G/5G to be operational within a few days.
First Presentation
Palo Alto Networks
Abstract
Significantly simplifies network operations while improving end-user experience
Florian Buijs
Speaker's bio
Florian Buijs | Channel Systems Engineer Netherlands
Second Presentation
Cisco Systems International B.V.
Abstract
The Anatomy of SASE - Build for Speed, Security and Success!
Ernest Pronk
Speaker's Bio
Ernest Pronk | Product Specialist SD-WAN - SASE
Links
Global CyberSecurity Leader Palo Alto Networks
Cisco SDWAN and SASE additional information:
CISCO Software Defined WAN (SD-WAN) FAQ
Secure Access Service Edge (SASE)
Security Reference Architecture with Use Cases version 2.0.1
Previous SDN KIVI-Telecom meeting:
Software Defined Networking (SDN) in telecoms dd 12 February 2019