Secure Teldat CNM SD-WAN Suite Solution
A complete set of SD-WAN components to allow control, analysis, monitoring, security and management of any network. Regardless of the network’s complexity, Teldat´s SD-WAN solution simplifies the scenario.
Understanding SD-WAN
SD-WAN, an acronym for Software-Defined WAN, is a technology based on the broader concept of SDN (Software Defined Networking). SD-WAN eases significantly the work involved in creating, managing, and monitoring a company’s entire communication network.
With SD-WAN, all traffic related to the company’s internal and external communications can be managed from a single place,the heart of any SD-WAN solution called the SD-WAN Controller. It allows complete control over any element that has been defined to be part of the SD-WAN implementation and streamlines all communications traffic flowing between and within a company’s Datacenters, offices, or other satellite sites.
This is achieved by creating a virtual SD-WAN overlay on top of the underlying, existing communications network, regardless of whether they are private networks or a public Internet connection, allowing the traffic to be dynamically tunneled through the highly secure overlay or routed directly through the underlying infrastructure. In both cases, all traffic is governed by the company policies and preferences configured through the SD-WAN’s management console, including load-balancing and rerouting requests to services not available at a given moment, sending the traffic even through different Datacenters.
When running advanced SD-WAN solutions, we find four principal concepts that break down how communications requests are handled.
1 – WHAT traffic is being requested? – Within an SD-WAN implementation, the request’s destinies are classified as predefined APPLICATIONS. So, for whatever service a user or the system requests (DSCP, IP, Internet, protocol, port, CRM or others), the location(s) of the application’s services are looked up.
2 – HOW to treat the request? – Each application request is either blocked or accepted, and, if accepted, it is determined how this should be done; using the SD-WAN tunnels defined in the SD-WAN overlay, going directly through the underlay infrastructure (MPLS, Internet, etc.), or through a combination of the two, taking into account availability and SLA. Finally, the defined preferences and SLA (Service Level Agreement) thresholds are set to prepare for the next step.
3 – WHEREBY? – Which is the best path to fulfill the requirements? – Each application is routed as indicated in the previous step but taking into account WAN priorities and Application-Aware Routing, so priority, multipath, availability, and SLA are now taken into account.
4 – TO WHERE? – For overlay traffic, the destiny concentrator (server cluster) is chosen automatically, based on the concentrator’s destination reachability, availability, and load balance, considering any concentrator priorities the user may have assigned.
This process, governed by the SD-WAN’s implementation configuration, assures that, for a valid request, the correct application is reached through the optimal path with the best response time. All of which are streamlined on-the-fly, as the situations change.
CNM SD-WAN Suite, Teldat Products and Solutions
CNM SD-WAN Suite overview
The Cloud Network Manager (CNM) SD-WAN Suite is a complete set of SD-WAN components for configuring and managing an integrated network of routers and SD-WAN. This SD-WAN technology easily adapts to the needs of companies of any size, supporting even the most demanding and complex implementations of enterprise SD-WAN networks.
The desired network solution is entirely configurable through user-friendly, guided graphical interfaces, leading to a smooth deployment and management of flexible and robust network and SD-WAN implementations. The SD-WAN Overlay construction is generated automatically and transparent for the user, and allows easy adding of advanced routing functionalities.
For resilience, high availability concepts, load balancing, and system persistence for every branch and Datacenter are intrinsic parts of the SD-WAN solution’s technology.
The CNM SD-WAN Suite, a multitenant system for corporate users and service providers, includes internet access security and is a set of three core SD-WAN components. Teldat also offers optional, integrated products for advanced network security and network analytics. Every aspect of the comprehensive functionality of these core SD-WAN components and optional products is 100% accessible from the CNM SD-WAN Suite’s control panels.
Running as SaaS on the Cloud, the CNM SD-WAN Suite is also an excellent choice to be implemented for an immediate start-up, without CAPEX or maintenance costs, providing guaranteed scalability.
The CNM SD-WAN Suite core components are:
be.Manager
be.Manager – represents the top layer, the plan of control and management of the SD-WAN network and the ZTP engine. With this SD-WAN core component, the elements that are part of the SD-WAN implementation, like the inventory of devices, configuration templates for agile mass operations, and user access and roles, are defined.
be.SD-WAN
This core component, the heart of the SD-WAN solution, is driven by the SD-WAN Controller, which considerably simplifies the complexity of any network configuration. This core SD-WAN component works based on the templates and control plans for the definition of how the SD-WAN network should be operating that were previously defined with the be.SD-WAN manager component.
Optional SD-WAN products
making the SD-WAN solution more robust, may be added seamlessly to the CNM SD-WAN Suite’s dashboard:
be.Safe essentials
Provides the first level of security, a Content Filter cyber security product that is very easy to set up without the need for ongoing maintenance and investment.
be.Safe Pro
State of the art security service that includes NGFW (Next-Generation Firewall), URL Filters, Anti-virus, Anti-bot, safe Sandbox environments, IDS/IPS, and more.
be.Manager – the overall SD-WAN network management panel
The be.Manager is the core SD-WAN component for the central SD-WAN networks implementation and management panel. The place from where the user defines and manages the overall SD-WAN network and elements: devices (inventory), locations, user groups, tags, and assigns templates to devices for agile mass operations.
be.Manager is also the core SD-WAN component for network monitoring and SDN and is a complete northbound API for more than 3000 third-party products (CRM and others), and facilitates manual task automation. This SD-WAN component is the place from where massive operations are triggered, like modifications and updates, and their correct completion is verified.
