Verizon: Banking, Manufacturing, and Healthcare Case Studies in Managed SD-WAN
Verizon has some of the largest global SD-WAN deployments based on Viptela technology. We investigate the lessons learned and best practices employed in some SD-WAN deployments in the banking, healthcare and manufacturing verticals.
Lloyd heads the Global Marketing team at Viptela. He brings 20+ years of experience in technology and business practices to drive cutting-edge marketing strategies in B2B environments.
Mark is responsible globally for strategy and execution of 2016 next generation holistic Managed Services Portfolio marketing plan, integrating products and technologies to drive new growth with a unified customer experience model.
Lloyd: Hello. My name is Lloyd Noronha. I head the Global Marketing at Viptela, and I want to thank everybody for joining this session, this Future WAN Summit session on Verizon Managed SD-WAN Solutions. Basically, what we’re going to talk about today is some deployments and case studies from banking, manufacturing, and healthcare. And we’re going to be joined from Verizon Enterprises, the head of Managed Services, Mark Hollman.
How, before I turn it over to Mark, I just want to share some housekeeping about today’s session. If you click on the attachment and linked sections, you’ll be able to download a copy of this presentation. What you also have there is a [peer] insight survey. We’re getting tremendous response from the audience on this survey. And we’re going to share the results of the survey with everybody who filled it out. So, if you want a copy of the survey, I highly encourage you to fill it out so we get a good, representative set of data.
Next – questions. You should ask questions throughout the session. So, feel free to keep asking your questions in that chat box and we will come to it somewhere through the session or, most likely, towards the end. And lastly, we’re having a Twitter competition around these future WAN summit sessions, so every single day we’re handing out an Amazon Echo to the person who tweets either the most interesting tweet, or the most active tweeter with the hashtag “futureWAN”.
So, I encourage you to tweet some screen grabs of some interesting things you’ve heard from the session today, and watch out for a prize in the evening. Thank you. And with that, I want to turn it over to Mark Hollman. Mark?
Mark: Thank you, Lloyd, and good morning, good afternoon everyone. Welcome. Thanks for attending our summit today. I wanted to start by talking a little bit about the changes we’re observing in the connected world, and what’s driving them. Application strategy is front and center, and with an ever-increasing need to improve and differentiate the user experience with consumers and employees alike, work has indeed evolved into something that you do, as opposed to just a place where you go.
And the knock-on effect is, for a work force to be the most productive, they need to be able to access resources anywhere, at any time from virtually any device. A [line] of business owners have requirements for applications too, and there’s an expectation that they just work. Cloud deployments proliferate, but, of course, the traditional network was never really designed to operate in this way. There are challenges around performance, management, flexibility, scale, consistent policy enforcement – the list goes on.
And this leads us to the reasons why our customers are caring increasingly about SD-WAN and what it can deliver for them. There are many transformational scenarios or event triggers which drive the need for SD-WAN software-defined network in a virtualization, and some of them are depicted on this slide here. Firstly, new and expanded services. We spoke about rapid application deployments through the cloud and enhancing the user experience with improved performance but, indeed, the user experience in its own right can be the key driver.
Whether it’s maximizing the benefits of guest Wi-Fi, bring your own device, or delivering innovative and interactive customer experiences, there’s a necessity to maximize application performance. When divesting, or in a merger and acquisition situation, there’s a challenge around asset segmentation, whilst at the same time minimizing cost and business disruption. Yeah, typically these are complex efforts and they need to be completed quickly.
Finally, on this slide, network modernization. There are ongoing challenges around making cost savings. And risk management requirements that arise from the ever-more sophisticated cyber-threats that we’re seeing. At the same time, in parallel, agility and performance need to be built into the networks. So, it’s not a simple situation, if you will.
So, this brings us to how we want to serve our customers the best we can in this quickly evolving world. Verizon made a commitment to lead in the virtual network space, and we embarked upon a mission to find industry-leading, cutting edge partners. We’ve evaluated multiple offerings and Viptela emerged as a clear leader. Not only due to the depth of functionality, but also the stability and the scalability of the Viptela platform.
