zWAN – SECURE SD-WAN

Secure SD-WAN

Designed for the Modern Workplace
zWAN helps to have employees stay connected securely, whether they are at the office or working from home, while providing the tools to both employer and employee to enhance productivity. In today’s post-Covid environment, employees are increasingly working from both traditional offices and from their homes. Employers face the challenge of making sure that Remote Workers, home networks and devices are secured while also ensuring that User’s productivity levels are maintained.

zWAN client was designed from the ground up to provide secure and reliable access for both hybrid and remote workers to access corporate and personal networks at home and from anywhere. To accommodate Work-From-Anywhere users zWAN EC is used and for Work-From-Home users zWAN vEC which eliminates the need for a separate hardware device, which results in a significant cost savings for corporations.

zWAN EC Failover Model

zWAN vEC Failover Model

Always Online, Always Secure

Remote Users Connectivity
To keep WFH & WFA users productive, it’s important to have a reliable internet connection. When the primary ISP goes down, some users may try to find a backup connection or just wait for the ISP to come back online, both of which can lead to lost productivity and security concerns. zWAN vEC & EC offer a solution by providing a dual path internet connection with a backup LTE service that automatically takes over in the event of a primary ISP outage. This allows remote users to stay online and continue working while keeping the network and devices secure.

zWAN Client Key Features
The zWAN client software is installed within the Work-From-Home or Work-From-Anywhere users Windows 10 and Windows 11 device(s). The installation process can be pushed out using your existing endpoint management solution or can be installed by the users. The install process is quick, simple and is a zero-touch installation from the users perspective.

zWAN Product Features

zWAN Director – Cloud Management
Once installed, the zWAN Client will automatically onboard to the zWAN Director in the Cloud. The Director is responsible for provisioning and managing the zWAN Client. Alerts from zWAN Client are routed to the Director for action. Similarly, the Director collects activity logs and network traffic related data from all zWAN Clients to generate dashboard displays for each zWAN Client. The administrator can review alerts, view the dashboard, and review logs through the Director.

Multipath Connectivity
zWAN EC utilizes the network port connections of the device it is running in to set up multipath connectivity over the underlay network, generally comprising of broadband or LTE. Fig. 1 shows a system with just a single communication link. Fig. 1 shows a setup with multipath communication links. zWAN Client can be configured to preferentially utilize one path over the other, i.e., in the event of a failure of the preferred path, a dynamic switch is made to the available path, for high availability.

Having multiple paths ensures that in the event of a path failure, an alternate path is available for transmission to continue uninterrupted.

Single Communication Link, e.g.. Cable Modem All traffic flows through the single link
Figure 1: zWAN Client Multipath Connectivity

Load Balancing
Using multiple paths, the load can be transmitted over multiple paths. The load distribution can be symmetric, when the load is equally distributed or be asymmetric when the load may be unequally distributed. Fig. 2 shows symmetric load on the two paths, whereas Fig. 3 shows asymmetric load balancing.

Multiple Connectivity – Load Balancing/Symmetric
Multiple Communication Links, e.g. Cable Modem and LTE
Traffic flows through both links in equal measure

Figure 2: zWAN Client Load Balancing/Symmetric

Load Balancing/Asymmetric
Traffic flows in unequal measure 3:1 through the links
Figure 3: zWAN Client Load Balancing/Asymmetric

Autoflow Control
Fig. 4 shows autoflow control. zWAN Client can be configured to make path selection based on underlay network characteristics such as latency, jitter, or packet loss. This means the network flow can be steered to go over the path with say the least latency. The network characteristics are periodically measured so that if the network characteristics change, then the flow will get routed over the best available path.

Traffic flows through link with the lower latency
Figure 4: zWAN Client Autoflow Control

Applications
With increasing prevalence and popularity of Work-From-Home and Work-From-Anywhere, employers face the challenge of making sure that the user’s computer when connected to the home network is secure and the user’s productivity does not suffer and ensuring that productivity levels are maintained. zWAN Client addresses all this and other issues that go along with Work-From-Anywhere scenarios.

Deep Packet Inspection (DPI)
zWAN Client analyzes encrypted network traffic through a process called deep packet inspection (DPI), and classifies the packets to identify the application transmitted through the network and the category the application belongs to. Each category can be either blacklisted (block) or whitelisted (allow). If an application falls in the blacklisted category, it will be denied network access and the flow will terminate. The path selection can also be based on the application or the category of application.

When bandwidth constraints exist, zWAN Client can prioritize applications for transmission, thereby ensuring higher priority applications are transmitted and lower priority applications are transmitted only after the needs of the higher priority applications are met.

Bandwidth Augmentation
The available bandwidth can be augmented using network bonding, by combining more than one path to increase available bandwidth.

Report Generation
The zWAN Client sends IPFIX data relating to the network traffic and syslog to the Director for further analysis and for dashboard display. Dashboard charts provide invaluable insights into user activities with zWAN Client. The dashboard can show the number of packets by application transmitted over the network for a predefined period (i.e., 1-minute). display. Dashboard charts provide invaluable insights into user activities with zWAN Client. The dashboard can show the number of packets by application transmitted over the network for a predefined period (i.e., 1-minute).

SaaS Breakout
The zWAN Client can identify SaaS traffic deemed to be reputed and categorize it as such by using DPI and packet categorization techniques. zWAN Client transmits such SaaS traffic directly to SaaS websites by the shortest available path, without sending the network traffic to the data center, thereby avoiding backhauling. In traditional networks, generally all network traffic gets sent to the data center for security reasons. With zWAN Client, this unnecessary backhauling can be avoided.

Internet Breakout
The zWAN vEC can identify general internet traffic and categorize it as such. Such traffic is normally sent to the data center for security scans. This means that SaaS traffic, which in today’s environment constitutes the bulk of the traffic for most enterprises, does not have to be subjected to deep security scans, thereby reducing security costs.

Traffic flows through link with the lower latency
Figure 5: zWAN vEC SaaS Breakout / Internet Breakout

Top