I'm trying to mentally process the feasibility of this scenario: One SD-WAN Head-end with multiple "customers" connecting to it.
(capacity may come into play such that I have multiple head-end devices, but there would still be multiple customers per head-end, so we'll keep the scenario one-to-many)
Hypothetical Backstory Context: I'm a device/service provider and my customers have their own networks but have to route my device/sensor data back to me from remote sites to be aggregated/processed. Currently all incoming customer data is whitelisted by IP (keeping it to only a few IPs per customer), meaning their multiple external-site data sources must be routed back to a central point before being sent my way.
Question at issue: Can I host a master head-end SD-WAN device(s) and have multiple customers' edge SD-WAN devices establish automagic dynamic VPN links back to it for the sensor data?
ie: Customers have the option to deploy edge devices of the same type as my selected head-end so they can talk directly to my head-end (for just the desired data) instead of having to route all that back through their own networks.
Security Concern: This must obviously not allow intra-customer traffic, but ACLs should cover that.
No comments:
Post a Comment