We are at Zenith Live at Heathrow this week to check out the latest Zscaler features and roadmap as well as to give them some grief on some of the issues we’ve had on customer implementations.
21/10/18 – SD-WAN Integration Training
Spending my Sunday configuring IPSec VPNs to Zscaler from Cisco Viptela and Riverbed SD-WAN appliances, now that’s dedication. I’m at the SD-WAN training session today to get a feel for other SD-WAN providers and see how they compare to VeloCloud.
Roadmap – Zscaler allows SD-WAN vendors to link in via API calls. Both Riverbed and VeloCloud should have this integration in Q1 2019. What does this give you? Well it means the VeloCloud Orchestrator can automatically configure the VPN Credentials and Location in the Zscaler admin portal using an API call. Another provisioning step automated.
Riverbed Lab
13:04 Brandon Carroll, Senior Technical Evangelist from Riverbed is up next. I’m excited to hear the visionary imaginearing he’s been doing in his role 😀 To be fair Riverbed are pushing SD-WAN hard, and so they should or they will fold with the WAN Optimisation market dying, if not already dead. Companies who have already invested in Riverbed will probably be looking at their platform but I can’t see why you would otherwise.
Initial thoughts, the Riverbed Steelhead Manager, which is the Riverbed Orchestrator, looks pretty good. Their network map shows all the sites status and the VPN tunnels between the sites, which is really neat when compared to the VeloCloud network map which is really basic and lacking info. The map might get messy on a large deployment but does look cool and handy to see established tunnels. The Zscaler configuration is very simple and you get a lot of information such as events and latency to the chosen Zen nodes. There is a balance here, the manager is rather cluttered and overwhelming with tabs and options, there is a lot going on but also a lot of useful information so it really depends on what you want. It looks very complicated in comparison to VeloCloud however I do wish VeloCloud had more information and stats.
The Riverbed lab was pretty good to get some hands on the Riverbed SD-WAN. Like VeloCloud it is very easy to connect to Zscaler. The dashboard is pretty slick to be fair (screenshot below).
Ok speaking to the evangelist, its starting to fall apart. The Riverbed solution is full mesh only or to the hub only. Now this means in full mesh mode the smallest site would need to connect to every site. So the hardware spec of your smallest site depends on how many sites you have so you may need a large appliance at a small site because you have so many sites/tunnels to support. That doesn’t seem very scalable for a large deployment. How much branch-to-branch traffic do you really have? Its only voice these days really so why not make it dynamic tunnels to reduce the overhead.
Cisco Viptela Lab
15:02 No representative from Cisco to push Viptela which is a shame but nonetheless we deep dive into Viptela configuration. If you want an SD-WAN solution which is pretty much the same as configuring a Cisco ISR router then this is for you. Personally I don’t see the point. One of the main goals of moving to SD-WAN is to simplify branch site administration and yes I know you can use templates but there are a lot of templates. If you need this type of granularity then maybe this is for you. Viptela is really aimed at Service Providers / Large Enterprises and it has the price tag to match. It is cool to see exactly what code is being pushed to the devices instead of just hitting a button and just hoping the magic happens as with VeloCloud and Riverbed and the Cisco geek in me loves to reminisce over DMVPN rollouts and CLI but I just don’t see it for SMBs or small to mid enterprises.
The integration with Zscaler was fairly easy but a lot more convoluted then VeloCloud and Riverbed. I had to create two feature templates and modify my routing feature template then bind to my device template. When you have more templates than devices the dynamic is wrong.
Network Jigsaw 