Viptela provides leading edge, secure SD-WAN technology. And Verizon brings to the table extensive managed-services expertise. We manage over 420,000 devices across 4,000 customer networks, 158 countries. The importance of our partnership is that it enables rapid joint development and implementation. But for our customers, experiencing the benefits of what the new technology can provide, coupled with world class service provision, it can only be a good thing, right?
For the remainder of the presentation today, we want to offer up some common deployment scenarios of Verizon-managed SD-WAN with Viptela. And I’d like to toss now back to Lloyd, marketing director of Viptela to talk through those. Lloyd, over to you.
Lloyd: Wonderful. Thank you so much for that context, Mark. So, just to give everyone an idea on this call, it’s probably around 12 months or more since we had a fully operationalized SD-WAN offering from Verizon using Viptela. Essentially, in the last, 12-to-18 months, we’ve seen a steady traction across different industries that have requirements that are very specific and very different, but at the same time can be met by a common set of features using SD-WAN.
And our goal, through this presentation, is to go through the different requirements from the different industries and share that knowledge that we’ve had from our deployments in the last 12-to-18 months. So firstly, what we noticed is the conversation, no matter which industry, it is always down to three important discussion points. And those are in the center of this slide. One is the Transport Portfolio Strategy.
So, what I mean by this is, essentially we have enterprises that want to go global. They want to either embark on, have a more resilient application framework. So, things like those are putting pressure on not only having MPLS, but having a hybrid strategy. So, you want to be able to have some [circuits] of last resort, for example, like LTE, at some locations which you term as very critical.
At the same time, you want high bandwidth for applications that require high bandwidth, but might not be critical, like video. And at the same time, you want extremely reliable links like MPLS to serve extremely reliable applications like [Voice], ERP, and the others. So, we have a transport portfolio strategy discussion that essentially becomes very important. Then, the next level of discussion is cloud architecture.
Cloud architecture is essentially what phase the enterprise is in [migrating] to the cloud. Now we’ve passed the point where we’re evaluating whether this is important or not. We’ve actually reached a point, in the last twelve months, where there’s been a flurry of questions coming in to us on how can you solve my issues related to Office 365 and SaaS. Or questions related to “I just moved from on-prem to a cloud offering of Office 365 and my performance has degraded by three to four times.
Why is it happening, and how can you help?” So, then cloud architecture becomes extremely critical from a SaaS perspective as well as from a cloud infrastructure which is platform and, you know, infrastructure [unintelligible 0:08:53]. And lastly, there’s this entire notion of “we want the network to behave in a unified manner.” Until today, every time you rolled out a change – for example, a policy change, something as simple as “I want all devices to treat, let’s say, Facebook and YouTube traffic in a certain manner.”
That single configuration touches every single device in a network and has to be rolled out over a period of six to nine months. That should never be the case. I mean most of the infrastructure teams are doing this. Any kind of global policy change in a matter of minutes, and with compliance and other restrictions, you need about a couple of days to roll these changes out. But the networking team requires much longer time.
So, we are in a situation where we want to move away from the device-level configuration to a centralized, policy-based framework which very much aligns with the business qualities of the enterprise. So how did these three frameworks of thinking align with some of the industries who we are seeing as [early] [adopters]? I’m going to start clockwise from the top, with the energy and manufacturing sector.
So here, we have seen multiple different enterprises embark on SD-WAN – not only from a pilot stand point, but actually, going 100 percent SD-WAN. One of the peer drivers in this industry, one major driver is IoT. So, although IoT is a new phenomenon of [hype] over the last few years, in some sectors, as far as manufacturing and energy concerns, it has been the way they have operated over the last decade.
And they have [sensors] all over the manufacturing plant and they monitor in [unintelligible 0:10:48], the monitor in different stages of manufacturing, and if you’re a contract manufacturer, you essentially have data being fed from the manufacturing floor to all your partners, all your customers. If you are, for example, a contract manufacturer based in some part of the U.S., manufacturing for a company like Logitech, at any given time Logitech needs up-to-the-minute information on what’s happening with the different parts of their product.
