The hottest implementation of SASE solutions does

  • Detail

The implementation of SASE solution also depends on the improvement of food packaging design concept and the development of the latest plastic processing and other technologies. It does not only rely on marketing means

to ensure that employees in different places can work together in a responsive and cost-effective way. It has always been an important demand for network deployment, which has become more important under the intensification of the current situation. The spread of the epidemic has greatly increased the number of telecommuting, and telecommuting may become the new normal, or a more ideal working state. At the same time, enterprises are also thinking about how to transform the large-scale office with personnel gathered in a single place into a small-scale office mode around the country, so as to ensure that employees can return to their posts safely

each individual workplace needs to deploy reliable and predictable network connections to ensure the smooth implementation of work, coupled with a strong information security mechanism to ensure the security of equipment and data. The rise in the number of people working remotely makes this method more complicated, because employees are separated from the secure access environment under the unified guarantee of the enterprise, and it technicians are unable to solve their faults and manage their networks face to face

at the same time, enterprises are also constantly exploring fast and reliable cloud applications and their best safe delivery methods. Enterprises are rapidly transforming from centralized data centers to cloud hosted SaaS, which means that the routing, inspection and security methods of traffic need to be changed urgently

in 2019, in order to solve the above problems, Gartner proposed a new conceptual framework called secure access service edge (SASE). Its core principles include:

cloud hosting Architecture - easily deploy services on a large scale on demand

identity based strategy - to customize network access and security services according to the requirements of individual users

localized policy check/implementation - deliver applications and services as close to the end user as possible to ensure minimal delay

sase is still in the stage of gradually changing from concept to reality, and suppliers like zhanboluo are laying the foundation for this important architecture transformation. The following will clarify several important development directions, and explain the unique advantages of zhanboluo, and how to make it play a leading role in all stages of SASE development

cloud first mentality

it is a trend that we have long recognized and accepted that the cloud hosting solution with scalability, recoverability and high sensitivity is matched with an open application interface that helps to program easily. In fact, zhanboluo is famous for this! This recognition has made us well prepared in the direction of realizing SASE. For example, the zero contact configuration (ZTP) that can be realized by our widely recognized customer terminal equipment (CPE) such as zhanboluo SRX series firewall, and then to remote configuration, as well as remote monitoring for security, network and application policies, are conducive to operating SASE solutions at any place/time. This is particularly important as the industry shifts from a traditional software defined wide area (sd-wan) environment that relies on static strategies to an AI driven solution that uses real-time automation and insight to optimize users' entire experience from the client to the cloud. The existing local area, wide area and security capabilities, combined with a unified AI engine, make zhanboluo fully equipped with the technical strength to realize this vision

in the cloud, workloads can be highly dynamic and elastic, allowing frequent additions, movements and changes. Therefore, it is difficult to instantiate additional SASE policies for workloads, and it is difficult to track policies as workloads move to ensure optimal network performance and continuous compliance with security regulations. To solve these problems, zhanboluo uses virtual and containerized SRX (vsrx and csrx). Customers can easily deploy SRX on demand and configure it based on dynamic network access and security policies that can adapt to changing workload requirements

focus on user experience and find a new way

when connecting to the network in SASE environment, the impact on user experience is mainly reflected in three aspects:

availability: is the wide area line running normally or has been dropped

quality: is packet loss, congestion or other network and application parameters negatively affecting traffic delivery? Make standard samples

capacity: whether there is enough bandwidth (one or more lines) to support traffic demand

the traditional software defined wide area solution optimizes the above aspects by understanding the network and application conditions, but it lacks an important element - the visibility of the actual user experience. Normal operation is not equal to excellent performance. In other words, the fact that the wide area line can successfully let traffic through does not mean that the users on the line must have a good and smooth zoom (video communication software) experience. And how can it administrators know whether changes in the wide area (such as switching from one active connection to another) make the user experience better or worse? This has always been a huge defect of the network system. It has no feedback mechanism to help it administrators set and monitor customizable wide area service level experience (SLE), and automatically take measures to ensure the best user experience

whether it's local area, wireless local area or wide area, Zhanbo network standard has applied AI driven automation, insight and measures to optimize the end-to-end user experience, including customized service level experience (SLE), local and wide area event correlation that can quickly isolate and solve faults, and AI support including active notification and interactive virtual network assistant Marvis (recommended measures or keep the network running autonomously)

as its name indicates, security is also an essential element of SASE user experience. By integrating network and security elements in one platform, juniper customers can cost effectively and seamlessly utilize various advanced security services, such as application security (for wider visibility and control), advanced thread prevention, intrusion detection and prevention, and data loss prevention. All this requires no additional hardware or software. Take zhanboluo advanced threat defense (ATP) as an example. This cloud based service can provide comprehensive protection against advanced malware that cannot measure the performance of a material in a short time. SASE customers can identify and defend against new zero day malware and targeted attacks, update existing security controls to defend against known and unknown threats, reduce the time and cost required to prevent threats, and reduce the possibility of exposure to advanced threats

juniper connected security

by integrating security and network into a unified solution, juniper network provides powerful capabilities for viewing, automatic operation and protection at every point of SASE connection. This concept is called juniper connected security, but the volume of the seal is changing. It can make the network perceive threats, and can detect and execute policies at every connection point from the client to the cloud in the network. At the same time, analysis and Threat Intelligence provide insight and relevant capabilities to take measures against threats or prevent dangerous behaviors of users or equipment. Firewall orchestration allows it teams to automatically implement risk reduction measures, including registering MAC or endpoint agents through firewall policies, switch ports, access points (through control commands or infected host sources)

when combined with ATP, Zhanbo network can transmit rule changes to any combination of supported devices, and automatically respond to threats in real time at the user's connection point, no matter where in the network. This function is called secintel (Security Intelligence) and is an important part of juniper connected security policy. Secintel can provide well prepared, integrated and implementable intelligence to juniper SRX series firewalls, MX series routers, ex and qfx series switches and mist APS, as well as third-party network devices, so as to provide more effective protection in the required links and ensure the minimum impact on other parts

mastering the basic elements is the top priority

for SASE, I found that this lyrics of singer Maren Morris is particularly suitable for Zhan BOLUO. Zhanboluo masters key elements and can provide powerful SASE solutions, including perfect cloud products, focus on user experience, and real-time implementation of tools and strategies for end-to-end traffic inspection. With the continuous development of SASE, we expect zhanboluo to create more outstanding new functions, industry collaboration and application cases based on these elements, so as to create real value for our network access and security customers

Copyright © 2011 JIN SHI