IT Vortex - Managed IT Services

Scaling Secure SD-WAN Across Hundreds of Branch Offices

Digital Innovation at the Branch Requires SD-WAN

Most organizations with multiple locations are in the process of implementing a distributed networking strategy that ensure that all branch offices and users are able to take advantage of ongoing digital innovation efforts. For true cross-organizational collaboration, productivity enhancement, and improved user experience, every user needs access to essential business applications. To achieve this, they need highly flexible and scalable access to cloud-based applications and resources, direct access to the internet, and on-demand connections to other users and devices.

That’s simply not possible with traditional hub-and-spoke branch networking models built around WAN routers and a fixed MPLS connection. Business applications, especially those that deliver rich media or enable highly flexible collaboration between users and locations – such as unified communications, Office 365, and similar tools – require massive amounts of bandwidth. And in a traditional model, all of that traffic needs to be backhauled through the core network. Multiply that by scores of remote workers located in dozens of remote offices and you can quickly overwhelm internal servers, compute resources, and even security and inspection tools.

SD-WAN Requires Integrated Security that can Scale

Fortunately, SD-WAN addresses these connectivity issues. The biggest issue most organizations face is figuring out how to replace the traffic and connectivity security previously provided by the core network. But simply adding an overlay security solution to an SD-WAN device to approximates the protection previously provided can significantly – and unexpectedly – increase both capital and ongoing operational expenses.

It can also limit their ability to effectively scale their SD-WAN solutions, as adding layers of siloed security across multiple sites can exponential increase management complexity. In the case of a recent customer looking to deploy an SD-WAN connectivity and security solution to over 700 locations, this sort of scalability isn’t even possible without massive amounts of support resources in place or significant compromises in functionality and security.

Secure SD-WAN solution resolves all of these issues, however, by adding connectivity, traffic shaping, network management, and application recognition tools to an existing next-generation firewall appliance. This not only ensures that a full range of protections are fully integrated into SD-WAN functionality by default, but that deployments can seamless scale across hundreds or even thousands of remote locations without adding implementation, management or optimization overhead.

The Unique Challenge of Interconnecting Wholly Owned Subsidiaries

Scalability and interoperability are critical requirements for many organizations. Banks and insurance companies, for example, may have hundreds or even thousands of branch offices that require scalable and flexible connectivity. Organizations that use a franchise model, where many or even all branch offices are wholly owned subsidiaries, complicates the issue even further. Connections not only need to provide scalable access to critical resources, but also maintain the privacy and integrity of the individual owners while protecting core and cloud-based resources from branch LANs that are not fully controlled by the main office.

For example, as mentioned previously, we recently had the opportunity to design and deploy a Secure SD-WAN solution for a company with over 700 locations, and to complicate things further, many of them are wholly owned subsidiaries. Their goal was to replace their traditional connectivity model with one that provided far better access to online and cloud-based resources than their expensive MPLS to private cloud connections. Their goal was to make their WAN more robust and efficient to eliminate chronic network outages, improve user experience, and simplify and streamline the ability of remote offices and franchise owners to efficiently and easily access critical business tools and resources by leveraging the application steering, connection monitoring, and management tools provided by SD-WAN.

The other part of the challenge was to also ensure that every connection enjoyed optimal security, including encrypting and inspecting traffic, firewall and IPS defenses, and even things like web filtering and sandboxing to protect individual branch offices while preventing the spread of malware between operators. They also wanted to establish and maintain policy synchronization to ensure consistent protection across the entire distributed landscape, while eliminating the threat of the “weakest link” exposing everyone else to risk.

Addressing Connectivity, Security, and Centralized Management with a Single Solution

By carefully selecting a solution from amongst four different SD-WAN candidates they were able to deploy a solution designed to address their entire set of objectives. Any full-service SD-WAN solution, such as Fortinet Secure SD-WAN, needs to be able to address the triple challenges of connectivity, security, and management:

For connectivity, an SD-WAN solution needs to provide dynamic connection scalability and traffic steering and shaping to ensure optimum performance, application recognition for fast and seamless connections to resources, and path monitoring and sub-second switchover path remediation to protect latency-sensitive applications from things like jitter and packet loss. For more complex deployments, a solution also needs to provide advanced routing methods such as multicast for the efficient distribution of one-to-many traffic. It also has to support a variety of connection options, from direct broadband and internet connections to MPLS, as well as things like LTE as a path of last resort to ensure and maintain maximum network uptime.