So, that is one element of it. And the next element is, most of the time, energy and manufacturing companies tend to be larger conglomerates or have multiple holding companies within them. The way they operate today is multiple [disparate] infrastructure for each of those holding companies. So, here again, what we’ve seen SD-WAN do is not only isolate all the IoT devices [they isolate] on the partner network, but also bring in this element of having a unified WAN architecture across these multiple holding companies.
At the same time, you isolate the various holding companies into different segments. And each segment then becomes quite autonomous within the larger framework. And lastly, within the sector, another important requirement is connectivity in places that are hard to get connectivity. So, you have, you know, remote parts of the globe, or remote parts of the U.S. where you might have a manufacturing plant, or you might have small facilities that pop up only for a period of three to four weeks when there’s an active engineering or construction project going on.
So, you need connectivity for that period and you cannot wait [the sixty days for connectivity. What you have with SD-WAN is same-day connectivity with LTE. So, you have Verizon LTE that you can onboard the same day to solve these problems. So, you’re moving into an extremely agile and secure environment when it comes to manufacturing. I want to change this over to healthcare and pharmaceuticals.
So here the requirements are completely different. Mark laid the foundation to this with the topics on [MNA] and divestiture. Now here, that’s where you’re seeing the most activity when it comes to healthcare. There’s very aggressive MNA activity going on and with these MNA activities, the focus is highly on IT – how quickly they can integrate access. Now it might take a long time to integrate applications but if infrastructure is integrated within a couple of weeks, then that’s a huge win for IT.
Because that today is taking, again, six to 12 months. So, we have been consistently with our healthcare customers the ability for them to integrate with the MNA, the acquisitions within a very short duration. At the same time, with healthcare, what another important thing is resiliency and security. So, security, for obvious purposes – it is a highly regulated industry. So, when you think of increasing bandwidth for let’s say purposes of tele-medicine or something else, you obviously get into issues of “Can I trust public broadband”, right?
So you want to be, at that moment, to make sure that security needs are met. And here again, SD-WAN is, sets the bar very high in terms of security. It’s almost MPLS-like. It is MPLS-like security from a network link standpoint. But everything is [unintelligible 0:14:16], everything is authenticated. You do not have a breach from that standpoint. So, but healthcare, those are the requirements that we meet. With retail and financial services, we see essentially, enterprises which have a large number of [endpoints] that are very similar to each other.
So here the big requirement is the ability to essentially have a unified view across the entire enterprise. And at the same time, to be able to roll out new services, like guest wireless for example, in very short order. So today, when we talk about some of our joint [wins], we have retailers and banks that have essentially deployed guest wireless using SD-Wan with a single touch of command from the central location.
When all they did is carved out a segment that says this is for guest wireless, connect to your wireless controllers into that segment and suddenly, they have an isolated segment on the same network which does not increase the attack surface on the [unintelligible 0:15:21] network. You completely isolated that. The next important element, especially for financials, is resiliency. You cannot have an outage – similar to healthcare – you simply cannot have an outage, so having multiple links, having a back-up link is a good option, but you really need a backup, you really need no application downtime. That’s what they’re really trying to get towards.
And then you have cases where – we had another customer in the top, you know, a really large credit card company whose requirements are, again, very similar to retail and financial, but in this case, there are a lot of shared services that credit card companies implement [unintelligible 0:15:58]. I want to move ahead now and discuss three specific examples and use-cases and what the problem was and how they solved it.
So, one thing is 12 hundred-site bank – so again, here it was about 18 months back that we had this really large bank that wanted to roll out a new application that they wanted to essentially add about a billion dollars to their top line. This was a high-bandwidth application that’s going to roll out to all their retail branches. Now, the issue they faced with this was, of course, bandwidth. They were highly restricted on bandwidth, that is one.
The second issue that they had in parallel to the rolling out this application was, how do I essentially implement security in my branches? So today, for good or bad reasons, segmentation is not used with [YD]. What problem does that introduce into the enterprise? Essentially, there is a problem that if there’s vulnerability on a mobile device, the ATM machine is susceptible to it, the market banking division is susceptible to it – so you have all these divisions that are suddenly susceptible to the weakest link on your network.