The information stored in the SD-WAN database and Directory can be accessed from the Control Network Management’s SD-WAN Suite’s core components and integrated add-on products.
The user-friendly, graphical user interfaces set the base for configuring the details of the SD-WAN Network solution. Thanks to its advanced ZTP (Zero Touch Provisioning) capabilities and template-based deployment process, devices can be delivered with minimal pre-configuration to the offices. When connected to the network, they will be automatically recognized and receive their complete configuration. From that moment on, as they remain permanently connected and the branch is now part of the CNMs’ SD-WAN Network family, any changes that affect this branch router will be propagated automatically, almost magically.
Another vital aspect of be. Manager’s functionality is making sure the SD-WAN’s network elements are in a consistent state,alerting immediately when changes to one part of the configuration may affect others, and even rolling back any update error o unintentional manual misconfigurations.
be.SD-WAN – the heart of the daily network operations
The be.SD-WAN core component is the SD-WAN implementation’s heart and the engine that its SD-WAN Controller runs. Based on the inventory, control plans, and templates, the SD-WAN Controller allows easy configuration of daily network operations through guided steps from the user-friendly graphical interface. No technical CLI knowledge is required.
The SD-WAN Controller component assures the smooth running of traffic and service requests throughout the entire SD-WAN implementation. Multiple user-defined parameters, SLAs, policies, server load, and availability of the requested services/applications determine, in real-time, how the SD-WAN Controller routes the traffic.
Finding the quickest and best-performing path to reach the requested service/application can be achieved either through the automatically created highly secure SD-WAN overlay tunnels or the physical Underlay (MPLS, Internet, etc.).
On board, multi-service communications routers and gateways should support all train to ground links, and supply corporate-standard networks – including Wi-Fi access points for staff and passengers’ mobile devices, plus BT/BT LE connectivity for IoT devices and apps.
Following are some of the principal configurations that are managed from the be.SD-WAN control panel:
1. Global network settings & Network access providers – If a change affects any other device or part of the network, the SD-WAN Controller will request confirmation from the operator before applying the changes.
2. Services, Segments & Leaking – Services are the different Applications Zones within the network implementation. Segments represent virtual network communications between physically unconnected parts, like the Internet, phones, or ATMs, creating their links through independent VRFs (Virtual Routing and Forwarding).
3. Data Centers, Preference Groups and SD-WAN Network Controllers (Access Routers) – Configuration of parameters, communications preferences, and connections between these three core network elements. Access Routers, grouped into clusters that serve the company’s Datacenters, communicate among each other and to the branch-edge routers the situation of each cluster and hosted services.
This way, based on the criteria configured in the SD-WAN implementation, the SD-WAN controller can dynamically choose the best path for accessing the preferred or secondary data center through the corresponding Access Router.
4. Segments Configuration – This is where the network’s user groups/devices and LAN profiles are established, WHAT applications and application categories (groups of applications) are available, and which SLA policies & firewall rules apply to those.
5. In the WAN Profiles & Branch templates, the application policies governing HOW the SD-WAN Controller handles the traffic for each application are set. That is, the order of server and service preferences determines whether the requests for a given branch office, depending on diverse availability scenarios, will be routed through one of the SD-WAN Overlay tunnels or directly through the Underlay.
Communications traffic routing scenarios
The SD-WAN’s architecture and technology allow the SD-WAN Controller to deal with the most demanding routing scenarios:
• MPLS breakout – enables the traffic to go directly between remote offices without going through the Datacenter.
• Access Router switch due to SLA – here, the SD-WAN solution’s path depends on the QUALITY of the communication to services (QoS) that don’t meet the SLA (Service Level Agreement).
• Access Router switch Assuming that the SLA is correct, we may find a situation where one of the application services fails within the preferred Datacenter. Then a new path for accessing that specific service will be established on another Dataserver that also provides this service.
• Access Routers connection between branches – In this scenario, let’s assume that two offices are connected to two different preferred Datacenter clusters. Among the set of Access Routers that form the SD-WAN network, some are NETWORK CONTROLLERS of Access Routers. Those “super” SD-WAN network controllers are connected to every Access Router and Datacenter cluster, allowing the Access Routers to communicate with each other. Every Access Router is automatically updated with all Access Router information. This way, the branch edge routers can communicate with each other through the Access Routers without having to go through the Datacenters.
• SD-WAN overlay architecture – Unlimited Access Routers – The Datacenters can install as many Access Routers as necessary. The offices establish tunnels against all prioritized Access Routers, and the SD-WAN Controller ensures that equal load balancing and full redundancy are accomplished in both directions.
