By Gary Taylor, Solutions Architect
With more enterprises adopting SD-WAN technology, SD-WAN vendor support can be a key to success. We break down the licensing of eight major SD-WAN vendors.
Whichever SD-WAN vendor you use, the way you deploy is essential to success. When you use Megaport Virtual Edge (MVE), Megaport’s on-demand Network Functions Virtualization (NFV) service, you’ll get compute to host the VNF functionality you require, and Megaport Internet for the management access you need – so you can deploy SD-WAN gateways, virtual routers, and virtual firewalls in minutes.
But the different licensing approaches of different SD-WAN vendors will change exactly how you deploy, including with MVE.
Let’s review the licensing approaches of each of Megaport’s partner SD-WAN vendors.
Cisco DNA Software for Catalyst SD-WAN comprises Cisco DNA Essentials and DNA Advantage, with Cisco DNA Premier license now discontinued.
In order to deploy Cisco SD-WAN using MVE, you can use the DNA Essentials license – although some features like “security” will need the DNA Advantage license. You can see Cisco’s full SD-WAN feature matrix here.
Cisco DNA licenses are categorized into network-stack licenses and DNA-stack add-on licenses. So for the Cisco 8000v Autonomous mode MVE, when you configure a network-stack license you will also need a corresponding DNA-stack add-on license.
It’s worth noting that if you just need routing functionality, then some features are only available within the DNA Advantage license (like “multicast”).
Existing Cisco customers would utilize their current DNA Advantage for installation of MVE. The terms for DNA Advantage are three, five, or seven years.
Please note the new Catalyst Routing Essentials license is only available on Cisco Catalyst 8200 and 8300 Platform Family devices, so isn’t applicable to MVE.
This Cisco guide provides a good overview of the SD-WAN and Routing nomenclature.
As a summary, if you wish to provision Cisco SD-WAN using Megaport, you simply choose the bandwidth needed, the term of the license, and which feature set is required between DNA Essentials and DNA Advantage.
The table below provides an overview of the throughput Mapping and Tiers for the Cisco 8000v platform. Throughput greater than 250 Mbps requires an HSECK9 license.
For more information, refer to the Cisco Catalyst 8000v edge software ordering guide.
For further details on how to deploy Megaport Virtual Edge using Cisco, visit our Docs Portal.
The Fortinet approach to FortiGate-VM licensing is simply based on the number of virtual CPUs configured in the applicable MVE service, as well as the relevant annual subscription licensing.
FortiGate-VM offers a perpetual licensing option (normal series and V-series) as well as an annual subscription option (S-series). Fortinet has also recently introduced a permanent trial mode with some limitations.
The SD-WAN components of FortiGate and FortiOS don’t need any additional licensing or bundles, but it’s still advised to procure the SD-WAN orchestrator license for easy deployment and management of your edge devices.
FortiOS does not have licensed RAM size restrictions and the entry level MVE includes 8 GB of RAM, so well above the recommended minimum of 2 GB RAM.
From an ordering point of view, you can choose:
ATP, UTP, and EP are bundles and include Forticare Premium Technical Support. Find more info on Fortigate Subscriptions and Bundles here.
For example, for a small MVE with 2 vCPUs, your options would be FG-VM02, FG-VM02V, or FG-VM02S.
The “V” suffix means no virtual domains (VDOMs) by default, and the “S” suffix means it’s a subscription-based license. If a license has no letter at the end, it’s a perpetual license.
For the perpetual or “V” license option, you would then choose the applicable additional security features like Intrusion Prevention System (IPS), antivirus, sandboxing, and others if required.
For further details on how to deploy Megaport Virtual Edge using Fortinet Fortigate, visit our Docs Portal.
Versa offers licenses based on feature set requirements, as well as the bandwidth that the specific device is allowed to consume. Each Versa Operating System (VOS) device that you deploy as customer-premises equipment (CPE) is associated with a license.
Like all vendors, the feature set on offer depends on the specific solution tier with more features increasing the cost of the license.
The breakdown is as follows, with each tier being cumulative:
In addition to the features needed, the license specifies the amount of bandwidth that can be used. Versa Networks measures bandwidth usage based on the WAN interface; for multiple WAN interfaces, bandwidth is aggregated.
Versa tracks the 95th percentile bandwidth usage, allowing the VOS CPE device to exceed the configured bandwidth 5% of the time.
Versa Networks provides stateful HA synchronization capabilities across active-standby clusters. For any tier you will need NGFW and UTM capabilities, including secure SD-WAN tiers. Bandwidth capacity must match the bandwidth capacity of the underlying SKU on a device. You can learn more in the Versa Docs Portal.
