SD-WAN is the “Easy Button” for Securing Multi-Cloud Connectivity: Part 1

This two-part blog series will provide insights on advanced SD-WAN platform capabilities that can help enterprises simplify their journey towards a better integration of the WAN to multi-cloud providers.Read part two here.

当COVID-19流行第一次冲击,公司基于“增大化现实”技术ound the world had to shift their focus toward launching new and expanded digital services to support a fully remote workforce and accelerate the transition to a more cloud-connected world – all virtually overnight. The consequence of the global pandemic exacerbated the importance of accelerating cloud and digital transformation, resulting in more than 90 percent of enterprises purporting to now have a multi-cloud strategy in place, according to theFlexera 2020云报告的状态。

So, fast forward to today. Have enterprises also considered and adapted their IT and network infrastructure to support applications in a multi-cloud connected environment? Here are five common challenges enterprise IT managers face when it comes to supporting multi-cloud connectivity of applications across the enterprise WAN:

1. 如何确保在宽带携带的关键任务SaaS应用程序的最高级别绩效？
2. 如何为可信或不受信任的云托管应用程序集成和强制执行独特的安全策略，并使用宽带的使用增加？
3. How can I easily integrate and extend WAN applications to be hosted in public cloud environments?
4. How can I automate the integration of my SD-WAN with AWS, Azure and GCP public cloud backbone networks?
5. How can I automate the orchestration of cloud security services hosted by best-of-breed cloud security vendors within my SD-WAN?

When it comes to the enterprise multi-cloud connectivity, there are five pillars of an SD-WAN platform that explicitly address these challenges and form the foundation for enabling an effective multi-cloud enterprise strategy:

1. SaaS优化以满足最佳用户体验

大多数应用程序现在都被交付为SaaS，因此回程所有云运送流量返回到数据中心因添加延迟而损失应用程序性能。

ArubaSaaS Optimization以无缝和安全的方式将分支站点的用户从分支站点连接到SaaS应用程序，同时连续监控SaaS体验质量（QoE）。有许多功能可以一起做到这一点包括：

• 第一包IQ自动识别和分类在第一个数据包上的应用程序，使动态应用程序流量转向数据中心，云提供商或云安全服务。应用程序感知流量转向最小化延迟导致更好的应用程序性能，同时确保执行业务驱动的安全策略。
• Intelligent Cloud Breakout allows enterprises to deploy virtual EdgeConnect appliances in their public cloud IaaS instances. Connections between branch locations and the cloud benefit from Aruba path conditioning and optionalAruba BoostWAN优化。这在分支机构和云之间的第一英里，提供了改进的网络质量以及应用程序性能和可用性之间的第一英里。
• Microsoft Office 365 APIintegration ensures secure internet breakout directly from the branch office to the closest Office 365 entry point using the latest Office 365 end-point data. This supports delivery of optimal Office 365 connectivity and performance.

2.智能本地互联网突破

TheAruba EdgeConnectSD-WAN edge platform employs a virtual WAN overlay model and enforces end-to-end micro-segmentation to enable differentiated treatment – including security policies and controls – for different classes of applications. A business-driven cloud-app security policy might be defined as:

• Send all known, trusted business SaaS (Office 365, SAP, Oracle, Zoom) traffic directly to the closest SaaS instance – or doorstep – using the internet as the primary WAN transport service
• Send “home from work” recreational applications, such as Facebook and YouTube, to a secure web gateway service such as Zscaler, Netskope, McAfee or Symantec for verification
• Send all untrusted, suspicious or unknown traffic to a hub or headquarters-based next generation firewall

Having a unified zone-based stateful firewall at the WAN edge is essential for a complete, secure local internet breakout solution for direct connectivity to trusted SaaS applications and IaaS from branch offices, blocking any unwanted or unauthorized traffic attempting to enter the branch network from the enterprise LAN. Aruba EdgeConnect overlays allow for easier micro-segmentation based on application characteristics, performance requirements and security policies. This helps with security compliance by taking automatic action to isolate affected branches from the wider network where a security breach is found to have occurred.

So far, we have discovered how easy it is to securely classify, route and breakout cloud-based applications with an advanced SD-WAN platform.In the second part of this blog series, we will examine additional SD-WAN capabilities that help automate WAN connectivity in a multi-cloud environment.