subscribe to our blog


Zero Touch Automation for SD-WAN + SECaaS + Virtual Cloud Exchange

Published on: November 15, 2018 |  Author : Vineet Anshuman


Zero Touch Automation for SD-WAN + SECaaS + Virtual Cloud Exchange

Imagine service providers combining networking and cloud access to offer differentiated services, allowing them to maintain competitiveness in today’s hybrid network environments. Recently, Fortinet and Tata Communications Transformation Services (TCTS) have created a Proof of Concept Demo for MEF18 designed to showcase the powerful combo capabilities of SD-WAN, SECaaS and Virtual Cloud Exchange.

Enterprises are adopting digital transformation to increase productivity, enhance operational effectiveness and deliver more value to customers. Of late, a key trend with this transformation has been a movement to the cloud that offers infrastructure and service scalability aligned with the dynamic needs of today’s businesses.


Before we get into the objective of POC, it is vital to know that SD-WAN provides high-performance access to cloud applications for users located away from headquarters, enabling a more agile network and facilitating automation at branch locations to a degree that was not previously possible.

POC Objective

The objective is to showcase a fully automated model-driven deployment of a service (video and streaming in this case) that combines all three: SD-WAN networking, security and cloud access. The POC demonstrates capabilities that allow for the adjustment of networking links and performance based on application while automatically applying appropriate Secured SD-WAN associated rules to a simulated multi-branch environment.

The use case for the POC is built around a large multi-national organization seeking to deliver a live confidential townhall. A streaming service and SDWAN adaptations in the branches are used to ensure the performance and security of both the live stream and replay notwithstanding changing network conditions.

The POC features Fortinet’s SD-WAN solution that offers the following key characteristics:

  • Application Awareness – Enables application level SLAs
  • Multi-Path Intelligence – Dynamic WAN link selection based on SLAS and automated failover capabilities.
  • Multi Broadband Support – Transport independent with support for Ethernet, 3G, 4G. Aggregation of multiple interfaces on a single SD-WAN interface
  • Simplified Monitoring
  • Certified Security – Based on independent assessment by third parties like NSS Lab

The Virtual Cloud exchange POC demonstrates the following:

  • Dynamic Connectivity: The VCX can enable real-time creation and deletion of private connections to Public cloud.
  • Virtual Overlay Integration: Patent Pending Cloud NAT functionality with Network Address Translation (NAT) from private to public address namespaces.
  • Automation: The Orchestrator can instantiate a set of VNFs for the given tenant automatically on an already established NFVI.
  • Advanced Network Monitoring: Real-time visibility of end-to-end network performance metrics to assist planning, troubleshooting and fine-tuning network for optimal performance

Inherent in the POC is Security-as-a-Service (SECaaS) in which the enterprise user is ensured secure connections across the hybrid network environment. With this solution approach which makes use of a multi-function firewall, additional security functionality can be added as needed. Given that modern security and SDWAN rely on application traffic steering and engineering, security is leveraged to get a consistent view of the dynamic application space. The SD-WAN capability is provided as part of a Security Fabric which can provide additional functions like CASB, which can play a role in ensuring secure cloud access

The combination of TCTS and Fortinet capabilities is aligned with the MEF 3.0 framework stated objective of defining, delivering, and certifying agile, assured, and orchestrated communication services across a global ecosystem of automated networks

The VCX platform was created to help Tier 2 and Tier 3 service providers connect with major public cloud providers such as Microsoft Azure and Google and anyone who has not created orchestration around their SDN platform” said Vineet Anshuman, Global Product Manager for Nextgen Services at TCTS . “VCX enables real-time creation of private connections to public clouds like Microsoft Azure and help with automation and virtualization of traditional connectivity service”.

“LSO enables service providers to transition from a silo-structured BSS/OSS approach towards flexible end-to-end orchestration that unleashes the value of SDN and NFV. Standardized LSO APIs are critical for enabling assured services orchestrated across automated, virtualized, and interconnected networks worldwide,” said Pascal Menezes, CTO for MEF . “Managed services providers for Telcos like TCTS, leveraging the LSO Framework, can help CSPs jumpstart their SDN and automation journey."

An important part of the TCTS solution is that subscribers have the ability to self-provision themselves via a portal from the LSO system hosted within the service provider’s network. There is no need for any staff from the given service provider to manually insert any workflow processes, but instead the CSP subscriber directly places their intent into the LSO portal, for which the LSO orchestrates and automates the E2E workflow including E2E testing and activation. The subscriber at any given time can access how well their managed network connection to a given cloud is performing and/or the topology and configuration that was automated via the LSO system.

 The key value propositions the solution offers include:

  • All software and virtualization based use general purpose CPU
  • Runs over any legacy packet and/or optical network
  • Zero Touch Automation with tenant portal and APIs
  • Multi-tenant based
  • Hyperscale to millions of tenants

Leveraging industry SDN and NFV standards, TCTS VCX solution provides connectivity into existing MPLS, CE or WAN technologies for a given subscriber. With SDN and NFV approach, CSPs can deploy an NFV Infrastructure (NFVI) and Virtual Infrastructure Manager(VIM). A shared SDN infrastructure switch is put to use at the customer and cloud facing direction. This SDN switch implements a virtualized layer 2 over a layer 3 tunneling technology like VXLAN or NVGRE.

 The SDN switch is a shared switch that belongs to the shared PoP NFV fabric and only needs to press into service a single port in each direction for the tenant and cloud provider.

In conclusion, TCTS’s VCX solution is an advanced software solution that is part of a broader Overlay Network-as-a-Service solution for CSPs worldwide. It runs on SDN, NFV and LSO platform to deliver cloud connectivity at the layer 3 level as well as other service virtualised functions. The TCTS VCX solution is a fully white label solution with optional 24/7/365 operational support.


Contact Us
Follow Us On
Follow Us On
Follow Us On
Follow Us On
Follow Us On