FlexWorx SD WAN Brochure

Today’s branch office users are consuming more wide area network (WAN) bandwidth as they collaborate online (e.g., Skype for Business, WebEx, Office 365), increase the use of Software-as-a-Service (SaaS) and cloud services, access large rich-media files, and utilize other bandwidth-intensive applications. Corporate IT is facing significant challenges addressing these demands due to the complexity, cost and static architecture inherent in their existing WAN.

The vast majority of branch office WAN traffic is carried over leased lines (private MPLS circuits) or Internet connections (DSL, Cable, LTE) — neither of which is ideal on its own. Deploying leased lines for all bandwidth needs is cost prohibitive and time-consuming, while adopting the public Internet — with its lack of uptime, reliability and performance guarantees — may result in a poor user experience.

FlexWorx SD-WAN enables enterprises to support application growth, network agility and simplified branch implementations while delivering optimized access to cloud services, private data centers and enterprise applications simultaneously over both ordinary broadband Internet and private links.

Challenges with Branch Office Wide Area Networks

According to Ashton, Metzler, and Associates, WAN technologies used in most branch offices today have changed little, if at all, since the 1990s.* Traditional wide area networks utilize rigid architectures which are optimized around private data center applications. These architectures are unable to seamlessly integrate cloud computing, Software-as-a-Service (SaaS), virtualization, and other industry advances. Branch offices with only private-circuit connections rely on backhauling of all cloud applications, SaaS and Internet traffic through the enterprise data center (Figure 1, following page), adding latency, degrading application performance and driving up private network bandwidth costs.

MPLS typically provides high quality of service, with the tradeoff of limited capacity and long deployment lead times. Broadband provides fast deployments and greater capacity, with the tradeoff of reliability. These factors can have the following negative impacts:

  • New applications inhibited by bandwidth or the lack of assured performance
  • Branch network deployments delayed due to IT complexity
  • Cloud migration not supported by traditional hub and spoke branch network architecture

Hybrid WAN enables enterprises to incorporate both private MPLS and broadband Internet which can reduce costs. Hybrid WAN, on its own, does not increase agility, performance nor simplicity.

Figure 1. Traditional Branch Office WAN
Figure 2. FlexWorx SD-WAN Service

Solution Overview

FlexWorx in collaboration with VeloCloud SD-WAN combines the economics and flexibility of a hybrid WAN with the deployment speed and low maintenance of a cloud-based service, to provide a managed SD WAN Solution. It includes policy-based network-wide application performance, visibility and control while dramatically simplifying the WAN by delivering virtualized services from the cloud to branch offices.

The Edge Device is a compact appliance that is rack mounted and then configured from the cloud for highly secure, optimized connectivity to applications and data.

The Edge Device with Dynamic Multi-Path Optimization (DMPO) and deep application recognition aggregates multiple links (e.g. Private, Cable, DSL, 4G-LTE) and steers traffic over the optimal links to other on-premises Edge Devices in branch offices, private data centers, campuses, and headquarters. The Edge Device can also optionally connect to the system of global Gateways as shown in Figure 2 to provide performance, security and visibility for cloud services (SaaS, IaaS, B2B Internet).

The system of Gateways are deployed globally at top-tier cloud data centers to provide scalable and on-demand cloud network services. Gateways implement DMPO, cloud VPN and Multisource Inbound Quality of Service between global cloud services (SaaS, IaaS, network services) and each Edge Device, enabling multiple broadband and private leased lines to appear as a single, high-performance WAN. The cloud- based Orchestrator is used by FlexWorx to provision network-wide business policy, enable services insertion, perform near real-time monitoring and analyze application performance.

Figure 3. Edge Deployments

Deployment

FlexWorx provides full service Project Management and installation and deployment. The Edge Device(s) are shipped to the customer locations and tracked by FlexWorx. When the Edge Device(s) arrives at the customer location, FlexWorx Managed Services will communicate with the onsite contact to coordinate a date that is acceptable for installation and activation. When the FlexWorx technician arrives they will check
in with the onsite contact. The onsite contact will secure access for the FlexWorx technician to begin installation of the Edge Device(s). When the Edge Device(s) install is completed the FlexWorx technician will work with FlexWorx Managed Services to activate and configure the Edge Device(s).

Figure 4. Edge Monitoring Overview

Enterprise-wide Business Policy Management

FlexWorx SD-WAN makes setting policy simple. Enterprises or their managed service providers can define business level policies that apply enterprise-wide across many Edges, all requested through managed services from FlexWorx. Link steering, link remediation and QoS are all applied automatically based on the business povtvlicies; however specific configuration overrides may also be applied. The Orchestrator provides an enterprise-wide view of routing in an overlay flow control table, eliminating complex node-by-node route configurations.

