James Thew - Fotolia
Cato Networks adds 'identity awareness' to SD-WAN as a service
Cato Networks SD-WAN as a service was updated this week with identity-aware routing. The vendor claims identity awareness can simplify network operations and better meet business goals.
The concept of identity awareness in networking certainly isn't new. But, until recently, it's been more a vision than reality.
For those not familiar with the term, identity awareness is a fundamental change in networking, where traffic is directed based on user or device identity instead of the traditional IP address. Networking has been done this way for decades, but traditional routing uses network information to determine where and how to send packets, which often has little correlation to business goals.
Network professionals who want to better align the way networks function to meet business demands often have to use overlay networks, stack protocols or create some kind of custom configuration. While these methods can work, they add complexity to the network. Over time, that complexity can become so overwhelming that the network becomes rigid and brittle, which often results in simple changes taking months to complete -- followed by months of troubleshooting to fix what's broken.
Editor's note: Cato Networks is a client of ZK Research.
What identity awareness makes possible
Identity awareness significantly simplifies the network by abstracting policies that are related to users and devices from the underlying network. It makes the network easier to configure, change and manage, while maintaining the intent of business policies. For example, instead of applying quality of service (QoS) coarsely, identity awareness can be applied to specific users, so voice over IP (VoIP) calls to and from executives can be given higher priority than other calls.
This week, Cato Networks announced it added identity-aware routing to its SD-WAN-as-a-service product, Cato Cloud. Cato dynamically correlates Microsoft Active Directory information with the network and associates each packet flow with a user by tracking real-time AD logins.
According to Cato, adding identity awareness provides its SD-WAN-as-a-service customers with the following benefits:
- Business process-based QoS, where prioritization is done at a business-intent level instead of using network or application information. This enables network professions to create more granular QoS policies. The VoIP example above is a good example of business-focused QoS.
- Policy abstraction, where routing can be done by a specific business entity, including but not limited to department, team, username or device for IoT purposes. Abstracting the policies allows the policy to follow a user or device that moves, without needing to reconfigure the network.
- Business-level visibility into the activities of sites, groups, users and other entities. Visibility at this level can help with capacity planning, optimization and scaling the network.
In addition to identity awareness, Cato also introduced a number of enhancements to its SD-WAN as a service, including the following:
- Multisegment, policy-based routing to automate the selection of the optimal path at each segment in the journey, including first, middle and last mile. Cato applies specific optimization technologies on each segment to ensure the best possible performance across its network. Cato has a deep packet inspection engine that can detect and classify SaaS and enterprise apps without Secure Sockets Layer inspection to route them based on need.
- Real-time network analytics via a slick dashboard that shows network statistics, such as jitter, packet loss, latency, discarded packets and dropped indicators. This can be used to understand why certain applications might be performing suboptimally and help determine where to apply network optimization.
- Cost-effective high availability (HA) through a unique pricing model. Like all SD-WAN vendors, Cato offers an HA option, but doesn't carry an additional recurring charge. Cato supports a mix of configurations, such as active-active and active-passive for MPLS and internet connections.
- Intelligent last-mile resilience now includes flow-by-flow packet duplication and fast packet recovery to help with application resiliency. This is much more efficient than forward error correction, which can often bog the network down.
- Cloud and WAN optimization to reduce latency on the WAN or to select the best path to a public cloud service.
SD-WANs are maturing, and the value proposition should be about more than just cost savings. SD-WANs need to improve application performance, but also simplify operations. Cato added a number of enhancements to its Cato Cloud SD-WAN as a service to ensure optimized application performance, and the identity-aware networking simplifies operations by shifting the focus from bits and bytes to business metrics.