Software Defined WAN – SDWAN
As SD-WAN technologies transforms the wide area networks of most businesses, IDC predicts the Global SD-WAN Infrastructure Market to be $5.25B by 2023 with a CAGR of 30.8%. The key business drivers for enterprises are easier management of WAN connectivity, improved user experience, application performance guarantees, better support for cloud-based applications and hybrid multi-cloud usage. However, SD-WAN started within the enterprise as a Do-It-Yourself (DIY) project but has recently evolved into managed services by most operators worldwide. IDC predictions of the US SD-WAN managed services market is expected to grow at a CAGR of 74% to $4.5B by 2023. As this paradigm shift to SD-WAN continues to grow, TCTS is happy to provide operators worldwide a fully managed white-label service that integrates SD-WAN and clouds, which includes a full range of professional services from planning, deploying and operating SD-WAN at the customer sites with cloud integration.
Azure Virtual WAN
As part of TCTS Cloud Networking-as-a-Service CNaaS) offering, TCTS is happy to announce with partnership with Azure, a fully managed SD-WAN offering for Azure Virtual WAN. Today Azure Virtual WAN offers the following benefits to enterprises worldwide (source Azure Virtual WAN):
Massive scale with software-defined connectivity
Connects global branch offices, point-of-sale locations, and sites using Azure and the Microsoft global network.
One place for managing enterprise networks
Deploy, manage and monitor sites and connected Azure virtual networks through a unified portal experience.
Optimize security and agility with global network
Experience optimal routing and minimal latency for branch-to-branch and branch-to-Azure connectivity. Connect on-premises sites to Azure and traffic enters the Microsoft network, it stays there while traversing the globe.
Azure Virtual WAN is a powerful VPN cloud service that provides optimized and automated branch connectivity to, and through, Azure. Azure regions serve as hubs that connects branches to the cloud and each other while leveraging the Azure backbone, including remote users on their personal computer while mobile
TCTS SD-WAN for Azure Virtual WAN
Tata Communications Transformation Services (TCTS), partner of choice for the world’s leading Service Providers (SPs) and a wholly owned subsidiary of Tata Communications, together with Microsoft Azure, has launched a fully managed SD-WAN offering for Azure Virtual WAN. Built to help Service Providers create solutions to further enable enterprises with seamless migration to the Azure cloud, the TCTS SD-WAN offering will enable service providers to increase their revenue in IT migration to public clouds. In partnership with Azure and strategic vendors, TCTS has augmented Azure’s current Virtual WAN offering in which application polices can be centrally configured using Fortinet SD-WAN technologies to deliver both performance guarantees and security protection. This offering enables inter-branch connectivity for customers using the Microsoft backbone, and enables them for site-to-site, site-to-cloud and hybrid MPLS/Internet support while utilizing Azure Virtual WAN services with the addition of application performance steering with SLAs utilizing SD-WAN technologies in partnership with strategic SD-WAN vendors.
TCTS’s SD-WAN offering enables enterprises at any given site to use a hybrid deployment of MPLS and Internet to steer the traffic between mission critical traffic (MPLS and Carrier Ethernet) and non-mission critical traffic (Internet), which further connects directly to Azure’s clouds via Express Route. This connection can be established leveraging TCTS’ award winning platform, ‘Virtual Cloud exchange’ for building within native service provider environments or white labeled edge solution offerings within their data centers globally. TCTS’s SD-WAN solution utilizes modernized Software Defined Network (SDN) and Network Function Virtualization (NFV) principles that enables Microsoft Azure enterprise customers to choose either a standard offering, that needs no further SD-WAN Virtual Network Function (VNF) in Azure’s cloud, or a more advanced option that places a SD-WAN VNF in Azure’s cloud to deliver SD-WAN application traffic steering and security protection bi-directionally.
TCTS SD-WAN and Azure Virtual WAN Standard Offering
In the standard Azure SD-WAN Virtual WAN offering, thousands of applications can be selected and assigned SLA performance objectives. The SD-WAN edge at any given site will then traffic steer accordingly to the SLA performance objective provisioned by the enterprise subscriber. It should be noted that in the standard model, traffic steering is only unidirectional from any given site towards the Azure cloud. Any returning traffic will not be traffic steered by the cloud, however the path back to any site should follow the originating path so that path unification is maintained. The key value proposition of SD-WAN being built on top of Azure Virtual WAN is the following:
- Site-to-site, site-to-cloud and device-to-cloud utilizes Azure Virtual WAN including Azure’s global backbone
- Express Route is fully automated using orchestration, SDN and NFV via TCTS’s patented Virtual Cloud Exchange (VCX) solution offering. Since Express Route requires BGP and possible NATing, all of the routing functions are automated using SDN separation of the control and forwarding planes. A full NFV implementation supporting both BGP control and IP forwarding VNFs are utilized. Both IPv4 and IPv6 are supported.
- Hybrid MPLS/Internet and all Internet local loops are supported. Smaller sites can use an all Internet approach while larger site can use the hybrid approach.
- Hybrid Virtual WAN and SD-WAN polices are combined by the SD-WAN edge appliance.
- No SD-WAN virtual appliances or any additional non-Azure virtual functions are required in the Azure cloud. This makes deployment of SD-WAN for Azure Virtual WAN vastly simple. However, traffic steering is unidirectional only from the site to the cloud.
- Security functions can we added to any given site SD-WAN implementation and Azure native security function can be invoked in the Azure cloud
- Each enterprise customer gets their own Azure Virtual WAN hub and Express Route gateway in their own VNET. Any Azure region can be configured using this method and then inter-region routing can be configured utilizing native Azure routing and gateway functions
TCTS SD-WAN and Azure Virtual WAN Advanced Offering
In the advanced version, all the standard features and value proposition are supported with the addition of the following:
- SD-WAN traffic steering is now bi-directional. SD-WAN traffic steering will occur in both directions site-to-cloud and cloud-to-site.
