We are not afraid of "clouds"
Unlike the previous two articles ( 1 and 2 ), where we talked about the practical aspects of using Zyxel Nebula’s cloud-based network building and management system (video), today I want to talk about what, according to our readers, most of all interferes with the widespread introduction of SD -WAN solutions. Namely, the mistrust of cloud services in the deployment and maintenance of corporate networks.
All Nebula products, including access points, switches and routers, gateways with intrusion detection and prevention features support controls from the cloud. They can be centrally managed and configured using the application or via a web portal, and connecting to the network of new devices does not require any special knowledge: turn on - and work. And between multiple network segments, you can easily create a secure VPN connection over the Internet. But how reliable is all this? Can you trust your network to a cloud?
Clouds: a risk factor or a reliable tool?
Cloud services have long become an integral part of our lives. They help us both in work and in personal affairs, and the majority of users do not cause concern. Two-factor authentication and a complex password will reliably protect data in the cloud.
The risk of disclosure of information stored in the cloud and the price of the consequences are incomparable with the convenience of cloud storage of documents and teamwork. Even those who do not trust the clouds, recognize that it is simply more convenient than all other options.
Different types of cloud platforms are useful and convenient solutions, and their developers pay very serious attention to security issues. And the confidence in cloud services has really grown in recent years.
If for ten years providers had to talk about what it is and how it works, now they are no longer asked such questions, although there are still those who continue to be afraid to give their data or IT management functions to the cloud. However, with the proliferation of cloud services B2C type Dropbox, people are already accustomed to storing information on third-party servers.
Contributes to this and the state. According to statistics, currently more than half of Russian government agencies use various cloud services in their work. And the implementation of its own cloud and platform solutions is now one of the key areas of development, which corresponds to the federal program "Digital Economy of the Russian Federation."
As for business, cloud services have long become tools for increasing the efficiency of customers' business processes. According to IDC, this is one of the most dynamic segments of the IT market in Russia. The benefits of clouds are becoming more and more obvious to companies.
The overall level of trust in cloud services is growing, but there is still a low level of awareness about the process of migration to the cloud, its associated costs and optimization potential, the functionality of cloud services and the level of control when working with them. This is especially true of such innovative solutions as systems managed from the cloud.
Meanwhile, the latter can provide you with a simple and reliable solution, the ability to manage the infrastructure from any location, constant monitoring of network performance. One of them will be discussed below. This is Zyxel Nebula, an innovative development that makes cloud management of a distributed network accessible to small and medium-sized businesses.
SD-WAN - the first step in the implementation of SDN in geographically distributed networks
The concept of "software configurability" (SDN) with its flexibility and automation is well suited for the implementation of modern network infrastructure. And to create solutions for managing distributed data networks, it has been implemented in the SD-WAN (software-defined networking in a wide area network).
Today, leading network equipment vendors offer SD-WAN solutions with a single, unified management of network infrastructure, which becomes more complex as more and more devices are integrated into it: wireless access points, mobile devices (corporate and personal). This allows not only to maintain the IT infrastructure of a small or medium-sized company in working condition, but also to ensure its reliable protection.
With the advent of SD-WAN solutions, it became possible to refuse to rent expensive L3 VPN channels and use the Internet while maintaining the required quality of service. The SD-WAN concept is designed to simplify the launch of new equipment and reduce the cost of operating corporate data networks. In addition, the network through centralized management and monitoring of equipment and communication channels significantly increases the level of control.
Zyxel Nebula (https://habr.com/company/muk/blog/339024/) can be attributed to SD-WAN solutions in which the network equipment receives all necessary settings from the cloud.
Control from the cloud: simplicity and savings
The line of equipment Zyxel Nebula has firewalls, switches, including those with PoE support, Wi-Fi access points. The Nebula cloud allows companies to manage their terminal equipment, from its initialization process to the application of specific policies and access rules. Moreover, in the event of unavailability of the cloud, the terminal devices themselves continue to operate in the normal mode, ensuring the connection of all network devices of the distributed corporate network.
For a network administrator who is used to controlling everything himself, it sounds a little scary, but in fact this approach not only makes life much easier, but also helps keep everything under control. And what about those who do not have an admin? Outsourcing? And if there are several offices, and even in different cities?
At the end of 2016, SalesForce conducted research among small and medium-sized business owners in the United States. As it turned out, 83% of respondents do not even have an IT specialist, but all decisions on IT infrastructure planning, purchasing, setting up and maintaining equipment are taken independently. Nebula will be for such entrepreneurs a good way out, allowing them to spend a minimum of time on the technical part.
Thanks to the capabilities of this solution, business owners can significantly save on hiring qualified personnel. For example, using the Nebula mobile application, it is enough to scan a QR code on a device connected to the network, after which it automatically registers, downloads new firmware and starts working.
The line of products compatible with Nebula, in which there are already 16 devices, is constantly expanding.
Zyxel Nebula cloud management system allows you to centrally monitor all components of a company's network infrastructure. It collects and displays a lot of information in real time: network traffic statistics, the status of monitored devices, the current configuration of this network segment and data on its workload.
Gateway Zyxel Nebula NSG 50
One of the key devices in the cloud-based system for building and managing Zyxel Nebula’s networks is the NSG 50 gateway. It can be deployed to remote sites automatically due to communication with the Zyxel cloud. It self configures optimal access policies and configuration settings, downloads firmware updates and signatures from the cloud.
The NSG 50 gateway provides automatic connection to a VPN, simplified policy management, and includes a powerful application security system.
Zyxel Nebula NSG 50 is automatically deployed to remote sites using a cloud. The gateway autonomously adjusts access policies and configuration settings, providing savings while maintaining the required level of security. NETCONF protocol guarantees the security of network configuration changes through the cloud.
And the whole procedure of deploying a network of a company with several offices is designed for inexperienced users. For convenience, hardware configuration and settings can be cloned by copying them from any of the sites. With typical office equipment, this will speed up and simplify network deployment.
The mobile application allows you to register devices on the network and see their status. For complete management and monitoring, there is the Nebula Command Center (NCC) portal with information on each network segment and each type of equipment, including the status and load of devices and connections, information about connected clients, their traffic and applications used. NCC Cloud Management Center is designed for organizations with several small offices. It is designed for ordinary users.
The control panel allows you to assess the general condition and load of equipment and connections at a specific site.
Of course, if you need not just to add a device, but to fully manage the network, you will need an administrator, but you do not need to keep a specialist in each office.
To create a VPN, it is enough to specify the gateways between which VPNs will be created, as well as specify the WAN port connected through it, the external IP address of the gateway and the internal local subnet. After that, the tunnels will be created automatically. Two VPN topologies are possible - directly and through the central office.
In general, Nebula is a convenient, functional and inexpensive alternative to solutions of this class from other manufacturers. Today, Zyxel Nebula is already an ecosystem of hardware and software that allows you to build a network and centrally manage it. Moreover, the configuration of the equipment occurs automatically, which allows you to save on network maintenance and IT staff.