SASE is a term invented by analyst house Gartner. IT represents a systems of security components including cloud-based ones that strengthen security beyond the traditional site-to-site WAN world up to cloud and IoT and mobile users. Zero-trust and cloud access secure brokerage maybe bundled into a SASE solution along with a multitude of additional cyber-security features. The important central theme is a software-based management capability that ties all the working parts together into a single SASE system.
Sourcing an SD-WAN solution is a good time to reconsider your company's overall security posture and how well protected your mobile users and IoT end points are, including how they might be integrated into a single pane of glass for management.
An SD-WAN typically encrypts traffic over the Internet gateways, private dedicated links, and cloud applications. But placing traffic over the public Internet, moving mobile users, white-box solutions, and IoT solutions all raise new potential security vulnerabilities.
SD-Branch services cover managed connectivity solutions for branch network and infrastructure based on SDN. SD-Branch and SD-LAN solutions are currently gaining traction building off early maturity in enterprise managed SD-WAN services.
For the purpose of clarity, we consider SD-LAN to be software-defined capabilities in the access or edge of the network i.e., the demarcation between the customer LAN site and the WAN. The SD-Branch concept pushes management and control deeper into the LAN and includes software-defined capabilities for automation and smart troubleshooting of all the LAN infrastructure (switches, Wi-Fi routers, routers, etc.), apps, and services.
The main requirement that defines an SD-Branch service is software-based central orchestration of the network and the components at the local area network, including switches, routers, firewalls, and Wi-Fi platforms.
Many SD-Branch products are built around managing Wi-Fi for ease in provisioning (zero-touch) and trouble-shooting, but we are seeing these capabilities extend to cover more of the on-site LAN features and functions, plus integration with SD-WAN and any security, datacenter and cloud footprints.
Inline with the migration to cloud-based services and online portal-based management of secure connectivity, SD-Branch solutions leverage automation and cloud-based SDN orchestration for installing and running gateways and speeding up direct links to cloud apps including cloud security tools such as those offered by Zscaler and Check Point.
Strong market traction worldwide for SD-WAN is driving evolution and change in the requirements and characteristics of Universal CPE (uCPE) technologies. Several very large vendors dominate the enterprise CPE segment, including for example Cisco, Juniper, and Nokia-Nuage Networks, and other SD-WAN solution vendors such as Versa Networks, Silver Peak, and Fortinet offer proprietary uCPE products. Vendor lock-in for black box products placed at the customer premise is counter-intuitive to the software-defined, open-standard-based, and agile principles that SD-WAN promises to deliver. Vendor black box products add overhead and cost, restrict flexibility of services, and add other operational burdens for both service providers and their enterprise clients.
The x86 Intel Processor white box has generated new and compelling possibilities for deploying an SD-WAN as a VNF on a white box, along with additional service chained VNFs such as firewalls and routing, while Arm-based uCPE offers low relative power consumption for uCPE services in partnership with Telco Systems and NXP Semiconductor.
Telco Systems, in partnership with Arm, offers a compelling alternative uCPE solution, recently demonstrated in a POC with service provider partner Vodafone. In the POC, Arm, NXP Semiconductors, Telco Systems, and Vodafone developed uCPE that supports SD-WAN, routing and firewall, with the following positive outcomes:
Adopting new technology is rarely an easy process. The SD-WAN market has a vast variety of vendors and managed services providers all pitching their products. The variety of messages can create a storm of confusion with each player making as much noise as possible about how their technology and service is the best in the market. We recommend that the IT manager responsible for selecting a solution takes all of these claims with a pinch of salt and conducts a thorough evaluation of the services available.
Here is a list that should help with the order of this evaluation process: