This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Overview

    Service Overview

    SASE is a service that integrates network and security functions on a cloud basis, allowing users to securely access corporate assets and applications from anywhere. It routes traffic via optimal paths and provides consistent security services for both internal and external environments through SASE points of presence located in Samsung Cloud Platform global regions.

    Features

    • Global SASE Fabric: We continuously expand service coverage upon customer demand by linking SASE hubs that utilize the systematic Samsung SDS Global network infrastructure with vPOPs prepared across all regions.
    • All in One Security: It covers a security layer that includes advanced SSL/TLS analysis, sophisticated application awareness/policy, and AI/ML‑based real‑time behavior analysis within a single solution, optimizing operational complexity and performance.
    • Network/Security Unification: By delivering network and security integrated on a single operating system based on a unified architecture, traffic is processed swiftly.
    • End to End Full Managed: Provide the required infrastructure for connecting customer sites as a packaged solution under a single contract, and deliver comprehensive operational services ranging from monitoring to incident notification and reporting.

    Service Architecture Diagram

    Diagram
    Figure. SASE diagram
    • SASE hub: Configure a gateway and control unit in Samsung SDS Global POP and CSP vPOP to provide network connectivity and security functions
    • SASE circuit: Physical circuit connecting the customer site and the SASE hub, configured as an SD‑WAN or VPN over internet/MPLS/dedicated line
    • SASE Edge: Customer edge device for connecting to the SASE circuit, using a router/SD‑WAN device/VPN device on‑premises and a PC/mobile or similar customer‑owned endpoint device off‑premises.

    Provided features

    The SASE service provides the following features.

    • WAN Edge Network
      • Provide intra- and inter-region communication between various edge devices (SD-WAN devices, routers, VPN devices, PC, Mobile, etc.)
      • Providing optimal application-specific routes using SD-WAN
      • Provides traffic control (QoS) and TCP acceleration capabilities for high-quality networks.
    • SSE(Secure Service Edge) security
      • ZTNA: Provide least privilege, security, and private connections for internal applications
      • SWG: Provides gateway security to protect internal users from insecure traffic such as that on the Internet.
      • CASB: Provides the ability to apply corporate security policies between users and cloud applications.
      • FWaaS : Provides inspection and control of all service traffic through a cloud-based firewall
        • RBI, DLP, SANDBOX, etc. provide additional advanced security features
    • Unified Orchestrator and DEM(Digital Experience Monitoring)
      • Integrated network and security management for cloud, on-premises, and edge devices
      • Monitoring of user experience (identifying issues such as network performance degradation, app interruptions, and determining their causes)

    Constraints

    The constraints of the SASE service are as follows.

    • Service is unavailable in the China region, but will be offered in the future.

    Provision status by region

    SASE is available in the environments below.

    RegionProvision status
    Korea West (kr-west1)Provided
    Korea East (kr-east1)Not provided
    South Korea 1 (kr-south1)Not provided
    South Korea South 2 (kr-south2)Not provided
    South Korea 3 (kr-south3)Not provided
    Table. SASE regional availability status

    Prior Service

    SASE has no preceding service.