So, they want the ability to completely isolate the different line of business units and they could operate separately and with different levels of security. And lastly, they needed to be able to have no downtime in their network. Absolutely no outages and what I mean by this, is you can have link-level outages – your networks, of course, you cannot control them. Sometimes they go down, but the application should not go down.
So how did Verizon and Viptela address this? Again, this is a fully deployed 12 hundred-site bank. We essentially provided a solution where you have Verizon MPLS – one or two broadband links, as well as SD at every single location. It was dual Viptela devices at every location for high availability. And essentially this addressed the first requirement, which is the ability to develop high-a bandwidth [unintelligible 0:18:20].
You went from essentially the cost-point of adding bandwidth at a hundred dollars a megabyte down to about 20 dollars a megabyte. Twenty to 40 dollars a megabyte, depending on the site. So, once you reach this metric, you’re able to add bandwidth more easily to each of these branches and you suddenly move from 2 to 3 MB per branch to about 250 to 200 megs per branch. In addition, by having LTE, you are able to resolve the issue of application outages.
So, by introducing policies, you could introduce policy for your critical applications. For example, you could say [voice] traffic has to, is my highest priority application. I need 100 milliseconds of latency and has to travel on a link that has zero percent loss. I’ll give you one percent loss and let’s say 20 millisecond jitter. So then, the network honors that requirement despite the fact that some links are crashing, some links are erratic sometimes. The application does not face any of that erratic nature of the network.
So, introducing broadband MPLS, having the diversity of that link gives you that benefit, LTE gives you the resiliency benefit. And more important than all, these options have existed even before SD-WAN. What SD-WAN really does is it gives you the unified management, central management. You’re moving away from a device-level management to a unified centralized management. And it’s not only, you’re not only managing it, you’re actually trouble-shooting and the entire network is operated from an abstracted controller which sits in the cloud.
The entire network is – again, extremely secure, it meets all the requirements that the banks have from a basic network security standpoint. Every device is authenticated. All communications from the device are fully encrypted. You can set a full mesh of encrypted tunnels across your full network. And more importantly, from a line of business perspective, you’re able to completely isolate your different lines of business.
So, for example, mortgage banking has a hub-and-spoke segment so all retail sites can only talk directly into your data center. Whereas retail banking has more of a full mesh segment. So essentially, retail sites can talk amongst each other. So [voice] calls, et cetera, can go across the retail sites and you also have this notion on what is being [experimented] now for [Unintelligible 0:21;05] tellers, where some retail sites can pull up, or the customer can be told by [Unintelligible] tellers that are sitting at the other end and not busy at that moment.
So, you have the retail sites in full mesh and then you can roll out guest wireless as a separate segment, with no [bundle] ability for any of the network and of course, your ATM is sitting on a different segment. So, essentially, from a before-after picture, your bandwidth went way higher. You were able to achieve your goals of security in isolation. You were able to roll out your new application and your window to make revenue from that new application shrunk from nine months to about a few weeks.
You were able to roll out that application really quick. And you were able to achieve resiliency in – despite the fact that you had MPLS and broadband go down every so often, you never had outages on the application. So, this is the case of a 12 hundred-site bank. The next case study that I want to talk about is a thousand-site manufacturing company. So here again, we had – the issues we were facing with manufacturing are very unique in a way. Manufacturing has a global presence. They have large facilities at different locations – so quite different from banking and retail.
They have a large number of [sensors] at each one of those facilities and there, again, they have some aspect of [multi-tenancy] going on there because they are serving [unintelligible 0:22:35] customers through either contract manufacturing, or through multiple holding companies within the parent enterprise. So here again, you need the ability to isolate these various entities. We need to be able to isolate vulnerabilities from the IoT and prevent them from bleeding into your corporate network.
And there was also a requirement on cloud. So, Office 365 and SaaS performance, we were hearing complaints again that the latencies were too long, the user experience was not good at all. So Viptela and Verizon were able to deliver a solution that addressed all these problems. The first solution, from the deployment standpoint, very similar to the previous case – MPLS, broadband, and LTE at every location. We had cloud-hosted controllers.
