The Japanese IT services provider NEC completed a trial of its open source-based SD-WAN Security Common Platform at the University of Kuala Lumpur in Malaysia. This was the company’s first proof of concept (PoC) using the platform.
The university required a service that could connect its several campuses and enforce security policy at each site. It also wanted to decrease costs and provide centralized, automated network management and control.
NEC deployed 15 hardware pieces, including laptop clients, to connect the school’s four campuses. Nine devices were ultimately connected to the SD-WAN controller, according to NEC.
During the trial, NEC was able to test a total of eight use cases for the university. This included visualization and monitoring of end-to-end network traffic in multi-vendor environments, dynamic route optimization based on application requirements, and central configuration of network switches across the campuses to apply new security measures.
In addition to configuring legacy switches and routers, the Japanese provider leveraged its SD-WAN controller to enable a single window to show network statistics and centralize the university’s security management.
Open Source-Based SD-WAN Security Common Platform
While NEC has other SD-WAN products, this is a platform based on legacy hardware that Masanori Tsujikawa, a senior expert in NEC’s global platform division, says “is a perfect entrance for those exploring SDN in the enterprise segment, and it works as a migration solution for other SDN solutions, although NEC does not focus on legacy devices.”
One problem that Tsujikawa and NEC saw with existing SD-WANs in the market is they were dedicated and product-based services.
“We know that there are huge market needs that those SD-WAN solutions can address, but it requires relatively large capex and longer time to deployment, especially for the brown field market because it usually requires some replacement or additional network devices,” said Tsujikawa. When looking at the small- and medium-sized enterprise customers in Southeast Asia, “we observed that there was another paradigm of SD-WAN as a potential market — it is the legacy-based SD-WAN which covers those heterogeneous network devices.”
NEC saw an opportunity for DevXOps — a discipline that is established to fill gaps left unaddressed by general DevOps practices — to help these customers. Tsujikawa said that DevXOps will be “the key criteria” for these customers, especially those with a limited budget.
The provider’s strategy is to combine open source, and its inherent transparency, alongside these DevXOps principles to make it a more approachable SD-WAN service.
“It is natural and straightforward for us to choose [an] open source-based framework. This also provides transparency in technology and reduces stress for existing operations and tech teams because it is not easy for them to utilize commercial ‘black-box technologies,’” said Tsujikawa.
The platform, as the name suggests, also includes security components such as end-point security automation, response, and recovery.
“SD-WAN is the best component to coordinate the cyber security automation and the end-point security response for all unmanaged IOT devices connected to the network,” said Tsujikawa. The platform and SD-WAN controller allows NEC to isolate infected devices and apply configuration changes to switches and routers on the fly.
And while the university was the first, NEC sees other applications for the technology outside of small- to medium-sized enterprises and universities that operate in multiple areas. Tsujikawa noted opportunities in infrastructure for 5G, such as network slicing, and nationwide government services, because it is composed of heterogeneous devices.
In order to bring in a component of open source, NEC leverages OpenMSA, an open modeling and simulation architecture. OpenMSA was formed by network automation company Ubique in 2018 as a way to present network management as microservices rather than as proprietary blocks. NEC is one of 50 contributors in this community.
OpenMSA applies DevOps principles so that networking and security engineers can create a design and model the desired features without having to learn development. It can be used for device configuration, service assurance, and management features.
According to Tsujikawa, the architecture, because it is vendor-agnostic can be used to control a wide variety of network equipment, including legacy equipment.
NEC customized the necessary modules in OpenMSA in order to complete the university’s trial. The provider designed and developed all the components needed for the SD-WAN.
It provides all the device plug-in modules, SD-WAN service modules, and workflow components running on the open architecture.