A 3-line summary of this article
Introduction
Recently, SD-WAN, SASE, ZTNA, etc. have been attracting attention, and an increasing number of customers are considering introducing them.
This time, we will focus on the connection method between overseas bases and DC (data center) and explain the available connection methods. Previously, when connecting to an on-premise DC environment from an overseas base, it was necessary to use a VPN or prepare a dedicated line. In this article, we will discuss connection methods from overseas bases and how to consider them, including new technologies and connection methods. We hope this will help you decide which connection method is best for your company. Table of contents
Characteristics, advantages and disadvantages of new connection methods such as SD-WAN, SASE, and ZTNA, and perspectives required for zero trust
There are several methods for connecting to overseas bases.
First, we will look at the configurations, advantages and disadvantages of each, and the perspectives required for zero trust.
1. Dedicated lines
merit
2. SD-WAN (Software Defined-Wide Area Network)
merit
3. SASE ( Secure Access Service Edge )
merit
4. ZTNA ( Zero Trust Network Access)
merit
Summary of the features of each connection method: Dedicated line, SD-WAN, SASE, ZTNA
The features of each connection method are summarized below.
SD-WAN, SASE, ZTNA and other connection methods and security
We have explained various connection methods, but in terms of security, dedicated lines are secured by the DC's firewall, while SASE is secured by the cloud.
SD-WAN and ZTNA specialize in network functions, and it is necessary to consider the security of Internet-facing communications separately. We will further organize information on which connection method is most appropriate for each environment, while also taking security into consideration.
How to choose between dedicated lines, SD-WAN, SASE, and ZTNA based on your communications environment
When deciding which connection method is appropriate, the first thing to do is to identify the communication content between the base and the DC.
When doing so, pay attention to whether there is any communication that must never be stopped in the course of your company's business.
① Dedicated lines are recommended when communication requires high reliability
If constant synchronization between core systems is required and even momentary interruptions cannot be tolerated, we recommend a dedicated line.
Communications to the Internet are conducted via the on-premises firewall at the DC, ensuring security.
②SD-WAN is recommended when there is a need for highly reliable communications and there is a lot of internet-based communications such as SaaS.
As with pattern ①, if you have communications that require high reliability and also have a lot of SaaS and other communications, and your bandwidth is constrained or expected to become constrained, we recommend SD-WAN.
Bandwidth congestion can be addressed by using local breakouts, and the security of local breakout communications can be ensured by using them in combination with SSE products. The SSE products we handle include Skyhigh Security and Menlo Security, both of which have SWG and CASB functions. Skyhigh Security excels at detailed control through application identification, while Menlo Security excels at sanitizing web communications. Both products can ensure the security of Internet-facing communications, so we recommend using SD-WAN and SSE products together.
③SASE is recommended when there is no communication that requires high reliability, but communication between servers is required.
If communication is required from a server in the DC to a server in a branch office, we recommend SASE.
If there is no communication that requires high reliability, a dedicated line is not necessary. Because SASE products have a backbone on the cloud side, customers do not need to prepare a dedicated line, and only need to prepare an Internet line, which reduces costs and time. SASE products provide security functions on the cloud side, so a major feature is that they provide network and security functions integrated into one product. One of the SASE products we handle is Cato Networks, which develops its network and security functions in-house, so the advantage is that it can be managed and all settings can be made from a single GUI.
In addition, SASE products can be used in combination with dedicated lines and internet lines. For example, communications that require reliability can be routed only through dedicated lines, or the lines can be used as backup lines in case the internet line becomes unstable.
④ZTNA is recommended when there is no communication that requires high reliability and no need for server-to-server communication.
If this condition applies to you, we recommend ZTNA.
Although you only need to prepare an Internet line at the branch office, security measures are necessary just like SD-WAN. For information on ZTNA security measures, please refer to the blog What is ZTNA? Advantages and disadvantages, and how to configure it .
summary
We have focused on and introduced the connection method from overseas bases to DC.
The ideas introduced in this article are just examples, so we hope that you will use them as a reference when considering the optimal connection method for your customers. Comments are closed.
|
BLOG |