SD-WAN SOLUTION

www.securevate.com
CONTENTS

INTRODUCTION ...................................................................................................................................3
SD-WAN OVERVIEW ............................................................................................................................3
BENEFITS OF SD-WAN.........................................................................................................................5
WHY SECUREVATE SD-WAN................................................................................................................6
FEATURES OF SECUREVATE SD-WAN................................................................................................11

www.securevate.com
 INTRODUCTION
What is SD-WAN ?

Software-Defined Wide Area Networking (SD-WAN) is a transformative

technology that simplifies the IT infrastructure control and management by
delivering a virtual WAN architecture that securely connects users to their
applications.

It is a centrally managed network that allows enterprises to utilize different,

and typically lower cost, WAN interfaces such as broadband and wireless
networks for creating their enterprise network architecture in an agile and
customizable manner.

Software-defined WAN (SD-WAN) was chosen to unify the networks and

deliver
infrastructure modifications to simplify transport and increase the overall
efficiency. We are developing SECUREVATE SD-WAN to meet the Client's
reqqurement.

3 www.securevate.com
 WHY SD-WAN?

Because SD-WAN is cloud-delivered and software-based, it allows for network

agility, is easy to deploy, and enables central management and control. It also
helps companies reduce the amount of WAN traffic on leased lines, shifting some
of it to broadband Internet connections and cloud-based applications.

With SD-WAN, companies can quickly add access to cloud services, set up a new
remote office, and dynamically route all types of network traffic for optimized
application and data delivery. SD-WAN allows for various deployment options,
including complete cloud- or software based, hardware based, or a hybrid
deployment. Also, a centrally-located orchestrator monitors all network activity to
deliver real-time analytics and reporting as well as remotely remediate any issues.

Performance and Reliability Virtual Service Platform

Deliver hybrid WAN with high
performance reliability,
transport, and provider flexibility
to assure optimal performance
even for demanding
applications, such as voice and
video.
Reduce the branch office
footprint with a single click.
SECUREVATE SD-WAN
enables seamless insertion and
chaining of virtualized services
on-premises and in the cloud.

Cloud Network Automation and Orchestration

Eliminate data center backhaul
penalties with a cloud-ready
network to provide an optimized
direct path to public and private
enterprise clouds.
Centralized monitoring, visibility and
cloud control enable zero-touch branch
deployment while delivering automatic
business policy and firmware updates,
link performance, and capacity
measurements.

4 www.securevate.com
 Benefits of SD-WAN
SD-WAN solves network complexity while cutting total cost of ownership. SD-WAN
simplifies operations through rapid zero touch provisioning and cloud management,
optimizes app performance over any WAN link, accelerates cloud adoption through
managed on-ramps, and offers robust edge security.

Enables Migration To End-to-End Virtual Simplified WAN

the Cloud Services Platform Operations

SD-WAN delivers hybrid,
multi-cloud, and SaaS
functionality to support
the needs of businesses
today.
SD-WAN connects any
device or any user to any
application across any
location on the WAN with
in-depth network
analytics and security via
a network overlay.
Branch and remote site
deployments are made
simple with global WAN
visibility, agility, and scale
delivered through an
automated platform.

Overlay & underlay – Separating the network layer from the applications
Separation of data & control
Tunnels between sites and the cloud
Policies – application, quality of experience, security
Local internet breakout – Direct Internet Access (DIA) is typically possible
depending on the architecture of the specific solution and its deployment

5 www.securevate.com
 Why SECUREVATE SD-WAN ?
Times have changed, and enterprises are using the cloud and subscribing to
software-as-a-service (SaaS). While users traditionally connected back to the
corporate data center to access business applications, they are now better served
by accessing many of those same applications in the cloud.
As a result, the traditional WAN is no longer suitable mainly because backhauling
all traffic—including that destined to the cloud—from branch offices to the
headquarters introduces latency and impairs application performance

Not all SD-WANs are created equal. Many SD-WAN solutions are basic SD-WAN
solutions or “just good enough” solutions. But we are here for the the best. We'll
provide

