As more workloads move to the cloud, more employees work remotely and SaaS application adoption increases, enterprises have had to rethink the way they secure access to the IT services their employees need.  The reality for most enterprises today is a multi-vendor, siloed approach that has only compounded their security and IT operations management headaches as they end up using multiple management tools to secure and govern their access to cloud services.

A new network architecture that combines cloud-based security services with enterprise networking technologies like virtual private networks (VPN) and software-defined wide area networking (SD-WAN) is needed to connect and secure this new world.

Enter Secure Access Service Edge (SASE), a concept introduced by Gartner in August 2019 to describe this vision of a secure networking model for cloud migrations, remote working and SaaS adoption. SASE ensures an optimized network security and management model as enterprises shift from the traditional data center and branch office model to delivering decentralized access to cloud-based infrastructure and applications by remote users across the globe. SASE ensures that hybrid infrastructure and applications are connected to end users without latency and throughput issues.

Before building up a SASE-based architecture, let’s have a look at the hybrid infrastructure and applications that enterprises use to run their business services.

Multi-Cloud Infrastructure:

Enterprises are adopting cloud services - Infrastructure as a Service, Platform as a Service, Function as a Service, Container as a Service– to build their business applications which need to have high availability and scalability built-in.

Example public cloud vendors: AWS, Azure, Google Cloud, and Alibaba

Example Servers: Windows, Linux.

Example Cloud Native Infrastructure: Kubernetes, Docker, containers

SaaS Applications:

Enterprises are using SaaS applications to modernize their operations and ensure there are no overhead resources needed to install and maintain those applications, increasing their productivity. SaaS applications are accessible from anywhere, be it from the office, home or coffee shop, making life easier for remote users in their day to day operations. SaaS applications also ensure high availability and scalability as the number of users and application usage increases.

Example SaaS Applications: Microsoft Office 365, Zoom, Salesforce, etc. 

Software Defined Network Infrastructure / As a Service Network Infrastructure:

As enterprises are increasingly running bi-modal IT frameworks, it's very important to support both legacy and modern software-defined infrastructure and related operations. Enterprises need to ensure both these worlds are maintained and supported to ensure that users do not have any connectivity or authorization issues to access infrastructure and applications. 

Example SD-WAN environments: Velocloud, Meraki, Contrail, Cisco ACI.

Example Network Equipment: Switches, Routers, Firewalls, WAN Controllers.

Example Cloud Network PaaS: Load Balancers, Subnets, Direct Connect, CDN, VPC.

Traditional Hybrid Infrastructure:

The traditional [legacy] IT infrastructure world cannot be decommissioned on the spot, as it’s often subject to regulatory and compliance issues related to data residency and data sovereignty for certain vertical industries like banking, energy and utilities, and hospitals. Still, this is an important technology stack for upgrades and maintenance.

Example Data Center Infrastructure: Physical Servers, Network, Storage and Applications [COTS/FOSS]

The goal of the SASE framework is to introduce and adhere to the following practices within the organization to run safe and secured business services, regardless of their locations, technology and users’ locations.

  • Zero-trust Network Access (ZTNA)
  • Cloud Access Security Broker (CASB) services
  • Secure Web Gateway (SWG) services
  • Deep packet inspection services
  • Virtual Private Network (VPN) services
  • Firewall as a service (FWaaS)
  • Data loss prevention (DLP) services

OpsRamp-SASE@3x-100

There are many vendors out there in the market that provide SASE framework solutions and implementation to their end customers. Enterprises now have a set of new tools and configurations in place along with their existing tools and frameworks, and have to monitor the new hybrid infrastructure and applications from multiple vendors. The challenge enterprises face is that there are existing siloed tools which do not support all of these technologies or enterprises end up procuring new tools to accommodate the new technology stack which could again be a siloed one. And most importantly when there are multiple business units or new acquisitions happening within enterprises, complexity only increases, as does the need for a multi-tenanted IT management system. How are we addressing these issues today ? 

For the SASE framework to succeed, enterprises have to ensure optimized performance is driven with the right configurations in place, thus making sure the applications are available round the clock for business users whilst maintaining the right level of security. OpsRamp’s SaaS-based IT Operations Management platform can discover and monitor hybrid infrastructure and applications, drive ML-based event and incident management and ensure the right automations are executed at the right time for remediating critical and outage scenarios.

The OpsRamp platform provides a unified ecosystem to consume data out of the various hybrid infrastructure to contextualize and provide visualization to ensure operations users are experiencing seamless navigation towards the root cause and resolution of the scenario.OpsRamp-SASE-01@2x-100

OpsRamp’s service-oriented operations manager combines the ITOM and ITSM[Incident Management] experience into one unified console, where users understand the following prism of effective IT operations.

OpsRamp-SASE-02@2x-100

We introduce support for hybrid infrastructure which can scale from on-premise to cloud native in terms of discovery, topology and building service maps that provide a soft linkage between virtual SASE frameworks and the underlying infrastructure and applications.

OpsRamp can consolidate events from its native capabilities and also consume events from third-party sources, using our curated ML-based algorithms to pinpoint the most probable cause and ensure incident notifications are sent to the right team at the right time. This ensures the identification and remediation of  service disruption causes.

OpsRamp-SASE-03@2x-100

Conclusion

Though different vendors provide SASE framework practices, SD-WAN as a Service or Firewall as a Service as unique service offerings to their internal or external customers, no single vendor provides a best-in-class service for SASE. Customers end up taking a best-of-breed approach to SASE and end up with a multi-vendor solution. When you have a multi-vendor solution, your biggest pain point is management and operations. Customers end up using multiple management tools to manage the different layers of their SASE services.

With its deep insights into hybrid, network and multi-cloud infrastructure along with SaaS applications and the end user experience, OpsRamp is uniquely positioned to serve as a multi-vendor management platform for SASE services. In addition to being able to monitor, manage events and automate the responses to those events across multiple SASE services, OpsRamp’s multi-tiered, multi-tenanted architecture makes it the ideal choice for MSPs looking to add SASE services to their portfolios. That architecture supports MSPs that roll out different services to different customers, managing multiple technologies. 

Next Steps:

CTA-XaaS-Datasheet


Recommended posts