Encryption and Routing
Reliably Routing and Automatically Protecting Network Data from Eavesdropping
Secure and reliable networks are the basis for smooth operations of all business-relevant applications. A virtual private network (VPN) is required with secure connections to every site across public and private networks – internet or MPLS – regardless of provider.
WAN Encryption and Routing by Open Systems enables secure site-to-site connections over the internet, MPLS, VSAT or other WAN transport layers, ensuring that all traffic between sites is automatically encrypted and authenticated, so business-critical data remains secure. And the risks of miscellaneous internet eavesdropping are reduced. Routing traffic over direct paths ensures high performance and reliable connections, and consistent decryption and application visibility supports governance of applications which are constantly competing for network resources.
Components
Encryption
Encryption of all network traffic – no matter if sent via internet, MPLS or any other connectivity type – with automatic key renewals to protect information from eavesdropping.
Routing
Generic routing for direct path communication in the WAN which allows for interoperability with other networks via different protocols and serves as a basis for Path Selection.
Application Visibility
Decryption and filtering of all traffic with a single-pass architecture that provides an accurate and complete picture of the application landscape on the WAN.
How it Works
Encryption
WAN traffic is protected through site-to-site IPSEC encryption. These VPN tunnels are built automatically, and their keys are rotated on a regular basis. The topology of site interconnections is configurable and depends on the size of the network and its traffic patterns – full mesh for smaller networks or those with any-to-any communication patterns; or partial mesh or star topologies for regions with very large networks or when data is exchanged only occasionally.
Single-Pass Architecture
When traversing any Open Systems SD-WAN enforcement point – whether a physical deployment at a site or a cloud instance – traffic is decrypted for further analysis and filtering. Thanks to the single-pass architecture, decryption and traffic identification must be done only once, ensuring performance and consistent traffic analysis. One of the most important insights comes from application visibility – which applications produce most of the transferred bits & bytes and how much bandwidth they consume.
Routing
Basic routing in the WAN is dynamic, with optional static routes. Interoperability with other networks can be enabled by either by a set of static routes or dynamically. Routing information can also be propagated to the local LAN to enhance the network performance in and between site-to-site services. These routing protocols build the foundation for the application-based, smarter Path Selection routing as part of SD-WAN.
WAN traffic is protected through site-to-site IPSEC encryption. These VPN tunnels are built automatically, and their keys are rotated on a regular basis. The topology of site interconnections is configurable and depends on the size of the network and its traffic patterns – full mesh for smaller networks or those with any-to-any communication patterns; or partial mesh or star topologies for regions with very large networks or when data is exchanged only occasionally.
When traversing any Open Systems SD-WAN enforcement point – whether a physical deployment at a site or a cloud instance – traffic is decrypted for further analysis and filtering. Thanks to the single-pass architecture, decryption and traffic identification must be done only once, ensuring performance and consistent traffic analysis. One of the most important insights comes from application visibility – which applications produce most of the transferred bits & bytes and how much bandwidth they consume.
Basic routing in the WAN is dynamic, with optional static routes. Interoperability with other networks can be enabled by either by a set of static routes or dynamically. Routing information can also be propagated to the local LAN to enhance the network performance in and between site-to-site services. These routing protocols build the foundation for the application-based, smarter Path Selection routing as part of SD-WAN.
Benefits
Automatic Traffic Encryption
Worry-free traffic encryption and authentication within the WAN including regular IPSEC key renewals.
Flexible Yet Reliable Routing
Stable routing within the WAN with flexible options for interoperability with LAN and other networks.
Single-Pass Architecture
Decrypt traffic only once for efficient analysis and processing – consistent application visibility across your network.
Leave Complexity
Behind
To learn how Open Systems SASE Experience can benefit your organization, talk to a specialist today.
Contact Us