Versa Networks: Bringing SD-WAN & Cyber Security Protection to the Branch Office

Product Review

Versa Networks: Bringing SD-WAN & Cyber Security Protection to the Branch Office

By TMC  |  December 15, 2017

Versa Networks Cloud IP Platform: Versa FlexVNF, Director, and Analytics

Two areas of technology seeing solid growth are SD-WAN and security. The former is important as companies are looking for network redundancy, resiliency, and cost savings. In addition, security and anomaly detection are important solutions most companies need to deploy. The human being is still the weakest link in cyber security, and a single click on an e-mail, chat message, social network, etc., can encrypt all files on the network, making them unusable without the payment of a ransom thanks to malware such as CryptoLocker.

In addition, such breaches could potentially have compliance and legal ramifications, resulting in fines, loss of reputation, sales, and basically all the negative things a business should avoid. The Versa Networks Cloud IP Platform brings SD-WAN and cyber security protection to the branch office. The idea makes a lot of sense, as SD-WAN is bringing more broadband connections into the network, which could mean more attack vectors.

The Versa Networks Cloud IP Platform consists of three components. The FlexVNF delivers all the routing, SD-WAN, and other functionality. The Director manages, provisions, and monitors the solutions. And the Analytics database and engine drive the real-time and historical data.

Page 1 of 21

Zero Touch Provisioning

Zero-touch provisioning is the strength of the system. There are two methods of zero-touch provisioning with this solution.

In one case, the zero-touch provisioning is completely automated. In this scenario, the device is shipped to a site, is plugged in to get internet access, and is auto-configured to find the staging service (which is Versa Networks or a service provider). The branch device is then authenticated and configured based on configuration templates and policies.
 
Page 2 of 21

Zero Touch Provisioning

In the other case, a URL is sent to the installer, who clicks on the URL. The system then sends a notification with instructions to the installer and walks that individual through a simple activation process. We saw this process in action.
Page 3 of 21

Zero Touch Provisioning

In addition, the device can be preconfigured from an MSP or other service provider. When the device is connected, the administrator can be optionally notified. They could be sent a six-digit code via e-mail or text to claim the device.

A tremendous challenge for IT departments is they are stretched very thin, and their branch offices take a great deal of resources to manage. Zero-touch provisioning is a tremendous time-saver for these organizations, as is allowing templates with parameters.
Page 4 of 21

Documentation/Training

Versa Networks makes all of its product documentation available to its customers via its technical support portal and team. There is a link to training videos on the company’s website, and it says these are regularly scheduled and customized. And the documentation we received via email from Versa Networks consisted of a 66-page Versa FlexVNF Installation and Basic Configuration Guide. It took us through a process of evaluating host environments – a checklist of hardware and software, all the way up to creating FlexVNF appliances on vCloud Director, OpenStack, and bare metal. There was also documentation regarding upgrading an appliance. We also received a 254-page Versa Software-Defined WAN Configuration Guide. That took us through the process of creating an analytics cluster as well as configuring interfaces and networks for the SD-WAN controller, all the way into the nitty gritty of configuring a post-staging IPSec profile for a provider tenant. Both documents had many screen shots explaining how to configure settings, and there are hyperlinks allowing you to quickly jump to related areas as needed.
Page 5 of 21

Features & User Experience

The features are near infinite. In fact, we had a 150-minute conference call going through them all. We can’t imagine a feature you would need that isn’t there.

We tried to trip up the company by asking if there is a way to switch to a higher cost broadband line only if latency increased beyond a certain level. The answer was yes, and team members showed us how. There are open APIs for scripting and integration with SIEM tools, which determine what to do with the analytics information. There is support for a carrier’s virtual network functions – allowing a CSP (News - Alert) to deploy these devices to many customers. There are templates with parameters that give the flexibility of large-scale deployments without manual configuration.

