Asahi Kasei has built a next-generation WAN environment with a view to accelerating digitalization and realizing a zero trust network. Net One Systems supported the construction. It has been in operation at each base since January, and is scheduled to be used by about 30,000 domestic group companies at more than 300 bases in Japan.
Overview of next-generation WAN environment This is composed of SD-WAN and Secure Internet Gateway (SIG), and realizes a safe and convenient business environment centered on the Internet. It is positioned in Phase 1 of the “Zero Trust Network”, which aims to break away from “boundary defense” and achieve both digitalization centered on the Internet and a secure business environment. It consists of a combination of the SD-WAN solution “VMware SD-WAN by VeloCloud” and the SIG service “Palo Alto Networks Prisma Access”. For cloud communications, we have realized an “Internet breakout” that connects directly to the cloud, which has been confirmed to be secure, via the Internet without going through a closed network, improving the speed of experience. For Internet communication, we first connected to the SIG on the Internet without going through a closed network, and comprehensively applied the next-generation firewall function to enhance the security of external communication. For communication for in-house systems, we connected to the in-house data center via the closed network as before, and optimized investment by excluding communication for the cloud / Internet and leaving a margin in the closed network. In cost optimization, we were able to save billing costs by excluding cloud communications by combining a pay-as-you-go SIG service based on traffic and Internet breakout. In addition, because the architecture does not depend on a specific Internet line, an appropriate telecommunications carrier can be selected in consideration of cost performance. By reducing the amount of communication on the expensive closed network, it became possible to solve the problem at low cost by increasing the utilization rate of the Internet and expanding the Internet side even when the bandwidth is insufficient. On the operational side, it has become possible to visualize / control communication contents such as applications used and bandwidth consumption at the head office / bases, and in the event of a system trouble, it has become possible to isolate the cause including the WAN. Furthermore, by monitoring the daily communication status and controlling the communication according to the usage tendency, the perceived speed is improved. In the future, Asahi Kasei will degenerate or abolish the closed network as Phase 2 of the “Zero Trust Network”, and aim to create an environment where operations can be carried out equally safely and conveniently on the Internet, both in-house, on the go, and in telework.