Transcription
ENTERPRISEUnityEdgeConnectSD-WANEdge PlatformAs cloud-based application adoption continues to accelerate,geographically distributed enterprises increasingly viewthe wide area network (WAN) as critical to connecting usersto applications.As enterprise applications migrate from thecorporate data center to the cloud, private lineconnections such as multi-protocol label switching(MPLS) have proven to be overly rigid and expensive.With greater reliance on the internet, the opportunity to achieve “cloud speed” is better served byintegrating broadband services into the WANtransport mix.Silver Peak Unity EdgeConnect SD-WAN edge platform enables enterprises to dramatically reduce thecost and complexity of building a WAN by leveragingbroadband to connect users to applications. Byempowering customers to use broadbandconnections to augment or replace their currentMPLS networks, Silver Peak improves customerresponsiveness, increases application performance,and significantly reduces capital and operationalexpenses by up to 90%.Silver Peak Data SheetUnity EdgeConnect SolutionThree components comprise the Unity EdgeConnectSD-WAN solution: Unity EdgeConnect physical or virtualappliances (supporting any common hypervisorsand public clouds) deployed in branch officesto create a secure, virtual network overlay. Thisenables customers to move to a broadband WANat their own pace, whether site-by-site, or via ahybrid WAN approach that leverages MPLS andbroadband internet connectivity. Unity Orchestrator , included with the Edge-Connect solution, provides unprecedented levelsof visibility into both legacy and cloud applications with the unique ability to centrally assignpolicies based on business intent to secure and01
control all WAN traffic. Policy automation speedsand simplifies the deployment of multiple branchoffices and enables consistent policies acrossapplications. Unity Boost WAN Optimization is an optionalWAN optimization performance pack that combines Silver Peak WAN optimization technologieswith EdgeConnect to create a single, unified WANedge platform. Boost allows companies to accelerate performance of latency-sensitive applications and minimize transmission of repetitivedata across the WAN in a single, fully integratedSD-WAN solution.EdgeConnect Key Features Zero-Touch Provisioning: A plug-and-playdeployment model enables Unity EdgeConnectto be deployed at a branch office in seconds,automatically connecting with other Silver Peakinstances in the data center, other branches, orin cloud Infrastructure as a Service (IaaS) such asAmazon Web Services, Microsoft Azure, OracleCloud Infrastructure and Google Cloud Platform. Tunnel Bonding: Configured from two or morephysical WAN transport services, bondedtunnels form a single logical overlay connection,aggregating the performance of all underlyinglinks. If a link fails, the remaining transportlinks continue to carry all traffic avoidingapplication interruption. Virtual WAN Overlays: The EdgeConnectSD-WAN edge platform is built upon an application-specific virtual WAN overlay model. Multipleoverlays may be defined to abstract the underlyingphysical transport services from the virtual overlays, each supporting different QoS, transport, andfailover characteristics. Applications are mappedto different overlays based upon business intent.Virtual WAN overlays may also be deployed toextend micro-segmentation of specific applicationtraffic from the data center across the WAN to helpmaintain security compliance mandates. Dynamic Path Control (DPC): Real-time traffic steering is applied over any broadband or02Figure 1: EdgeConnect XS shown here. Also available as a virtualappliance.MPLS link, or any combination of links based oncompany-defined policies based upon businessintent. In the event of an outage or brownout,EdgeConnect automatically continues to carrytraffic on the remaining links or switches over toa secondary connection. WAN Hardening: Each WAN overlay is securededge-to-edge via 256-bit AES encrypted tunnels.No unauthorized outside traffic can enter thebranch. With the option to deploy EdgeConnect directly onto the internet, WAN hardeningsecures branch offices without the appliancesprawl and operating costs of deploying andmanaging dedicated firewalls. Path Conditioning: This feature providesprivate-line-like performance over the publicinternet. Includes techniques to overcome theadverse effects of dropped and out-of-orderpackets that are common with broadband internet and MPLS connections to improve