Episode Transcript:
John A.:
Hello PANCasters. Today, our special guest will talk about the Prisma SD-WAN On Premises Controller.
We have with us:
John Tzortzakakis from SASE Technical Marketing Engineering .
Welcome John, can you tell us a bit about yourself?
John T.:
Hi, I am John Tzortzakakis, and thank you for having me here today.
I am part of the SASE Product team, and my role is Senior Technical Marketing Engineer. I work closely with our product team, engineering, and marketing to promote and support the success of our SASE and, more specifically, our Prisma SD-WAN solutions.
I am based in Florida, USA, and I have been part of the Palo Alto Networks SASE team for over three years. My background is in Networking and cloud infrastructure, and I specialise in SASE and Network Security.
John A.:
Thank you, John. Let's dive right in. What is the Prisma SD-WAN OnPremises Controller, and why do we need it?
John T.:
The Prisma SD-WAN OnPremises Controller is a flexible and scalable solution that allows customers to deploy their SD-WAN networks in a way that gives them complete control over their network operations. It does away with 3rd party “cloud” and its related infra dependencies for absolutely mission-critical deployments where you want end-to-end control of their infrastructure without compromising on the quality of the solution.
The On-premise controller is for organisations with stringent regulatory and compliance requirements, and this covers verticals such as Banking, Financial Services, Insurance, and Government, including Defence. Interestingly, we are also seeing significant demand and interest from the Utilities vertical, which has the critical public infrastructure to protect, like water supply, electricity grid, sewage and also from Operational Technology (OT) verticals.
The solution is based on the architecture of our Cloud Controller offering, which offers expandable capacity and resilient deployment, but unlike cloud controller which is based in cloud, this on-premise controller infrastructure would be in customers’ own premises/data center and managed by them, and supports our Prisma SD-WAN ION Devices' complete lifecycle management.
John A.:
That sounds impressive. What are the benefits and advantages of using the Prisma SD-WAN OnPremises Controller?
John T.:
With the Prisma SD-WAN On-Premises Controller, organisations have complete control over their infrastructure, ensuring the highest level of data security and better compliance options.
The benefits start with, crucially, enhanced security. The ION device to either the Cloud or On-Premises controller communication is always secured via TLS, and devices utilise customer-specific certificates once onboarded on the network. If a customer has strict regulatory environments and wants to use private networks, the added benefit is that this secured communication can happen over those private or even air-gapped networks to the local controller, further reducing the attack surface.
Data Privacy is another area where on-premise controllers provide greater control over data privacy, ensuring compliance with regulations like GDPR, CCPA and more,
Another aspect touching data privacy is Data Residency, especially for organisations with strict data residency requirements, in the country/region, and the on-premise controller ensures that the data remains within their control and jurisdiction.
There are other benefits too, say for instance latency optimisation, organisations that have geographically dispersed sites can deploy on-prem controller at a site that has the most optimal latency for all the connected sites and also ensure optimal traffic routing not only between deployed Prisma SD-WAN ION appliances but also between these ION appliances to the controller.
And another important aspect is SLAs, with the customer in total control of the controller infrastructure and the levels of redundancy and failover, an on-premise controller helps ensure highest availability and minimal downtime.
John A.:
Great, thank you. What are some use cases for the Prisma SD-WAN OnPremises Controller, and how does the deployment work?
John T.:
The Prisma SD-WAN OnPremises Controller is ideal for organisations with specific regulatory requirements or those seeking to self-manage and fully control their SD-WAN network. The deployment is streamlined, with a user-friendly UI and support for Kubernetes-based scalable architecture, similar to our Cloud controller.
Customers deploy the Prisma SD-WAN OnPremises Controller at their own Data Centres, utilising their infrastructure. The architecture is similar to our Cloud Controller but tailored to the on-prem infrastructure requirements. For example, we support KVM and ESXi hypervisors, and there is inherent flexibility regarding the storage type.
We also support the Prisma SASE deployment model. The OnPremises controller can be part of our holistic single-vendor SASE solution, which unifies Prisma SD-WAN and Prisma Access networking and security services.