Faster Better

More secure Cost Efficient

6 www.securevate.com
 Faster

Faster networks – The disaggregation of transport and applications where

enterprise networks become transport agnostic, allow to utilize multiple WAN
interfaces for achieving better (faster) application delivery to end users. SD-WAN
services typically offer the capabilities for defining routing policies based on
business needs (application prioritization and quality of experience based
decisions), this is basically one of the primary pillars of what is SD-WAN
technology. Typically, SD-WAN vendors offer in their products or services the
option to route traffic from branch offices directly to the internet. This option of
Direct Internet Access (DIA) is an important requirement for improving the speed
of your network. Some of the SASE services do require backhauling all traffic
through central points of presence and over a dedicated backbone of the SASE
service provider. This network architecture should be carefully examined as in
many cases, it increases latency and results in higher cost. Although Gartner
does include backhauling of data through cloud POPs in its recommendation, one
needs to consider this recommendation with reference to its specific enterprise
requirements for performance, security and cost.

Agile network architectures – Network agility is also an important item on the SD-
WAN benefits list. Different from traditional WANs, being software defined and
centrally managed, network architecture of hub and spoke, full mesh or any
combination of these architectures, can be quickly provisioned and changed as
required on SD-WAN networks. Different from the fixed nature of traditional
networks, SD-WAN architecture gives agility in the hands of network
administrators, through automation, network performance may grow and shrink as
workloads and associated business requirements change. Backup network
interfaces may be added or removed as network requirements change. This
completely changes the traditional paradigm of fixed connectivity contracts and
network designs that inhibited flexibility.

7 www.securevate.com
 Better

Reliability of the network – One of the important SD-WAN benefits relates to network
reliability. In the past, a site would lose its connectivity due to failure of a single dedicated
line that serves the site. Even if several connections were available, the routing policies
would be fixed so some of the applications or users in the organization would lose their
connectivity in the case of such network failure with no way for network admins to define
dynamically policies based on importance of services or users. SD-WAN changes this as
a typical SD-WAN product would allow to define failover and load balancing policies that
would ensure better and more reliable delivery of specific applications even when
network conditions deteriorate or even in cases of specific network interfaces failure. This
benefit of network reliability is one of the key elements of what is an SD-WAN solution all
about.

Network automation – Both on-boarding of new locations as well as the on-going

operation of the network and adaptation to changing network conditions and workloads
are automated in SD-WAN. Through zero touch provisioning (ZTP) devices are
connected to power and ethernet and automatically provisioned in the central
management system. Policies for changing routing logic are defined and pushed to
network edge devices from this central management system and come to action
automatically as changes are identified by the system. Additionally, DevOp tools can be
utilized so that networking bandwidth and associated routing and security policies can be
provisioned dynamically as compute and storage change.

Cost Efficient

Reduced OPEX – Being transport and service provider agnostic is another pillar
of SD-WAN benefits. An enterprise can choose which Network Service Providers
(NSP) to purchase connectivity from, moreover, the enterprise can purchase
different types of network connections such as broadband, 4G or 5G cellular
connections or even MPLS, define the utilization of these different network
connections based on quality, cost and other enterprise requirements.
Additionally, such policies can be dynamically changed from one central
management system. The nature of centrally managed SD-WANs also results in
the reduction of IT people required for managing the network, instead of logging
into each edge device and configuring it through a Command Line Interface (CLI),
all edge devices can be centrally configured and managed.

8 www.securevate.com
 Reduced CAPEX – This is one of those SD-WAN benefits that is many times
neglected in the decision making process. Although one of the promises
associated with the definition of what is SD-WAN was hardware agnostic, some of
the SD-WAN vendors continue to require a bundle of hardware and software
resulting in high Total Cost of Ownership (TCO) and greater vendor lock-in. Being
hardware agnostic is an important requirement enterprises and service provider
should present to SD-WAN vendors. Being able to run on commodity hardware
devices, on virtual machines or in public/private clouds gives enterprises choice,
more control and lower capital costs.

