The following post is by Rajesh Kari, Senior Product Marketing Manager for SASE at Palo Alto Networks. We thank Palo Alto Networks for being a sponsor.
The pandemic challenged the way companies operate, forcing them to rethink their branch strategy. They quickly migrated their workforce to be remote while delivering uninterrupted connectivity to applications and resources from anywhere.
With more and more businesses opening up, most of their employees are still expected to work remotely even after COVID-19 mandates are lifted. As a result, most organizations are planning to support a hybrid model where the majority of employees can work fluidly between corporate offices, branch offices, home offices, or on the road.
In the process, businesses have realized the importance of having a cloud solution that converges networking and security – secure access service edge (SASE) model.
Prisma SASE is the industry’s most complete SASE solution, converging security, SD-WAN, and Autonomous Digital Experience Management into a single cloud-delivered service. As part of this announcement, we also launched Prisma SD-WAN 5.6 that delivers new innovations such as:
- Industry’s first integrated 5G SD-WAN branch appliance.
- Autonomous Digital Experience Management(ADEM) for all users and branch offices.
- New ChatOps, collaboration, and operations integration on CloudBlades, our revolutionary API-based platform
- Artificial intelligence for IT operations(AIOps) enhanced dashboards to simplify network operations
Join us at SASE Converge 2021, the premier summit for what’s next in SASE, virtually on September 28-29, to hear more about Prisma SASE, Prisma SD-WAN 5.6, and the future of SASE.
Fast Track To 5G For Robust Branch Connectivity
In the past decade, businesses have increasingly replaced expensive Multiprotocol Label Switching (MPLS) with public broadband due to their confidence in the software-defined wide area network (SD-WAN). However, their reliance on wireless connectivity like metered LTE has been significantly low due to costs and lack of reliability, thus forcing them to be used as a last resort or at remote locations that cannot get reliable wired connections. With 5G, the flexibility of wireless at comparable costs, higher bandwidth, and higher speeds has allowed businesses to leverage them as primary WAN connectivity; yet, this comes with the overhead of adding another point product.
Palo Alto Networks is introducing a new appliance, the ION 1200, available in a desktop form factor with integrated 5G and backup LTE. Network admins can now monitor signal strength and bandwidth utilization for their 5G links on separate management consoles or appliances, without the need to manage traffic steering decisions. The ION 1200 enables branch connectivity with many benefits including:
- Deploy 5G as a primary WAN or as a backup to wired connections without adding another point product
- Configure 5G and wired connections in an active-active fashion for better circuit capacity planning (Figure 1)
- Gain visibility into critical 5G metrics, including signal strength and bandwidth utilization (Figure 2)
- Centrally manage 5G interface to include in business policies (Figure 3)
The most common deployment use case is ATM or kiosks that require 5G connectivity as primary WAN and backup LTE delivered in a compact form factor, consuming less real estate and in an integrated appliance.
Figure 1: Cellular link configuration
Figure 2: Deep 5G analytics
Figure 3: 5G integral part of business policy
Seamless Third-Party Integrations With CloudBlades
It has become increasingly complex to add multiple third-party services to SD-WAN deployments such as security, operations, and collaboration tools. While these third-party services are meant to streamline IT operations, improve application performance, and implement cloud adoption seamlessly, they often add to cost and complexity.
The Palo Alto Networks CloudBlades platform enables customers to reimagine their IT infrastructure by allowing them to deliver branch services at speed and scale. The platform provides secure access to the ION appliances that enable API programming to automate UI workflows with customized templates to significantly reduce operational complexity. Palo Alto Networks is now introducing CloudBlades for Zoom to improve video conferencing performance, Microsoft Teams to enable ChatOps, and ServiceNow to improve Ops (Figure 4).
Figure 4: CloudBlade simplifies third-party service integrations
Let’s take a closer look at how these new CloudBlades provide business agility. The Zoom integration CloudBlade offers a custom-built configuration template that enables a day 1 integration customers can leverage to achieve application resiliency for their Zoom calls with multiple benefits, including:
- Record performance scores per site for Zoom to enable IT teams to fine-tune business policy, and traffic engineering.
- Dedicated analytics dashboard that provides granular insights into parameters like latency, jitter, packet loss, and MOS score to understand call quality in real-time and historical.
Improve Ops with the ServiceNow integration CloudBlade to automate digital IT workflows while seamlessly updating incident impact with proven WAN insights. This turnkey integration allows customers to:
- Enable timely notification while identifying and assigning the incidents to the right team for immediate attention and resolution.
- Export granular details of the incidents, including criticality, impacted entity, category, and correlated events.
- Update status of resolved and suppressed incidents automatically for customer and employee transparency.
Additionally, businesses can now collaborate better with natural language requests and desired responses using Microsoft Teams integration, enabling them to access information from anywhere instantly to get granular network performance and incidents.
End-To-End Visibility With ADEM
IT teams often have very little evidence before responding to digital experience problems that require operations teams to manually troubleshoot and remediate, increasing support efforts and cost. Palo Alto Networks announced their ADEM support for remote users earlier this year and now it’s expanded to branch offices and all users. Network administrators can now expedite troubleshooting by gaining access to granular hop-by-hop performance impact per application, per user, and per network segment. This includes insights into end-user devices, LAN networks like WiFi access points, branch routers, WAN carriers all the way to applications. They can even deep dive into traffic engineering decisions in the WAN to root cause application performance issues based on utilization, jitter, latency, and packet loss (Figure 5) .
By using real and synthetic traffic to measure performance, ADEM provides comprehensive digital experience visibility. This intelligence can enable customers to fine-tune business policies while taking full advantage of automated remediation techniques to provide application resiliency. For instance, a choice of a WAN circuit that has historically shown poor bandwidth availability can be addressed quickly by changing business policies for applications to prefer another WAN path. In addition, Prisma SD-WAN can automate this entire process with its traffic steering decisions based on application and network performance.
Figure 5: ADEM for comprehensive visibility
WAN Insights Powered By AIOps
Palo Alto Networks Prisma SD-WAN is enhancing its AIOps capabilities by providing rich telemetry of network insights, allowing admins to perform granular trend analysis and create unique network conditions that can automate tedious, manual tasks. At the same time, these granular analytics are available in a condensed format with the new dashboards. This provides a site-level summary on circuit utilization, events, top applications, site, and circuit-level performance scores, and WAN insights powered by AIOps.
AIOps Insights offers deep visibility into performance scores at the site, circuit, and application level that is intelligently computed using AIOps and shared as insights. These insights highlight recommendations and key incidents that any IT team would need to help their anomaly identification, troubleshooting, and resolution of issues.
The reports in this package help IT administrators understand the following requirements:
- Sites that have historically been impacted by performance degrades
- Health scores for circuits including MPLS, internet, and VPN
- Identify low link capacity for circuits to remediate application performance issues
Customers can use these insights for capacity planning, making sure configurations are compliant and in tune per carrier provisioned specifications. For instance, continued bandwidth constraints on a WAN link or persistent packet loss occurrences can be easily correlated with these insights allowing network administrators to quickly identify the root cause and take corrective actions (Figure 6).
Figure 5: ADEM for comprehensive visibility
To Learn More On Prisma SD-WAN 5.6
SASE Converge 2021, the premier summit for what’s next in SASE, is available on-demand now. Leading voices from the networking and security industries will converge virtually to discuss the learnings from adopting SASE technologies and describe what the future of these technologies will make possible. There is an even deeper into these new product innovations in keynotes such as The Future’s Looking SASE with Prisma SD-WAN 5.6. Access now.