In the first example, the controllers were on-prem, but in this example, it’s cloud-hosted controllers. We again had multiple segments for different business partners, and we had [qualities] that controlled what went in and out of the segment. So for the most part, one partner was completely isolated from another partner, and no matter what activity or vulnerability existed on one network, it could not bleed into another network.
And again, these are – the difference from this to the previous example is these are external partners. They are not different lines of business, but they are external partners, Here they are communicating with an external entity is similar to what we saw with the Target hack where, you know, one vulnerability with one of your partners essentially impacted a highly critical resource or an asset within the parent enterprise.
So, segmentation ensures this does not – it’s one of the things that ensures that this does not happen. Next, we had the flexibility with SD-WAN to be able to install internet exits in a manner that delivered a superior SaaS performance. So, firstly, we were able to at some locations, introduce direct exit into the internet. At some other locations, we were able to regionalize the internet exit so – again, the trade-off here is that you could have an internet exit at every location, but you need to ensure that you address the security at each one of those locations.
The other way to address that is to consolidate a bunch of sites to exit to the internet from a regional exit, and that typically exits in a [unintelligible 0:25:18] location. Long story short, this manufacturer was able to use a combination of both, based on their location in the world. And the policies were again set to monitor the SaaS applications at any given time, and at any given time the SD-WAN application could ensure that the SaaS was exiting the internet from a location that gave us the best performance. So, we actually saw a three to four x improvement in performance from SaaS applications after this change.
And the most important part, with the vagaries of the internet itself, we were able to adjust to the dynamic performance problems that [Unintelligible] the internet itself. It wasn’t tune it once and forget it, but we were actually monitoring it and steering things around based on what was happening at that given moment. And lastly, IoT security and segmentation was achieved with service chaining, so we were able to introduce service chains to ensure that not only are we keeping IoT on a separate segment, but we have service chains that run the IoT traffic through firewall IDP/IDS devices before they go in and out of the [corporate] network.
The end result was, we of course had a very – IoT security was extremely hardened, SaaS user experience grew three to four times better, the attack surface reduced significantly, because you isolated these attack vectors to very tiny elements within the segment. And lastly, you had, you were able to go into an extremely complex enterprise and create this unified WAN [overlay] offering.
So, what this entailed the manufacturer to do was essentially roll out services in really quick order, so if there’s a new service they wanted to roll out, they could spin up a new segment, but if they were going to roll out a new subsidiary for a certain period of time, they could actually spin up another segment for the subsidiary and establish policies very specific to that particular entity.
I’m going to move forward to my last example. This is a Fortune 100 healthcare provider. And what happened here is typical to what’s happening in healthcare, but at the same time, it’s a little opposite but there’s a lot of [unintelligible 0:27:50] going on this particular example, it’s a divestiture example. So, we were having this Fortune 100 healthcare provider divest a portion of its hospitals in a certain part of the U.S.
And eventually what they wanted to – the complexity lay in the fact that the divesting period was going to last over a twelve-month period. So, during that time, most of the critical applications were on-net, within the data center – like the EMR, EHR application. So, the divested entity still needed access to patient records, and a few other medical-related applications that resided on the data center.
But at the same time, we needed to isolate a few other pieces of information at the start and progressively, every few months, they wanted to ensure that they reduced access to the divested entity, and at some point, they wanted to completely prune it out. So, this was a specific requirement that they had when they were thinking about SD-WAN. But, in addition to the other [table “” not found /]
requirements of course for healthcare is that the security and outages become a big, big concern, right?
So, security from a healthcare standpoint is one of their biggest and most diligent – it’s cost reduction that won’t come at the cost of security for them. Because security is number one, and everything else is number two. So, in this particular case, the diligence – bring all the validation from a security standpoint, was really huge. And lastly, there was this general aspect that they wanted to move to a hybrid strategy, but you know, the issues related to security and the unpredictability of the internet links was what was holding this thing back.
So, how did we help? In this case, again, what Viptela and Verizon did, was we were able to roll out our SD-WAN devices that were on MPLS initially and with broadband added later on. But with MPLS initially, we were able to roll out the [unintelligible 0:30:07] routers to each one of the divested entities. And we rolled out the same devices to the parent entity – a portion of the parent entity – and what we did over time was, we were able to define the divested entity as a separate segment on the corporate network.
