Security firm Fortinet released the new “Secure SD-WAN (software-defined networking in a wide area network) for Multi-Cloud” solution which addresses the challenges of maintaining multi-cloud environments. It is designed to enable enterprise IT to build a seamless cloud-to-cloud network and security architecture that is consistent and robust across the different clouds.

According to Fortinet, cloud infrastructure spend is rapidly becoming a larger portion of the chief information officer’s (CIO) budget, and as a result, enterprises are increasingly adopting a multi-cloud approach for their cloud deployments. A multi-cloud strategy enables organizations to avoid vendor lock-in and to select the best cloud services to meet the requirements of a particular application or workload.

Organizations are also able to choose cost-optimized services and leverage geographically dispersed clouds for disaster recovery, to meet data sovereignty requirements, and to improve overall user experience. A multi-cloud model also provides redundancy to reduce the risk of downtime.

Fortinet said that because of this, enterprises are building new data infrastructure across multiple clouds. And at the same time, IT continues to constantly evolve their cloud network infrastructure to meet new performance, security, scaling, and cost goals that have a tangible impact on their business outcomes.

Challenges

Obviously, having multiple clouds would make a complex network architecture. Due to fundamental differences among cloud providers, IT personnel typically struggles to deploy a consistent network infrastructure for applications and workloads that are deployed in or that span across multiple clouds. This increased complexity can slow down operations.

Different infrastructure from different vendors meant interaction is unavoidable. This makes the system vulnerable and increases security risks. Fortinet said that a lack of a consistent security infrastructure that can seamlessly span multiple clouds, especially in terms of policy orchestration and enforcement, results in security gaps that prevent end-to-end visibility and uniform security control.

Multi-cloud may slow down application performance. Fortinet explained that previously, to overcome this challenge, enterprises chose to backhaul cloud traffic to on-premise data centers or network service or colocation provider points of presence. While the goal is for cloud workload traffic to be centrally inspected and routed among the different clouds, these dedicated backhaul connections are often expensive and can quickly become bottlenecks. This problem can be exacerbated because backhauling traffic over cloud provider VPN gateways to on-prem data centers can add significant latency and degrade application performance.

Secure SD-WAN Multi-Cloud solution

Fortinet Secure SD-WAN for Multi-Cloud is a new use case built around a FortiGate-VM next generation virtual firewall combined with a FortiManager central management console.

This new offering enables a unified networking and security strategy with a programmable framework to ensure consistent policies for securing and transporting traffic across multi-cloud environments. This application-aware overlay network can be easily deployed, and operates seamlessly across multiple public and private cloud virtual networks. It leverages internet connections as well as collocation and leased line connections to each cloud, including public cloud transport services like direct connect, express route, and interconnect, to offer the option of select different links per application and workload.

To reduce complexity and increase agility, the solution also supports repeatable deployments using automation templates and broad support for public cloud and SDN/SDDC integrations.

Automatic updates

With the support of Fortinet fabric connectors, the solution enables full integration with and among cloud providers — automatically updates dynamic addresses of workloads as they are spun up and spun down. Appropriate security policies are then dynamically tied to workloads without the need for manual intervention.

Cloud-native integrations, such as tag-based segmentation, enables the application of policies to segment workloads. And with pipelined automation that uses cloud provider serverless functions, IT can decrease response times to security events through automation applied across multiple FortiGate-VM Secure SD-WAN nodes. Also, deep packet inspection and advanced security, such as IPS and AV, provide deep visibility into any security threats across the multi-cloud deployment.

This solution can work on either cloud provider direct connections or internet links based on predefined or custom application signatures and it also utilizes encryption to securely transport application traffic using internet links. Its SD-WAN dynamic path selection capability chooses optimal links to deliver the best application experience. FortiGate-VM also offers over 20Gbps of IPsec performance for fast encrypted connections over internet links to reduce operational costs.