Private Networks & MPLS
Could your business operations improve with Blaze Networks?
Blaze Private Networks
A private network is a highly secured wide area network (WAN). It links multiple geographically dispersed locations together with no limitations, offering rich, uninterruptable data and application availability across all locations within the private network.
Reflecting Blaze’s strong focus on cybersecurity, a Blaze private network has only one highly available entry point into the customer’s network from the public internet. This entry point is secured with advanced gateway technology from leading security manufacturer Fortinet. Customers who utilise the private network benefit by concentrating their security investment in this area. This reduces budget requirements and the customer’s PCI DSS security scope significantly as well as drastically reducing the customer attack surface. Ultimately this offers clients better security than traditional based firewall and SD-WAN products which route across the public internet.
For example, if a customer links one thousand geographically dispersed locations together with traditional VPN technology there are one thousand entry points into the customer’s network from the public internet. Aside from the added security vulnerability, all 1,000 of these locations is in scope for compliancy and security risk assessment due to this direct connection to the public internet. With a Blaze private network there is only one entry point, no matter how many locations the customer brings into the private network solution.
Technical Product Overview
Blaze Networks’ Blaze Private Core Network is built utilising Enterprise CISCO core routing equipment and Fortinet‘s unified threat management platforms. The customers’ routers first authenticate to Blaze Networks radius server, then the connection is passed to the customer’s virtual routing and forwarding (VRF) area or dedicated equipment.
Each router, at each geographical dispersed location, connects in the same way, building a fully routed or ‘hub and spoke’ network utilizing complete private IP addressing. For example, a customer with two hundred locations is allocated an address range of 10.100.0.0/16 supporting 254 geographical locations with 250 hosts under each individual site location.
Unlike traditional VPN technologies, the Blaze private network does not route information over the public internet. The VRF area is given a default gateway of the enterprise FortiGate firewalls. For hardware dedicated customers, the Cisco equipment is given a default route to dedicated FortiGate firewalls. The Firewall controls all Internet-bound communications offering the very best security approach for large infrastructures. The customer’s head office is connected to a dedicated VRF, giving separation from the branches but with firewall policies making head office services available to all geographically dispersed locations.
As well as the customer’s head office services being made available to the private network, customers who have transitioned to cloud services hosted in Microsoft’s Azure, AWS or Microsoft 365 can benefit from private links that do not run over the public internet. Blaze use Microsoft Azure ExpressRoute to connect customer directly into their Azure infrastructure or AWS direct connect to achieve the same into AWS. Blaze Networks’ core infrastructure uses interconnects or direct peering with leading content providers and corporations such as Microsoft, offering the fastest path available to internet-based SaaS solutions by reducing the number of physical hops between the private network infrastructure and the customer’s infrastructure. For a more complete technical overview, quotation or to see how the private network can be implemented for you, please arrange a meeting by contacting us.
Secure control over internet resource
Due to the Blaze private network having one highly available secure entry point to the public internet, internet access policies to external services such as credit card bureaus and in-cloud services such as Microsoft 365 can be implemented across all locations with ease, reducing administration and compliancy penetration testing areas.
Additionally, the customer cyber-attack surface is reduced meaning there is less chance of the customer’s infrastructure being compromised because less is exposed.
The private network also utilises FortiGate’s Unified Threat Management (UTM), which includes a secure content filtering platform that implements the customer’s internet policies in all areas from one centralised location, again reducing administration and complexity of the network.
For more information or a demonstration on Fortinet UTM please contact us.
Remote access and controlled third party communications
The complication of controlling access into large network infrastructures is solved in all cases by utilising Blaze Networks’ remote access solution Blaze SA (Secure Access). Remote employees (sales forces, home workers) can access the network through a secure web-based remote access portal that enforces the customer’s access policies. Third party companies that require access to the system can also gain restricted entry as required by the customer. This type of remote access offers two factor authentication (2FA) into the private network, meeting all compliancy standards.
Covering all eventualities with a proactive support approach
Blaze Networks’ service desk teams actively monitor all connectivity and services on the customer’s Private network 24/7. Monitoring reporting change control, incident management, and Sys logging are all achieved via the Blaze fully compliant and audited management network that connects our service desk and systems to our customers networks.
Whats Up is the market leader in infrastructure monitoring and is the key to Blaze Networks proactive support approach. The customer is given full access to the monitoring platform offering feature rich reporting on all elements of the private network infrastructure.
When issues arise, alerts are automatically triggered, and both the service desk team and customer are notified in real time via email SMS or on-screen alerts.
Blaze service level agreements are of a high standard offering response times in as little as 30 minutes for a critically impacted site. These type of response times are unmatched by most service providers.
All service requests are entered into the service desk ticketing system that automatically notifies the customer of how the request is being dealt with from creation to closure. The customer has access to the ticketing platform so they can raise technical faults if required and report on Blaze Networks technical activity within the private network.
Could your business operations improve with Blaze Networks?
In doing so, Blaze have access to a vast array of products that allow us to overcome our customers’ business challenges and requirements.
Blaze is a Microsoft Gold Partner and Tier 1 Microsoft CSP Partner. We specialise in Microsoft 365 (including Teams and Teams Phone System), in Microsoft On-Premise and Hosted / Cloud Infrastructure, and enable businesses to continue their digital evolution by fully exploiting the latest capabilities of Microsoft products as they evolve.
Blaze is a Managed Secure Solutions Provider (MSSP) Partner of Fortinet, a global industry leader in the supply of secure networking infrastructure systems. Fortinet are our technology partner of choice when building customer-specific Private SD-WANs. A Leader in several of Gartner’s Magic Quadrants, Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.
Veeam is a highly respected leader in cloud-based backup and recovery software, data protection and advanced monitoring in the data centre. We have combined Veeam technology with our highly secure Blaze Cloud™ infrastructure to produce BlazeVault™, a highly dependable, secure, and resource-efficient solution which will keep downtime to an absolute minimum in the event of data loss in operational systems or ransomware attack.
Bitdefender is a global cybersecurity leader protecting over 500 million systems through OEM technology partnerships, including with many global IT companies. Tests show it is unmatched in Attack Prevention. Based on Bitdefender technology, Blaze Endpoint Protection hardens endpoints to prevent malware and malicious attacks, and it provides the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls.
Cisco has long been the world’s pre-eminent network systems vendor, particularly for technology used at the core of major corporate networks and the internet. In addition to using Cisco equipment within our customers’ private networks, Blaze incorporates Cisco technology into the heart of our own network operations; the Blaze Private Core Network is built utilising Enterprise-class CISCO core routing equipment.