Lumen SD WAN & Cybersecurity Solutions

Lumen SD WAN & Cybersecurity Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Lumen and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Lumen SD WAN is a good choice for large multi-national enterprises with global requirements because Lumen's solution utilizes a single point of contact for the global network and cloud-based services supported by access to vendors in IT infrastructure management and networking. Lumen SD WAN is delivered via solid partnerships with Versa Networks, VMware, VeloCloud, Cisco Meraki and Cisco Viptela, combining extensive global network underlay infrastructure with robust overlay solutions.

Lumen's robust product portfolio includes Content Delivery Network (CDN), Unified Communications-as-a-Service (UCaaS), Data Centre Housing and security and professional services. Some previous clients suggest that although Lumen's pricing can be pretty high, the cost is offset by the high standard of service. 

Lumen SD WAN solutions are ideal for enterprises in the following industry verticals: Retail, Financial Services, Healthcare, Educational Institutions, Media & Entertainment Providers, Government Entities and Local Government Organizations.

About Lumen

Lumen Technologies started life in 1930 as Oak Ridge Telephone Company, founded by F.E. Hogan, Sr. Hogan sold the company with 75 subscribers to William Clarke and Marie Williams for $500, whereby, through various means, Lumen (then known as Marion Telephone Company) came into the hands of Clarke Williams. The business remained in Clarke's family until it was incorporated in 1968 (Lumen still retains its original headquarters from this time). The company name was eventually changed from CenturyLink to Lumen in 2020.

Today, Lumen is an American telecommunications company part of the Fortune 500, headquartered in Monroe, Louisiana, North America. The company's history makes its North American offering particularly strong. Lumen is the 2nd largest U.S Communications Provider to Global Enterprise Companies, employing 43,000 staff with 4,000 IT Professionals worldwide. The company is named a Leader in the 2021 Gartner Magic Quadrant for Network Services, Global.

Lumen offers a 450,000 route fiber mile network and diverse trans-Atlantic network options, leveraging six on-net subsea fiber routes, including the Grace Hopper and Dunant Google subsea systems.

Lumen’s services include:

What is the Lumen SD WAN Solution?

Lumen SD WAN uses a single, automated platform that can be monitored and managed from a central control dashboard. The solution is provisioned via various SD WAN vendors, each offering different features and capabilities depending on the appliance used and its suitability for business needs. 

Lumen SD WAN Versa Networks:

Lumen's SD WAN offering based on Versa Networks is aimed at multi-site deployments, creating a more efficient use of resources by providing centralized cloud management and bandwidth management and monitoring the performance of business-critical applications. 

• SD WAN: Lumen-Versa Networks offer a flexible WAN solution designed to fit individual site needs on a global scale if need be, along with Border Gateway Protocol (BGP), Open Shortest Path First (OSPF) and Carrier-Grade Network Address Translation (CGNAT). All SD WAN-hosted infrastructure, including software licenses and rental customer premises equipment (CPE), can support up to 10 Gbps. Multiple virtual routers are available to enable unlimited forwarding paths and complete traffic segmentation. The service is compatible with Lumen's connectivity but also offers a 'bring-your-own-transport' service, which supports Ethernet, MPLS, Broadband, 4G/LTE and dedicated Internet.
• Managed Services: Clients are offered SD WANaaS, including managed and co-managed options (See, What is the Lumen managed, co-managed and DIY services solution?).
• Security Features: Security features include stateful firewalling with Geo-IP-based firewall rules, including Intrusion Detection System (IDS) /Intrusion Prevention System (IPS), URL filtering, IP filtering and content filtering. Authentication, encryption and key exchange are also available, real-time reporting with historical analytics and pervasive visibility from Layer 2 to Layer 7, including sites, circuits, applications, threats and SD WAN. 

For more information on Versa Networks, please see our vendor listing here. 

Lumen SD WAN VMware (VeloCloud):

VMware and Lumen offer a granular SD WAN solution which includes Dynamic Multipath Optimization (DMPO) to provide a secure branch to the data centre, cloud access and business-critical applications such as voice and video. 

• Configuration: Lumen-VMware offers over 100 PoPs worldwide, thousands of Edges, and over 2,000 cloud gateways and over 65 orchestrators. Direct SaaS application access is also provided via cloud breakout that does not involve data centre backhauling.
• Dynamic Multipath Optimization (DMPO): VMware's DMPO product is available from Lumen SD WAN. It includes performance optimization for business-critical applications in real-time, application-aware per-packet link steering with on-demand remediation and supports LTE, MPLS and broadband internet circuits.
• Zero-Touch Deployment: Leverages a hyper-scale solution with push or pull activation. 

Cloud Based, Multi-tenant Orchestrator: Offers centralized management and visibility in a cloud-hosted, multi-tenant environment (see, What is the Lumen managed, co-managed and DIY services solution?).

For more information on VMware, please see our vendor listing here. 

Lumen SD WAN Cisco Meraki:

The Lumen-Meraki solution is ideal for enterprises looking to lower their operating costs whilst improving their multi-site resource usage through a single, centralized PCI 3.2. certified cloud-based management service wrapper. 