For further details on how to deploy Megaport Virtual Edge using Versa Secure SD-WAN, visit our Docs Portal.
Velocloud SD-WAN consists of globally distributed Cloud Gateways as well as Velocloud SD-WAN Edges. MVE hosts edge devices only.
The Velocloud Orchestrator management console is used to create an edge profile and edge device. You then apply this profile to your MVE.
VeloCloud SD-WAN Edge licensing consists of 4 components, namely:
Each component is summarized below:
Component | Supported Attributes |
|---|---|
Bandwidth | 10M, 30M, 50M, 100M, 200M, 350M, 500M, 750M, 1G, 2G, 5G, 10G |
Editions | Standard, Enterprise, Premium |
Region | North America, Europe Middle East and Africa, Latin America, Asia Pacific |
Term | 1 year, 3 years, 5 years |
Edge licensing allows a customer to link a software subscription to a specific Edge device.
Feature | Standard Subscription | Enterprise Subscription | Premium Subscription |
|---|---|---|---|
VeloCloud Orchestrator | ✅ | ✅ | ✅ |
Dynamic Multi-Path Optimization (DMPO) | ✅ | ✅ | ✅ |
Number of Edges supported | Unlimited | Unlimited | Unlimited |
Maximum number of data segments | 4 | 128 | 128 |
Maximum number of profiles | 4 | Unlimited | Unlimited |
Partner Gateway support | ✅ | ✅ | ✅ |
Virtual services orchestration for NGFW deployment on Edges | ✅ | ✅ | ✅ |
Routing support | BGP, OSPF | BGP, OSPF, Multicast | BGP, OSPF, Multicast |
Cloud Gateway to SaaS and Cloud Security Service (without tunneling) | ❌ | ❌ | ✅ |
Cloud Gateway to legacy DCs, IaaS, or Cloud Security Service via tunnels (non-SD-WAN destinations) | Add-on | Add-on | ✅ |
Enhanced Firewall Service (including IDS/IPS, URL Filtering, Malicious IP Filtering) | Add-on | Add-on | Add-on |
Hosted firewall logging | ✅ | ✅ | ✅ |
Security monitoring dashboard | ✅ | ✅ | ✅ |
Direct Edge to Internet/Cloud Security Service (BGP over IPsec) | ✅ | ✅ | ✅ |
Automated tunnel setup via API to IaaS or third-party Cloud Security Service | ❌ | From Edge | From Edge or Gateway |
PCI-certified service | Add-on | Add-on | Add-on |
Upgradeable to a Higher Edition | ✅ | ✅ | N/A |
Hub clustering | ✅ | ✅ | ✅ |
Gateways as Cloud VPN Hub | ❌ | ❌ | ✅ |
Auto VPN setup | Hub to Spoke | Hub to spoke plus dynamic B2B | Hub to spoke plus dynamic B2B |
Customizable business and security policy | ✅ | ✅ | ✅ |
Path visibility | Last-mile | Last-mile plus site-to-site | Last-mile plus site-to-site |
Wired/wireless/LAN/WAN analytics with Edge Intelligence | Add-on | Includes 1 node, additional nodes available as add-on | Includes 2 node, additional nodes available as add-on |
Edge Intelligence IoT operational assurance | Add-on | Add-on | Add-on |
PKI certificate management | Embedded certificate of authority (CA) | Embedded CA plus intermediate and external CA | Embedded CA plus intermediate and external CA |
Mixed editions | ✅ | ✅ | ✅ |
VMware VeloCloud provides the option for either Proof of Concept (POC) or Production Deployments.
If a customer wants to run a POC, then a POC license is available for this purpose with the following attributes:
Attribute | Description |
|---|---|
Bandwidth | 10G |
Editions | POC |
Region | North America, Europe Middle East and Africa, Latin America, Asia Pacific |
Term | 5 years |
When an Edge is deployed in a production environment, the license type assigned should align with the software subscription purchased. For example, if the subscription SKU NB-VC100M-PRE-HO-HG-L34S312P-C was purchased for use with the Edge being configured, the correct license type attributes as highlighted would be as follows:
For further details on how to deploy Megaport Virtual Edge using Velocloud SD-WAN, visit our Docs Portal.
Licensing for HPE Aruba EdgeConnect SD-WAN is purchased on a per-gateway basis with options as follows:
HPE Aruba provides three licensing tiers for EdgeConnect SD-WAN deployment: Foundation, Advanced, and On-Premises.
