SOLUTION BRIEF
Integration of Cloud Networking with SD-WAN
by chinedu egonu
SDWAN in Today’s Cloud Era
A unified elastic WAN bandwidth service In addition to higher reliability, improved application performance, and overall ease of management are some of the many benefits organizations enjoy from having deployed SDWAN solutions In their network. However, with cloud adoption on the rise, organizations acquire virtual DCs in cloud provider regions for their applications and make network architectural changes to accommodate new traffic flows to these virtual data centers in the cloud. as well as existing branch offices and DCs. This new architecture, where the cloud becomes the hub of the enterprise, also introduced challenges that is not addressed using SDWAN
Challenges Not Addressed By SDWAN
Operational Complexity: Additional Cloud regions meant having to manage more SDWAN router appliances than before since being in the cloud meant more (virtual) data centers that need to be managed. In addition, it increases the size of the mesh tunnel infrastructure(2 tunnels per SDWAN appliance)
Scaling: These appliances are typically not cloud-native and do not meet the scaling needs of the organization in the cloud.
Performance and Visibility - Securing branch connectivity to the cloud using IPSEC tunnels impacts overall performance and network visibility to and within the cloud especially when the tunnels run over the public internet.
Networking and segmentation in the cloud is complex - SDWAN is ideal where connectivity and networking to the cloud is required. However, it falls short where connectivity, networking, and segmentation between VPCs/VNETs in the cloud are required. Also, Micro-segmentation policies based on L7 information were difficult to enforce as SDWAN policies are built using L3 parameters.
As Work From Anywhere policies are embraced, remote user locations have become offices of the organizations and are not properly served by the SDWAN solution. Remote access VPN solutions were used to connect users to the SDWAN fabric in a colo-center for connectivity to the cloud.
Prosimo + SDWAN - Complete Cloud Networking Architecture
When designing a cloud networking architecture, it’s important not only to address requirements for traffic flows to the cloud but also to address requirements for traffic flows within the cloud where applications communicate with other applications and services. These requirements cover areas across;
- Connectivity and networking – where branch offices can connect to VPCs and VNETs deployed in the cloud. This involves leveraging the cloud provider’s native constructs such as TGW, VWAN, Private link, etc.
- Security – where macro to micro-level segmentation policies can be enforced to ensure only authorized network segments and applications are allowed to communicate between branches and the cloud environment. Also, additional security services like WAF, NGFW, etc. are required to inspect traffic flows.
- Work from Anywhere – where remote users not served by the SDWAN solution can access branch and cloud environments securely. Access to these environments must be based on Zero trust principles.
Organizations can use the Prosimo platform to complement their existing SDWAN solution and complete their cloud networking architecture. Prosimo creates a secure network fabric at Layer 3 and – optionally – through Layer 7 at the application layer in the cloud. This flexibility means you may connect subnets within one cloud or across clouds with the flexibility to microsegment down to an individual IP address. Whether it is between CSP regions or crossing over to another cloud (public or private), Prosimo establishes secure transit with consistent policy in only minutes. This requires a limited understanding of CSP services and zero need to understand or configure network policies at the L3/L4 level, which reduces your exposure to technical debt.
Organizations can continue to use their existing SDWAN solution to connect their branches and DCs to the cloud by aggregating all SDWAN tunnels within a Colo-center/POP using MPLS underlay. From within the POP, they can offload cloud traffic to Prosimo where the platform will not only handle seamless connectivity and networking to any region in the cloud but also address their network requirements within the cloud. They can also use Prosimo to expand to new cloud regions and provide the right access to cloud resources based on Zero Trust principles.
Value Proposition - Prosimo + SDWAN
Keep existing SDWAN solutions for Branch-to-Cloud and branch-to-DC workflows.
Reach multiple clouds, internet, and SaaS through SDWAN fabric and Prosimo onramp
Cloud Networking within/across the regions and cloud providers.
No chokepoint in connectivity to clouds
Network and application layer segmentation.
Orchestration of could native components (TGW, VWAN, Private link attachments, DNS, Route table management)
Advanced security controls - Traffic inspection via WAF, Zero trust identity, and context-aware access for users
Performance and Cost Optimization for all connectivity “Highways”
Consistent policy enforcement via the Prosimo Policy engine - across regions and cloud providers.
Operational readiness for Day2+
Deep Cloud network and applications visibility
Business Outcomes
Accelerate time to value: deliver secure cloud networks in minutes, not days - as fast as cloud compute and data infrastructure.
Avoid technical debt: reduce your dependence upon specialized networking or CSP-specific expertise.
Increased productivity: reduce maintenance windows due to virtual appliance failures, upgrades, or patching. Find and fix problems faster by isolating the network from application problems.
Control cloud network costs: Leverage cloud-native infrastructure and utilize existing cloud services for connectivity and networking to endpoints.
The bigger picture
The Prosimo platform compliments an SDWAN solution and enables an organization to address its connectivity, networking, optimization, and security requirements in their cloud, branch, and DC environments.