There is hierarchical multitenancy support with tenant management; configuration audit logs; service chaining; numerous deployment models – white box, bare metal, VM, container-based; and tight integration with numerous OSS/BSS solutions. That’s useful if you are a carrier.

Using Director we saw how much data was used by applications.
 
Page 6 of 21

Features & User Experience

We also saw how we could direct traffic across hybrid transport to make better use of these various connections.

In addition, we were able to see the tenant health through the interface.

 
Page 7 of 21

Features & User Experience

We drilled down further into various sites to see what was happening in detail.

 
Page 8 of 21

Features & User Experience

We also were able to dig into the live data at the branch to see what was happening – the graph at the top right was updating in real time.
 
Page 9 of 21

Features & User Experience

We were also able to see CPU and disk memory as well as events. And we could see the apps running and what resources they were using.
Page 10 of 21

Features & User Experience

We were further able to define URL categories and block them. That’s useful to minimize viewing of inappropriate websites and content.
Page 11 of 21

Features & User Experience

Adding an application also was straightforward.
Page 12 of 21

Features & User Experience

The system can also ask users for justification if they need to get to a blocked site.

It can send all or filtered packets to analytics. It also can create rules for CVE, or common vulnerabilities and exposures, with a no-cost subscription to daily database updates.

In addition, the system can be set up to clone links to minimize issues if packets are lost. And it can direct applications to various links based on priority. Salesforce and communications, for example, could have the highest priority.

We also saw historical data from the various branches.
Page 13 of 21

Features & User Experience

We were further able to see this on a map.
Page 14 of 21

Features & User Experience

And we even were able to see the availability of each branch.
Page 15 of 21

Features & User Experience

Another great function is the ability to view the results of traffic steering – seeing the behavior of the various rules put in place.
Page 16 of 21

Performance

It’s tough to gauge the performance of what is primarily a cloud-based solution. But we did see it working on a live network, and it worked well. In the examples with live data, the response to clicks was instantaneous and the graph updated without any choppiness.
Page 17 of 21

Quality

The idea of combining SD-WAN with security for the branch office and allowing the sale via carriers and MSPs is a good one. The execution of that into a product is impressive. The GUI is straightforward. The feature list is long. And the flexibility is great. It seems to have everything you would need to deploy SD-WAN and security with maximal functionality. So many things have been thought through – like the ability to see the viruses on a branch basis.
Page 18 of 21

Differentiation

Most SD-WAN solutions these days are siloed – adding security to the mix is a great differentiator. So is the ability of this solution to be sold via carriers – as VNFs and through other reseller channels.
Page 19 of 21

Support

We called the support line at 6:48 p.m. on a Saturday. The call was answered with a hello and a strong accent. We expected a more formal greeting.

We were concerned that on the weekend the agents wouldn’t be that knowledgeable, which we’ve seen at other tech companies. We called blind – in other words, the company didn’t know it was a reviewer. We were asked numerous questions about who we were before the person on the other end would answer our questions. This is normal procedure, of course.

After we explained we were reviewers, we asked how we could have Versa Director switch from a low-cost broadband connection to a higher cost connection when the latency on the cheaper line reached a certain threshold. We were politely told that Versa Director isn’t where this is done. A template is pushed to the branch device to do this, and the company explained how to do it.

So Versa gets a 99 out of a 100 score for its support, with one point deducted for the informal greeting.
Page 20 of 21

Room for Improvement

The list of features is truly exhaustive. For example, you can force the branch devices to be updated to a certain OS version before they get on the network.

We racked our brains, but didn’t identify any major areas in which to suggest improvement.
Page 21 of 21

Bottom Line

Versa FlexVNF, Director, and Analytics are winners.

This complete solution allows for incredible flexibility, and new ways for carriers and MSPs to make money. In addition, the security aspects of FlexVNF ties in nicely with the open nature of SD-WAN.

It's a nice package of products and disciplines, executed well.



Edited by Erik Linask
blog comments powered by Disqus