SD-WAN/SASE SOLUTION
What started out as no more than a connectivity request from an insurance company turned into a comprehensive SD-WAN/SASE project, with the integration of SD-WAN and security features into the network architecture model. During negotiations for the renewal of VPN connections for the company’s branches, it became apparent that the company would benefit immensely from converting the network to SD-WAN – including gaining cloud-based security. As a result, Sunrise Business implemented a complete SD-WAN/SASE project including cloud connection as a managed service.
With the contracts expiring, an insurance company’s existing MPLS network of VPN connections at locations throughout Switzerland was up for renewal in 2021. At the time, the network was being operated by a third-party provider. Since the insurer was already using Internet lines from UPC Business and Mobile solutions from Sunrise, the request was submitted to the now-merged company Sunrise UPC.
«Initially, it was just a quotation for new VPN or Internet connections,» says Gerhard Schiess, Head of Strategic Accounts Central at Sunrise Business. But during in-depth discussions on the needs, goals and future plans of the company, it quickly became clear to the Sunrise Business experts that moving away from the rigid MPLS network to SD-WAN would bring great benefits. So, instead of simply offering the requested solution, the project team proposed implementing the network via SD-WAN.
The insurance company is a major health- and accident-insurance provider in Switzerland. It has agents at several locations and is active throughout Switzerland. The product portfolio includes insurance for both private and corporate customers.
For the customer, the initial focus was primarily on meeting two needs: The company should be able to use more cloud services and the new solution should be cost-effective. In the course of the evaluation, it became clear that they also wanted a full-service provider, so that the internal teams would be able to focus more on their business and further develop the digitization of services for their end customers.
The discussion showed that an SD-WAN infrastructure best met the insurer’s requirements and so was considerably better than the continued use of a classic VPN solution. Digitization has had a major impact on the insurance industry in recent years. Therefore, at the time, the customer was also undergoing a process of transformation. The SD-WAN architecture, with all its advantages, strongly supports the company’s digitization goals. In particular, the flexibility, the future-oriented approach and improved possibilities for cloud connection led to the decision to connect the entire branch network via SD-WAN and to secure the network transitions – the edges – with a security solution.
SASE from Cisco is particularly suitable for this. Secure Access Service Edge (SASE) is a network architecture that combines SD-WAN capabilities with security features, such as DNS security, secure web gateways (Proxy), firewalls, and cloud access security broker (CASB). These security features are provided via the cloud and offered by Sunrise Business as a service. «All SASE services are always up to date. This ensures that the entire company network is operated in a secure, agile and optimum way at all times, and the customer doesn’t need to worry about updates,» explains Christian Etter, SD-WAN expert and Senior Strategic Account Manager at Sunrise Business.
The experts from Sunrise Business addressed the customer’s specific needs right at the very start. «We had long meetings, asked a lot of questions to understand the customer’s needs and were able to come up with an optimal solution for the customer,» recalls Christian Etter. After choosing SD-WAN, the customer was faced with the question of «make or buy?». Since the insurance company has a strong IT department with the relevant expertise, it was quite conceivable to do it in-house. However, since the insurer’s core business already involved several digitization projects, the company’s resources were focused on those projects and so the network solution was ultimately entrusted to the expertise of Sunrise Business. Sunrise Business has extensive SD-WAN experience, which it used to develop an optimal solution design with SASE and to offer a complete managed SD-WAN and security solution from a single source.
The customer has a fully managed service from Sunrise Business with SD-WAN, a security solution and connectivity at all locations, as well as connection to the Microsoft Azure cloud using dedicated connections via Cloud Interconnect.
The SD-WAN solution was implemented with Cisco SD-WAN (formerly Cisco Viptela). The customer requested a great deal of flexibility for the future design of the network. This included the possibility of integrating several VRFs (virtual routing and forwarding) into the network for varied application data, connection topologies and data prioritization. This was possible with Cisco SD-WAN. The result was homogeneous integration of all branches into SD-WAN, providing the insurance company with a complete overview and transparency over its network activities via the dashboard. The network components, VRFs and security features are managed centrally. The customer has delegated responsibility for the management of the service components to Sunrise Business and can view the details via the dashboard at any time.
Since a local Internet breakout was planned at the locations (Internet traffic is separated from the WAN and routed locally – with the advantage that the WAN does not have Internet traffic and can be optimized in terms of bandwidth), the individual connections had to be protected accordingly. «The customer had developed their own security concept, which we were able to implement very well with SASE from Cisco,» says Christian Etter. The security solution mets the needs of the insurance company. «With the Cisco one-stop-shop SD-WAN solution with SASE, the customer receives all the tech and security components perfectly aligned from a single source,» explains Christian Etter.
For business applications, the customer chose proactively managed Internet connections, that offer a dedicated and guaranteed high bandwidth, are well protected thanks to active monitoring, and offer a high level of reliability. All SD-WAN locations have a redundant wireline or mobile connection.
Products and services
Technology: Cisco SD-WAN (formerly Cisco Viptela) in combination with classic business VPN
Sunrise Business manages all connections. A central dashboard provides the customer with a clear overview of the SD-WAN connections.
«The customer put the entire networking solution, including security, into our hands. Sunrise Business would like to thank them for the high degree of trust they have placed in us,» says Christian Etter. The project was structured and efficiently planned and implemented. There was close cooperation between the customer’s project teams and Sunrise Business. The rollout also had to be planned carefully and the migrations well-coordinated. The schedule was dictated by the deadlines for transferring insurance policies at the end of the year. «It was clear from the beginning of the project that it wouldn’t be possible to work on the network during this time, so that the customer could continue their day-to-day business without restrictions during this important business phase,» explains Christian Etter.
As a result, the schedule was strictly aligned with this date and the project was implemented very quickly, in about six months. Christian Etter is satisfied with the outcome: «The cooperation went according to plan and all the deadlines were met. We benefited from our experience with previous SD-WAN projects, and once again learned a lot for future SD-WAN and SASE projects.»
By carefully considering the customer’s requirements and using the right expertise, Sunrise Business managed to develop an optimal package of solutions. The result is an effective SD-WAN infrastructure for the customer, one that includes security, management, data and control levels (overlay) as well as the transport level (underlay) and Cloud Interconnect. «In hindsight, it turned out to be the right approach, not only to offer the connectivity as requested but – rather unconventionally – to keep asking questions, to rethink things and to explore which path the company would like to take in the future,» says Christian Etter.
The flexibility of the SD-WAN network architecture allows for continuous expansion and further development, so that the complete SD-WAN/SASE solution can go on growing. Follow-up projects have already been initiated. «For example, Sunrise Business outsourced the customer’s data center and also integrated it into the network.» Thanks to the new solution, the insurance company is ready for the future – including connection to the cloud and the ongoing digital transformation in the insurance industry.