Organizations with multiple remote offices are exhibiting a new trend. They are switching from performance-inhibited wide-area networks (WANs) to software-defined WAN (SD-WAN) architectures. SD-WAN is best known as the technology that helps business application steer cost savings and one that provides increased performance for Software-as-a-Service (SaaS) applications, as well as unified communication services. However, SD-WAN has its own shortcomings—especially when it comes to security with direct internet access. Fortinet is in the business of providing a highly secure SD-WAN service.
Speaking with Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet, Voice&Data discovers the strengths of SD-WAN; Fortinet’s role in the space; and an outlook on 5G.
Voice&Data: SD-WAN is considered the revolutionary technology for CSPs to exploit. Can you justify this statement from your perspective?
Rajesh Maurya: Branch offices today have increased transactions, workflows, applications, and data requests that need to be just as fast as those being processed at the network core. Even more challenging, the number and types of end-users and the increasing volume of voice and video traffic and business applications connected to the branch network have multiplied dramatically, including cloud-based networks (IaaS) and services (SaaS).
SD-WAN solves the problems of bandwidth costs and traffic latency, allowing organizations to move beyond MPLS to include broadband connections. SD-WAN routes network traffic from branches to the cloud, headquarters, or other branches by enabling direct access to cloud applications and services.
Many IT teams who have been quick to adopt SD-WAN due to its clear benefits, significantly underestimating the challenges of implementing an effective and comprehensive security strategy to go along with it. Organizations are also experiencing a shortage of trained and experienced cybersecurity professionals. The last thing that they need is to build, deploy, manage, and monitor yet another suite of security tools designed to protect their branch offices.
CSPs should look at SD-WAN beyond just providing the bandwidth for connectivity.
CSPs should look at SD-WAN beyond just providing the bandwidth for connectivity. In order to expand revenue opportunities and increase their competitive edge in a busy market, service providers should add valuable services – these include advanced security, networking, and application management.
SD-WAN is a sophisticated connectivity service that has become the ideal channel for delivering additional services and support across the cloud or data center. By adding access control to local switches and wireless access points, in conjunction with Network Access Control, SD-WAN is able to drive security services deep into the remote network. In turn, this can lead to another commercially viable service opportunity – SD-Branch.
By viewing SD-WAN as a value-added services platform, as opposed to just another service offering, CSPs can not only open the door to significant benefits for their customers but also expand their own revenue opportunities.
Our Secure SD-WAN is able to scale up to 100,000 SD-WAN sites thanks to Fortinet’s 20-year investment in building single-pane-of-glass management, which can now support the most demanding use cases for both security and SD-WAN.
Voice&Data: What are Fortinet’s offerings in the SD-WAN space? What is unique to Fortinet’s offerings?
Rajesh Maurya: Fortinet Secure SD-WAN has emerged as one of the top solutions on the market to support enterprises in their pursuit of reducing WAN complexity and cost while enhancing application experience and security. Our Secure SD-WAN is able to scale up to 100,000 SD-WAN sites thanks to Fortinet’s 20-year investment in building single-pane-of-glass management, which can now support the most demanding use cases for both security and SD-WAN.
Today, over 21,000 companies of all sizes and verticals worldwide, including some of the largest service providers, have chosen Fortinet Secure SD-WAN to achieve business benefits.
A key differentiator is the Zero-touch provisioning which reduces complexity and allows customers to deploy a new branch in minutes instead of weeks. Customers are also able to consolidate point products into one enterprise-grade solution to significantly reduce capital costs. Augmenting MPLS with broadband reduces operational costs while a full stack of integrated security functions—including NGFW, IPS, anti-virus and anti-malware, web filtering, SSL inspection including TLS 1.3, and sandboxing—ensures security without compromise and limits the potential costs related to a security breach.
For the second year in a row, Fortinet has received a “Recommended” rating in NSS Labs’ Software-Defined Wide Area Networking (SD-WAN) group test report.
Voice&Data: Can you share a few success stories of Fortinet’s SD-WAN technology?
Rajesh Maurya: Our rapidly growing market share and customer base around the world and across different verticals highlights the need for Fortinet’s security-driven networking approach to SD-WAN.
IndiGo Airlines’ poor MPLS network and Internet quality had resulted in delays for customers accessing their applications for flight booking, call centers, airport counters, and flight status checking, adversely affecting their business. To avoid delays and provide the best possible user experience for business-critical applications, the airline wanted to adopt a hybrid WAN model that would be able to distribute traffic over a variety of links, including MPLS, Broadband and Internet Leased Line.
IndiGo has selected Fortinet Secure SD-WAN solution to provide best of breed SD-WAN integrated with security capabilities with one single offering.
IndiGo has selected Fortinet Secure SD-WAN solution to provide best of breed SD-WAN integrated with security capabilities with one single offering. The airline has deployed multiple FortiGate Next-Generation Firewalls at 54 airport counters and in their data centers, along with FortiManager and FortiAnalyzer for management and analytics.
