Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Tech Field days:

...

SD-WAN competitors

Cisco

https://www.talosintelligence.com/

https://umbrella.cisco.com/

vManage or vBond Dashboard ( Cloud service )

vSmart ( controller: processing policy, routing ) cloud service.

Edge: router ASR and ISR series

sw: HV, public cloud: AWS/Azure , VNF(on white box)

3 Functions:

           Encryption ( ASIC, or on x86 )

          Segmentation ( #VRF but easier ) isolation of 

          integrated FW ( Zones, sec policy )

+New security

          NG FW:  App signature DB/App FW , IPS 

         + feeds : Talos ( Thread management)

Cisco Umbrella: cloud service

          security: DNS filtering, blacklist , 

          Internet secure GW: look at the traffic >> scrubb, filter 

+between cloud/S3 storage AWS and user/branch 

Compliance:   Health care: HIPA   Finance:PII

         How the data is manage / personal data management

         Who can talk to what

         How do we respond to attack?

         

https://www.cisco.com/c/en/us/solutions/enterprise-networks/sd-wan/demos/podcast.html

Aryaka

MyAryaka ( cloud )

+ Mgt: cfg/monitor / correlated/Diagram-Logical and geo

+ Analytics (

         traffic by App , per site or all sites, WAN/LAN 

          Latency per site / per 

WAN optimization / Acceleration technology: TCP compression ( BW or per sites )

Want to replace MPLS

Cloud centric / Saas

Platform offering:  built a L2 private network ( PoP around the world , <50ms )



Smart SDN platform:  Orchestration layer, application acceleration , optimization, 

Smart CDN: smart connect: wan optimization 


Connectivity to Aryaka:

Basic :   From the customer FW create an (IPsec) VPN over the internet



Using ANAP : or  Aryaka Network Access Point
         Send traffic to ANAP, where :

1- traffic Compress/Optimization/acceleration/ remove duplication, apply QoS
2- set up the IPsec VPN to the closest PoP
3- they can manage Active/Active or Active/Passive link to the Internet ( 1 or 2 tunnels)



"Smart Edge", ANAP: can replace the router/firewall

Better management of the Bandwidth, load balance, 

Load share, replicate, FEC/forward Error Correction, selection of path

     or         

Widget Connector
urlhttps://www.youtube.com/watch?v=E2Ue81Pm64g

Silver Peak

WAN optimization

unity Orchestrator : Cloud or On-premise 

North bound API to Orchestration: Openstack , Adva and blue planet

Business Intent Overlay: BIO:   >>>> Translated into Policies: 
performance: 
                FEC and POC-Packet Order Correction,
                Internet Links Bounding ,
                Internet break out, (First Packet IQ: classify packet on the first packet) >>> Intelligence route / per App
                WAN optimization: /App for those are sensitive to latency
Security :
                Service chaining ( VM or Cloud-base) ,
                Built-in Stateful FW
Resiliency
...


BIO >> virtual WAN overlay: Real-time APP, critical App, IoT traffic, Guest Wifi

            Help with Micro-segmentation 


Physical/Virtual  VM, Could: Azure/AWS

Widget Connector
urlhttps://www.youtube.com/watch?v=RCIKbUx5vRI


https://www.silver-peak.com/products/unity-edge-connect

Unity EdgeConnect physical or virtual appliances deliver:

  • Always-consistent, always-available application performance

  • Highest quality of voice and video, across any combination of transport services

Unity Orchestrator enables IT to rapidly and centrally define:

  • Application Quality of Service and security policies to 1000s of sites

  • Simplified service chaining to third-party network and security services

Unity Boost optional WAN optimization performance pack:

  • Improves the performance of latency-sensitive applications

  • Reduces transmission of repetitive data

Nuage Networks
Fortinet

Secure SD-WAN ( FortiOS )  +WAN path Control + Application Aware , Application Steering + User identification 

Edge consolidation: Router, WAN optimization + NG-FW  >>> Single pan of glass

NG-FW is not a VM, fully Integrated

Architecture:

1- Small: only Fortigate ( firewall)

2- Large deployment : FortiManager ( Manager with North API ) and Fortigate ( CPE - FW) , no Controller , virtual domain for Segmentation.


"Cloud Connect"


"Fortinet SD-WAN Architecture & Demo" on Youtube


Product matrix March 2019

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf

https://www.fortinet.com/fortios


User base FW: ( AD, LDAP, Radius or local )  User → Map an source IP@  Domain controller + Fornitnet Agent

Digital Transformation


Fortinet offer  Integrated solution :

SD-WAN + Secure/NGFW SD-WAN + SD-Branch/switch + Secure SD-Branch(with partner)


Measure across the WAN link: performance SLA: packet loss, latency and TWAMP ( Two-Way Active Measurement Protocol)
          End-2-End testing  
          Measure to O365 ( HTTP/HTTPS or icmp )
          In-Band ( icmp or http ) not by the tunnel itself


Switchover per Flow ( not per packet)


Firewall Application :

    or     





...