Communication Security

Software-Defined Wide Area Network (SD-WAN)


What Is SD-WAN?

A software-defined wide area network (SD-WAN) implements connectivity between enterprise branches, headquarters, and multiple clouds, allowing applications to scale between hybrid connectivity (including MPLS, Internet, 5G, and LTE connectivity) and high-speed networks. allows you to choose the best link for your data transfer. Quality cloud - service experience. SD-WAN improves the reliability, flexibility and O&M efficiency of enterprise branch networks, keeps branch networks always online, and ensures service continuity and stability.
Enterprise networks are facing issues such as closed WAN architecture, difficult service experience assurance, slow service deployment, and difficult O&M. To address these issues, SD-WAN Solution implements all-scenario and on-demand interconnection between enterprise branches and between enterprise branches and data centers. This solution stands out with the application-based intelligent traffic steering and acceleration as well as intelligent O&M features to deliver better service experience and reshape the full-process service outcomes of enterprise WAN interconnections.

How Is SD-WAN Security Ensured?

The SD-WAN security can be ensured from two aspects: system security and service security. System security is a mandatory, basic security capability of the SD-WAN Solution. After system initialization, the SD-WAN Solution should have capabilities to ensure secure and reliable system running. Service security is ensured by separately deploying flexible security functions based on the service security requirements of enterprises.

• System securitySystem security covers communication security between components in the SD-WAN solution, multi-tenant security, and component security. The SD-WAN Solution consists of multiple components. The components and the communication between them may encounter security threats. Security measures must be taken to ensure the security and reliability of the SD-WAN Solution.
  These measures include identity authentication, data encryption, data verification, and permission control, which prevent security issues such as unauthorized access, information leakage, and data tampering. Especially in CPE access scenarios, the SD-WAN Solution strictly verifies CPE identity information based on the Zero-Trust concept. This approach ensures that only authorized and trusted CPEs can access the network, preventing CPE identity spoofing.
• Service securityService security involves the security of services carried by the SD-WAN Solution. Based on the service model of an enterprise, service security covers the security of the inter-site access, Internet access, and cloud access services.
  To meet service security requirements, proper security measures must be taken for the services. For example, for the inter-site access service, data must be encrypted for secure transmission on the Internet. For the Internet access service, CPEs or uCPEs provide security functions such as ACL-based packet filtering, firewall, intrusion prevention system (IPS), URL filtering, and VAS advanced security functions, preventing various attacks and intrusions. 

These security functions can be configured for each VPN. That is, differentiated service security measures can be taken for different departments of a tenant.
In addition, the SD-WAN Solution can connect to a third-party cloud security gateway to protect SaaS service traffic and traffic for accessing public clouds.

How Is SD-WAN Related to Clouds?
In the cloud era, more and more companies are migrating their IT systems to the public cloud. Enterprise WANs also require flexible access to various cloud resources, such as Infrastructure as a Service (IaaS) cloud services and SaaS cloud applications. vCPEs can be deployed as edge nodes in public cloud locations to provide software-based security, WAN acceleration, and load balancing capabilities over VNFs. Integrating these capabilities into the CPE reduces equipment costs and power consumption, and enables flexible and rapid service delivery.
Connectinf to a public clouds
Multiple paths to SaaS cloud applications may be available to ensure access efficiency. SD-WAN solutions leverage intelligent traffic control capabilities to understand service level agreements (SLAs) for each available path in real time. SD-WAN solutions can use a centralized network control system to coordinate and select the best path to access SaaS cloud applications in real time.
Accessing SaaS cloud applications