Would You Trust Anyone Other than Riverbed and VMware for Security in Your Network Service Chain?


Sure you would. You would potentially want to add Palo Alto Networks, CheckPoint Software, Fortinet, and maybe be a few others. How about running them all on the same box? You can do that too! Riverbed SteelFusion Edge allows you to run any virtual appliance on the same box.

What is SteelFusion Edge? SteelFusion is a Riverbed’s hyper-converged infrastructure solution that software-defines the branch office’s infrastructure. But it’s not just any hyper-converged infrastructure. It can be, but can do more than that! SteelFusion is the industry’s most secure and most resilient solution for a remote site. Why is that? 

Let’s start off with what a SteelFusion Edge is. The SteelFusion Edge Device is an appliance specifically designed for running in remote sites that decouples your compute from local storage. It allows services at the remote site to run locally, giving you local performance, while the full dataset resides in a central datacenter, whether it be on-premise in the company’s datacenter or in the cloud. Any data written to the SteelFusion Edge will be cached locally and written back to the centralized datacenter. With this design, production data for the remote sites reside in a central data center while branch office users are consuming the services at local performance. This solution reduces the impact of branch office IT disruption. The simplest analogy would be a cell phone. Your apps on the smart phone are running locally, but the data on it is in the cloud somewhere. This allows your smart phone to be disposable such that if you needed to replace it, all you had to do is just enter your credentials and your data would repopulate.

OK, so this makes branch office recovery easier but how does it make it secure and resilient?

Let’s start with resiliency. How does SteelFusion deliver business continuity that differentiates from other branch office solutions?

  • Faster disaster recovery time with instant provisioning. You can have a VM up and running in minutes for 1 to 100 remote sites in hours if not minutes. There’s no need to wait for the transfer of an entire OS image. With SteelFusion, you can power up a Windows 2012 VM over a 1.5Mbps link in less than 15 minutes.
  • Centralized data. All of your data is in a single location so that you do not have any data lingering at a remote site that’s not being backed up.
  • Data mobility. Instant recovery anywhere. The production data for the branch office resides in the data center. If a remote site needs to be recovered or if that environment needs to be brough up somewhere else, it’s coordinated and executed from the data center. For example, if there’s a volcano eruption in Honolulu, the same VM(s) can be projected to Hilo or London and powered up and running in hours if not minutes.
  • No local backup necessary. Since all data is centralized, backups can all be done in the data center or cloud which streamlines the backup processes for a company.

Wait … where’s the security?

I’m getting there. Data at rest security can be enabled on the box. If someone broke into the office and stole the box, it would it be difficult to access the data, right? Not only that—remember, what’s running on the SteelFusion Edge device is a cache. The box doesn’t have all the data. Data that hasn’t been used for a long time could have been evicted. Not only would it be difficult to get access to the encrypted data on the box, the data the thieves are looking for potentially isn’t even on the box!

Let’s expand on the resilience. Recovery isn’t resilience. There are many places where resilience can be built into a SteelFusion deployment.  We’ll start at the Edge. The SFED boxes can be put in HA mode such that local caches are replicated across the boxes and VMware ESXi nodes see them as a single array. With that, you can leverage the VMware features, Fault Tolerance and High Availability. What if you have a WAN outage? Services will continue to run from the local cache. Riverbed FusionSync, there are 2 SteelFusion cores in different data centers that will write your data to storage. If you lose a connection to one datacenter, the other will continue to accept writes. If you lose an entire data center, your data will still be safe.

To conclude, SteelFusion is unmatched as a hyper converged infrastructure box for your remote site. There is no other product on the market that can offer the same benefits.

  • Data Mobility/Resilience. The best others can offer that is even comparable is full replication. That does nothing for you if you want to move from one site to another i.e. Honolulu to Hilo. You’ll need to finish replicating full VMs before you can power them on. With SteelFusion, you can power them on in hours if not minutes.
  • Uniformity/Standardization. You can clone datastores and project them out to different remote sites. This guarantees that your VM templates are starting from the same base which could be policies, configuration settings, etc. 
  • Data consolidation. With all of your data centralized, you have an efficient backup strategy. All backups will be coming from a single place – the datacenter. There is no need to be trucking tapes from the remote sites to the datacenter.
  • Security.  Because the data you have running in the Edge is not necessarily a full dataset, not all data is available for the taking while online. If there’s a breach and someone is grabbing a lot of data, you should see a lot of traffic on the WAN, alerting you that something is happening. All of this is secured by data at rest for the blockstore.

Learn more about SteelFusion.

For information on running Palo Alto Networks Firewall on SteelFusion, read this: Running Palo Alto Networks Next Generation Firewall on SteelFusion

No Responses to “Would You Trust Anyone Other than Riverbed and VMware for Security in Your Network Service Chain?”

Leave a Reply

Your email address will not be published. Required fields are marked *