Figure 5. QoE screenshot

Remote Management

FlexWorx SD-WAN makes setting policy simple. Enterprises or their managed service providers can define business level policies that apply enterprise-wide across many Edges, all requested through managed services from FlexWorx. Link steering, link remediation and QoS are all applied automatically based on the business povtvlicies; however specific configuration overrides may also be applied. The Orchestrator provides an enterprise-wide view of routing in an overlay flow control table, eliminating complex node-by-node route configurations.

Remote Incident (Fault) Management

  • Alarm Monitoring
  • Issue troubleshooting and resolution
  • Problem escalation to Velocloud Technical Support
  • Dispatch of hardware issues to Customer help desk or defined field service provider

Remote Configuration Management

  • Initial Configuration backup

Problem

Management Reporting

Unified and Robust Security

FlexWorx SD-WAN provides security to communications no matter what underlying transport traffic may be steered across. Standard IPsec encryption is provided end to end from branches to data centers and for dynamic branch to branch communications. The unique cloud delivered architecture also provides automatic VPN from branches to cloud Gateway aggregation points for interoperable access to Infrastructure-as-a-Service (IaaS), eliminating manual two sided tunnel setup from N branches to N cloud data centers.

The solution provides the scalability and robust security of a PKI infrastructure with the consolidated management of an integrated certificate server, highly secure on-boarding of devices and revocation management. Risk is minimized by pinning certificates to specific devices and using unique pair-wise encryption keys.

Figure 6. Configuration view

One-Click Service Delivery

The FlexWorx SD-WAN solution simplifies the deployment of services at the branch, at more consolidated enterprise service hubs, and to the cloud, eliminating the need for many single function devices in the branch. Provisioning activates multiple native services and third party virtual network functions from technology partners on the branch Edge, which is being released in the second half of 2017. Business policies can service chain traffic from branches to both enterprise service hubs and cloud services easily and with application level granularity.

Platform Details

The FlexWorx SD WAN offers scalable on-premises hub deployments for headquarter and data center locations. Additionally, all the benefits of SD-WAN, namely assured performance, security protections and policy control are available directly to the doorstep of cloud SaaS and IaaS locations via Gateways. The cloud-based Orchestrator provides enterprise-wide business policy, configuration, monitoring and troubleshooting at a glance.

EDGES

Edges are available as easy to install appliances for remote branches with a range of throughput, ports for WAN and
LAN connectivity and integrated wireless LAN. Dynamic routing enables policy based overlay insertion for both in
line and out of path deployments. High availability deployments are also supported.

GATEWAYS

Multi-tenant Gateways are deployed by FlexWorx at top-tier network points of presence and cloud data centers
around the world for the full range of SD-WAN benefits. Gateways provide a scalable and distributed infrastructure
with the advantages of hosted, network as a service flexibility. Gateways provide the ideal architecture for optimized
access to cloud applications and data centers, as well as legacy enterprise sites.

ORCHESTRATOR & CONTROLLERS

The Orchestrator & Controllers provide centralized, enterprise-wide virtually real-time monitoring in addition to data flow through the cloud network. The Orchestrator enables visibility of virtual services in the branch, the cloud, or the data center. Controllers collect and distribute enterprise-wide routing information, and are distributed alongside Gateways as a service or can be deployed on-premises.

SDN for the WAN

FlexWorx SD-WAN brings SDN concepts to the enterprise branch WAN. Business policies implemented across the logical
overlay deliver abstraction of application flows from the underlying physical transport. Agility is achieved based on adjusting forwarding to meet policy as well as real-time link conditions. SD-WAN has a distributed control plane for forwarding
decisions to be made locally with context, to avoid latency issues or points of failure across the WAN. Yet each SD-WAN
node receives centralized control policies for easy programmability and enterprise-wide visibility.

Solution Benefits

The WAN is in transition as enterprises seek to improve agility and economics, and adapt to the shift of applications to the cloud. FlexWorx SD- WAN offers enterprise-grade performance, security, visibility, and control over both public Internet and private networks. FlexWorx dramatically simplifies the WAN with managed deployment, managed business policy and services insertion and cloud-based network as a service.

For more information about FlexWorx SD-WAN speak with your FlexWorx Account Representative.

*Ashton, Metzler, and Associates, “The Need to Rethink the WAN,” Dec. 2104,