Using SD-WAN Templates for Simplicity, Scale, and Cost Effectiveness

SHARE ON:

Changing market dynamics require businesses to embrace digital transformation and to adopt new technologies that improve productivity and customer experience and reduce costs. Enterprises are rapidly adopting cloud services such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as Service (PaaS) across multiple clouds. As a result, network administrators are struggling with never-ending changes to networks and with constant mergers and acquisitions, it’s difficult to integrate new networks into a single network.

When implementing complex network changes, it is always useful to rely on a set of guided templates. An SD-WAN template is a framework to create or modify a specific device’s configuration for global and local deployments. Using templates, network administrators can group branches with similar business roles together. And, they can avoid the need to repeat common configurations across multiple branch offices and data centers.

SD-WAN templates also help create standardisation, thereby avoiding mistakes in network deployments. Templates solve problems of scale, cost, and agility and also provide role-based access control to different administrators. For example, a highly-skilled IT administrator can design templates used for complex deployments that a commissioning engineer can deploy at a branch office. SD-WAN templates can help IT teams:

  • Build in scale
  • Reduce network deployment and management costs
  • Avoid configuration errors
  • Reduce complexity

SteelConnect EX Templates

Riverbed’s enterprise-grade SD-WAN solution, SteelConnect EX, offers both device and service templates.

Device Templates

Using device templates, network administrators can automate most of the device-specific configurations for branch devices. This feature helps to configure WAN and LAN interfaces (Static or DHCP), Routing, NAT, DHCP, and other device-specific parameters. Each branch type can have multiple device templates such as:

  • MPLS and Internet WAN uplinks
  • Dual Internet WAN
  • DHCP LAN
  • Cloud services, such as AWS or Azure

There are two types of device templates: staging and post staging. Staging templates require minimum set-up for the branch to reach the SD-WAN controller. When staging is done at a different location (DC or NOC), the device is shipped with pre-configured information.

Select type SDWAN Staging, give the template a name, and select parent organization

Select type SDWAN Staging, give the template a name, and select parent organization

Create a new WAN Network

Create a new WAN Network

Name the WAN Network and select a transport domain

Name the WAN Network and select a transport domain

Select Interface Addressing type

Select Interface Addressing type

Post staging templates are typically used to create final branch configurations. Organisation details, bandwidth subscription, Routing, NAT (Network Address Translation), DIA (Direct Internet Access), DHCP, NTP and other management details are entered. 

Create template, select controllers, organization, bandwidth

Create template, select controllers, organization, bandwidth

 

Assign LAN and WAN ports

Assign LAN and WAN ports

Configure BGP, OSPF and static routes

Configure BGP, OSPF and static routes

DIA (Direct Internet Access) configurations

DIA (Direct Internet Access) configurations

NAT, DHCP, Relay configuration and management details

NAT, DHCP, Relay configuration and management details

Network administrators can then can add a Device Group and associate a staging or post staging template.

Select Devices/Device Groups

Select Devices/Device Groups

 

Service Templates

Service templates help configure services such as:

  • Stateful Firewall
  • NextGen Firewall
  • Quality of Service (QOS)
  • General
  • Application
  • Service Chain
Service Template Types

Service Template Types

Let’s use the NextGen Firewall service template as an example. It defines various policies and profiles that enforce rules with appropriate actions for:

  • DDOS
  • Authentication
  • Decryption
  • Security

DDOS attacks the machine and the network becomes inaccessible by flooding the target with a huge rate of traffic. With service templates, network administrators can configure profiles and set thresholds for various events as described in the graphic below:

Configure DDOS profile

Configure DDOS profile

Kerberos Authentication profile, LDAP Authentication profile, or the SAML Authentication profile can be used. Authentication timeout based on IP or Cache modes can also be configured as shown in the graphic below:

Authentication profile

Authentication profile

SSL decryption profiles can be defined based on configuration for each of the server certificates as shown below. Network administrators can decrypt the content with minimum key length supported. Various actions can be set for expired certificates or untrusted certificates to allow packets, drop packet, drop session, reject and alert. Similar actions for unsupported Cipher and Key Lengths can be configured.

SSL profile setting for the branch

SSL profile setting for the branch

The following graphic shows the configurations of various security aspects such as URL filtering, IP Filtering, Anti-Virus, and predefined vulnerabilities profiles.

Security profile

Security profile

SteelConnect EX Workflows

The configuration of Controllers, Organization, Templates, and Device creation can be simplified by the use of workflows. To create a branch device, workflows need to create templates (staging/post staging), device groups, and bind device data.

To Onboard Branch/DC devices using a workflow, enter branch-specific information for the templates used by this branch. An existing Device Group is selected or created. Device groups contain information about which templates to use for this branch. Hence, automation and deployment sites or groups of sites are easier, enabling scale at lower costs.

Add a device

Add a device

What Have We Learned?

Overall, SteelConnect EX templates offer an advantage to managing complex network deployments so network administrators can adapt networks to changing business dynamics with minimal costs.

2 Responses to “Using SD-WAN Templates for Simplicity, Scale, and Cost Effectiveness”

Leave a Reply

Your email address will not be published. Required fields are marked *

Feng Chen 26-Apr-2020 at 6:54 am

Great article, it would be nicer if the diagram/picture can be displayed in real size. (more clear). thanks!

Reply

Paddy Bhayankar 11-May-2020 at 11:50 pm

Hi Feng

Thanks for your review and feedback, have enclosed better images hope you see it now.

Thanks
Paddy

Reply

top.name