application performance. First-packet iQ Application Classification:EdgeConnect First-packet iQ application classification identifies applications on the first packetto deliver trusted SaaS and web traffic directly tothe Internet while directing unknown or suspicious traffic to the data center firewall or IDS/ IPS.Identifying applications on the first packet is especially important when branches are deployedbehind Network Address Translation (NAT); thecorrect path must be selected based on the firstpacket to avoid session interruption. Local Internet Breakout: Granular, intelligenttraffic steering enabled by First-packet iQ eliminates the inefficiency of backhauling all HTTP/HTTPS traffic to the data center. The solutioneliminates the potential for wasted bandwidthand performance bottlenecks for trusted SaaSSilver Peak Data Sheet
and web traffic. Trusted traffic is sent directlyacross the Internet while unknown or suspicioustraffic may be sent automatically to more robustsecurity services in accordance with corporatesecurity policies. Routing: EdgeConnect supports standard Layer2 and Layer 3 open networking protocols suchas VLAN (802.1Q), LAG (802.3ad), IPv4 and IPv6forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP(version 4), OSPF. Cloud Intelligence: Real-time updates on thebest performing path to reach hundreds ofSoftware-as-a-Service (SaaS) applications,ensuring users connect to those applicationsin the fastest, most intelligent way available. Additionally, automated daily updates of the applicationIP address database to EdgeConnect applianceskeep pace with SaaS and web address changes.interface, to enable enterprises to automateand accelerate the integration of security partners’ advanced services , like Palo Alto Networks,Checkpoint, Fortinet, ForcePoint, Symantec, secure web gateways (e.g., Zscaler), and secure DNS(e.g., Infoblox) utilizing private secure encryptedIPSec tunnels. High Availability: The EdgeConnect HA clusterprotects from hardware, software and transportfailures. High Availability is achieved by providingfault tolerance on both the network side (WAN)and on the equipment side. The EdgeConnectappliances are inter-connected with a HA linkthat allows tunnels over each underlay to connect to both appliances.Orchestrator Key Features Single Screen Administration: Enables quickand easy implementation of network-wide business intent policies, which eliminates complexand error-prone policy changes at every branch Real-Time Monitoring and Historical Report-ing: Provides specific details into application,location, and network statistics, including continuous performance monitoring of loss, latency,and packet ordering for each enterprise customers’ network path. All HTTP and native applicationtraffic are identified by name and location, andalarms and alerts allow for faster resolution ofnetwork issuesFigure 2: Unity Orchestrator enables centralized definition and automated distribution of network-wide business intent policies to multiplebranch offices. Zone-based Firewall: Centrally visualize, defineand orchestrate granular security policies andcreate secure end-to-end zones across any combination of users, application groups and virtualoverlays, pushing configuration updates to sitesin accordance with business intent. Using simpletemplates to create unique zones that enforcegranular perimeter security policies across LANWAN-LAN and LAN-WAN-Data Center use cases. Service Chaining: EdgeConnect supportssimplified service chaining, using a drag-and-dropSilver Peak Data Sheet Bandwidth Cost Savings Reports: Documentsthe cost savings for moving to broadband connectivityOrchestrator Enables FasterSD-WAN DeploymentsUnity Orchestrator, included with Unity EdgeConnect,enables zero-touch provisioning of EdgeConnect appliances in the branch. Orchestrator automates theassignment of business intent policies to ensurefaster and easier connectivity across multiple branches, eliminating the configuration drift that can comefrom manually updating rules and access control03