- A SD-WAN virtual appliance needs to be installed and configured in the Azure cloud VNET that belongs to the given enterprise subscriber. This adds additional complexity but delivers bi-directional SD-WAN functionality
- Security can be invoked and configured in both the site and Azure cloud using TCTS’s SD-WAN partner solutions. Security solutions available for the advanced version allows security functions natively within the SD-WAN offering such as (native SD-WAN security functionality depends on the SD-WAN vendor chosen):
- Intrusion Prevention - controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet
- Next Gen Firewall - monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet
- Data Loss Prevention –advanced method of examining and managing network traffic with specific data or code payloads to prevent data theft
- Anti-Virus – software designed and developed to protect computers and networks from malware like viruses, computer worms, spyware, botnets, rootkits, keyloggers and such.
- Application Control - fine-grained access control based on applications, device and users
- IP Reputation and Anti-Botnet – protects from malicious source IP data and provides up-to-date threat intelligence about hostile sources
- Web Filter - allows an enterprise IT Pro to block out pages from websites that are likely to include offensive content, spyware, viruses, and other objectionable content
- Anti-Spam - solutions that focus on blocking and mitigating the effects of unwarranted emails
- Web Security - application based firewall for web servers, including Machine Learning for automated configuration
- Endpoint Vulnerability - securing endpoints from access to an enterprise network that can be exploited by malicious actors.
- VNFIsolationProtection-ensuringVNFsareisolatedfromotherVNFsinVMandcontainersviathe hypervisor
- Zero Day Behavioral Analytics – prevention from software/hardware vulnerabilities that can be exploited before a developer has an opportunity to create a patch to fix the vulnerability
- Cloud Access Security Broker (CASB) - security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed
TCTS Cloud Networking-as-a-Service (CNaaS) Professional Services
To address the above solution offerings, TCTS’s comprehensive offering for cloud networking services delivers professional services called Plan, Deploy and Operate. This allows Service providers (SPs) or Managed Service Providers (MSPs) worldwide to augment or outsource any needed expertise for delivery of cloud managed services to the enterprises. The following are the set of CNaaS services TCTS offers to service providers worldwide:
- Business Requirements – Document business requirements, goals, objectives, market segments for managed cloud networking service offerings to the enterprises
- Cloud Strategy Consulting – Assist service provider on multi-cloud partnerships, cloud connectivity models, managed cloud offerings, etc
- SDN, NFV and Automation consulting – Advise service provider on network transformation journey towards SDN, NFV and orchestration technologies including migration approaches on brownfield deployments. Provide guidance on automation, cloud APIs and virtualization strategy for managed cloud services
- Hybrid and Multi-Cloud – Build a service provider set of offerings for enterprises that require hybrid and multi-cloud deployments including security, networking and regulatory compliance
- Cloud Assessment – Provide service provider with enterprise cloud assessment offerings that checks connectivity, access technologies and performance
- Cloud Migration planning – Provide to the service provider an enterprise consulting offering on cloud migration strategies
- Cloud Security Planning, Data Governance and Risk Compliance – Deliver a service provider offering on helping enterprises meet regional, national and international regulatory data governance and risk compliance policies for migration to the cloud
- Marketing Campaigns - Prepare product brochures, solution briefs and help in the creation of marketing campaigns on managed cloud networking services
- Sales/Presales Enablement - Product awareness training to service provider sales/presales teams on education of managed cloud networking offerings
- PoCs – Deliver on proof of concepts for managed cloud networking services to validate functionality, performance, automation and availability
- Deployment Plan and Service Launch - Actual deployment, installation of technologies being used, creation of workflows, templates for enterprises, etc
- Customer Trials – Assist in customer trials of managed cloud networking services
- Cloud VPC and vNET Setup, Policies and Configuration – Configure cloud regions, policies, gateways, security, and routing for each enterprise managed cloud networking services
- Site Surveys – Provide enterprise site survey documentation on cloud managed services. Where needed provide on-site site survey investigations
- Virtual Network Function (VNF) Onboarding and Testing – Provide lifecycle VNF testing of functionality, performance and features for any VNF vendors chosen in managed cloud networking services
- Cloud Migration – Provide managed cloud networking professionals and automation technologies to assists enterprises in their cloud migration
- Managed Cloud Networking Training – Provide training to service provide DevOps and NetOps on managed cloud networking services. As needed DevOps and NetOps professionals can be supplied by TCTS
- Service activation and Testing – Testing and service activation for managed cloud networking service for a given enterprise customer. Automation systems will be used and provided as the core offering
- 365X7X24 operations – Full operation support fielded by trained experts in cloud networking
- Technical and Remediation Support – Outage, remediation and technical support with automated systems for DevOp environments
- Change management – Automated changes management systems, logging functions and impact analysis
- Privilege access management – automated systems for authentication and authorization
- Cloud Monitoring and device management - Provide service provider with cloud assurance monitoring solutions to ensure E2E performance and security for any managed cloud services being offered to the enterprises
- New Product & Services Integration – Integration of service provider’s evolved and new managed cloud offerings into exiting offerings
- On-Site Support – Remediation that requires on-site professionals can be supplied by TCTS
TCTS’s full solution offering of CNaaS, enables SPs and MSPs to deliver on managed cloud networking services by getting to market faster, enabling new revenue generated services, increase strategic partnerships with cloud providers and delivery of high margin value services to enterprises of all types. TCTS unique platform approach, coupled with product partners and professional services makes CNaaS a compelling solution offering to SPs and MSPs worldwide.