Next-Gen SD-WAN Services

Kumar Ramachandran
Kumar Ramachandran, Head of Product Management

CloudGenix Logo

“With powerful ML-based capabilities, we deliver dramatic reductions in ‘day two’ operational costs. A customer recently told us they reduced their WAN costs by 82%.”

Two significant shifts have occurred in the past decade which have changed the way applications are disposed of and managed: cloud computing and the availability of low-cost, high-performance Internet connections. I/T businesses deployed robust MPLS-based private WANs to render secure connectivity from remote offices worldwide to a lesser set of corporate data centers where applications were hosted. However, these legacy network architectures bestow a series of debilitating limitations when migrating to cloud computing or using advantage of commodity internet connections for high availability remote office or performance.

With a legacy network architecture, the application crowd is transmitted from the remote office to servers in the data center over MPLS private WAN connections. Although these networks established the standard for security, they are also an order of magnitude more costly than standard Internet broadband or cellular connections. Further, cloud-hosted and software-as-a-service (SaaS) applications do not live in the data center, and usually, a direct path to the internet from the remote office would present better performance and substantially lower cost.

I/T organizations have become habitual to managing networks by configuring a series of fragmented, weak, and sometimes non-interoperable features on low-level networking devices. Companies today are demanding that the inherent complexity be decreased or eliminated in favor of company-wide policies that map to purpose rather than elements that only seasoned veterans experience. Policies today, map to IP addresses, queues, ports, and interfaces, where they should map to applications, networks, sites, and profiles for administration, compliance, and security.

With cloud applications converting into the new normal, I/T also requires a way to see end-to-end performance and availability for all applications and networks, whether deployed in the data center or the cloud. While numerous mature solutions exist as an add-on to the network, these require additional software, servers, and agents to meet the full spectrum of visibility needs and often lack when dealing with applications that could use various network links or have applications deployed in the cloud. Networking must change to accommodate the new normal of cloud applications.

CloudGenix, a Palo Alto Networks company’s Software-Defined WAN (SD-WAN), is the industry’s most comprehensive solution for customers that want to build hybrid networks consisting of MPLS private WANs and commodity internet connections for remote office high availability, cloud application adoption, application performance, and end-to-end visibility. Powered by CloudGenix Instant-On Networks (ION) devices deployed in locations where visibility and control are desired, CloudGenix SD-WAN allows you to create policies based on business intent rather than a series of fragmented networking features, enables dynamic path selection using the highest performing network, and provides visibility into performance and availability for applications and networks.

AppFabric, a secure application fabric, is ascertained amongst all ION devices, building a virtual private network (VPN) over every WAN link. Policies are established aligned with your business intent, specifying performance, compliance, and security jurisdictions for applications and sites. ION devices will automatically determine the best WAN path for the applications based on business policy and real-time analysis of the application performance metrics and WAN links.

The Advantages of a Unique Solution

The CloudGenix SD-WAN solution presents a wealth of benefits for businesses:

Implement a Software-Defined WAN: CloudGenix ION empowers users to take advantage of a diverse set of WAN transports including MPLS, LTE, and broadband to create a secure, unified, high-performance, highly-available hybrid WAN for their enterprise. With CloudGenix ION, WAN paths are dynamically chosen based on policy and real-time performance measurement, while the configuration of complicated routing protocols and fragmented networking features are virtually eradicated.

Confidently Deploy Cloud and SaaS Applications: CloudGenix ION allows users to reach the production and availability demands required when deploying cloud and SaaS applications, inclusive of remote office WAN high availability, bandwidth, and consistent latency. With CloudGenix ION, the best route for the cloud and SaaS applications is direct internet connections, relieving private MPLS links while enhancing end-user performance.

Reduce Remote Office Infrastructure: CloudGenix ION can help decrease the number of devices needed in remote offices by replacing routers and zone-based firewalls. Any WAN link with an Ethernet connection can be connected directly to the CloudGenix ION; any WAN link with a non-Ethernet connection will need a modem or equipment from the client’s provider to connect to the CloudGenix ION. Along with reducing remote office hardware, management and operational expenses are reduced.

Unify Policies on Business Intent: CloudGenix enables users to configure policies for performance, acquiescence, and security based on business intent rather than low-level network characteristics. By establishing policies according to the application, sites, and networks, uncertainties of misconfiguration or misinterpretation, commonly encountered when configuring routers and firewalls, are bypassed completely. With CloudGenix ION, users can move closer to a software-defined enterprise.

