VoltMesh’s Secure Networking provides connectivity and security services for your applications running on the Edge, Private Clouds or Public Clouds. This simplifies the deployment and configuration of connectivity and security services for your Multi-Cloud and Edge Cloud deployment needs across heterogeneous environments. Operation teams configure and monitor their site deployments using the VoltConsole SaaS. This allows for a centrally managed, but globally distributed data plane of connectivity and security networking services.
Connectivity services range from high performance and scale-out data plane forwarding, Routing protocols, SD-WAN functionality, topology customization and secure using VPN, SNAT, proxy, local-breakout, etc. Security features from IP firewall and access-list support, service filtering using HTTP/HTTPS and custom protocols, isolation of networks and applications with VRFs. End to end system observability is provided using the VoltMesh & VoltStack observability.
It’s out of the “box” ready and when Volterra Node or Cluster is deployed. Using VoltConsole users can enable VoltMesh or VoltStack services. Upgrading to premium connectivity with Volterra’s Global Backbone services using VoltMesh Direct Connect can be found in our Secure Backbone offering.
If you are interested in further details of how the features described in this guide work, read more below in Concepts.
Intro to VoltMesh Secure Networking
With all Volterra Node or Cluster deployments, you’ll have the ability to leverage other VoltMesh and VoltStack services as a simple add-on. This section discusses specifically the VoltMesh Secure Networking features.
VoltMesh Secure Networking Features
Zero Touch Provisioning
- Seamless Volterra site registration using secure site credentials with Volterra provided Cloud instances or edge hardware (Volterra or Customer provided) Hardware or customer provided COTS or Cloud Instances. Additional details can be found in the VoltStack Distributed Infrastructure Management.
Routing & SD-WAN
- Support for flexible deployments such as default gateway, local breakout, router-on-a-stick. Connectivity options such as Direct, SNAT, Forward Proxy. WAN protocols such as BGP for VIP advertisement, IP switching/routing, Policy Based Routing, etc.
- For various enterprise deployments, we support Site to Site (Full Mesh), Hub & Spoke using VoltMesh or On-prem, Local Breakout using L3 (SNAT) or L7 (Forward Proxy).
VPN over IPsec/SSL
- All topologies (Full Mesh, Hub & Spoke) are configured between Volterra Sites are secure using VPN over encrypted technologies such as IPsec/SSL.
Isolation of networks physically, logically and virtually
- Connectivity isolation and security using multiple physical and logical network Interfaces associated with a per-tenant virtual network (also known as VRFs - Virtual Routing and Forwarding). Virtual Networks can be configured with local or global scopes to complement site topology deployments as another layer of security.
- In-line URL inspection of different hosts accessed for any traffic originating from a Volterra Site, URL filtering, and URL/host observability.
Network Firewall and security policies
- Network access lists and firewall policy allows filtering based on IP addresses. Security policy using Forward Proxy allows for URL filtering and other matching criteria provided by the service policy framework.
High Availability and Clustering
- Volterra Nodes can be configured as a Volterra Clusters for scale-out infrastructure providing increased capacity and high availability. For more details, you can refer to Distributed Infrastructure Management.
The following concepts are used for VoltMesh Secure Networking features. Click on each one to learn more:
- Site Registration
- Site Connectivity
- Virtual Site
- Network Interface
- Virtual Network
- Network Connector
- Network Firewall
The following How-to guides are examples of enabling various VoltMesh Secure Networking features: