什么是sd-wan?
SD-WAN Explained
A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services—including MPLS, LTE and broadband internet services—to securely connect users to applications.
SD-WAN使用集中式控制功能来安全地和智能地通过WAN智能地直接流量,并直接向可信SaaS和IAAS提供商。这增加了应用性能并提供高质量的用户体验,这增加了业务生产力和敏捷性,并降低了它的成本。
SD-WAN架构
基于传统路由器的传统WAN绝不为云设计。它们通常需要回并从分支机构到集线器或总部数据中心的所有流量,包括云运输流量,包括高级安全检查服务的集线器或总部数据中心。回程造成的延迟造成应用性能,导致用户体验不佳和生产力损失。
Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premises data centers, public or private clouds, and SaaS services such as Salesforce.com, Workday, Dropbox, Microsoft 365, and more, while delivering the highest levels of application performance.
How does SD-WAN work?
Unlike SD-WAN, the conventional router-centric model distributes the control function across all devices in the network and simply routes traffic based on TCP/IP addresses and ACLs. This traditional model is rigid, complex, inefficient, and not cloud-friendly and results in a poor user experience.
AnSD-WAN使云首发企业能够为用户提供卓越的应用体验质量(Qoex)。通过识别应用程序,SD-WAN提供跨WAN的智能应用程序感知路由。每种应用程序都会收到适当的QoS和安全策略执行,所有这些都是按照业务需求的。安全的本地互联网突破IAAS和SaaS应用程序流量来自分支提供最高水平的云性能,同时保护企业免受威胁。
Why SD-WAN?
Times have changed, and enterprises are using the cloud and subscribing to software-as-a-service (SaaS). While users traditionally connected back to the corporate data center to access business applications, they are now better served by accessing many of those same applications in the cloud.
因此,传统的WAN不再适合,主要是因为向总部向云分支机构提供向云分支机构的所有流量来回收延迟并损害应用性能。SD-WAN为云提供了WAN简化,降低成本,带宽效率和无缝的斜坡,具有显着的应用程序性能,尤其是关键应用程序,而不会牺牲安全性和数据隐私。更好的应用程序性能提高了业务生产力,客户满意度和最终的盈利能力。一致的安全措施降低了业务风险。
基本SD-WAN VS业务驱动的SD-WAN
- Not all SD-WANs are created equal。许多SD-WAN解决方案是基本的SD-WAN解决方案或“足够好”的解决方案。这些解决方案缺乏智能,可靠性,性能和规模,以确保卓越的网络体验。并记住,没有快速,安全,高性能的网络,企业数字转换计划可以失速,因为他们依靠依赖于依赖网络的服务的应用程序。SD-WAN是一个关键数字化转型推动因素,正在推动整个企业的战略决策。那么,什么是企业驱动的SD-WAN,为什么基本的SD-WAN不够好?
- 生命周期编排和自动化。大多数基本SD-WAN产品提供了一些级别的零触摸配置。但是,基本的SD-WAN解决方案并不总是提供所有WAN边缘功能的全端到端编排,例如路由,安全服务,包括向高级第三方安全服务和WAN优化链接的服务链接。当企业部署新应用程序或需要QoS或安全策略更改时,业务驱动的SD-WAN支持集中配置,从而在几分钟而不是几周或几个月内启用要部署所需的更改。集中的管理大大最大限度地减少了可能会损害性能或安全性的人为错误。
- 持续自学。A basic SD-WAN solution steers traffic according to pre-defined rules, usually programmed via templates. A business-driven SD-WAN, delivers optimal application performance under any network condition or changes including congestion and when impairments occur. Through continuous monitoring and self-learning, a business-driven SD-WAN responds automatically and in real-time to any changes in the state of the network. A business-driven SD-WAN continuously adapts to changes in the network, automatically adapting in real time to any changes that could impact application performance, including network congestion, brownouts and transport outage conditions, allowing users to always connect to applications without manual IT intervention. For example, should a WAN transport service or cloud security service experience a performance impairment, the network automatically adapts to keep traffic flowing while maintaining compliance with business policies.
- Consistent Quality of Experience (QoEx).一个关键的高级SD-WAN受益solution is the ability to actively use multiple forms of WAN transport simultaneously. A basic solution can direct traffic on an application basis down a single path, and if that path fails or is underperforming, it can dynamically redirect to a better performing link. However, with many basic solutions, failover times around outages are measured in tens of seconds or longer, often resulting in annoying application interruption. A business-driven SD-WAN intelligently monitors and manages all underlay transport services. It can overcome the challenges of packet loss, latency and jitter to deliver the highest levels of application performance and QoEx to users, even when WAN transport services are impaired. Unlike a basic SD-WAN, a business-driven SD-WAN handles a total transport outage seamlessly and provides sub-second failover that averts interrupting business-critical applications such as voice and video communications.
- 端到端微分段。虽然基本SD-WAN提供相当于VPN服务,但业务驱动的SD-WAN提供更全面的端到端安全功能。除了支持基于区域的防火墙之外,SD-WAN平台还应协调并强制跨越LAN-WAN数据中心和LAN-WAN云的端到端微分段。集中配置的安全策略由于与设备为中心的WAN模型或基本的SD-WAN模型,较少的人为错误,通常需要在逐个设备上配置策略。如果策略需要更改,则将其与业务驱动的SD-WAN集中编程,并在网络上被推到10S,100秒或1000多个节点,从而在减少整个攻击表面并避免任何操作效率安全漏洞。
- 为云应用程序安全的本地互联网突破。许多基本SD-WAN根据固定定义提供一些应用程序分类功能,并手动脚本为ACL直接跨Internet直接指定SaaS和IAAS流量。但是,云应用程序不断更改。业务驱动的SD-WAN不断适应更改并提供自动化的日常应用程序定义和IP地址更新。这消除了应用中断和用户生产力问题。
理想情况下,企业客户需要转移到一个business-driven SD-WAN platformthat unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions, all in a single, centrally managed platform.
Sass的高级SD-WAN功能
Ultimately, the goal of SASE is to deliver the best end-user quality of experience for cloud-hosted applications without compromising security. After working with many enterprises that have designed and deployed their SASE architectures, we’ve learned that basic SD-WAN functionality falls short. An SD-WAN with advanced networking capabilities is required to fully enable SASE:
- 识别第一个数据包上的应用程序流量,并粒度转向它以强制执行由业务意图定义的QoS和安全策略
- 保持云应用程序定义和TCP / IP地址,每天都会自动更新
- 从单个控制台自动执行SD-WAN和云传送的安全服务之间的编排,使其变得简单
- 自动故障转移到辅助云安全执行点,以避免任何应用程序中断
- Automatically reconfigure secure connections to cloud security enforcement points if a newer, closer location to the branch becomes available
- 使客户能够采用云安全服务 - 以及他们自己的速度
- 最重要的是,为部署新的安全创新提供选择自由,因为它们可以从任何供应商那里获得轻松解决未知未来威胁
相关资源
