Palo Alto Networks is working with Alkira, a multi-cloud networking provider, to embed Palo Alto Networks VM-Series virtual firewalls into Alkira’s networking-as-a-service platform. This integration is designed to help enterprises rapidly deploy and secure multi-cloud networks.
We all recognize that cloud adoption continues to accelerate and shows no sign of slowing down. Enterprises are increasingly transitioning business-critical applications from on-premises data centers to a single or multiple public clouds and SaaS environments.
This transition to support digital transformation presents significant challenges for traditional network and network security IT architectures, which have neither adapted to the needs of the cloud nor historically operated in synergy with the cloud. All the causes of these challenges are too long to list but include knowledge gaps, disparate cloud capabilities and limits, costly over-provisioning (i.e. overspend), fragmented security controls and operational invisibility, to name but a few. New thinking and approaches are needed to ensure cloud adoption delivers timely, comprehensive and cost-effective solutions to business stakeholders.
Unshackling enterprise IT teams to deliver immediate business value through accelerated cloud adoption requires specific capabilities. In conversations with many enterprises, we consistently hear about the burning need for five cloud network infrastructure and network security services:
- Global network connectivity to and across clouds.
- Consistent and pervasive security model.
- Operational visibility.
- Simple provisioning.
- Cloud-friendly consumption model.
The collaboration of Palo Alto Networks and Alkira meets each of these enterprise-grade capabilities and more.
At the heart of this is an integration between Palo Alto Networks VM-Series virtual firewalls and the Alkira Cloud Services Exchange (Alkira CSX) unified multi-cloud network, which is delivered as a service. To meet cloud speed and agility, enterprises can now easily deploy a global multi-cloud network integrated with VM-Series virtual firewalls for end-to-end visibility and governance. The entire multi-cloud network is ready for use in minutes, thanks to an intuitive digital design canvas and one-click deployment.
Alkira CSX consists of a network of globally distributed Alkira Cloud Exchange Points (CXPs), which are virtual multi-cloud points of presence interconnected with high-bandwidth, low-latency cloud backbone. VM-Series virtual firewalls live and scale inside the Alkira CXPs – which, in turn, issue intent-based policies that allow enterprises to define traffic of interest for firewall inspection. To eliminate the need for configuring complicated routing domains or forcing network address translation (NAT), symmetric traffic steering simplifies proper stateful VM-Series operation in a single cloud location or across the entire cloud network.
As application volumes change, Alkira CSX makes intelligent decisions to autoscale the VM-Series virtual firewalls to accommodate increasing or decreasing capacity demand in realtime. Autoscale avoids provisioning for peak capacity; at the same time, it allows dynamic high firewall scale when needed. Alkira CSX works jointly with Palo Alto Networks Panorama to make sure that autoscaling VM-Series virtual firewalls are configured with consistent security policies.
The combination of Palo Alto Networks and Alkira helps make macro-level security consistent. This helps organizations that leverage the concept of security zones. For example, “Intranet” zone may be allowed to communicate with “Cloud” zone, while “DMZ” zone may not be allowed to communicate with “Cloud” zone. VM-Series virtual firewalls enforce advanced security policies to protect the allowed communications between zones with traffic content inspection, IPS, and malware analysis capabilities – and because Alkira CSX has full interoperability with VM-Series, enterprises can use Alkira CSX to maintain the same security architecture across their entire environment. This means IT security teams can design and enforce uniform zone-based security policies that stretches across on-prem, single cloud and multi-cloud environments to protect the following communication flows:
- Between on-premises environments and a single or multi-cloud.
- Between workloads in a single cloud or between workloads across multiple clouds.
- Between on-premises environments and SaaS/internet.
- Between cloud or multi-cloud environments and SaaS/internet.
- Cloud-DMZ with controlled inbound access from the internet to on-premises, cloud or multi-cloud environments.
When deploying this joint solution, enterprises have the flexibility to choose between pay-as-you-go (PAYG) and bring-your-own-license (BYOL) licensing models or leverage both at the same time.
Alkira CSX takes care of the entire lifecycle of the VM-Series virtual firewall, including provisioning, management, and monitoring, which are available through the Alkira CSX Portal and programmatically through the exposed REST APIs.
Using VM-Series virtual firewalls with Alkira Cloud Services Exchange provides enterprises the following key benefits:
- High-speed, low-latency global network to and across clouds.
- Uniform security policy across on-premises, cloud and multi-cloud environments.
- Horizontal firewall autoscale based on real-time capacity demand.
- Simple operations.
- One-click provisioning for network and firewall security capabilities.
- Pay-as-you-go (PAYG) and bring-your-own-license (BYOL) pricing models.
Learn more by downloading the Palo Alto Networks and Alkira Solution Brief. And be sure to check out this webinar: Palo Alto Networks and Alkira: New Approaches to Multi-Cloud Networking & Security.