-
Notifications
You must be signed in to change notification settings - Fork 55
SDWAN
Bill Morton edited this page Sep 24, 2019
·
4 revisions
SDWAN provides centrally-controlled, application aware routing services at edge locations.
When SDWAN is integrated with DNS through a BlueCat service point, administrators will find a great deal of value
| Optimized connections | An SDWAN system integrated with DNS will only permit a connection if it is allowed by a pre-set policy, putting administrators in control. A DNS-integrated SDWAN will always find a resolution path, whether the service is internal, external, or in the DMZ. DNS-integrated SDWAN also enables WebProxy query switching replacement, because it caters for resolutions when a single domain (company.com and www.company.com) is being used for internal DNS and external DNS, and the authoritative records are managed separately. |
| Safety First | DNS can instruct the SDWAN firewall to allow external connections only to services which BlueCat DNS service point can resolve all the way to the endpoint. |
| Performance | A DNS-integrated SD-WAN can always find the closest instance (of a cloud service) to optimize application performance and minimize cost. |
| Leverage IAAS | Forward external queries to Cisco Umbrella, endpoint protection systems,, or to MSSPs such as Symantec or LAC for value-added security services |
| Policy | BlueCat’s vision is to allow SDWAN specify policies, which in turn enables the use of user privilege policies based on network services |
| Assurance | Provide full visibility and record keeping of all queries and responses, with alert and prevention of risky behavior. Assurance can be channelled through SDN, such as Aruba, Cisco DNA Center, other network control systems. |
| Cost | Avoid the expensive backhaul route to far away data centers or IAAS POPs (over MPLS and through WebProxy) for trusted services such as O365 and others. This allows evolutions from SDWAN to IAAS. |
| Internet Breakout | Leverage BlueCat DNS for internet breakout decisions where DPI is not suitable |
| Simplicity | Control DNS service points from SDWAN controllers |
| Integration | Description | Support |
|---|---|---|
| Meraki | Enable breakout to both internal services and trusted external whitelisted services. Pass DNS queries for other services to a security gateway such as WebProxy or CISCO Umbrella. This integration automatically updates Meraki with the latest set of IP addresses for whitelisted cloud services, as the "location" of cloud services is dynamic in terms of IP addresses, and manual change processes cannot keep up with the dynamic nature of cloud services. This integration also blocks "Direct to IP", so that DNS cannot be circumnavigated, and therefore DNS becomes the authority for what’s safe and allowed. This integration leverages Meraki’s snooping ability by refusing to route external connections unless Meraki "sees" a DNS query being resolved by BlueCat to the endpoint | Community |
| Meraki | This workflow will update firewall rules on a SDWAN (Meraki) cloud controller based on BlueCat DNS Edge domain lists. Updated rules based on domain lists will be allowed through the firewall. This workflow assumes there is a "deny all traffic" rule at the endpoint. This restricts allowable queries only to firewall rules based on DNS Edge domain lists | Community |
| VeloCloud | BlueCat DNS service points are tested and certified on VeloCloud appliances to provide VeloCloud users with the SDWAN benefits articulated in the table above. Service providers or customers that want to embed the BlueCat DNS service point cloud controller into the SDWAN controller can do so easily using the BlueCat cloud controller APIs | |
| Viptela | BlueCat DNS Service Points add value to Viptela, providing enterprises and service providers with the enhanced SDWAN benefits articulated in the table above. Placing BlueCat DNS service points alongside a Viptela physical instance (or virtual instance housed in CPE, or a white box capable of running KVM or VMware), will enable the provisioning and administration of the edge located network services, with zero touch administration at that edge location. Service providers or customers that want to embed the BlueCat DNS service point cloud controller into the SDWAN controller can do so easily using the BlueCat cloud controller APIs | |
| SilverPeak | BlueCat DNS Service Points add value to Silver Peak, providing enterprises and service providers with the enhanced SDWAN benefits articulated in the table above. Placing BlueCat DNS service points alongside Silver Peak physical instances (or virtual instances housed in CPE, or a white box capable of running KVM or VMware), will enable the provisioning and administration of the edge located network services, with zero administration touch at that edge location. Service providers or customers that want to embed the BlueCat DNS Service point cloud controller into the SDWAN controller can do so easily using the BlueCat cloud controller APIs | |
| Versa | BlueCat DNS Service Points add value to Versa, providing enterprises and service providers with the enhanced SDWAN benefits articulated in the table above. Placing BlueCat DNS service points alongside Versa physical instances (or virtual instances housed in CPE, ora white box capable of running KVM or VMware), will enable the provisioning and administration of the edge located network services, with zero administration touch at that edge location. Service providers or customers that want to embed the BlueCat DNS service point cloud controller into the SDWAN controller, can do so easily using the BlueCat Cloud Controllers APIs |