Seamless Service Provider Network Attach with Prisma SASE

We are thrilled to announce that Prisma SASE now supports an innovative new pathway for our service provider (SP) partners that enables seamless network attach and deep network integration with their core and transport networks. SP partners can now offer significantly more differentiated SASE offerings that are inherently integrated with their connectivity infrastructure and internet services to their enterprise customers.

This solution has been successfully trialed with select global Tier-1 SP partners in limited release and is ready to launch at scale in the near future.

This capability builds on our Prisma SASE for MSPs, a scalable multi-tenant cloud management solution to fast track enterprise digital transformation with managed SASE services.

Benefits for Service Provider Managed Enterprise Organizations

Figure 1: Benefit trifecta for enterprise organizations

Organizations can now benefit from AI-powered Prisma SASE, the industry’s most complete SASE solution, offered as a managed service, powered by the SP’s scalable and reliable networks. Some of the compelling benefits are:

• One simplified offering from the SP that includes connectivity + SASE managed by an intuitive multi-tenant cloud management portal
• Industry’s best SASE solution with AI operations (AIOps)-driven Autonomous Digital Experience Management (ADEM) that is backed by SP operator SLAs
• End-to-end Zero Trust Network Access (ZTNA) 2.0 security policy with comprehensive visibility into the transport network for branches, cloud and data center
• Improved network reliability with no dependency on the transit carrier and associated unknowns (link congestion, incorrect peering) resulting in increase in overall productivity and uptime
• Expansion of cloud-delivered ZTNA 2.0 security for network intensive, low latency, and high bandwidth applications and use-cases
• Simplified SP connectivity for seamless on-ramp into public and hybrid cloud deployments for customers with multi cloud strategy

Differentiation for Service Providers

Service providers can now fully leverage their network infrastructure and expand by offering a seamless and compelling “network attached” ZTNA 2.0-powered SASE stack for all their internet, MPLS and SD-WAN customers. This enables opportunity for massive top-line business growth by augmenting SASE offers in conjunction with their core managed security services (MSS) and connectivity portfolio. In addition, they can drive easy upsell of advanced security services (SWG, DLP, NG-CASB) and Next-Generation SD-WAN centric innovations.

Some additional benefits are:

• Seamless onboarding, activation and management of interconnects along with end enterprise customer tenants
• Advanced digital experience management (ADEM, AIOps)
• Reduced time-to-market and time-to-service
• Reduced operational costs and better QoS powered by their Network SLAs

SP Interconnect Core Functionality Explained

Global Tier-1 SP partners have connectivity across multiple countries and geo-locations. For such global partners, Prisma SASE supports interconnects across the majority of the Prisma Access world-wide compute locations. Selection of locations for interconnects are jointly collaborated with the SP’s connectivity team and based on multiple factors, including:

• PoP location and proximity
• Tele-traffic engineering for modeling bandwidth based on user and branch traffic patterns
• End-to-end performance and economics based on cost models

The figure below shows a high level representation of interconnects established in multiple geo-locations with a global SP.

Figure 2: Prisma SASE SP Interconnect with a global SP partner across regions

Regional Tier-1 Service Providers typically have their own connectivity infrastructure specific to their focus countries and regions. Prisma SASE provides the flexibility to on-board interconnects with multiple Service Providers on a location/region basis. This allows multiple SP partners to establish seamless interconnects for their respective networks. Prisma SASE provides complete multi-tenant separation across SP’s that maintains complete traffic isolation and routing of SP’s Managed customer traffic only on that particular SP’s transport network.

Figure below depicts this functionality where multiple interconnects are established with different regional SP partners across regions.

Figure 3: Prisma SASE SP Interconnect with regional SP partners

In addition, there can be multiple Service Providers in a specific geo-region and location. Prisma SASE also provides the flexibility to establish interconnects with multiple SP partners in a single region/location.

Importantly, intelligent traffic routing ensures a particular SP’s managed customer traffic is exclusively routed back to only their network.

Figure below depicts this functionality where multiple SP partners have established interconnects in a single Prisma Access region or location.

Figure 4: Prisma SASE SP Interconnect with multiple SP partners in a single region

An important benefit to highlight is that the SP Interconnect solution seamlessly co-exists with our existing Prisma Access Zero Trust backbone connectivity that is powered by hyperscalers. This flexibility is controlled at per tenant or per customer basis.

This provides massive flexibility to our SP partners to leverage their network backbones in appropriate regions while relying on Prisma SASE cloud fabric for regions where they do not have or may not choose to leverage their connectivity infrastructure. The SP Interconnect does not impact the direct enterprise customer in any fashion. For existing Palo Alto Networks SASE customers their traffic continues to stay on the hyperscaler backbone as currently supported.

Some of the key functionality available across the product and service lifecycle are grouped into the following three categories: 1) setup and install; 2) seamless routing and traffic management; and 3) unified management and digital experience management.

1. Setup & Install

An intuitive in-product on-boarding and setup process to establish and monitor interconnects regionally or globally

• SP Interconnects can be established globally across world-wide SP locations and PoPs
• Ability to enable/disable interconnects on a per region basis
• Ability to establish multiple high bandwidth interconnects (of upto 50 Gbps per VLAN attachment)
• Ability for dynamic “on the fly” bandwidth adjustments based on real-time traffic patterns
• Flexibility to support multiple SP partners per region

2. Seamless Routing and Traffic Management

• Seamless IP assignment to users with flexibility to offer SP assigned IPs to end devices (public or private)
• Seamless route advertisements and route management using BGP peering
• All “clean” traffic after security processing by Prisma Access now stays on the SP Network end-to-end
• Flexibility for the SP to control traffic routing to the end destination (www, private DC or public SaaS applications)
• Flexibility for the SP to apply traffic shaping and optimal routing policies as defined by their connectivity infrastructure
• Flexibility for the SP to leverage hyperscaler backbones in regions where Interconnects are not setup for a variety of reasons

3. Unified Management and Digital Experience Management

• A unified cloud management portal for SP Admins to manage interconnects globally with rich insights into traffic patterns, trends, bandwidth usage and performance of the backbone
• Rich telemetry powered by SP network KPIs that provide comprehensive end-to-end digital experience management
• A unified cloud management portal for SP Admins to manage thousands of end customer tenants providing single pane of glass for transport and network performance, threat landscape, security posture and vulnerability management
• Comprehensive alerting and monitoring capabilities for troubleshooting and incident resolution

Comprehensive business benefits with lower TCO

In conclusion, Prisma SASE now enables significant differentiation to our SP partners and their managed enterprise customers by enabling them to offer network integrated (On-Net) SASE that enables comprehensive business benefits with lower total cost of ownership (TCO) to drive massive scale and growth.

For more information on AI-powered SASE, please watch the Prisma SASE Signature Event on-demand, and find out more about our MSSP Partner program and its impact on profitability here.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog. We identify certain risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.