This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Overview

    Service Overview

    SASE is a service that integrates network and security functions into the cloud to allow users to safely access internal assets and applications from anywhere. It transmits traffic through the optimal route and provides consistent security services inside and outside the company through SASE hubs located in Samsung Cloud Platform global regions.

    Features

    • Global SASE Fabric: Utilizing the systematic Samsung SDS Global communication network infrastructure, SASE points and vPOPs prepared in all regions are linked to continuously expand service coverage whenever customer demands arise.
    • All in One Security: Covers a security layer that includes advanced SSL/TLS analysis, sophisticated application recognition/policy, and AI/ML-based real-time behavior analysis in one solution to optimize operational complexity and performance.
    • Network/Security Unification: Provides network and security in a single operating system based on a single architecture, allowing for rapid traffic processing.
    • End to End Full Managed: provides infrastructure necessary for customer site connection in a package form through a single contract, and provides comprehensive operation services from monitoring to failure notification and reporting.

    Service Composition Diagram

    Configuration Diagram
    Figure. SASE Configuration Diagram
    • SASE Hub: Composed of Gateway and control plane in SamsungSDS Global POP and CSP vPOP to provide network connection and security functions
    • SASE Circuit: Physical circuit for connection between customer site and SASE hub, based on internet/MPLS/dedicated line SD-WAN or VPN configuration
    • SASE Edge: SASE line connection for customer Edge equipment, in-house routers/SD-WAN equipment/VPN equipment, out-of-house PC/mobile etc. customer’s own Endpoint terminal

    Provided Features

    The SASE service provides the following functions.

    • WAN Edge network
    • Provides Intra, Inter region communication between various Edge devices (SD-WAN devices, routers, VPN devices, PCs, Mobile, etc.)
    • Providing optimal route for each application using SD-WAN
    • Provides traffic control (QoS) and TCP acceleration features for high-quality networks
    • SSE(Secure Service Edge) Security
    • ZTNA : Provide least privilege, security, and private connection to internal applications
    • SWG : Security Gateway that provides internal user protection from insecure traffic such as the internet
    • CASB : Provides a feature to apply corporate security policies between users and cloud applications
    • FWaaS : Cloud-based firewall provides traffic inspection and control for all services
      • Provides additional advanced security features such as RBI, DLP, SANDBOX, etc.
    • Unified Orchestrator and DEM(Digital Experience Monitoring)
    • Integrated network and security management for cloud, on-premises, and Edge devices
    • Monitoring of user experience (recognition and identification of causes of problems such as network performance degradation, app suspension, etc.)

    Constraints

    The limitations of the SASE service are as follows.

    • The service is not available in China and will be provided later.

    Regional Provision Status

    SASE can be provided in the following environments.

    RegionAvailability
    Western Korea(kr-west1)Provided
    Korean East(kr-east1)Not provided
    South Korea, southern region1(kr-south1)Not provided
    South Korea southern region 2(kr-south2)Not provided
    South Korea southern region 3(kr-south3)Not provided
    Table. SASE Regional Provision Status

    Preceding Service

    SASE has no preceding service.