Cloud WAN, a fully managed, dependable, and secure solution for enterprise wide area network (WAN) designs, was unveiled last week at Google Cloud Next 25. It is based on Google’s planet-scale network. Starting with NCC Gateway, a new regionally managed spoke of Network Connectivity Centre (NCC) that incorporates cloud-native security services, Google Cloud launch a series of in-depth analyses of the products that underpin Cloud WAN. The first of these will be third-party security service edge (SSE) solutions.
The rise of SaaS and remote work has made it difficult to secure the new hybrid workforce. Actually, a lot of businesses continue to utilize different security stacks for remote and on-premises users. A typical strategy for on-premise installations, particularly for branches and campuses, is to adopt a colocation-based architecture, where user traffic is secured by firewalls and traffic is aggregated in a colo by regional branches utilizing SD-WAN headends or VPN concentrators. However, SSE is frequently used by distant users to connect, which leads to uneven security enforcement procedures for both on-premises and remote users.
It should go without saying that security administrators may find it difficult to manage distinct solutions for remote user access to public and private apps and on-premises user access.
For users and apps running on-premises
- Organisations continue to utilise firewalls to safeguard access to both public and private applications since there is no effective, scalable, or economical method of sending aggregated traffic from a colocation site to SSE. This leads to expensive infrastructure improvements, drawn-out onboarding procedures, and complicated settings.
- Colocation facilities must size their firewalls for high availability and peak capacity, which raises the total cost of ownership (TCO).
Remote users
- Inconsistencies between the security postures of on-premises and distant users are caused by disparate security strategies used by SSE and colocation firewalls.
- There is a significant overhead when using application connectors or VPN tunnels to access cloud resources remotely. Higher latency for distant users is the result of these connections’ performance restrictions and the operational difficulty of overseeing several tunnels.
Simpler, cloud-delivered security without the intricacy of conventional on-premise routing is required in the cloud-first age. Crucially, companies want a unified, cloud-native security strategy that offers uniform controls and rules for all users and applications across cloud, on-premises, and SaaS environments. The first significant cloud solution to provide controlled integration of security service edge (SSE) for customers accessing both public and private applications is Cloud WAN with NCC Gateway. By integrating with SSE solutions like as Broadcom Cloud SWG and Palo Alto Networks Prisma Access, NCC Gateway gives businesses a simplified method of protecting their dispersed workforce and apps with the supplier of their choice.
What is NCC Gateway?
Google Cloud’s Network Connectivity Centre has long offered enterprises overseeing intricate hybrid and multi-cloud setups a streamlined, uniform management experience driven by Google’s extensive global infrastructure. Google Cloud is now excited to present NCC Gateway, an advancement that raises the bar for security.
Imagine having a single security solution that protects all of your users, regardless of where they are or how they connect, be it over the public internet, Cloud VPN, SD-WAN, or Cloud Interconnect. Secure access to your private, public, and Google Cloud APIs is now possible throughout your whole distributed infrastructure with NCC Gateway’s controlled integration of third-party SSE.
By doing away with the hassles of conventional IPSec tunnel administration and traffic shaping, NCC Gateway facilitates quick branch location onboarding and aids in performance optimization for high-bandwidth applications. In order to reduce latency and improve user experience overall, this guarantees that user traffic is safely routed via the selected SSE stack while preserving privacy and integrity within Google Cloud’s private network.
Important use cases
NCC Gateway streamlines network security and improves performance in the following three important use cases:
Streamlined, high-bandwidth on-ramp for branch users
For branch users connecting via 10 or 100 Gbps Cloud Interconnect, NCC Gateway offers a high-performance on-ramp, which is a significant enhancement over single-gigabit IPsec tunnels. This guarantees high-throughput, dedicated connectivity for the best possible application performance. Traffic is then effectively directed to private apps via the Google backbone, to public applications on the internet, or to applications in other clouds via Cross-Cloud Interconnect after SSE analysis.
High-performance, private off-ramp to private applications for remote users
Third-party SSE stacks are directly integrated into Google Cloud’s private backbone via NCC Gateway. In addition to improving efficiency, this eliminates the requirement for internet-based encryption while preserving integrity and privacy. Customers may use Cross-Cloud Interconnect, which is supported by a SLA, to get private connectivity with dedicated bandwidth for apps that are operating in other clouds.
Internet access for protected applications
In addition to delivering simplified multi-gigabit onboarding with little configuration, NCC Gateway offers a unified secure internet gateway for users and applications that are on-premises or in other clouds, doing away with complicated tunnel management and facilitating quick, safe implementation. Google’s Premium Tier network routes data to the most advantageous peering site for internet-bound SaaS traffic, ensuring safe and efficient access.
Key benefits of Cloud WAN with NCC Gateway
There are several benefits of adding NCC Gateway to Cloud WAN:
Unified security posture
Reduce the attack surface and improve your security posture by combining your security stack. With your chosen SSE provider, NCC Gateway provides a consistent security experience for all users, irrespective of location or device, by enforcing consistent ingress and egress security over Cloud WAN.
A better experience with the application
Using its premium backbone and native encryption, provide a better user experience with reduced latency for private and SaaS apps. Performance on the cloud wide area network (WAN) can be up to 40% better than on the public internet.
Reduced expenses
Simplify multi-cloud connectivity and switch to a consumption-based approach to save a lot of money. When compared to a customer-managed WAN solution, cloud WAN offers a total cost of ownership (TCO) reduction of up to 40%.