Reduce Dependency on Private MPLS WANs: CloudGenix ION allows clients to take advantage of diverse WAN transportations in the remote office and data center, including broadband and LTE. By integrating these transports and defining application methods for performance, private MPLS links can be maintained for internal applications while Internet connections can be used for cloud and SaaS applications. Further, Internet links can be used as prime or backup VPN connections between sites. With CloudGenix ION, the dependency on private MPLS WANs is reduced, generating an opportunity for substantial cost savings.

Understand Network Health and Usage: CloudGenix ION continually monitors your WAN links’ health and performance within each site and can be viewed within the CloudGenix cloud management portal. With visibility into usage by WAN link type, overall link health, top applications, link-level statistics (bandwidth, loss, latency, jitter), and concurrent flows, you can quickly see how your WAN links are performing and discover actionable insights.

Gain Instant Visibility into Application Performance: CloudGenix ION dissects application proceeds to measure key performance indicators for dynamic path selection and clarity. CloudGenix gives visibility into the elements contributing to application response time, overall application throughput, quality and health, and transaction statistics. Visibility into these metrics helps understand how applications perform and identify the root cause of performance issues for data center and cloud applications alike, eliminating finger-pointing.

Palo Alto Networks Had Everything but WAN

As strong as the Palo Alto Networks security platform conception was, the WAN portion was missing. Last year, it bounced on the move to SASE through its Prisma Access, which extended cloud-native security and a thin-edge SD-WAN. Prisma Access has presented IPSec and SSL VPN for many years but did not have the full feature set that CloudGenix has. CloudGenix combines this component, giving Palo Alto Networks a full SASE offering.

Gartner’s definition of SASE is built around the notion of integrated network and security that’s cloud-delivered. Most of the SASE vendors are powerful in networking and partner in the areas of security, which isn’t SASE, but Palo Alto Networks will now have native network and security capacities.

CloudGenix has a very lightweight appliance, also usable in a virtual form factor, that will let Palo Alto extend its security fabric to the branch. The zero-touch stipulation endpoint makes it fast and easy to onboard remote locations, retail shops, and, in the future, internet of things (IoT) endpoints. One of the byproducts of COVID-19 is that it showed how deficient most companies are at scaling their remote access infrastructure. COVID-19 will act as a catalyst for change and shift more applications out of corporate data centers and enduringly shift many people to work from home.

AI-infused network appliances

The two appliances each target a diverse set of environments. The Ion 1000 is designed for uniting retail stores and other edge sites to the centralized wide-area network that links a company’s disparate locations. The largest CloudGenix device joins the CloudGenix Ion 9000 to date, which Palo Alto Networks targets at more significant locations such as corporate headquarters.

The new AI features, in turn, focus on facilitating network troubleshooting. A common troubleshooting difficulty is that maintenance tools tend to generate many alerts for technical issues, making it difficult to picture the root cause. According to Palo Alto Networks, the AI technology it has combined with CloudGenix can automatically group alerts tied to a common root cause to enhance the speed with which administrators can implement the fix.

The technology is also proficient in fixing some performance issues on its own. Palo Alto Networks makes the strong claim that its software can eliminate up to 99% of support tickets associated with wide-area network and application access problems.

“With powerful ML-based capabilities, we deliver dramatic reductions in ‘day two’ operational costs. A customer recently told us they reduced their WAN costs by 82%,” says Kumar Ramachandran, the head of product management for Palo Alto Networks’ firewall-as-a-platform business line and previously chief executive of CloudGenix.

Applying AI to automate troubleshooting is an approach that other players in the wide-area networking market are embracing. Juniper Networks Inc. joined the fray recently. A few weeks earlier, Hewlett Packard Enterprise Co.’s Aruba unit rolled out an AI-powered platform to support customers automate network operations.

Cybersecurity, Palo Alto Networks’ main practice, was also a focus in today’s update. The company is supplementing integrations between CloudGenix and its Prisma Access platform for shielding enterprise networks from cyberattacks. As a result, administrators will obtain the ability to configure security perspectives for their companies’ CloudGenix-powered infrastructure through the Prisma Access interface.