2023-11-05
1. Case summary
A well-known domestic automobile dealer group with nearly 200 dealership outlets and tens of thousands of employees in nearly 100 cities in China. With the continuous expansion of the scale of distribution outlets and the diversification of front-end business formats, the number of smart devices and the amount of network data have surged, and a large number of business systems have moved to the cloud, which requires continuous optimization of the cloud architecture. Therefore, in terms of network digitization, the dealership attaches great importance to data security and process experience, and hopes to make network data, services, and traceable faults
With many years of experience in customer service and project implementation, and NOVA Technology’s self-developed SD-WAN 2.0 service model that efficiently integrates “security + network”, NOVA Technology stands out from many manufacturers and becomes the car dealer’s leader first choice.
2. Deployment scenarios
With the help of NOVA Technology's self-developed SD-WAN 2.0, it helps customers optimize the original network architecture, improve security protection capabilities and network process experience, and provide strong support for rapid business expansion.
Based on NOVA Technology's self-developed SD-WAN 2.0 solution, customers integrate hierarchical networking including different levels of branch sites, dedicated lines and multiple Internet links, backbone and HS mode hybrid networking, and hybrid public cloud and offline data centers. Various modes such as cloud networking and on-demand interconnection at the core of the business can significantly reduce investment costs.
2.1 Requirements analysis
Site analysis: There are many types of customer sites, many branches, and wide distribution. Clarify one by one based on site type, geographical location, application and business logic.
Application analysis: Customer application systems are divided into users, dealers, internal synchronization, etc. NOVA Technology clarifies the requirements one by one based on application type and importance level, traffic direction, and network quality.
Security analysis: Combine user security policies and business needs to specify security policies for different site types and user groups.
2.2 System design
Based on the demand analysis results, combined with NOVA's years of experience in operating MPLS VPN and SD-WAN and the customer's existing network architecture. Comprehensive design of hierarchical SD-WAN architecture system, subdivided into: public cloud, data center, workplace, dealer, and dealer branch. There are five site types in total, corresponding to different SD-WAN networking architectures. The SD-WAN policy package for each type of site is templated through the NOVA SD-WAN cloud management platform.
Based on the security analysis results, combined with the actual situation, unified threat protection and user online behavior management including anti-virus, malware protection, DDoS protection, virus outbreak protection, and DNS security are set up for each type of site, and through the NanNOVACLOUD security management platform Template the security policy package for each type of site.
2.3 Sub-item design
Data center design: dual SD-WAN CPE and firewall, dual dedicated line SD-WAN and Internet SD-WAN are connected to the NOVAnet backbone network, with the highest hardware and link redundancy guaranteed;
Public cloud design: dual dedicated line cloud connections connected to the NOVAnet backbone network;
Workplace and dealer design: SD-WAN CPE and firewall configuration, dedicated line SD-WAN and Internet SD-WAN link redundancy design.
2.4 System integration
NOVA's self-developed SD-WAN and security products are uniformly used, combined with the NOVAnet backbone network as the SD-WAN transmission network architecture. And through SD-WAN CPE and customer LAN switch for IP routing connection and redundant physical link connection.
2.5 Construction, operation and maintenance
Through NOVA Technology's 7x24-hour one-stop network operation center, we provide customers with all-weather hotline and technical support.
Through the NOVA Technology Security Analysis Platform, we provide customers with 7x24-hour firewall security log recording, analysis, and alarm services, and provide customers with all-weather network security assurance and network security incident processing services.
Provide customers with web-based self-service SD-WAN and security operation management platform and regular security reporting services.
Connect with the customer at the API level of the IT operation and maintenance system, link the customer's Ticket system and the NOVA Technology ITSM system, and automatically forward the Case triggered by the customer's end user to the NOVA Technology ITSM system for processing.
3. Technical points
3.1 Overview of implementation plan
The purpose of the implementation plan is to first implement the data center, headquarters, and public cloud, then implement dealers and dealer branches, and divide dealers and dealer branches into areas based on provinces. Implement deployment strategies region by region with multiple concurrent deployments.
During the implementation of the project, we faced difficulties such as tight time (one month), wide area (stores are spread across many provinces across the country), heavy tasks (centralized launch requires high requirements for the implementation team), and high difficulty (involving multiple suppliers). Through NOVA Technology has implemented experience-based rolling and lean project management methods over the years to continuously conduct demand mining and project optimization based on actual conditions to ensure that projects are delivered on schedule with high quality.
3.2 Analysis of technical roadmap
SD-WAN has great potential for the enterprise and operator industries as a next-generation technology that comprehensively replaces traditional IPSecVPN and uniformly manages WAN resources such as dedicated lines and the Internet.
The SD-WAN controller is the brain of the entire system. Nowadays, many open source ones in the industry have many functions, complex deployment, and make extensive use of many other open source components. In fact, the learning curve is still relatively steep;
As the terminal of the system, SD-WAN CPE is deployed on the client side and is the entrance to business data. Although the entire ecosystem is niche, it is comprehensive and developed, with complete package management, excellent compilation system and support for most WI-FIs. SD-WAN CPE virtualization, referred to as vCPE, has two modes. One is virtualization based on Linux Image, which can run on various virtual machines; the other is a container-based model, which uses docker to run. Both vCPEs are used in certain special scenarios.
SD-WAN Gateway is the first stop for customer sites to access the NOVAnet backbone network through SD-WAN CPE. It can be understood as a small cloud computing center that can be based on tenants and customer application isolation networks within the tenant and built through the NOVAnet backbone network. Overlay transmission tunnels based on SD-WAN Gateways in different locations.
4. Application value
With the help of NOVA Technology's self-developed SD-WAN 2.0, the customer optimized the original network architecture to adapt to the customer's complex networking scenarios and high security requirements, and supported the setting of online behavior management policies based on Chinese habits, improving security protection. capabilities and network process experience, providing strong support for rapid business expansion.