SD-WAN

Enterprise SD-WAN

Branch WAN on Autopilot

Single WAN based inter-office connections alone (MPLS or VPN based) are not dynamic and therefore cannot react to performance fluctuations in the transport. Mushroom’s next generation SD-WAN takes BGP or OSPF based routing algorithms to the next level where packets can be steered around and away from network problems in real-time without requiring slow route updates. Special application centric VNFs (Virtual Network Functions) are leveraged to optimize paths on a per-packet basis automatically without any human intervention, keeping flows alive and performing even during brownouts or ISP blackouts.

Application Performance

Mushroom’s SD-WAN framework utilizes overlay IP tunnels that can monitor, remember, learn and react in real-time in order to shield network problems from the application layer. Services such as live video, VOIP, UC (Unified Communications), chatty applications, file transfers or any other types of specific application flows are mapped onto corresponding overlay tunnels. Since the overlay tunnels optimize according to the metrics that matter for the flow type (such as latency, throughput, jitter, packet loss etc.) reliability, predictability and overall performance of these services improve by orders of magnitude. Again, without requiring any human intervention.

Mushroom devices install transparently in pass-through between your existing network and existing modems. You can either replace your firewall with the Mushroom appliance or if you prefer, you can keep your existing firewall intact.

Centralized Cloud-based Management

Historically, networking gear has been difficult to install, manage and monitor, usually requiring “smart-hands” at the install location (i.e. having qualified IT personnel at the office that the appliance resides). Utilizing software defined techniques, we can separate the control plane and the data plane, and therefore create a centralized, cloud based controller that manages the end-points. This significantly simplifies large scale deployments of SD-WAN appliances.

In-depth Visibility and Telemetry

Information and logs collected with legacy monitoring methods are notoriously not actionable. Mushroom’s SD-WAN provides powerful in-depth time-series data that can be collected and processed in the background. The intelligence to optimize application performance is already designed into the overlay tunnels. Additionally, depending on the metrics that are targeted, in-band or out-of-band monitoring probes can be included to provide real-time, actionable intelligence from the network.

Instant Zero-touch Installation

Mushroom’s SD-WAN appliances can be configured via configuration templates ahead of shipment to provide zero touch installation at the install site. Further configuration changes can be done remotely. For locations with no wired Internet (such as delayed ISP turn-ups), Mushroom’s multi-sim LTE / 5G cellular bonding devices provide instant turn-ups.

Why Replace MPLS?

MPLS cannot route Internet traffic locally

Since MPLS transport doesn’t have layer 3 routing capabilities, the packets in and out of the branch offices need to go through the MPLS gateway at the service provider core. This means any type of traffic, including web surfing or traffic destined to public cloud will go through the expensive MPLS circuits just to connect to the Internet.

MPLS cost is high

Until recently, MPLS has been the only viable option to connect geographically distributed offices with low latency. However, the high cost per bit of MPLS compared to broadband Internet such as DSL, Cable, and Fiber, makes SD-WAN a better alternative. For gradual migrations, MPLS augmentation with SD-WAN offers better value compared to the expensive MPLS upgrades.

Single point of failure of MPLS

MPLS, even though advertised by carriers to have higher up-time, still are vulnerable to failures such as carrier caused technical problem. Since MPLS is primarily based on a single service provider and a single transport, it creates a single point of failure.

Long lead times and limited bandwidth

MPLS upgrades for higher bandwidth may not be possible in some cases, or otherwise might be cost prohibitive. The lead times for MPLS installation and upgrades can be impractically long, eliminating MPLS as on option.

Mushroom’s SD-WAN vs MPLS

Agile traffic management

Mushroom’s SD-WAN enables easy QoS and traffic management so that, if desired, Internet traffic can be routed locally without consuming the point-to-point tunnel from branch to the data-center or between branch offices. This significantly reduces the traffic that needs to go through the tunnels between branches.

Cost effective as MPLS augmentation

Since cost effective broadband Internet lines can be brought together with Mushroom’s SD-WAN, the overlay IP connectivity will have boosted QoS metrics. This creates a very attractive MPLS alternative to either augment existing MPLS or completely replace MPLS circuits at a significantly lower total cost of ownership.