lists (ACLs) on a site-by-site basis. Unity Orchestratorenables customers to: Avoid WAN reconfigurations by delivering applications to users in customized virtual overlays Align application delivery to business goalsthrough virtual WAN overlays based onbusiness intent Simplify branch deployments with EdgeConnectProfiles that describe the virtual and physicalconfiguration of the locationGain Control over the CloudGain an accurate picture of how Infrastructure- as-aService (IaaS) and Software-as-a-Service (SaaS) andare being used within your organization. Name-based identification and reporting of allcloud applications. Tracking of SaaS provider network traffic. Cloud Intelligence provides Internet mapping ofoptimal egress to SaaS services.Strengthening WAN SecurityFigure 3: Orchestrator enables centralized and automated overlaymanagement.In addition to centralized and automated controlof the entire SD-WAN topology (Figure 3), UnityOrchestrator provides specific detail into WANperformance, including:Advanced capabilities provide cloud-first enterprises with the control to centralize and automatesecurity policy governance and safely connect usersdirectly to applications. They enable distributedenterprises to centrally segment users, applicationsand WAN services into secure zones and automateapplication traffic steering across the LAN andWAN in compliance with predefined security policies, regulatory mandates and business intent. Forenterprises with multivendor security architectures,Unity Orchestrator offers seamless drag and dropservice chaining to next-generation security infrastructure and service. Detailed reporting on application, location, andnetwork statistics Continuous performance monitoring of throughput, loss, latency, jitter and packet ordering forall network paths Identification of all application traffic by nameand location Alarms and alerts to visualize and prioritize software and hardware issues within the WAN allowfor faster problem resolution Bandwidth cost savings report for documentingthe cost savings of moving to broadbandFigure 4: A matrix view from Orchestrator, provides an easy-to-read,intuitive visualization of configured zones and defined whitelistexceptions.Boost Application Performanceas NeededUnity Boost WAN Optimization is an optional WANOptimization performance that includes:04Silver Peak Data Sheet
Latency Mitigation: TCP and other protocolacceleration techniques are applied to all traffic,minimizing the effects of latency on applicationperformance and significantly improvingapplication response times across the WAN. Data Reduction: Data compression anddeduplication eliminates the repetitivetransmission of duplicate data. Silver Peaksoftware inspects WAN traffic at the byte-leveland stores content in local data stores.Advanced finger- printing techniques recognizerepetitive patterns for local delivery. DataReduction can be applied to all IP-based protocols, including TCP and UDP.Why Add Boost?Silver Peak Unity EdgeConnect appliances aloneprovide enhanced application performance forbroadband or hybrid WAN deployments, utilizing theincluded packet-based tunnel bonding, dynamic pathcontrol (DPC), and path conditioning for overcomingthe adverse effects of dropped and out-of-orderpackets that are common with Internet connections.where and when it is needed in a fully integratedsolution. Boost is licensed per-megabit-per-second,per-month, so customers do not have to pay forWAN optimization across the entire network.Overcome Effects of LatencyThe time it takes for information to go from sender toreceiver and back is referred to as network latency.Since the speed of light is constant, WAN latency isdirectly proportional to the distance traveled between the two network endpoints. Silver Peak offersa variety of TCP acceleration techniques to mitigateWAN latency, including Window Scaling, SelectiveAcknowledgement, Round-Trip Measurement, andHigh Speed TCP.Windows and other applications that rely on theCommon Internet File System (CIFS) often take longerto perform common file operations over distance,such as retrieving and sharing files. Unity Boosthelps these applications not only by improving theunderlying TCP transport, but also by acceleratingCIFS through CIFS read-ahead, CIFS write-behind,and CIFS metadata optimizations.However, sometimes additional performance isneeded for specific applications or locations. Asdistance between locations increases over the WAN,application performance degrades.This has less to do with the available bandwidth, andis more about the time it takes to send and receivedata packets over distance, and the number of timesdata must be re-sent.Boost Use Case Examples Customers replicating to a disaster recovery (DR)site thousands-of-miles away might want to addBoost to ensure recovery point objectives (RPOs)are not compromised. Enterprises with remote sites located in ruralareas, or with sites that are exceptionally fartheraway from the company’s data center, mightwant to add Unity