More secure

End-to-end encryption – Most of the cloud SaaS applications encrypt the traffic
of their applications, but not all enterprise data sent between locations is
encrypted. Even many of the voice and video communications services don’t
encrypt the payload (the actual data of voice and video). The SD-WAN
architecture typically allows for secure (encrypted) tunnels between locations of
edge devices (software and hardware) thus making sure that all traffic in motion
will be encrypted. In this regard, it is important to analyse the architecture of
some of the SASE vendors. When looking at the Gartner definition of
recommended SASE architecture, you would find a fixed network architecture of
hub and spoke where all enterprise traffic is routed through cloud Points of
Presence (POPs) of the SASE vendor or service provider. This SASE architecture
would typically require a man in the middle decryption of the traffic. It doesn’t
mean that this type of SASE network architecture doesn’t have merit, it does
mean that enterprises should understand the details of how the SASE service is
provided to them and understand the pros and cons of each option.
SECUREVATE SD-WAN allows for more flexibility and choice in all relevant areas
of SD-WAN and SASE deployments. This includes network architecture, routing
policies, the security services used and how each specific data or application is
routed according to those selected choices of security and network architectures.

9 www.securevate.com
 Zero trust networks – this capacity of zero trust is one of the SASE benefits although it
is not always offered by all SASE vendors. Given the strong relationship between SASE
and SD-WAN, zero trust is also achieved with secure SD-WAN solutions. Providing 1:1
micro-segmentation between users and devices communicating with services,
applications, and data. Whitelist security policies of what is allowed in a least privileged
model instead of a blacklist model that defines where network traffic cannot go. Anomaly
detection provides early detection if a user is misbehaving or a device has been infected
with malware.

10 www.securevate.com
 Features of SECUREVATE SD-WAN

WAN side DHCP

Devices handling and viewing

improvements

More NAT Traversal options,

including single-side symmetric
NAT traversal

Monitoring enhancements

Additional, non-ethernet,
interfaces (LTE, WiFi)

side APIs and UI

Security features & Firewall with

IDS/IPS

11 www.securevate.com
 Features of SECUREVATE SD-WAN

Cloud OnRamp for Colocation

Public cloud integrations into

AWS, Azure, and Google Cloud
Cloud OnRamp optimization for
SaaS applications

802.1Q, native VLAN, bridge

domains, Integrated Routing and
Bridging (IRB), host-mode
bridging

Enhanced Monitoring

Remoate VPN & Advanced QoS

Zero-Touch Provisioning

Multi-Tenant Accounts and

Users

12 www.securevate.com
 Features of SECUREVATE SD-WAN

IPSec over VxLAN tunnels

Flexible tunnel configuration:

Full-Mesh, Hub & Spoke, Partial-
Mesh

Tunnel quality metrics

Application Identification
(L3/L4)

Multiple WAN/LAN interfaces

Application based path selection

policy & Static routes
configuration

Internet Breakout & DHCP server

13 www.securevate.com
 Features of SECUREVATE SD-WAN

Monitoring & Dashboards

Error detection and notifications

on multiple channels

OSPF, external BGP (eBGP),

internal BGP (iBGP), EIGRP,
ECMP, static, connected OMP

FEC and packet duplication for

User Datagram Protocol (UDP),
TCP optimization, Cloud
OnRamp optimization for SaaS
applications

Internet Group Management

Protocol (IGMP) v1/v2/v3, Protocol
Independent Multicast (PIM), Auto-
RP, scale-out traffic replication

Route policies, app-aware routing,

control policy, data policy, Access
Control List (ACL) policy, VPN
membership policy

Classification, prioritization, low

latency queuing, remarking, shaping,
scheduling, policing, mirroring,
NAT/Port Address Translation (PAT)

14 www.securevate.com
 Features of SECUREVATE SD-WAN

Route policies, app-aware

routing, control policy, data
policy, ACL policy, VPN
membership policy

NETCONF over SSH, Command-

Line Interface (CLI), REST , Linux
shell

IPv4, Simple Network

Management Protocol (SNMP),
Network Time Protocol (NTP),
DNS client

Dynamic Host Configuration

Protocol (DHCP) client, DHCP
server, DHCP relay,
configuration archival

syslog, Secure Shell (SSH),

Secure Copy (SCP)

NAT/PAT, Cflowd v10 IPFIX

export

15 www.securevate.com
Thank You

www.securevate.com