Boosted reliability with high 9s uptime

With the availability of various carriers and service providers for the connectivity including MPLS, DSL, Cable, Fiber or even 3G, 4G, LTE, 5G wireless, office connectivity is no longer tied to a single point of failure. With Mushroom’s VNF tunnels, even on-going sessions will be kept alive during blackout or brownouts on any of the Internet connections.

Rapid rollout and installation

Installation and rollout of new locations can be completed within minutes, with drop shipping preconfigured units to the branch that is being brought up. The installation and lead times are orders of magnitude faster compared to MPLS. Mushroom’s multi-sim cellular SD-WAN appliances can be rolled out instantly for mobile or temporary offices.

VoIP and UC Performance

UC / VoIP moving to cloud

Some, or in some cases, all of the SBC and PBX functions are moving to private or public clouds. However, VoIP/SIP and Unified Communications (UC) traffic flows and the associated end-user experiences are prone to high latency, packet loss and jitter. ISP last mile problems, ISP core network congestion, or your own cross traffic can cause these types of latency sensitive services to suffer.

Cloud delivered VoIP/UC

Mushroom appliances can peer with each other to create a secure, encrypted multi-path (multi-WAN) VoIP Armor tunnel from your branch office to your private cloud or to the public clouds. VoIP Armor tunnel monitors all possible paths in real-time and steers VoIP/SIP and video conferencing packets around and away from network problems in real-time, to keep your real-time applications flows healthy with high end-user experience.

Elastic Static IP

VoIP Armor not only optimizes your last mile for your VoIP/SIP flows by leveraging the multi-path real-time packet steering, but it accomplishes this without dropping any of your on-going calls – even during WAN disconnects. Since Mushroom Relays (in your private cloud or in public cloud) have non-changing static IP addresses, your IP-PBX , as well as your office phones will be 100% shielded from network problems.

Cloud Performance

Public Clouds – SaaS

Your organization may be using applications such as CRM, ERP, email, UC (Unified Communications), file transfer/storage and countless others that are delivered as SaaS (Software-as-a-Service) over the WAN. Mushroom’s application specific overlay tunnels optimize your WAN and application performance, so that your team’s SaaS experience is flawless.

Private Clouds

Performance of the connectivity to your physical data-center is critically important if you are running workloads for your applications and services in your private cloud. Your branch’s WAN performance will determine how well your applications perform, especially for latency and bandwidth sensitive workloads. Mushroom’s overlay tunnels create high performance IP connectivity to your data-center for optimum performance and up-time.

Virtual Private Clouds – IaaS

Some of your workloads may be running in off-premise Virtual Private Clouds. IaaS (Infrastructure-as-a-Service) hosted in Amazon, Microsoft or Google Clouds heavily rely on the performance of the branch office WAN. Mushroom’s SD-WAN technology ensures optimum end-user experience for these virtual private cloud use cases by intelligently orchestrating your WAN links without requiring human intervention.

Traffic Management

Mushroom’s advanced yet flexible routing capabilities provide pinpoint granularity to route flows over desired paths. Tunnels and WAN links can be logically grouped into Virtual interfaces with load balancing and fail-over policies, working hand-in-hand with the advanced QoS (Quality of Service) capabilities that precisely fit your business requirements.

Security

Mushroom’s physical and virtual appliances are hardened and secured with the built-in firewall. The base firewall capabilities are included with every Mushroom appliance. Ongoing firmware updates ensure new security patches are applied to protect your network. With the optional Cloud Relay Service, Mushroom appliances connect to the Mushroom-operated Cloud Relays using multi-path overlay tunnels that support AES-128 and AES-256 encryption to protect against eavesdropping, tampering and message forgery, and leverage TLS 1.2 with SRP (Secure Remote Password) protocol authentication with protection against dictionary attacks. Cloud Relays are based on a secure network architecture with strict traffic flow policies. Comprehensive monitoring of inbound and outbound communications is done to detect threats such as Denial of Service (DoS), Distributed Denial of Service (DDoS), flooding, software/logic attacks, Man in the Middle (MITM) attacks, IP spoofing, port scanning and packet sniffing. Additionally, redundant telecommunication providers as well as additional capacity protect against the possibility of DoS attacks.