John A.:
Interesting! How does it compare to the Cloud controller, and how can customers decide which is best for them?
John T.:
In a nutshell, choose Prisma SD-WAN OnPremises Controller when:
- You require full control over infrastructure and data
- You need to meet specific security, regulatory, or compliance requirements
- You prefer a customised and controlled environment for latency and performance
Now, compared to our Cloud controller, there are some key differences:
- First, is about Control and Security: The Prisma SD-WAN OnPremises Controller requires more customer responsibilities and control over security. Meanwhile, the Cloud Controller relies on Palo Alto Networks and the cloud provider's measures.
- Second is availability and Scalability: Cloud Controller offers unlimited elasticity, while Prisma SD-WAN OnPremises Controller requires manual scaling by the customer.
- And the third is Cost: The Prisma SD-WAN OnPremises Controller has higher upfront costs, while the Cloud Controller follows an OpEx model.
John A.:
Talking about the cost, what is the licensing model?
John T.:
We use the Per-Device Licensing model, with a license required for each managed Prisma SD-WAN ION device. Currently, we do not charge extra for the Prisma SD-WAN OnPremises Controller. For us, this is just providing our customers with the flexibility of deployment and management.
John A.:
Thanks John. If I am a customer and decide to deploy the Prisma SD-WAN OnPremises Controller, how do I get started?
John T.:
Yes, it is a simple process to get started,
- First, you must order the Prisma SD-WAN ION devices, their licenses, and their subscriptions.
- Then, review the requirements to ensure you have the necessary hardware and infrastructure to support your network size. We support networks with hundreds to several thousands of ION devices.
- As an eligible customer, you can download the installer from the Palo Alto Networks Customer Support Portal (CSP) and install the Prisma SD-WAN OnPremises Controller using either our CLI or GUI Wizard workflow.
- Lastly, onboard your SD-WAN ION Devices.
At this stage, you can follow the same process to configure the devices, set up your sites similarly to the Cloud controller, and start monitoring your network with our built-in management portals. The beauty of the solution is that we utilise the same architecture as the Cloud controller. If you are familiar with installing and maintaining Prisma SD-WAN in the Cloud, it is easy for someone to start operating with the On-Premise option. Another benefit of this approach is that we rely on joint development cycles.
John A.:
With the built-in management portal you mean that the Prisma SD-WAN OnPremises Controller has built -in all that is needed to administer, manage, and operate my SD-WAN deployment? Is there any extra cost related to this option?
John T.:
Exactly! Everything is included at no extra cost. All you need is the SD-WAN ION licenses and subscriptions.
The Prisma SD-WAN OnPremises Controller comes with two management portals: the Operations portal and the Admin portal.
The Operations portal allows you to perform tasks related to the controller's underlying services, such as certificate management, device onboarding, health status monitoring, and more.
The Admin Portal offers a similar user experience to our Cloud offering and allows you to manage your SD-WAN network fully. In essence, if you know how to deploy, manage, and monitor Prisma SD-WAN with Strata Cloud Manager, you are ready to start with Admin Portal in Day1.
John A.:
Great! What's on the horizon for the Prisma SD-WAN On-Premises Controller?
John T.:
We're excited about our roadmap, which includes plans for even higher scale deployments, clustering, disaster recovery enhancements, and further scalability improvements. Nevertheless, we strive to offer the best user experience to both the administration and end users who connect and utilise our SD-WAN network solution.
John A.:
OK. So , John What is your last comment for our listeners?
John T.:
- If you are a Bank, Financial Services and Insurance or Government and Defense organisation.
- If you want to meet the regulatory and compliance requirements with flexibility.
- And if you wish to deploy and self-manage your SD-WAN solution on your infrastructure with a simplified operational environment, with unparalleled expandable capacity and resiliency,
Prisma SD-WAN OnPremises Controller is available today and don’t hesitate to contact your Palo Alto Networks representative for more details.
John A.:
Thank you so much, John for sharing the latest and greatest information on Prisma SD-WAN OnPremises Controller. For our PANCast™ listeners, as always, the transcript of this episode will be on live.paloaltonetworks.com, and you will also find links related to this episode.
Prisma SD-WAN