The Latest Cato Network News
Product and Solution Information, Press Releases, Announcements
|Azure SD-WAN: Cloud Datacenter Integration with Cato Networks|
|Posted: Thu Oct 03, 2019 12:15:07 PM|
As critical applications migrate into Microsoft Azure, enterprises are challenged with building a WAN that can deliver the necessary cloud performance without dramatically increasing costs and complexity. Thereís been no good approach to building an Azure SD-WAN ó until now. Catoís approach to Azure SD-WAN improves performance AND simplifies security, affordably. Letís see how.
Azure SD-WANís MPLS and SD-WAN Problem
When organizations start relying on Azure two problems become increasingly apparent. First, how do you secure your Azure instance? Running virtual firewalls in Azure, adds complexity and considerable expense, necessitating purchase of additional cloud compute resources and third-party licenses. Whatís more virtual firewalls are limited in capacity, requiring upgrades as traffic grows. Cloud performance may suddenly decline because the firewall is choking the network. Adding other cloud instances requires additional tools, complicating operation.
You can continue to rely on your centralized security gateway, backhauling traffic from branch offices inspection by the gateway before sending the traffic across the Internet to Azure. You can even improve the connection between the gateway and Azure with a premium connectivity service, such as Azure ExpressRoute. But, and hereís the second issue, how do deal with the connectivity problem?
Branch offices that might otherwise be a short hop away from an Azure entrance point must now send traffic back to the centralized gateway for inspection before reaching Azure. Whatís more the approach does nothing for mobile user who sit off of the MPLS network regardless.
And what happens as your cloud strategy evolves and you add other cloud datacenter services, such as Amazon AWS or Google Cloud? Now you need a whole new set of security and connectivity solutions adding even more cost and complexity.
Nor does edge SD-WAN help. Thereís no security built into edge SD-WAN, so you havenít addressed that problem. Thereís also no private global network so youíre still reliant on MPLS for predicable connectivity. Edge SD-WAN solutions also require the cost and complexity of deploying additional edge SD-WAN appliances to connect to the Azure cloud. And, again, none of this help with mobile users, which are also out of scope for edge SD-WAN.
How Azure SD-WAN Works to Connect Cato and Azure
Cato address all of the connectivity and security challenges of Azure SD-WAN. Catoís global private backbone spans more than 45 points of presence (PoPs) across the globe, providing affordable premium connectivity worldwide. Many of those Cato PoPs collocate within the same physical datacenters as entrance points to Azure. Connecting from Azure to Cato is only matter of crossing a fast, LAN connection, giving Cato customers ExpressRoute-like performance at no additional charge.
To take advantage of this Catoís unique approach, Cato customers do two things. First, to connect Cato and Azure, enterprises take advantage of our agentless configuration, establishing IPsec tunnels between the two services, establishing the PoP as the egress point for Azure traffic. Thereís no need to deploy additional agents or virtual appliances. Catoís will then optimize and route Azure traffic from any Cato PoP along the shortest and fastest path across Cato Cloud to destination PoP.
Second, sites and mobile user send their Azure traffic to Cato by establishing encrypted tunnels across any Internet connection to the nearest Cato PoP. Sites will run a Cato Socket, Catoís SD-WAN appliance or establish IPsec tunnels from an existing third-party security device, and mobile users run the Cato mobile client on their devices.
How Azure SD-WAN Secures Azure Resources
In addition to connectivity, Catoís Azure SD-WAN solution secures cloud resource against network-based threats. Every Cato PoP provides Cato complete sure of security services, eliminating the need for backhaul.
Cato Security as a Service is a fully managed suite of enterprise-grade and agile network security capabilities, that currently includes a next-gen firewall/VPN, Secure Web Gateway, Advanced Threat Prevention, Cloud and Mobile Access Protection, and a Managed Threat Detection and Response (MDR) service. Azure instances and all resources connected to Cato, including site, mobile users and other cloud resources, are protected through a common set of security policies, avoiding the complexity that comes with purchasing security tools unique to Azure or other cloud environments.
Azure SD-WAN Benefits
The bottom line is that Azure SD-WAN delivers connectivity and security with minimal complexity and cost:
Superior Microsoft Azure performance
The combination of global Cato PoPs, a global private backbone and Microsoft Azure colocation accelerates Microsoft Azure application performance by up to 20X vs. a typical corporate Internet-based connection. Not only is latency minimized but Catoís built-in network optimizations further improve data transfer throughput. And all of that is done for branch offices as well as mobile users. The result is a superior user experience without the need for premium cloud provider transport services.
Security and deployment simplicity
With Cato, organizations donít have to size, procure and manage scores of branch security solutions normally needed for the direct Internet access critical to delivering low latency cloud connectivity. Security is built into Cato Cloud; cloud resources are protected by the same security policy set as any other resource or user on the enterprise backbone. Catoís agentless configuration also means customers donít have to install additional SD-WAN appliances in the Azure cloud. These benefits are particularly significant for multi-cloud enabled organizations which normally would require separate connectivity solutions for each private datacenter service.
Networking and security agility
Azure SD-WANís simplicity, Azure integration and built-in security stack enable branch offices and mobile users to get connected to Microsoft Azure in minutes or hours vs. weeks or months for branch office appliance-based SD-WAN.
Affordable and fast ROI
Enterprises get superior cloud performance without having to pay the high cost of branch office SD-WAN hardware, carrier SD-WAN services or Microsoft Azure ExpressRoute transport. Nor do companies need to invest in additional security services to protect cloud resources with Cato.