Additional Security Functions

Cloud delivered Next Generation FireWall (NGFW) and Unified Threat Management (UTM) services are available as VNF (Virtual Network Function) services that can be service-chained to your Mushroom Cloud Relay. Every workflow is moving to the cloud and so should your security perimeter in order to improve your security posture. Since your security infrastructure is managed by us in the cloud, there is nothing to update or upgrade. With Mushroom’s cloud delivered NGFW and UTM services, all the work is done in the cloud for you. Your office is connected to your Mushroom Cloud Relays with the secure encrypted tunnel and the security functions are delivered to you from the cloud. The Core Security Suite and Advanced Security Suites described below are available as additional add-ons.

Core Security Suite

Intrusion Prevention

IPS (Intrusion Prevention System) inspects your packets in real-time to identify known threats and malicious activities including SQL injection, spyware, buffer overflows and cross-site scripting from hourly updated new threat signatures.

Reputation based Threat Mitigation

Botnets and bad reputation URLs that are on various reputation lists that are dynamically updated on an on-going basis are instantly blocked, before they can become a threat to your network.

Web Content Filtering

With more than 100 types of content groups for http and https, allow or restrict URLs to block unwanted traffic in the cloud before it reaches your local network.

Gateway AntiVirus

Protects against known viruses, trojans, spyware, rogueware and worms with multi-layered signature-based and behavioral-based scanning. The signature set is dynamically updated and it leverages Machine Learning models.

Complete Security Suite Adds

Persistent Threat Blocker

Provides cloud based sandboxing of advanced persistent threats such as ransomware, zero-day threats and evolving malware that are designed to bypass traditional network security.

Data Loss Prevention

Protects confidential data transmission over email, web and FTP for over 30 file types with the built-in library of over 200 rules and compliance mandates such as PCI DSS and HIPAA and others for 18 countries.

Network Mapping

Detect all unauthorized hosts connected to your network with information such as OS version, open ports and protocols.

DNS Inspector

Scans DNS requests and filters against a list of known malicious DNS Sites. If the site is malicious, blocks access and warns users.

Application Control

Ability to block, allow or restrict over 1,700 applications with granular policies such as bandwidth throttles and per user/group/schedule policies in the cloud before it reaches your local network.

AntiSpam

State of the art real-time protection against spam and phishing attempts.

Intelligent AntiVirus

Protects against evolving zero day malware without requiring signatures but instead leverages Machine Learning based algorithms.

Threat Detect & Respond

Advanced algorithms correlate network and endpoint security events to detect and stop malware attacks.

Why Mushroom’s SD-WAN?

Application Centric Approach

Mushroom’s SD-WAN technology has an application centric technology at the core. This means flows can be identified and treated via the overlay tunnels that are designed to optimize that specific application. Application QoS requirements vary  and depend on factors such as throughput, packet-loss, latency, jitter and/or other factors. Such metrics as well as recorded historic performance metrics are used by the overlay tunnels to optimize application flows.

Automation at Every Level

One of the added values of SD-WAN architectures is based on automating the configuration and management of the end-points. However, being able to automate problem mitigation via setting the WAN networks on autopilot is unique to Mushroom’s SD-WAN. Advanced tunnels can automatically detect network conditions that can negatively affect a specific flow type and accordingly implement measures to route around the network problem in real-time without dropping on-going sessions.

Proven Track Record and Experience

Mushroom’s SD-WAN solutions have been deployed world-wide with the widest and largest portfolio of clients and use-cases in the sector. Mushroom’s solutions embed technologies that are perfected over the years with unique know-how and in-the-field experience that is unique in the industry.

VNF Design Studio

Mushroom’s SD-WAN solutions come with a built-in library of VNFs. However, for service providers and enterprises that would like to customize their overlay networks, Mushroom’s VNF Design Studio offers a drag-and-drop based UI to build or modify tunnels with ease. This shrinks the new service development and rollout cycle by orders of magnitude.