Hello, and welcome to the Intel Telco Cloud Academy. This lesson is on Secure Access Service Edge solutions for network transformation. In this course, we will be discussing some of the recent trends and transformations and enterprise network security, how changes across the globe have driven a necessity for Cloud security development and how Intel is leading the way. The course material will cover an introduction to Secure Access Service Edge or SASE and why you might use it. We will take a look at the SASE architecture and delivery models. Finally, we will cover how Intel enables this transformation, Intel ingredients for network security and broader ecosystem support available. By the end of this lesson, you should be able to explain how enterprises are shifting focus on SASE, and what needs are driving the change. You should get an understanding on how Intel is actively driving this change and finally, you should have an idea of the next steps you can take to benefit from this shift. Let's begin by discussing what SASE is and why you might use it. Traditional enterprise branch offices are complex, they require multiple physical appliances with each appliance installed and maintained locally. The wind connection must be ordered from the local service provider, and once provisioned must be monitored for SLA compliance, much of this is done manually. As a result, trained and networking and security staff may be required on-premises. In a traditional hub and spoke configuration, each branch office is connected to the data center via MPLS, which can be expensive. Connectivity to the Cloud is provided through a centralized firewall in the datacenter, meaning that branch offices must use their datacenter way and connections to access the Cloud. This architecture can lead to high CapEx and OpEx as well as slow response times to onboard new services and apps, which may result in a poor quality experience. The datacenter firewall becomes a bottleneck as apps and services now move to the public Cloud. This model also does not scale well when enterprise resources are expanding from on-prem datacenters to the Cloud. With large portions of the workforce now working remotely, this in turn creates an even stronger need for a different solution. As remote workers need to connect to Cloud and enterprise services from anywhere. Enterprises have had to rethink the way security is enforced, and security providers have had to evolve how they deliver their services. This is where the Secure Access Service Edge offering comes in. With data and workloads spread among remote users and Cloud services, a decentralized approach provides organization's security and risk mitigation using the public Cloud. Here you see an example of this with remote users connecting two Cloud resources through various points of presence, rather than routing traffic through the central data center. Branch offices and other locations may still use the wind to connect to the headquarters, but remote users benefit from the distributed model. It decreases latency for the user, and decreases the need for more bandwidth at the central office. However, you still need to ensure that security protocols are enforced. Either the service provider or the enterprise must provide security at the points of presence, most often in the form of firewalls. Transformation of the edge for network and security is determined by the growth of the distributed edge around quality of service, latency, and how expensive it was to move data to the Cloud and back. What you see here is just a snapshot of what the distributed edge comprises from a functional standpoint. On the left, you see the Enterprise Edge that would have people working from home, a branch office, the actual enterprise, the corporate office, all of which connect to a central location called the point of presence, through access, which can be SD-WAN. You have quality of service, routing, and load balancing happening at the access point. On the other end, it's connecting to the services, a Cloud service or a datacenter. Right in the middle, you have all of these services that are delivered out of the point of presence. You see the 5G control plane, content delivery network, and a slew of security services. This is what is happening and what the Edge now looks like from a network and network security standpoint. Edge locations provide lower latency and higher bandwidth to end users. It's ideal for security services, because you can then ensure that you are able to protect the services without having to transport all of the connections back onto the corporate office, for security enforcement. This saves on latency, gaining flexibility, and the ability to ensure all traffic maintains conformance with your security policies. Now, let's look at some of the challenges, Secure Access Service Edge solves. Processing data at the edge close to its point of origin, enables low-latency apps and services, while also reducing backhaul bandwidth costs. Enterprise architects must meet the following challenges when designing Edge computing solutions. First, they must provide robust, scalable compute at remote locations, including demanding Edge workloads such as AI, deep learning, and analytics. They must also protect the expanded attack service created by distributed services and work from home scenarios that operate outside any network perimeter. Finally, they must deliver a Cloud native implementation that supports transformation with ease of use and agility through Cloud access at the Edge. Secure Access Service Edge solve security challenges through the convergence of wide area networking and security as a service. SASE capabilities are delivered as a service based upon the identity of the entity in real time, while enterprise security policies continuously assess risks and trust throughout the sessions. This enables remote work and the use of Cloud-based services by shifting the point of security policy enforcement away from the corporate network and applying it wherever users are located. SASE gives IT the necessary tools needed to connect and secure employees and corporate and Cloud data-center resources while allowing scalable and flexible, secure when connections for employees, while streamlining operations and reducing the necessity for complex support. The SASE model consolidates network and security into a Cloud delivered service that is fast, reliable, and software defined, which essentially means it's a combination of network as a service and security as a service. SASE provides constant network monitoring that reveals the performance of dataflow, including remote data streams distributed across virtualized Cloud environments and data centers. High core and per core performance ensures that remote workloads have reliable, optimized computational throughput with agility, flexibility, and to excellent return on investment. Additionally, platform level security enhancements helped to protect highly distributed data while in use by using Intel software guard extensions, hardened execution enclaves, and memory encryption. Now that networks are expanding into remote areas, they are also connecting using an ever-growing variety of communications technologies. SASE enables more people to connect to the network reliably and securely, replacing hub-and-spoke topologies with multi-cloud ones that embrace modern approaches such as microservices and DevOps. This is accomplished with the compact power efficient system on a chip platform with integrated accelerators and Ethernet, with networking accelerated by remote Direct Memory Access and dynamic device personalization enabled. With SASE, organizations eliminate the disjointed model of physical and virtual appliances from numerous vendors. Thus eliminating the cost of miscellaneous appliances and reducing the cost associated with unneeded network complexity. Accelerated AI inference using Intel deep learning boost, which eliminate unneeded precision in calculations so they can be completed more quickly. Encryption and compression acceleration also helped to reduce the workload overhead with enhanced Intel AES and I and integrated Intel QuickAssist technology. SASE enables hyper scalability and elasticity within the wind infrastructure. Traditional hub-and-spoke and point-to-point solutions require excess time and resources to scale up and down, whereas a Cloud-based SASE solution minimizes the IT load and streamlines provisioning times. SASE gives IT the necessary tools needed to connect and secure employees corporate and Cloud data-center resources. While allowing scalable and flexible, secure way and connections to streamline operations and reduce the necessity for complex support. Now that you have learned about some of the advantages to using SASE, continue to the next video to learn more about the architecture and delivery models.