What was going in and out of that segment was controlled on a centralized policy, and essentially every two months, we were able to change the policy so that you could have reduced access to a certain set of applications. Now, the SD-WAN technology identifies about 3,000 applications itself, so we were able to accept those VPI policies that identified applications and prevented access to a certain amount of applications.
At the same time, there was complete visibility which didn’t exist before. We needed external monitoring tools to have basic visibility across your entire network. So, in this case, our SD-WAN offering – since it’s an [unintelligible 0:31:15] network, it has visibility to all applications and all traffic and all link conditions that are happening in the network at that given time. And so you have a complete visibility on what is happening in the sense that if your divested entity is accessing an application which it shouldn’t access, you will have visibility into that.
Now in addition to this, you will need monitoring tools for more sophisticated monitoring, but you don’t need it for the basic monitoring, which I just mentioned. The next thing is, you wanted to be able to essentially ensure that your high bandwidth applications, like telemedicine, are firstly, always up and running and secondly, getting the bandwidth that they need. Here again, you were able to essentially with the hybrid architecture, actually you’re able to move to this new model through this project, which is primarily an MNA kind of project.
They were able to meet their secondary goals also on this particular case. So, the end result is, they were able to completely divest out. This project is, again, completed and one big benefit from this is the single policy. They got a single policy across the hybrid WAN. They were able to roll out policy centrally, and across the entire hospital network. Again, visibility and reporting was huge. They didn’t have detailed reporting before, they were to get it with SD-WAN.
The time to change policies was the significant driver for SD-WAN because, it wasn’t like this project couldn’t have been implemented on traditional routers, or traditional equipment, it’s just that every single policy change was going to take three to four months and, since you had multiple policy changes happening over a 12-month period, they couldn’t simply execute it on the old architecture. They needed this architecture to just make sure that every single policy change, was just taking a few days and not a few months.
And lastly, the outage reduction due to network issues was a huge upside of the project itself. So, those were the big factors that drove the success of this project. So, with that, I’ve covered a few important cases. I want to take a pause and look at some of the questions here. Mark and I will be taking on your questions. In the meanwhile, feel free to continue tweeting with the hashtag “futureWAN”. And for the next few minutes, we’re going to take a few questions.
So, as I see the Q-and-A coming in, the first question is – I think this one’s for you, Mark: “Is the Verizon SD-WAN offering currently only in the U.S., or is it targeting any other parts outside of the U.S.?”
Mark: Yes, Lloyd, that’s a great question, and you know, the reality is that largely, the Viptela managed SD-WAN offering is a global offering. It’s available as standard in just under 50 countries and 11 more where there’s certain conditions. But yeah, largely a global proposition has been available as such since mid-2016.
Lloyd: Wonderful, Mark. And to complete what Mark just said, the one big advantage SD-WAN has is you can deliver a service in the areas that don’t have a footprint, right? So – because the old way, you just have to essentially solve the problem of the link itself, but it doesn’t have to be your link. So, that enables – gives a lot of flexibility and we’ve certainly encountered customers who have come in with very strict requirements and operating in some regions which we’ve been able to support and [unintelligible 0:35:14] because of this aspect.
The next question we have is: “Does the regional internet breakout require a secure gateway solution, or is it policy-driven?” So, I’ll take this question. This is essentially – this is a good question. What this mean is, when you’re breaking out, let’s say, from a split tunnel at a branch, do you need a security gateway. And the answer is, it depends on the organization’s policy framework. Essentially we’ve had enterprises that have rolled out guest wireless to some other forms of guest services using no security framework.
But at the same time, there are corporate breakouts, like if it’s to a SaaS application, or it’s for corporate traffic that’s breaking out, we’ve had some really large enterprises – including I think, we had a presentation last year at [Unintelligible], where they were able to do this using Zscaler. So Viptela currently completely integrates within Zscaler. So, we were able to set up internet breakouts and you can use the cloud security with Zscaler.