• SD-WAN overlay architecture – The fastest path – There are cases in which the shortest path cannot be used to reach services in a given Datacenter since the Access Routers do not have information about which Services are local and which are not. To address this issue, the Datacenter’s routes can be marked with BGP communities, and the branches can modify the metrics according to the community.
• SD-WAN overlay architecture – Fallback when a service is not accessible – The SD-WAN Controller adapts in case of failure, looking automatically for alternative paths.
• SD-WAN overlay architecture – Fallback on network failure on the Datacenter’s LAN – The SD-WAN Controller can even look for alternative paths via another Datacenter. It doesn’t matter that the Access Router resides in another Datacenter.
• SD-WAN overlay architecture – Variations on the default configuration – Access Routers can be grouped into clusters, and those clusters can be assigned arbitrary priorities (per branch or group of branches). The SD-WAN Controller balances the priority of Access Routers within a cluster.
• SD-WAN overlay architecture – Fallback to Datacenters by preferences – The groups allow establishing a backup Datacenter. In case of failure of the preferred Datacenter, the SD-WAN Controller gives the branches access to the Datacenter of the lower priority group.
be.Safe XDR – monitorization, alerts, and insights into how the network is performing
be.Safe XDR’s user-friendly, personalized dashboards provide analysis and proactive monitoring of the SD-WAN, including network alerts and the configuration of user-defined reports.
The main dashboard gives an overview of the status of the network’s elements and access to details on the network configuration: devices, programable alerts (including proactive email sending); planned, running, or finalized tasks; tracing and audit information.
Additional dashboards can be directly accessed for analyzing specifics on the locations in interactive maps, the WAN and SD-WAN, allowing users to quickly drill deeper into the status and details of each element.
Creating an even more robust network solution
Teldat offers additional products that allow reinforcing the networks to even more robust SD-WAN network solutions. Those products can be implemented either stand-alone or automatically integrated into the Control Network Manager (CNM) Suite’s dashboard, making all network-related information and configuration accessible from a single place.
be.Safe essentials – affordable Web Filter cybersecurity
be.Safe essentials is the perfect, affordable complement for companies with low cybersecurity budgets, like SMBs. It provides the first level of internet security without any need for future investment. be.Safe essentials can be integrated as SaaS, meaning that there is no requirement to deploy additional hardware or software.
be.Safe essentials is a Web Filter solution that is very easy to understand and configure, even without cybersecurity or technical knowledge, allowing setting up policies in a breeze and managing every aspect from mobile devices.
be.Safe essentials is empowered by a world-leading Threat Intelligence Dictionary, based on reputation I.P. and malicious URLs, which is updated constantly, thus, eliminating out-of-date malware security breaches.
Learn more about be.Safe essentials
be.Safe Pro makes it easy to integrate communications security using SASE architecture. It includes a secure web gateway (SWG) and next-generation firewall (NGFW) service that lets branch offices, retail locations, and remote workers safely enjoy full public internet connectivity.
Providing security as a service – Remote users can be given direct internet connectivity through a secure IPSEC tunnel to send and receive internet traffic within the protection of a private cloud infrastructure exclusive to each client.
be.Safe Pro comes with continuous updates, immediate deployment, unlimited scalability, and centralized management. Additionally, the cost of ownership is low or zero if consumption is in service mode: Security as a Service.
Its scalable, vendor and hardware agnostic “pay as you grow” architecture, a tiered ecosystem with the Teldat SD-WAN and NTA that allows for seamless growth as the customer’s needs increase.
Learn more about be.Safe Pro
be.Safe XDR – Gain a deep understanding of your Cloud-based physical and virtual networks
By providing services in the Cloud, networks are becoming more difficult to analyze comprehensively. be.Safe XDR Network Traffic Analysis (NTA) gives users back control and informs their strategic decisions. Top management or anyone else in the company, even without technical knowledge, can understand the data provided in be.Safe XDR
be. Safe XDR’s next-generation NTA reveals user behavior, detects bottlenecks, and makes troubleshooting easy. It allows forensic analysis and builds business vision and infrastructure optimization. Users can take actions based on facts.
Provided as a service from the Cloud (SaaS), be. Safe XDR’s multitenant and multi-tiered architecture makes it ideal for organizations of any size and complexity, as it is easily adapted and scalable as needs grow.
Learn more about be.Safe XDR
Case studies
SD-WAN deployment in a large bank
By using its be.SDx solution, Teldat has been able to migrate the installed base to SD-WAN technology, implementing the solution in 2,700 customer branches.
Read our latest Blog Posts
Developing a Robust Disaster Recovery Plan in the Cloud
In an increasingly digital world, businesses depend on cloud-based systems for everything from data storage to critical applications. While the cloud offers significant benefits—such as scalability, flexibility, and cost efficiency—it also presents new challenges in...
SD-WAN enhances user satisfaction with the network and applications
In recent years, a significant number of companies across various sectors and public administrations have been undergoing or have already completed a digital transformation of their traditional communication networks and how they are managed. The purpose of this...
QoS in SD-WAN networks
Citius, Altius, Fortius (“quicker, higher, stronger”), is the Olympic motto that pushes athletes to give their utmost while competing. With dozens, or even hundreds, of applications in fixed or mobile devices, all connected at the same time and competing for...