Foundation (AAS) | Advanced (AAS) | On-Premises | |
|---|---|---|---|
Bandwidth tiers | 3 tiers (100M, 1G, 10G) | 20M/50M/100M/200M/500M/1G/2G/Unlimited | 20M/50M/100M/200M/500M/1G/2G/Unlimited |
BIOs | 3 (RealTime, Critical and Default) | 7 | 7 |
Network segments/VRF | 2 (auto-enabled, default, and guest only) | 64 | 64 |
Routing | BGP, OSPF, Subnet sharing | BGP, OSPF, Subnet sharing | BGP, OSPF, Subnet sharing |
Mesh networking | No | Yes | Yes |
Multi-region topology | Max 4 regions, 4 hubs/region | Yes | Yes |
AppExpress | No (monitor only) | Yes (monitor and steer) | Yes (monitor and steer) |
Orchestrator | Cloud Orchestrator Foundation | Cloud Orchestrator Advanced | On-premises |
Orchestrator stats retention | 24h/7d/1mo (m/h/d) | 72h/14d/3mo | Custom |
The bandwidth licensing is based on cumulative bandwidth via the WAN port.
For further details on how to deploy Megaport Virtual Edge using HPE Aruba EdgeConnect SD-WAN, visit our Docs Portal.
Megaport offers two flavours of Palo Alto SD-WAN to cater for the branch office as well as the data center software model, both supported via MVE:
1. SD-WAN 310xv: for branch offices
2. SD-WAN 7108V: for data centers.
You can choose from one of the three options below for the branch subscription (per-device):
Bandwidth tiers are based on the maximum ingress and egress bandwidth per device. Beyond the S, M, and L license, you can still order the following bandwidth tiers:
This option also includes the zone based firewall (ZBFW) add-on.
The following optional add-on licenses are available for a device-based branch subscription:
1. Per-branch site subscription
Recommended for users with two or more devices per site or HA sites, and based on the following tiers:
Per-site licenses include ZBFW, DVR, and WCR in the list price.
2. Aggregate bandwidth subscription
This subscription provides the option to purchase an aggregate bandwidth quantity (in Mbps) that can be shared across all branch sites, including HA scenarios.
This includes the ZBFW, DVR, and WCR license add-ons.
All license options are from one year to five years.
A data center subscription is needed when deploying the MVE SD-WAN 7108V version on the Megaport platform. This covers the features needed for data center sites and supports throughput up to 3 Gbps using 8vCPUs.
For further details on how to deploy Megaport Virtual Edge using Palo Alto SD-WAN, visit our Docs Portal.
For the Palo Alto VM-Series MVEs, Megaport supports the Bring Your Own License (BYOL) model.
For PAN-OS versions >10.0.4, this can be delivered as either software NGFW credits (flexible vCPU) or as VM-Series Model (fixed vCPU) licenses.
Full details software NGFW credit options can be found here.
VM-Series Model licenses are available on all PAN-OS versions although greater features and flexible vCPUs are possible on version 10.04 and greater.
The fixed vCPU models and associated vCPU are covered as follows:
Security services and/or a Panorama deployment to manage the firewalls come at an additional cost.
For further details on how to deploy Megaport Virtual Edge using Palo Alto VM-Series, visit our Docs Portal.
6WIND VSR with Megaport’s MVE provides four licensed network functions:
To create an MVE, you need a Megaport Portal account with ordering permissions and a valid 6WIND license.
To obtain a trial 6WIND license, submit a request through the 6WIND VSR evaluation page, or contact 6WIND Sales, a reseller, or your Megaport Sales Representative.
For further details on how to deploy Megaport Virtual Edge using 6Wind VSR, visit our Docs Portal.
Aviatrix provides licensing to users on cloud providers for the customer IDs (licenses) that are needed to access the Aviatrix Cloud Network Controller and Aviatrix Cloud Network CoPilot.
This service also calculates Aviatrix bills based on usage. Full details on the required subscriptions per CSP are detailed here.
For further details on how to deploy Megaport Virtual Edge using Aviatrix, visit our Docs Portal.
Rarely does a one-size-fits-all approach work for a customer when it comes to deploying an SD-WAN solution. Many have different bandwidth, performance, features, and support requirements driven by various use cases for different business needs.
We hope this primer on the differences in licensing between major SD-WAN vendors helps you better understand the packages you’ll need to select to deploy MVE within your SD-WAN solutions and begin optimizing and modernizing your WAN to reduce operating costs, as well as improve network performance and security.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。