In some other cases, we’ve had customers use Palo Alto devices, security devices, and essentially consolidate them at various regional locations and set global policies that say “these sites can exit to the internet directly but they need to access these devices before – the security devices – before they go in and out of the internet.” So, you have that flexibility with this deployment.
The next question is – Mark, again, I think this one’s for you – “What is Verizon’s role in some of this deployment? Is it mainly rolling out the technology or is there anything more to that?”
Mark: Well. I mean, there’s a combination of things that Verizon get involved in. Not least, the managed-services, because Verizon’s got an extensive managed services suite and what we do is, we overlay the same type of network management that has been particularly successful with the more traditional types of network deployment such as managed wide area network, private IP, and you know, that will give a visibility of reporting or give the [break-fix] SLA competitive mean time to repair.
Service level agreement. So – and over and above that, you know, there’s a level of expertise that Verizon provides as the experienced implementation group if you will. And there’s often [inter]-section when we embark upon, together in partnership, new technology ventures, there’s risk and the best way to mitigate that risk is actually to partner the leading edge with the experience. And that’s really the benefit that Verizon and Viptela together bring to this.
Lloyd: Thank you Mark. The next question is on segmentation. “Is segmentation performed by using separate VPNs?” So, let me answer this Mark. So, this is a good question. Traditionally, you had segmentation that have come in on using the link itself. Using separate VRFs. The challenge you have with a hybrid WAN strategy is, how do you retain that segmentation across all kinds of links? This is broadband, this is LTE – and remember, this is all active-active.
Everything that you saw in all the previous slides is all active-active. The notion of active-backup goes away, so you’re at full link utilization now with SD-WAN. So, the answer to that is, the SD-WAN technology itself provides segmentation that is very sophisticated – not only can you have segmentation that is pervasive across broadband, MPLS, and LTE, but you can also define each segment to be a separate topology.
For example, with one of our retail customers, they have about four or five segments across their retail stores in the U.S., and one segment is purely for guest wireless, one segment is purely for unified communications – so that is full-mesh – one segment is purely for [POS], which is hub-and-spoke. You can have separate topologies per segment, and one segment is purely for surveillance video, which is shared regionally among all stores within a region, but it’s not shared across the nation.
You can craft these different topologies based on the applications, and meet the requirements then. We have a question asking us if the slides will be available after the session, and the answer is yes. The slides are already available as attachments of [unintelligible 0:40:15]. I think we have one more question coming in. This is, I think this is some kind of a joint question but it’s “Has security been a concern by the financial and healthcare enterprises that have deployed this?”
And the answer is yes. Security is a major concern. There essentially has been – these enterprises are, major assets are tied around, would be destroyed if there was some kind of a breach. As we saw even in a retailer like Target, the breach that exposed their customer information really, really hurt them badly. So, the thing is a top-of-mind item while evaluating SD-WAN, so there’s been some rigorous testing.
And fortunately, since Verizon and Viptela have gone through some of the most conservative enterprises first if you will, through these large healthcare, large banks – typically you have the large players adopt technology later on, but this is an example you have the large players moving first because they have the burning need. We’ve had the opportunity to completely validate the security aspects of this and, you know the concern exists, but it’s completely addressed today because of the large number of deployments, security in deployments.
So, with that, I don’t see any more questions coming in. So, that’s it from my – Mark, do you have any more talks to share? I think we’re done with the questions at this point.
Mark: Yeah, thanks Lloyd. And, no, I mean really, I think it’s often the case that we see the, you know, from a technology perspective, we tend to look at the technology in isolation. But as we kind of move into this next generation of business transformation due to what’s going on in the digital world, we’re really starting to see now the – we’ve got to tie what we do to genuine outcomes, and the great thing is, when we talk through deployment scenarios like this, you see what it really enables.
So, I hope it’s been of use to the audience. I’d like to thank you again for your time today in joining us at [our site].
Lloyd: Thank you so much. Thank you so much. Thank you Mark and for those who want to get some other education materials on SD-WAN, there are about 10 different windows and customers and other entities and analysts that are presenting at the summit. I would encourage you to go and educate yourself on the other sessions. And as I mentioned before, all the sessions are available on demand so you can see them any time. With that, thank you so much.