The improvements to the Silver Peak SD-WAN solution also include centralized orchestration of security policies, including the integration of a stateful firewall, and support for BGP routing protocols.
SD-WAN and hybrid WAN vendor Silver Peak has announced enhancements for its Unity EdgeConnect SD-WAN solution. They include First-packet iQ, which automatically identifies applications on the very first packet received. This feature, which is unique to Silver Peak, allows moving beyond having to backhaul all apps to the datacentre for identification, and facilitates what Silver Peak terms internet breakout automation. Other enhancements include the new integration of a stateful firewall as part of a centralized orchestration of granular, app-driven security policies, and support for BGP routing protocols, for full interoperability between SD-WAN and traditional WAN architectures.
“Silver Peak has been making WANs since 2004, but the lightbulb really went on for the market about four years ago that many of the apps being used were SaaS,” said Damon Ennis, Silver Peak’s SVP, Products. “At that point, we started working on SD-WAN, and EdgeConnect, our full-featured SD-WAN product came out about 18 months ago. Since then, we have acquired over 350 customer deployments, which has been a tremendous uptake.”
EdgeConnect’s enhanced software is designed to take advantage of momentum away from branch routers and towards an application-driven WAN edge.
“The time for the thin branch is now,” Ennis said. “We are looking to consolidate the branch office WAN edge.”
A key element of this is the new First-packet iQ feature.
“It’s important to be able to identify apps on the very first packet of the flow, so the firewall can see it and do its’ job, Ennis said. “With Deep Packet inspection, it requires multiple packets to be exchanged before you know what it is. That’s okay for reporting, but not for internet breakouts, because it requires that either all transactions get backhauled to the datacenter or none of them.”
First-packet IQ leverages Silver Peak’s cloud-hosted internet map with IP addresses, to be able to figure out what the first packet is, then allow the trusted ones to break out, while retaining the others for further scrutiny. SaaS and web application performance increase as a result.
“People haven’t realized how critical this is to do this on the first packet, because they’ve been used to living with all or nothing,” Ennis said. “That’s one reason why this hasn’t been done before. It did require quite a bit of development work though, and requires collating the data and keeping it up to date.”
Ennis said that First-packet iQ is what drives secure internet breakout.
“We can now do granular internet breakout, which enables the customer to tailor customized security policies for users while still having maximal bandwidth use,” he said. Management from a single point of control is provided by the Silver Peak Unity Orchestrator, which is not new. However, the automating of the internet breakout, with a simple drag and drop policy assignment, is. So is the integration of the stateful firewall into EdgeConnect. Designed for branches where no apps are hosted, it lets outbound traffic through, but only lets traffic in in response to sessions which are initiated at the branch.
The other new element is support for BGP routing protocols to permit complete interoperability in mixed SD-WAN and legacy WAN environments.
“This becomes important where customers have introduced SD-WAN into their environment, but not all sites have been switched over to SD-WAN,” Ennis said. “The new SD-WAN sites need to be able to communicate fully with the existing legacy sites. The BGP routing protocols thus let customers transition to SD-WAN at their own pace. Building a hybrid WAN in this way increases application availability and reduces MPLS dependency. WAN deployments can now happen at a much faster pace.”
The enhanced EdgeConnect provides Silver Peak partners with a much stronger offering.
“It gives partners an opportunity to go to market with a much-enhanced solution to do things they have already been doing,” said Derek dal Ponte, Silver Peak’s head of channel, North America. “We are seeing more and more partners reach out to us, and this will only increase that.”