A continuation from Jamie’s recent blog on Perspective on Workforce Productivity Through Current and Future Pandemics
After writing my perspective on workforce productivity through a pandemic, I thought it would be a nice follow-up to demonstrate what I had built and the logic that went into the final product.
In order to rapidly facilitate an enterprise quality edge solution, the design must meet the following enterprise security and operational requirements.
- Gateway requires Next-Generation Firewall (NGFW) capabilities
- Capability to configure and enforce policy set by the organization’s security department with granular permissions
- Solution should be VLAN capable as to segment home traffic from secure business traffic (this may be complex for home use but solution can be designed around this requirement)
- Device should be able to build dynamic VPN tunnels to company application head-ends
Ease of Installation
- Zero-touch provisioning to lower upfront costs and speed deployment
- Virtual appliance for head-ends (datacenter and cloud)
- Gateway must be multi-WAN capable
- Device should make real-time application routing decisions to provide superior end user experience for business-critical applications
- Device should be able to enforce local QoS to preserve sufficient bandwidth for business application and user
- Solution must have low capital and recurring expenses
- Solution must incorporate cloud orchestration to minimize operational expense
In my experience, the quickest way to get organizational buy-in for a solution is to start with security considerations in deciding on a platform. In this use-case, I chose Fortinet, a Gartner quadrant leader in NGFW that also happens to be a low-cost system. Most security organizations require user protection in the form of Antivirus, Intrusion Prevention System (IPS), Web / Email filtering, Data Leak Prevention (DLP), and Application Control. Extending these security profiles to the employee edge offers several benefits over agent-based or even cloud-based firewall solutions:
- Visibility to all traffic in/out of a home office including East <-> West traffic is imperative to stopping attacks at the source, as well as forensic analysis. East <-> West traffic is traffic that is destined for other corporate resources such as applications and file shares over your SDWAN tunnels.
- Agent based solutions such as antivirus and host-based intrusion detection systems (HIDS) only protect the system they are installed on and provide limited visibility and reporting.
- Cloud-based firewalls are built to protect the end user from internet facing sources (North <-> South traffic) but are not designed to protect company applications and file systems.
Recently, Fortinet matured their SDWAN feature set and included it free in FortiOS, the software behind the FortiGate Next-Generation Firewalls. These improvements include application-aware routing (AAR) and Forward-Error Correction (FEC) which provide options to greatly improve the user experience for critical applications.
Ease of Installation
The ability to direct-ship an appliance to an employee and remotely provision it is critical for a solution to be successful. FortiGate appliances can DHCP a WAN IP and connect through the free tier FortiGate cloud which redirects these appliances to the FortiManager orchestrator where they will be automatically provisioned with your corporate policies. In addition to the home FortiGate the Datacenter and Cloud FortiGates can be deployed with ease. If your organization has available Virtual Machine compute resources available, FortiGate VMs can be deployed without any physical labour or cabling.
Finally, in order to extend the edge to exponentially more locations than previously considered, the solution must be affordable. Of the NGFW based SDWAN solutions Fortinet is certainly the most cost-effective. Their multi-year bundles and powerful appliances give you more throughput per dollar than any other solution on the market. Also, of note, Fortinet includes SDWAN functionality at zero charge while many vendors charge based on aggregate internet link speeds. The cloud orchestration and zero-touch provisioning keep operational and capital expense charges down.
My Productivity Paradise Components
Chief Technology Officer
Globalgig Pugh co-founded Unified Scale which was acquired by Globalgig in early 2019. Pugh joined Globalgig as Chief Technology Officer, responsible for global technology, infrastructure strategy, network architecture, and product innovation. Pugh has over 25 years of experience in networking and information technology. Prior to Unified Scale, Pugh served as the Vice President of Network Engineering for One Source Networks (OSN) and leadership positions at OuterNet and Symbiot.