For security, that same solution needs to provide the same suite of tools previously provided by the core network. That includes NGFW and IPS prevention and detection, web filtering, antivirus and anti-malware, VPN encryption coupled with high speed encrypted traffic inspection, and even sandboxing to detect zero day threats. And just as importantly, that security needs to be seamlessly integrated into the networking functionality so they can respond to dynamically changing connections simultaneously. Otherwise, security will be perpetually trying to keep up with dynamic connectivity changes, creating gaps and lag times in protections that cybercriminals are prepared to exploit. And finally, that security needs to run both ways, protecting both the branch and the larger network from compromise.

The other element of this integrated approach is centralized management and analytics. To reduce the cost of deployment when there is little to no IT staff onsite, and especially when the local branch network is controlled by an independent franchise owner, any Secure SD-WAN solution under consideration also needs to include zero touch deployment. This ensures seamless implementation along with integration with the local branch network and accelerates the on-ramping of access to cloud applications and other resources.

You also can’t afford to have separate management consoles for security and networking. Policies need to be set centrally and impact both sides of the coin so that bandwidth can scale up and down, and connections can dynamically adjust to fluxuations in availability without ever leaving security behind. Further, there needs to be a single window into network and security functionality so the ramifications of adjustments made anywhere across the Secure SD-WAN process can be seen and managed. Centralized visibility can also reduce troubleshooting cycles, especially when that security can be tied back into the Branch to provide local LAN protection, as well as into a central SOC/NOC to provide a real-time unified view across the entire landscape.

Bringing it All Together

A true Secure SD-WAN solution is essential for accelerating the on-ramping of branch offices to access essential business applications and services, regardless of whether those branch offices all belong to the same organization or are separate entities. Regardless, they all need connectivity, security, and unified management to provide the best possible user experience, with the added bonus of being able to treat each branch as a separate entity when and where appropriate.

Fortinet’s Secure SD-WAN solution includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering.

Written By Nirav Shah

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on tumblr
Share on whatsapp
Share on email

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions

Tech Tips, Cyber Threat Mitigation, Cutting Edge Technology, Cost Savings and More!

 

IT Vortex, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. You will consent to us contacting you for this purpose, by submitting the form.

Fortinet logo

Fortinet is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

microsoft logo

Name of the partner

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions

ACTI Logo

Technology Reseller and Distributor, Certified Implementation Expertise with all ACTi products and services. IT Vortex has worked with ACTi for over a decade implementing security camera solutions for a multitude of industries with AI, Facial Recognition, License Plate Recognition, Loitering Detection, Cloud storage, and more.

Amazon_Web_Services_Logo

IT Vortex partners with AWS via VMware for the VMware on AWS offering that allows for cloud services fulfillment via AWS utilizing the same VMware products many companies already enjoy the benefits from.

Barracuda Logo

Barracuda Technology is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Cisco logo

Cisco Technology is offered in our Cloud Hosting Platform via DUO for MFA. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Condusiv Technologies logo

Condusiv Technology is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dell logo

Dell servers are a key component offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dropbox logo

We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

DTEN logo

We use DTEN extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

ingram micro cloud logo

Our distribution preferred partner for our technology offerings.

Apply for this position

Fill out the form below and our hiring team will reach out to you as soon as possible

microsoft logo

Various Microsoft technologies are offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

mitel logo

Our telephone platform of choice. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

NEAT Logo

We use NEAT extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

observe IT Logo

ObserveIT/Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Proofpoint essentials Logo

Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Solarwinds Logo

Solarwinds is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Trend Micro Logo
veeam green logo

Veeam is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

vmware logo

Our Datacenter is built on a VMWare architecture. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

wasabi logo

Wasabi is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

zoom-logo

We use Zoom extensively to meet internally and externally. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Security as a Service (SECaaS) by IT Vortex

Pricing Calculator

Choose a service, answer a few simple questions, and receive an individual quote for our services

User count by type

Fill out the form and we will call you to answer all your questions