As we understand that each market segment varies and needs are unique and different in terms of nature of users, the applications that they access at different market segments and even the bandwidth needs are different. Each one of these is a cost center for the enterprise, and the cost points with respect to enterprise Connectivity to each of these locations is different.
As a true software defined network platform, there is a clear separation not just in the control plane and data plane elements but there is a clear separation of the software and associated hardware systems as well which can provide the flexibility to the enterprises in terms of choosing the hardware and software based on the requirements, be it network usage or capacity.
All our hardware variants are primarily COTS appliances, and the true intelligence is in the software. Each of these variants can be physical or virtual or cloud form factor.
Physical Appliance
Virtual Appliance in
the Data Center
Virtual Appliance in the Public Cloud like (AWS, Azure and Google Cloud, etc.)
The best part in terms of the Control plane deployment is that, it can even be rendered as a service with a multi tenancy in built or as single tenant. All our Data plane & Control Plane is open to integrate with the existing systems – both in case of enterprise as well as service provider deployments like integration with specific NOC and SOC applications like SolarWinds, HP OpenView or even service chaining in the Branches with the SASE vendors.
The whole system is delivered as a software based architecture. The edge software is flexible and independent of the hardware architecture. This means that one does not end up with a solution that cannot fit multiple types of locations within a customer environment. This is not a once size fits all kind of a solution and the hardware can change from one architecture to another to deliver the optimum price performance for a type of location with in a large environment
We offer this service typically to the service providers and the large enterprises where we address the network uptime, reachability, performance and the security .
These Cloudport Gateway can be a pure physical appliance flavour that is a server class rack mountable appliance or typically a XEON class server with appropriate network interfaces and interface density that is deployed in the DMZ.
It could also be a virtual machine – KVM based, Hyper-V or ESXi based VM that is deployed in a virtualized data center DMZ or as a pure play native cloud format – in AWS, Azure or Google Cloud replacing the default gateway of the VPC or VNET.
The Cloudport Gateways support service chaining with any third party virtual or physical appliance for specific advanced security features with SASE vendors. The firewall in this case is the data center perimeter firewall that can run as a virtual machine on the same appliance and service chains internally on the CloudPort.
At the LAN side, the CloudPort Gateway can peer with an existing router or the core firewall of the data center, depending on the data center architecture. In the public cloud, this virtual appliance becomes the default gateway, and terminates the inbound and outbound traffic to and from the VPC or the virtual network.
Manage and Orchestrate the WAN and the Services using a single window it can even be rendered as a service
with a multi tenancy in built or as single tenant.
Single interface (GUI + REST APIs) to manage, monitor, provision, and orchestrate the application optimized network We support RBAC with
three primary roles to operate or manage or maintain the Cloudstation
Administrator role or user in which the service provider has access and manages and monitors the network and all the CloudPorts in the network. Operator role SaaS provider has access to all the CloudPorts in the SD WAN network responsible to monitor the CloudPorts and also have access to apply policies and rules across the CloudPorts.
User role SaaS consumer administrator at the remote site, can be the partner responsible to monitor the CloudPorts at all the specific customer locations. This user does not perform any active management, can view the CloudPort performance and raise trouble tickets if the service does not meet the agreed SLA.
In order to bring and offer value added services to end users and applications, we believe that intelligence needs to be migrated away from the edges and into the network in a controlled and traceable manner.
Our approach is to have a policy based management mechanism within the network fabric allowing our CloudPorts to reason over the content and make intelligent decisions regarding the handling of data packets. By deploying our proposed architecture, a network need no longer be viewed as a simple data transport medium but rather as a policy-controlled intelligent packet/stream processor that can offer specialized handling based on application needs.
In ScaleAOn we have an extremely powerful construct called Network Group. Network Group is the fundamental block that provides network segmentation in ScaleAOn architecture, more like VRFs. It’s basically a container of subnets which are allowed to talk to each other.
However, unlike traditional VRFs, Network-Groups are way more powerful in the sense that one can hookup policies, services etc. at a Network-Group Level itself. Once a policy is set at a Network-Group level, all branch devices that are part of the same Network -Group will get the policies. So, on the Lavelle SD-WAN platform, the IT admin will simply go to the Network-Group webpage and will set up a global policy indicating their intent of Internet Breakout. All the branch devices come to know about the policy changes via API communication with the Controller.
ScaleAOn's data plane is also is fully intent aware and functionally capable of interpreting the intent and doing the right thing. The data plane drives this power of consuming intents rather than fixed policies from the fact that the entire data plane has been architected using flexible series of near axiomatic functional blocks. Each functional block derives its own role that should be played, from the overall intent to achieve the final goal. These data plane functions empower Policy control on the Lavelle ScaleAOn platform to become simpler and more intent driven.
Local Internet Breakout or DIA is one of the key elements of any SD-WAN solution . Our ScaleAOn solution is evolved to support cloud apps which are distributed across multiple clouds.
We are able to provide better user experience with our QoS with application prioritization and optimal path based on real time WAN QoS metrics . Seamless branch to cloud connectivity having virtual CloudPort support in all the Public clouds.
ScaleAOn SD-WAN allows customers to configure a local internet breakout rather than have a single exit point from the overlay network to the Internet. In the Cloudstation policy framework we can apply or configure a local Internet exit from branch CloudPort . The data-policy is configured from the CloudStation so local Internet exit is managed centrally.
Private inhouse applications
(Enterprise Applications)
SaaS based Applications
(Office 365, Salesforce, G Suite etc.)
Internet based
applications
Our system has built in intelligence to treat each of them differently, we route the traffic intended for private applications to Data center, while SaaS based applications leverage SaaS breakout directly from branch and finally the internet category can leverage local internet breakout from branch office. This approach helps in saving the MPLS bandwidth and better user experience for the end users.
Network Group makes the network planning and expansion is an easy task for IT team Fast and Swift deployment without complex planning to enable business quickly – Customer needs to define the policies (VPN parameters, QoS policies, ACL policies, rate limiter etc.) initially once during the planning phase. Any future additions of Edge locations or changes in WAN connectivity of existing locations does not require even a single change or configuration of Network, VPN, Policies or Tunnels.
Tunnel or Path knowledge is not required – Once Network Group is defined at UI level, all Paths/Tunnels within the network are created automatically without any manual configurations at interface or device level. User does not need to be aware of underlying transport or tunnels complexity
So, on the Lavelle SD-WAN platform, the IT admin will simply go to the Network-Group webpage and will set up a global policy indicating their intent of Internet Breakout. All the branch device come to know about the policy changes via API communication with the Controller
In ScaleAOn, we consider the health of overlay and underlay paths equally important. An automatic map-out of the visualization of underlay and overlay traffic insights makes ScaleAOn’s a unique SD-WAN solution. ScaleAOn Dashboard provides visibility into the path's health distribution, site connectivity, link utilization along with the flow level visibility per user per endpoint.
Enterprises which have a phased plan of the rollout of SD-WAN can leverage ScaleAOn analytics and visibility with the transition from tradition and adoption of WAN to SD-WAN throughout the SD-WAN lifecycle.