Cato Extends Self-Healing High Availability

Cato Extends Self-Healing, End-to-End for Enterprise SD-WANs

  • October 17, 2018

With hurricane season upon us, IT already has too many examples of the importance of high availability planning. But building in local redundancy isn’t enough when floods or hurricanes hit. You need to think through the multiple layers of failover across the entire networking and security infrastructure. Yes, that’s usually going to require hours of extensive testing and specialized skills to be done right.

Which is why Cato is enriching the self-healing capabilities of Cato Cloud. Rather than global enterprises having to think about every possible networking failover scenario, Cato Cloud now heals itself end-to-end, ensuring service continuity. We’ve fully converged self-healing into our security and networking cloud platform for follow-the-network security rules. We’ve also extended Cato Cloud datacenter support with a new SD-WAN device, the Cato Socket X1700. (Dive deep into Cato’s self-healing capabilities and high availability architecture in this whitepaper.)

Digital Transformation Relies On Network Stability

Both introductions are incredibly important, particularly as organizations undergo digital transformation. The network has truly become the computer. Without a stable, consistent networking experience process re-engineering, digital transformation, and IT efforts to bring value to the business would be impossible.

But as so many of you have told us, delivering an always-on network is far from easy. With traditional enterprises, all edge appliances needed for connectivity, from SD-WAN appliances to supporting security devices, must be made redundant. With each appliance pair, recurring costs grow for the additional equipment.

There are also significant operational costs involved to ensure HA works. It’s not just a matter of guaranteeing connectivity in the face of a blackout or component failure. Every appliance pair must be tested alone and with the rest of the HA measures built into your IT infrastructure. Otherwise, you’re likely to find that despite connectivity, users are still unable to access a service or application resource due to a failure to update policies in the security infrastructure or some other aspect of the network.

With the shift to the Internet and SD-WAN, network designers must also consider alternate pathing between locations and how to compensate for the unpredictable Internet in their global network. What happens if that flood or hurricane hits your provider’s facilities? Have you planned for secondary failover? Tertiary failover?

Cato Cloud: The Self-Healing SD-WAN

Self-healing capabilities of Cato Cloud eliminate the complexity of high availability planning. The network ensures service continuity by remediating network failures, updating the security infrastructure, and adapting workflows according to business priority. Edge device failure, network transport failure, failover to a disaster recovery site, moving apps between datacenters or cloud providers and more — Cato Self-Healing SD-WAN solves network problems without requiring IT intervention.

Cato does this on several levels. Even before today’s announcement, Cato Cloud replaces the myriad of appliances, VNFs, and standalone services complicating HA configuration with a single processing software engine for routing, optimizing, and securing all WAN and Internet traffic. The processing engine is fully maintained by Cato and distributed across a cloud-scale global network of points of presence (PoPs). With a “thin-edge,” there are fewer devices to fail or require HA design, improving uptime.

In addition, Cato is announcing an enhancement that allows Cato’s security rules to change dynamically with the network. Typically, as workloads move between locations or applications failover to disaster recovery sites, IT must manually update policies in firewalls and other security or networking appliances. With follow-the-network security rules, Cato’s self-healing algorithms use enhanced BGP capabilities to detect new IP ranges and automatically update all relevant policies for zero-touch service continuity. All of which guarantees that when the connectivity is restored, outdated security rules won’t break the application service.

Cato is also introducing a new SD-WAN device, the X1700 Socket, for large datacenters. The rackable device comes with redundant power supplies and hot-swappable hard drives. Like the X1500, Cato’s branch SD-WAN device, the X1700 comes with HA for no additional recurring charge.

Self Healing Across All Four Networking Tiers

In total, Cato Cloud monitors, discovers problems, reconfigures, and adapts all four tiers of the enterprise network — device, site, region, and global —  in real-time:

  • Device — The X1700 Socket protects datacenters against the most common component failures.
  • Site — All Cato Sockets can be configured in HA mode. If a primary Socket fails, the standby Socket automatically takes over. Cato also creates an overlay across multiple last-mile services, protecting the site from a blackout or brownout in any one last-mile service. The HA capability is included in the service at no extra recurring cost.
  • Regional — Cato Sockets automatically connect through encrypted tunnels to the nearest Cato PoP. Cato PoPs contain multiple compute nodes running Cato’s fully-distributed software stack. Should a compute node fail, the SD-WAN tunnels will automatically move to an available compute node in the same PoP. Should a Cato PoP become unreachable, the Cato Sockets automatically rehome their tunnels to the next closest PoP. Should the secondary PoP become unreachable, Cato Sockets will continue looking for available PoPs.
  • Global — Cato PoP are interconnected by Cato’s SLA-backed global network, eliminating the unpredictability of the Internet core. The Cato Cloud network is comprised of an overlay between Cato PoPs across multiple tier-1, SLA-backed carriers. The Cato PoPs monitor the carriers in real-time for network performance, selecting the optimum network for every packet. Should one carrier fail or experience a brownout, traffic is automatically routed across alternate carriers, and possibly through alternate Cato PoPs, giving the Cato Cloud network far better availability than anyone underlying carrier.

To learn more about Cato’s Self-Healing SD-WAN and how Cato improves uptime across tiers of the global networks, read our in-depth whitepaper here.

Dave Greenfield

Dave Greenfield

Dave is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.

More Posts - Website

Dave Greenfield

Author: Dave Greenfield

Dave is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.