Have you moved to an SD-WAN solution, hoping to reduce costs and increase efficiency? If so, you may have run into these common challenges:
- The amount of traffic being back-hauled through private SD-WAN links is still substantially high adding latency to cloud applications.
- The cost of deploying onsite full stack security, along with hiring the staff needed to maintain it, remains high and is continuing to rise.
- If you back-haul traffic from your branch offices to centralized network security appliances and proxies to enforce security policies, users experience high network latency.
Let’s take a look at how connecting branch offices directly to the iboss cloud reduces costs and latency while eliminating the need for data backhauling.
Reduce network latency and costs by eliminating data backhauling
Internet-bound traffic from branch offices can be sent directly to iboss cloud for security, while internal traffic remains on private SD-WAN links. Since iboss cloud peers directly with many popular SaaS platforms, including Microsoft Office 365, this increases user productivity and network speeds to cloud applications. This also minimizes network latency by eliminating the need to back-haul traffic unnecessarily through SD-WAN connections to the organization’s data center before it can be sent to the online service.
Realize cost-efficient scaling using elastic cloud capacity
Because iboss lives in the cloud, your account can be scaled infinitely to accommodate higher bandwidth or storage needs. Being able to scale automatically as your needs grow enables you to provide secure Internet access that is cost-efficient at any scale — from small, branch offices and remote users to entire campuses.
Broad compatibility with SD-WAN solutions
The iboss cloud supports a comprehensive set of GRE and IPsec tunneling modes and standards. This versatility enables you to integrate the iboss cloud with nearly any SD-WAN deployment.
Improve time-to-value by minimizing upfront costs
Deploying physical secure web gateway appliances requires significant upfront investments. The elasticity of the iboss cloud enables you to scale your costs proportionally as you grow. Reducing the expense of maintaining physical infrastructure improves the cost-effectiveness of supporting branch offices and remote users, without compromising security.
Apply regional and global security policies by using geolocation to identify SD-WAN endpoints
The iboss cloud has points of presence spanning every continent. This enables you to provide users at remote offices with secure, low-latency internet access and consistent security policies. The iboss cloud has a modular policy system that supports inheritance and layers. This enables you to efficiently configure and deploy security policies with minimal redundancy.
Use 100% dedicated IP addresses to integrate with secure cloud SaaS applications
Since the iboss cloud provides 100% dedicated IP addresses to their customers, users always present a source IP address that is associated with your organization. This means that users always appear to be accessing the Internet from within your network regardless of whether they’re in the office or on the road. This simplifies the integration with SaaS platforms, where access is typically restricted to an organization’s IP range.
Demonstration: Creating a Local Internet Breakout Using GRE and IPsec
Here’s a quick demonstration of using GRE and IPsec to create local internet breakouts from a branch office in an SD-WAN.
Suppose that this office is located in Frankfurt, Germany. To ensure the best performance, we’ll connect our tunnels to a local iboss cloud point of presence in Germany.
From the Node Collection Management page (Figure 1), notice the Location column.
This displays the region of each of the nodes for this iboss cloud account. For this example, cloud-node-26800 is in the emea-de region (Germany). The iboss cloud enables you to connect a tunnel directly to the nearest point of presence.
Before we go any further, remember that we are adding a tunnel that connects the SD-WAN endpoint and the iboss cloud. You may need to review the configuration of your SD-WAN appliance to verify some of the required settings. As you probably already realize, the values used in these examples are going to be different for your organization.
Example 1: GRE Tunneling
From your iboss cloud account, open the GRE Tunnels page for the node where the tunnel will be connected. From this page, we can add a GRE tunnel (Figure 2).
Clicking the Add GRE Tunnel button loads a window where you can enter the GRE settings (Figure 3).
To configure the tunnel, you’ll need the public IP address of your SD-WAN endpoint, as well as a pair of private (non-routable) IPs for the inside addresses. These are used to establish a private point-to-point connection between the SD-WAN endpoint and the iboss cloud. The GRE Tunnel Name can be anything you want.
Example 2: IPsec Tunneling
From your iboss cloud account, open the IPsec Tunnels page for the node where the tunnel will be connected. Turn on Enabled to reveal the Configured IPsec Tunnels section and click Save (Figure 4).
Click Add IPsec Tunnel to load a window with a set of configuration fields (Figure 5).
As with GRE, you’ll need the public IP address of your SD-WAN endpoint. For IPsec, you must also add the network IDs for the internal network and the Allowed Internet Subnet. These are sometimes referred to as the “right” and “left” subnets, respectively.
The Mode and IKE settings will depend on your hardware. Additionally, you can choose from a variety of cipher settings and add a Tunnel Secret (pre-shared key). And like GRE, the IPsec Tunnel Name can be anything you want.
Summary of Key Features
Let’s review the key benefits of connecting your branch offices to the iboss cloud, using GRE or IPsec:
- It reduces network latency and costs by eliminating data backhauling which eliminates Internet-bound data from private SD-WAN connections
- SaaS-delivered elastic cloud capacity allows for cost-efficient scaling as your organization grows.
- Apply security policy to device connections for any amount of bandwidth and any quantity of encrypted HTTPS data without the need for appliances
- It offers broad compatibility with SD-WAN solutions
- By minimizing upfront costs, you can achieve a faster return on your investment.
- It enables you to apply regional and global security policies by using geo-location to identify SD-WAN endpoints.
- The iboss cloud provides customers with 100% dedicated IP addresses, allowing you to integrate with secure cloud SaaS applications.