Elevating SASE Availability with Multi-Cloud Redundancy on Prisma Access

Jun 01, 2022
5 minutes
... views

Welcome to our first installment of "Architecture Matters," a monthly blog series featuring Prisma SASE product engineers and their insights on the technology and innovation powering Prisma SASE products and services. Today, the team provides an in-depth look at the new multi-cloud redundancy capabilities available within Prisma Access. 

Palo Alto Networks helps organizations all over the world make the transition to Secure Access Service Edge (SASE) and Security Service Edge (SSE) with Prisma Access, our flagship cloud-delivered security platform. We purpose-built Prisma Access to solve the limitations of alternative approaches and provide customers with the industry’s most complete ZTNA 2.0 solution that delivers the best user experiences from a simple, unified product.

Prisma Access enables organizations to significantly reduce risk and securely connect all users to the applications they need, regardless of where they’re accessing the applications or which device they use. It provides a cloud-native single product made up of best-in-class security capabilities to secure hybrid enterprises and workforces, and it optimizes the user experience with dynamic scalability and maximum end-user performance. And today, with the updated dataplane, we are pleased to announce a new era of uptime and availability for our customers with Prisma Access Multi-Cloud Service Connection Redundancy. This new capability makes Prisma Access the industry's first multi-cloud redundancy solution for SASE.

Prisma Access is built in the cloud to secure at cloud scale, uniquely leveraging the combined infrastructures of Amazon Web Services (AWS) and Google Cloud Platform (GCP), the largest hyper-scale public clouds in the world. Prisma Access scales elastically across a multi-cloud network backbone that delivers low latency and the highest performance, backed by industry-leading SLAs to ensure a great digital experience for end-users. Now, Prisma Access expands the multi-cloud concept to build the first security fabric which provides resilience using a multi-cloud architecture.

We pioneered multi-regional redundancy for the same cloud providers with the Prisma Access version we launched in Jan 2022. Extending the same redundancy journey to today, Prisma Access can now configure redundancy across two different cloud providers.

With Prisma Access Multi-Cloud Redundancy:

  • One specific cloud outage, or even multi-regional outages in one cloud provider, will not impact customer operations.
  • Customers can now configure redundant connections across two cloud providers, such as AWS and GCP.

Use Cases

Prisma Access has employed a multi-cloud strategy from very early on. Most of Prisma Access’s capabilities are available from multiple cloud providers, which gives Prisma Access the flexibility to pick and choose the best cloud provider to serve your needs for any region in the world based on a combination of factors, including performance, availability, price, and adoption of new technologies. When you deploy Prisma Access Service Connections in a region, the service intelligently selects the best cloud provider for that region.

While deploying workloads in multiple regions within the same cloud provider does provide essential level of redundancy, it would not satisfy your needs in several use cases.

Use Case 1: Geolocation Constraints

Some customers such as banks or governments have restrictions that only permit deploying Prisma Access security processing nodes in a specific country or region. For these use cases, leveraging multiple cloud providers in the same region is the only way to provide redundancy against regional failures.

Use Case 2: Latency Issues

Many customers secure latency-sensitive applications using Prisma Access. However, unacceptable delays or latency can be introduced to an application due to an alternate path used through nearby regions within the same cloud provider. In such cases, leveraging multiple cloud providers in the same region would be the best way to provide redundancy when the preferred cloud provider's network is unstable or unavailable.

Use Case 3: Customer Choice and Flexibility

Some customers simply prefer to have more flexibility when it comes to how and where to provide redundancy. Utilizing multiple cloud providers allows our customers to make the best use of all available resources to optimize network traffic based on their needs.

With the latest version of Prisma Access, we can now address all of these use cases with our multi-cloud strategy and allow our customers to leverage multiple cloud providers simultaneously in any given region for improved redundancy.

Without multi-cloud redundancy support, competing providers could suffer from failures in their chosen cloud service provider or colocation facilities.

Seamless Redundancy Switchover Through Dynamic Routing

The Prisma Access service has the intelligence to evaluate and inform customers where their redundancy may be lacking, enabling multi-cloud customers through three simple steps.

  1. Review the redundancy status from the Prisma Access service
  2. Choose locations and cloud providers
  3. Define Prisma Access sites and active/backup redundancy schemes; deploy the redundant service connections

Prisma Access will take care of the rest and enable full multi-cloud redundancy.

In the following example, a Prisma Access customer with data sovereignty requirements can only deploy workloads in a specific region, but the customer also requires redundancy. In this scenario, the customer can deploy one active connection in the respective GCP location, and a backup connection in the equivalent AWS location. In case the active connection is impacted due to a regional or other cloud failure, the multi-cloud redundancy will be activated and network path recovery will complete within 60 seconds.

Check out our latest release notes and the administrator guide to learn more about multi-cloud redundancy with Prisma Access. Be sure to register for our ZTNA 2.0 virtual launch event on June 15 to learn more on how Prisma Access can help secure today’s hybrid enterprises and workforces.

The authors would like to thank Jenny Yuan, Shu Lin, and Rohit Mendiratta for their contribution to this article.


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.