Introduction to Palo Alto Prisma SD WAN
More and more organizations are moving towards hosting and running business applications in public cloud such as Microsoft Azure, Amazon AWS, Google cloud etc. Application hosting and running over public cloud has its own networking implications for remote and branch offices.
Organizations looking for a complete solution to build hybrid networks consisting of MPLS private WANs and commodity internet connections for adoption of cloud application, remote office high availability, application performance, and end to end visibility. SD-WAN solutions help to achieve a robust network with visibility into performance and availability for networks and applications.
Today we look more in detail about Palo Alto Prisma SD WAN (CloudGenix), learn about its architecture, features, advantages, quick facts etc.
About Palo Alto Prisma SDWAN (CloudGenix)
CloudGenix was acquired by Palo Alto in the year 2020. The CloudGenix SD WAN is delivered by CloudGenix Instant-On Network (ION) devices which allows to enforce policies based on business intent, enables dynamic path selection, and provides visibility into performance of applications and networks.
It is a secure application fabric, AppFabric, established among all ION devices, creating a virtual private network (VPN) over every WAN link. Policies are defined which are aligned to business requirements which specify compliance, performance and security rules for applications and sites. ION devices will automatically choose the best WAN path for application based on business policy and real time analysis of application performance metrics and WAN links.
Prisma SD WAN Architecture
CloudGenix once deployed at sites, automatically ION devices establish a VPN to the data centers over every internet circuit. The ION devices establish VPNs over private WAN circuits which share a common service provider. We can define application policies for performance , security and compliance which is aligned to organization objectives. All aspects of configuration, management and monitoring of CloudGenix ION hardware and software devices from multi-tenant are managed via a single interface which is CloudGenix management portal. ( Refer above diagram)
Deployment Operating Modes
CloudGenix SD WAN can be deployed in one of the two operating modes – analytics mode and control mode.
- In analytics mode ION device is installed into a new or existing branch site. ION device is placed between a WAN edge router and a LAN switch. The ION device monitors traffic and collects analytics which are reported to the CloudGenix portal. When sites are in analytics mode the ION devices do not apply policies or make path selection decisions for applications.
- In control mode an ION device is installed on a new or existing branch site. You can either replace the WAN edge router with an ION device or place the ION device between WAN edge router and LAN switch. ION devices at branch level dynamically build secure fabric VPN connections to all data center sites across all WAN paths. Sites in control mode select the best path from the available physical and secure fabric links based on the applied network policies and enforce security policy for applications.
CloudGenix SD-WAN supports 32 public and 32 private circuit categories, which can be customized to match organization’s requirements.
Features of Palo Alto Prisma
- Centralized control – the CloudGenix central controller software runs in the cloud as a virtual machine in the local network , or on a CloudGenix X86 box in the data center. It is the central point for all control, management, policy configurations, analytics and reporting for SD-WAN fabric
- Traffic forwarding – ION elements of CloudGenix are flow forwarders, analogues to WAN routers which handle traffic forwarding with multi-gigabit rate.
- Secure application fabric – ION fabric is an overlay mesh of ION elements. The ION fabric contains one or more virtual networks and all traffic flows through fabric is encrypted with AES-256 IPsec for security of SD-WAN
- Application fingerprinting – CloudGenix uses sessions flowing between endpoints to identify applications rather than using signatures or deep packet inspection technique which is not so reliable due to the increasing number of encrypted application payloads.
- Sophisticated path selection – there are no routing protocols. A complex decision-making process is involving into consideration real world throughput , link capacity and performance needs of application
- CloudGenix policy manager – is simple is design and expresses complex business goals into simplified way
- Traffic analytics – shows specific application flow information and offers performance and compliance reports
Quick facts !
As per MarketsandMarkets research firm forecast the SD-WAN market is expected to grow from $1.8 bn in 2020 to $8.4 bn by 2025
Palo Alto acquired a 5% market share player in 2020 (CloudGenix)