Using SD-WAN Templates for Simplicity, Scale, and Cost Effectiveness
Changing market dynamics require businesses to embrace digital transformation and to adopt new technologies that improve productivity and customer experience and reduce costs. Enterprises are rapidly adopting cloud services such as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as Service (PaaS) across multiple clouds. As a result, network administrators are struggling with never-ending changes to networks and with constant mergers and acquisitions, it’s difficult to integrate new networks into a single network.
When implementing complex network changes, it is always useful to rely on a set of guided templates. An SD-WAN template is a framework to create or modify a specific device’s configuration for global and local deployments. Using templates, network administrators can group branches with similar business roles together. And, they can avoid the need to repeat common configurations across multiple branch offices and data centers.
SD-WAN templates also help create standardisation, thereby avoiding mistakes in network deployments. Templates solve problems of scale, cost, and agility and also provide role-based access control to different administrators. For example, a highly-skilled IT administrator can design templates used for complex deployments that a commissioning engineer can deploy at a branch office. SD-WAN templates can help IT teams:
- Build in scale
- Reduce network deployment and management costs
- Avoid configuration errors
- Reduce complexity
SteelConnect EX Templates
Riverbed’s enterprise-grade SD-WAN solution, SteelConnect EX, offers both device and service templates.
Device Templates
Using device templates, network administrators can automate most of the device-specific configurations for branch devices. This feature helps to configure WAN and LAN interfaces (Static or DHCP), Routing, NAT, DHCP, and other device-specific parameters. Each branch type can have multiple device templates such as:
- MPLS and Internet WAN uplinks
- Dual Internet WAN
- DHCP LAN
- Cloud services, such as AWS or Azure
There are two types of device templates: staging and post staging. Staging templates require minimum set-up for the branch to reach the SD-WAN controller. When staging is done at a different location (DC or NOC), the device is shipped with pre-configured information.
Post staging templates are typically used to create final branch configurations. Organisation details, bandwidth subscription, Routing, NAT (Network Address Translation), DIA (Direct Internet Access), DHCP, NTP and other management details are entered.
Network administrators can then can add a Device Group and associate a staging or post staging template.
Service Templates
Service templates help configure services such as:
- Stateful Firewall
- NextGen Firewall
- Quality of Service (QOS)
- General
- Application
- Service Chain
Let’s use the NextGen Firewall service template as an example. It defines various policies and profiles that enforce rules with appropriate actions for:
- DDOS
- Authentication
- Decryption
- Security
DDOS attacks the machine and the network becomes inaccessible by flooding the target with a huge rate of traffic. With service templates, network administrators can configure profiles and set thresholds for various events as described in the graphic below:
Kerberos Authentication profile, LDAP Authentication profile, or the SAML Authentication profile can be used. Authentication timeout based on IP or Cache modes can also be configured as shown in the graphic below:
SSL decryption profiles can be defined based on configuration for each of the server certificates as shown below. Network administrators can decrypt the content with minimum key length supported. Various actions can be set for expired certificates or untrusted certificates to allow packets, drop packet, drop session, reject and alert. Similar actions for unsupported Cipher and Key Lengths can be configured.
The following graphic shows the configurations of various security aspects such as URL filtering, IP Filtering, Anti-Virus, and predefined vulnerabilities profiles.
SteelConnect EX Workflows
The configuration of Controllers, Organization, Templates, and Device creation can be simplified by the use of workflows. To create a branch device, workflows need to create templates (staging/post staging), device groups, and bind device data.
To Onboard Branch/DC devices using a workflow, enter branch-specific information for the templates used by this branch. An existing Device Group is selected or created. Device groups contain information about which templates to use for this branch. Hence, automation and deployment sites or groups of sites are easier, enabling scale at lower costs.
What Have We Learned?
Overall, SteelConnect EX templates offer an advantage to managing complex network deployments so network administrators can adapt networks to changing business dynamics with minimal costs.
Feng Chen 26-Apr-2020 at 6:54 am
Great article, it would be nicer if the diagram/picture can be displayed in real size. (more clear). thanks!
Paddy Bhayankar 11-May-2020 at 11:50 pm
Hi Feng
Thanks for your review and feedback, have enclosed better images hope you see it now.
Thanks
Paddy