IndiGo can now map WAN resources directly making the network more efficient and responsive by combining application routing, load balancing, performance monitoring and securing customers’ data all in a single appliance, which reduces management complexity and delivers significant cost benefits.
Voice&Data: The company has recently associated with Tata Communications Transformative services. What is significant about this partnership and what are the mutual benefits expected from this partnership?
Rajesh Maurya: As cloud complexity continues to grow, enterprises are grappling with the many functions, gateways, configuration, segmentation and monitoring of Virtual Private Clouds (VPCs) across Infrastructure-as-a-Service (IaaS) data centers, regions and worldwide deployments. Configuration of SD-WAN, VPNs, routing tables, security, gateways, and hybrid connectivity within a public cloud continues to be a problem area for most enterprises.
Tata Communications Transformation Services Limited (TCTS) and Fortinet, working with Microsoft Azure and Equinix have launched a fully managed SD-WAN offering for Azure Virtual WAN. This offering is one of the first industry solutions of native hybrid SD-WAN coupled with traffic steering and security protection for Azure’s cloud.
TCTS has augmented Azure’s current Virtual WAN offering in which application policies can be centrally configured using Fortinet’s SD-WAN technologies
How this works is an enterprise at any given site can use a hybrid deployment of MPLS and Internet to steer the traffic between mission-critical traffic and non-mission critical traffic, which further connects directly to Azure via Azure ExpressRoute. This connection can be established leveraging TCTS’ highly commended platform, ‘Virtual Cloud exchange,’ for building within native service provider environments or white-labeled options using the Equinix’ Cloud Exchange Fabric.
TCTS has augmented Azure’s current Virtual WAN offering in which application policies can be centrally configured using Fortinet’s SD-WAN technologies integrated with Equinix Network Edge to create Virtual Network Services that deliver enhanced performance and security protection.
Voice&Data: In the coming years how do you see SD-WAN having a major impact on the telecom industry?
Rajesh Maurya: In 2020, the Secure SD-WAN approach to branch connectivity will move the needle a bit further as Indian businesses move towards digital transformation. Most of the leading service providers in India have rolled out SD-WAN solutions and services to capitalize on this revolution.
This market has presented opportunities for service providers to offer managed WAN services both on and off their network. As a great deal of the value of any SD-WAN solution lies in the services that are attached to it, this technology can be considered an enabler and facilitator for supplementary services for bandwidth providers. SD-WAN should be the means for the service provider to deliver an entire value-added services engine that increases revenue per user along with sustained customer loyalty.
From a Service Provider perspective, any SD-WAN solution being considered as a foundational solution for their managed services need to include a number of essential ingredients. And to start, automation-driven single pane tiered management that spans both networking and security functions is a table-stakes requirement. It also needs to support tiered end-to-end analytics for individual customers as well as for their entire managed operations. And because it will be incorporated into a broader suite of managed services, it also needs to include support for public and customer APIs as well as open standards.
For most if not all operators, 4.5G is an essential step on the path to 5G. Requiring only minimal new hardware implementation, it offers a cost-effective way for Mobile Operators to meet some of the demand for higher capacity,
Voice&Data: What is your take on 5G and how do you think the different stakeholders of the industry should work towards bringing the spectrum to availability in India?
Rajesh Maurya: In the same way that we no longer worry about the reliability, performance or security of electrical circuits when switching on a light, we have always strived for that same instant access to our data, applications and services, wherever and whenever we choose. With 5G, this long-sought yet elusive goal finally promises to become a reality, ushering in new possibilities and opportunities, the extent of which seems limited only by our imagination.
For most if not all operators, 4.5G is an essential step on the path to 5G. Requiring only minimal new hardware implementation, it offers a cost-effective way for Mobile Operators to meet some of the demand for higher capacity, while at the same time gaining familiarity with much of the new technology, architecture and operational changes required for 5G.
As the core network is transformed to support 4.5G and then 5G, we move from a predominantly physical infrastructure to a partially virtualized, hybrid infrastructure, and finally to a predominantly virtualized network.
The widespread deployment of 5G mobile services will be nothing short of revolutionary and the opportunities for those able to capitalize on this revolution are virtually boundless. But with the coming orders-of-magnitude advances in bandwidth, connection and use case possibilities comes a corresponding increase in the potential havoc wrought by denial of service, spam and other forms of the cyberattack on the wireless infrastructure itself.
As CSPs are evolving and migrating their mobile infrastructure from 4G to 5G and beyond, the ever-present and evolving threat of cyberattack will require an underlying security infrastructure that can secure that migration with unprecedented levels of performance, scalability, agility, protection and cost-effectiveness.
That is why Fortinet offers strategic security solutions specifically designed to address the unique challenges facing operators as they migrate their core networks to deliver 4.5G and 5G mobile services.