Panorama network security management can now handle tens of thousands of firewalls from a single server, up from 1000 per server before.
Palo Alto Networks has greatly ramped up the ability of their Panorama network security monitoring and management server to significantly scale up the amount of firewalls and appliances it can manage, through a new Panorama Interconnect plugin. It lets Panorama manage tens of thousands of Palo Alto Networks devices. While this directly benefits a small but select customer base of very large enterprises and service providers, it provides benefits for Palo Alto Networks’ channel as a whole, because it provides customer assurances of the company’s ability to scale and support their growth regardless of how large they grow in the future.
“We have large enterprise customers including distributed environments who have been using Panorama to deploy large numbers of firewalls,” said Navneet Singh, Product Marketing Director for Next-Generation Firewalls at Palo Alto Networks. “Until now, however, there has been the limit of 1000 firewalls for a single Panorama. These organizations could still manage their firewalls with Panorama, but they would need to use multiple Panorama servers to do so.”
From a management perspective, the ability to handle things through a single Panorama is a major advantage.
“Distributed enterprises like retailers with tens of thousands of stores can find it hard to deploy changes across thousands of firewalls, especially given that most remote locations may not even have a security network,” Singh said. “Strong management tools need flexibility and central management, and that’s what the Panorama Interconnect plugin provides. It lets the architecture scale up flexibly, making it easy to keep security policies up to date across all the Panorama instances, and it lets you onboard all these with consistent, centralized management, which is a plus for security. It also leads to simplified network operations.”
In addition to large distributed customers, the Panorama Interconnect plugin is useful to large service providers and MSSPs.
“They can use this architecture to manage many customers more effectively,” Singh said.
Singh indicated that since the architecture before the plug-in worked fine for the majority of the Global 2000, there was no compelling reason to rush this forward.
“We wanted to expand in the right architectural fashion,” he said. “We wanted to make sure we did this the right way, creating an architecture where each node of Panorama can manage many different firewalls and the controller can push it all out. We also wanted to make sure it could be scaled out even more in the future. The customers who will make use of this are very important ones, and will push the architecture to its limits, so Quality Assurance testing and beta testing were important. We wanted to make sure all the requirements were met.
“Some other vendors scale this high, but only for low to mid-range firewalls, or not both physical and virtual firewalls, or other asterisks,” Singh added. “It was important for us not to have any asterisks.”
While the customers the plugin appeals to are important, they are also small in number, so the number of channel partners directly impacted by its introduction will be limited. Singh said that this is still significant for Palo Alto Networks’ channel.
“They can use this to tell their customers, no matter what the scale, we will be able to scale it to their needs,” he said. “They can give customers who may just be midmarket or smaller enterprise today the confidence that if they meet their aspirations, Palo Alto Networks will be able to support them. That’s valuable. It lets partners be more strategic partners, by being able to support customer growth without any limitations.”