Boost to overcome the effectsof high latency.With Unity Boost, customers gain the flexibility toenable enhanced WAN optimization capabilitiesSilver Peak Data SheetFigure 4: Boost enables customers to add application performance asneeded.Increase ThroughputAs packets flow through EdgeConnect appliances,Boost inspects WAN traffic at the byte-level and storescontent in local data stores. As new packets arrive,Silver Peak computes fingerprints of the data containedwithin the packets, and checks to see whether thesefingerprints match data that is stored locally.If the remote appliance contains the information,there is no need to resend it over the WAN. Instead,specific start-stop instructions are sent to deliver thedata locally.05
Unity EdgeConnect Hardware PlatformsEdgeConnect USEdgeConnect XSEdgeConnect SEdgeConnect M*EdgeConnect L*EdgeConnect ll Branch/Home OfficeSmall BranchLarge BranchHead OfficeSmall HubData CenterLarge HubData CenterLarge HubTypical WANBandwidth1-100 Mbps2 - 200 Mbps10 - 1000Mbps50 - 2000Mbps1 - 5 Gbps2 - 10 000,0002,000,0002,000,000RecommendBoost up to25 Mbps50 Mbps200 Mbps500 Mbps1 Gbps5 GbpsRedundancy/ FRUsNoNoNoPower andSSDPower andSSDPower andSSD3 x RJ4510/100/10004 x RJ4510/100/10006 x RJ452x 1/10GOptical(option)4 x RJ452 x1/10GOptical4 x RJ452 x 1/10GOptical4 x 1/10GOpticalRJ-45 serialport2x10/100/1000;RJ-45 serialport2x10/100/1000;RJ-45 serialport2x10/100/1000;DB-9 serialport2x10/100/1000;DB-9 serialport2x10/100/1000;DB-9 ntPorts* EC-M, EC-L , EC-XL are available with the following optical interface options: EC-M-B, EC-L-B, EC-XL-B (Bypass) –Embedded optics; Fail-to-Glass EC-M-P, EC-L-P (Pluggable) – Optional pluggable optical transceivers (2 x SFP ) EC-XL-P (Pluggable) – Optional pluggable optical transceivers (4 x SFP )Unity EdgeConnect Technical Support06TermSupport is included as part of the EdgeConnect Base subscription licenseWeb-basedSupport PortalUnlimited access 24 / 7 / 365 includes software downloads, technical documentation, andSoftware UpdatesMajor and minor features releases; maintenance releasesTechnical Support24 / 7 / 365 Phone / E-mail / WebResponse Time2 HoursHW Warranty andMaintenanceRefer to the EdgeConnect Warranty and Maintenance Policies Data Sheet for further information.online knowledge baseSilver Peak Data Sheet
Flexible Deployment Models EdgeConnect Virtual (EC-V) – Download andinstall EdgeConnect from anywhere in the world.The software runs on all common hypervisors,including VMware ESXi, Microsoft Hyper-V, CitrixXenServer, and KVM. Silver Peak customers whohave an IaaS presence in AWS, Microsoft Azure,Oracle Cloud Infrastructure or Google Cloud Platform can deploy EdgeConnect within their hostedcloud environment. EdgeConnect Physical (EC) – For enterprises thatare not virtualized in the branch, choose one-offive EdgeConnect hardware appliance models forplug-and-play deployment. Unity EdgeConnect SubscriptionLicensingSilver Peak Unity EdgeConnect licenses are sold as asubscription, in either single or multi-year increments (1,2, 3, 4, 5 and 7 years) at multiple bandwidth tiers.EdgeConnect includes Unity Orchestrator that can beinstalled either on premise or in a customer’s virtualprivate cloud. An optional cloud-hosted Orchestratorlicense provides a highly reliable alternative deployment model supporting all Orchestrator featureswithout the complexity of managing on premise virtualcompute and storage resources. Unity Boost WANOptimization is an optional WAN Optimization performance pack that may be ordered and deployed flexiblyto sites that require application acceleration. Boost isoffered in 100Mbps or 10G blocks. Company AddressPhone & FaxOnlineSilver Peak Systems, Inc2860 De La Cruz Blvd.Santa Clara, CA 95050Phone: 1 888 598 7325Local: 1 408 935 1800Email: info@silver-peak.comWebsite: www.silver-peak.com 2019 Silver Peak Systems, Inc. All rights reserved. Silver Peak, the Silver Peak logo, and all Silver Peak product names, logos, and brands are trademarks or registered trademarks of Silver Peak Systems, Inc. in the United States and/or other countries. All other product names, logos, and brandsare property of their respective -040419Silver Peak Data Sheet07
ensuring users connect to those applications in the fastest, most intelligent way available. Addi - tionally, automated daily updates of the application IP address database to EdgeConnect appliances keep pace with SaaS and web address changes. Zone-based Firewall : Centrally visualize, define and orchestrate granular security policies and
