Edge Deployment Model for Private Access

Description

SonicWall Cloud Secure Edge offers two edge deployment models for access to your organization’s private resources - Self-hosted Private Edge and Global Edge.

In most cases, your SonicWall org will be provisioned so you can use one or both deployment models. Review the notes below so you can use the appropriate deployment model for access to your private resources.

Note that Cloud Secure Edge’s control plane - the Cloud Command Center - is always delivered as a cloud Software-As-A-Service (SaaS) offering.

Self-hosted Private Edge #

In the Self-hosted Private Edge deployment model, an organization deploys the Access Tier on a server with a public IP address that can be reached from the internet in the data centers or cloud clusters where corporate resources are hosted.

Edge Deployment - Self-hosted Private Edge

Global Edge #

In the Global Edge Network deployment model, an organization uses Access Tiers that SonicWall Cloud Secure Edge hosts in its Global Edge Network. The organization deploys the Connector on a server that can dial out to the internet in the data centers and cloud clusters where corporate resources are hosted. The Connector then establishes secure tunnels to the Access Tiers on the Global Edge Network.

Edge Deployment - Global Edge Network

Choosing an Edge Deployment Model #

In both deployment models, admins define Policies and Services via the Cloud Command Center, and end user traffic flows through the Access Tier, which enforces zero-trust policies. However, the following differences can be considered when choosing a deployment model:

Global Edge advantages #

The Global Edge deployment model uses an outbound Connector inside the org’s private network to connect to SonicWall-managed Access Tiers on SonicWall’s Global Edge Network. Since, in this case, SonicWall manages the policy enforcement component (i.e., the Access Tiers), fewer upgrades and management costs are required on the organization’s behalf.

  • Fewer upgrades and management costs
  • Global points of presence to ensure low latency and reliable connections
  • Simpler set-up (does not require ports to be opened; does not require creation of DNS records)

Self-hosted Private Edge advantages #

Organizations who want to own the data plane (i.e., they want device traffic to private resources to route through servers that they own and manage) can opt for the Self-hosted Private Edge deployment model. In this model, Access Tiers are deployed on the organization’s private servers, in data centers where the org’s corporate resources are also hosted.

  • Ability to own the data plane (i.e., the Access Tiers)
  • Ability to manage upgrades of the Access Tiers
  • Ability to use dedicated IP addresses for ingress/egress traffic flows

Related Articles

  • How to Reach a Destination Behind an Existing Tunnel Interface VPN from a Banyan User Connected via Cloud Secure Edge (CSE).
    Read More
  • Authorization Error: Unregistered user device with email
    Read More
  • CSE provisioning never completes when MySonicWall Company name does not start with a letter
    Read More

Categories

Cloud Secure Edge
not finding your answers?
Ask the Community