Silver-Peak SDWAN: EdgeConnect in Physical and Virtual Appliances

EdgeConnect is available in physical and virtual appliances to be deployed in a customer’s virtual private cloud or in the public cloud. Most common hypervisors and cloud platforms are fully supported.

There are various key capabilities for which you can use Physical or Virtual appliances of Edge connect in the Silver-Peak SDWAN solution. Let's talk about all these capabilities one by one in order to understand more in depth.

Fig 1.1- Silver-Peak Unity EdgeConnect

Broadband QoS
Highest quality of experience for voice and video is guaranteed for voice and video with features like tunnel bonding and path conditioning. Path conditioning,  provides private-line-like performance over the public internet. 

It includes techniques to overcome the adverse effects of dropped and out-of-order packets. Tunnel Bonding - Configured from two or more physical WAN transport services, bonded tunnels form a single logical overlay connection, aggregating the performance of all underlying links. If a link fails, the remaining transport links continue to carry all traffic avoiding application interruption.

Routing Interoperability
EdgeConnect supports standard Layer 2 and Layer 3 open networking protocols such as VLAN (802.1Q), LAG (802.3ad), IPv4 and IPv6 forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP (version 4), OSPF.

Secure, adaptive internet breakout: Granular, intelligent traffic steering enabled by First-packet iQ™ eliminates the inefficiency of back-hauling all HTTP/HTTPS traffic to the data center. The solution eliminates the potential for wasted bandwidth and performance bottlenecks for trusted SaaS and web traffic. 

Trusted traffic is sent directly across the Internet while unknown or suspicious traffic may be sent automatically to more robust security services in accordance with corporate security policies.

Stateful, zone-based firewall 
Centrally visualize, define and orchestrate granular security policies and create secure end-to-end zones across any combination of users, application groups and virtual overlays, pushing configuration updates to sites in accordance with business intent. 

Using simple templates to create unique zones that enforce granular perimeter security policies across LAN/WAN- LAN and LAN-WAN-Data Center use cases.

If you want to make it more secure by using the external firewall as internet gateway, Unity EdgeConnect easily integrated with various firewalls like Palo-Alto Networks. 

Fig 1.2- Unity EdgeConnect with Paloalto Firewall

Application Visibility and control
EdgeConnect First-packet iQ application classification identifies applications on the first packet to deliver trusted SaaS and web traffic directly to the Internet while directing unknown or suspicious traffic to the data center firewall or IDS/ IPS. 

Identifying applications on the first packet is especially important when branches are deployed behind Network Address Translation (NAT); the correct path must be selected based on the first packet to avoid session interruption.

Zero-Touch Provisioning
A plug-and-play deployment model enables Unity EdgeConnect to be deployed at a branch office in seconds, automatically connecting with other Silver Peak instances in the data center, other branches, or in cloud Infrastructure as a Service (IaaS) such as Amazon Web Services, Microsoft Azure, Oracle Cloud Infrastructure and Google Cloud Platform