The term Secure Access Service Edge, short for SASE, was first showed in an analysis by Gartner in 2019. In concept, SASE is the simplified architecture which converges SD-WAN with network security, and delivers applications and services from cloud to edge. The rise of SASE is mainly contributed by the continuous momentum of edge, cloud-native and mobile computing. In the digitalized business world today, data is largely generated at the network edge and cloud, and thus applications have to be deployed where data is generated to minimize the latency and boost performance.
Forming SASE Architecture
The core of SASE is SD-WAN, but with the convergence of network security functions such as Cloud Secure Web Gateways, Firewall as a Service, VPN and data loss mitigation measures. It functions like a unified, agile cloud at the edge. In one aspect, SASE offers the agility and simplicity through software-defined traffic prioritization, load-balancing and WAN optimization. On the other hand, SASE moves the network security functions out of traditional on-premise equipments to the cloud and edge. In short, SASE converges SD-WAN architecture with multiple network security functions, and thus forms a unified, globally distributed network topology, particularly beneficial for enterprises with multiple locations.
With SASE, there is a new idea of networking node called Point of Presence (PoP). The emergence of PoP can be considered as an edge access point, usually deployed and dispersed as close to the users and applications as possible, so that users would be able to access to the edge service at the lowest possible latency.
Features of SASE
Converging WAN and network security
As mentioned, the core of SASE is SD-WAN converging virtualized network security functions to form a unified platform for IT management in global-scale enterprises to have a simplified and aggregated network topology.
Cloud-native networking
By converging WAN and network security, all applications can be delivered through cloud and edge, decoupling the functionality from on-premise hardware.
Globally-distributed PoPs
The emergence of SASE is largely due to the demands of mobile, edge and cloud computing from global-scale enterprises, with multiple sites worldwide. As discussed, SASE operates by the network nodes of PoPs to direct their applications as close to the users as possible, while lowering the latency for users to access the edge service.
Identify-driven
Identity-driven is perhaps the most essential feature of SASE, particularly in the security aspect. SASE offers the capability of attaching “identity” towards a source of connection, a connection device, a user or a branch. Thus, security policy can be implemented based on identity. In fact, the characteristics of the identity, such as time and location, are all in real-time communications.
Recommended Hardware
With SASE, IT management can be simplified and unified into a single platform to manage and control all the distributed branches. Therefore, SASE requires a high-compute hardware to run SD-WAN and all the virtualized security functions on top of the WAN architecture. For instance, Lanner’s The NCA-5710, a 1U rackmount white-box server designed for traffic optimization and virtualized network security, is powered by 2nd Generation Intel® Xeon® Processor Scalable Family, twelve 288-pin DDR4 DIMM sockets and multiple networking I/Os to offer the bandwidth and throughput required for SASE. In addition, NCA-5710 is built in with Intel® QuickAssist engine to accelerate security functions.