• Deployment: The Lumen-Meraki offering can be deployed as 'over the top of existing networks, bundled or as a tailored solution.
• Analytical Tools: Latency, MOS, packet loss and jitter can all be monitored through historical or real-time analytics and reporting. This gives customers visibility into their networks and the ability to monitor network performance.
• Support: The Lumen-Meraki solution features Wi-Fi-capable hardware and built-in LTE capability. This offering provides support for DIA, MPLS and LTE connectivity.
• Security Features: This solution supports dynamic path selection, intelligent routing and integrated security such as Content filtering, Intrusion detection & prevention, Stateful firewall, Geo-IP based firewall rules and Site-to-site auto VPN.

For more information on Cisco Meraki, please see our vendor listing here. 

Lumen SD WAN Cisco Viptela:

The Lumen-Viptela solution is ideal for complex enterprise networks that require proficient security, routing and segmentation. The service includes four components: vEdge Routers, vSmart Controller, vManage Network Configuration and Monitoring System and vBond Orchestrator. This solution provides centralized policies and orchestration for large-scale networks. 

• Deployment Options: The Lumen-Viptela offering can be deployed via Dual Broadband, Broadband + LTE or MPLS + DIA. This provides deployment options for low-priority remote locations to sites with mission-critical applications such as headquarters or data centres. 
• vManage Network Configuration and Monitoring System: A virtual appliance provided by Viptela that runs on VMware vSphere ESXi Hypervisor with a minimum of two vCPUs and 8GB of memory, enabling configuration management and monitoring of the SD WAN solution. The solution also offers the Trusted Platform Module (TPM) chip, designed to authorize vEdge routers requesting to join the network. Overlay Management Protocol eliminates bottlenecks and speeds up network changes and end-to-end network segmentation to protect against internal and external security threats. Scale-out architecture protects the network from multiple overlay failures. Security features include encrypted control and data traffic with the ability to scale to over 10,000 network endpoints and over 100,000 routes and integrated firewall services, which include user policies such as IPsec, VPN, NAT and ACLs.
• vEdge Routers: There are three vEdge router types available: vEdge 100, vEdge 1000 and vEdge 2000. The vEdge 2000 router has a 10Gbps encryption capacity, full widths and 1Rack Unit (RU). The vEdge 1000 router has a 1Gbps encryption capacity, with half-width and 1RU sizes. The vEdge 100 router has a 100Mbps encryption capacity and includes tabletop with 1RU sizes. Lumen-Viptela vEdge devices automatically authenticate new vEdge devices on the network through preinstalled security credentials and leverage integrated enterprise firewall functionality. Functions such as Border Gateway Protocol, Open Shortest Path First, Access Control Lists and Quality of Service, and routing policies can all be performed by the IP routers. vEdge devices will auto-establish IPsec sessions with other vEdge routers. However, when connected to the vSmart controller, it will auto-establish a secure Datagram Transport Layer Security session instead. Policy constructs can manipulate extranets, access control, service chaining, routing information and segmentation through the vSmart controller's centralized policy engine.
• vBond Orchestrator: The vBond Orchestrator is a virtual appliance that requires a minimum of two vCPUs and 8GB or a minimum of two vCPUs and 4GB of memory when run on VMware vSphere ESXi Hypervisor.
• vSmart Controller: The vSmart Controller is a virtual appliance that provides secure connections to network vEdge routers via DTLS. The controller operates through VMware vSphere ESXi Hypervisor and shares route, policy and security information via an Overlay Management Protocol (OMP).

For more information on Cisco Viptela, please see our vendor listing here.

What is the Lumen SASE security solution?

Lumen's SASE platform integrates with its managed security services and network infrastructure assets. The platform offers solutions from Versa Networks, VMware, Cisco Meraki, Cisco Viptela, Palo Alto Networks and Fortinet to deliver the following capabilities: 

• Cloud Access Security Broker (CASB)
• Secure Web Gateway (SWG)
• Zero Trust Network Access (ZTNA)
• Firewall as a Service (FWaaS)
• Data Loss Protection (DLP)
• Direct Denial of Service (DDoS) Mitigation
• Managed firewalls
• URL filtering
• Remote Browser Isolation (RBI)

The platform is offered via flexible service models, which provide clients with DIY, co-managed or fully managed options. Fully managed SASE services from Lumen include:

• Constant monitoring
• Site-by-site design
• Service provisioning and configuration 
• Migration
• Management and monitoring 
• Routing and security policy management 

Lumen also offers extensive managed security services with constant monitoring, management, incident response and analysis services. The service includes managed firewalls, endpoint security, unified threat management, web application firewalls and IDS/IPS. Network and cloud-based security services include Direct Denial of Service (DDoS) prevention, email filtering and DNS sink holing services, secure cloud and network-based firewalls. Intelligence feeds, reputation monitoring, threat monitoring and reporting and threat detection, as well as Security Incident and Event Management (SIEM), incident analysis, malware detection and removal and log management, are all included in the offering.

How does Lumen access cloud vendors?

Lumen's Cloud Connect solutions allow enterprise cloud migration and access to leading private and public clouds. Cloud Connect provides secure, high-performance connections to cloud vendors such as Oracle, AWS, Microsoft Azure, IBM Cloud, and Google Cloud. These cloud providers support AWS Direct Connect, Microsoft ExpressRoute, Oracle Cloud Infrastructure FastConnect, Google Cloud Partner Interconnect, Google Cloud Carrier Peering, IBM Cloud Direct Link, IBM Cloud Managed Services, and IBM Resiliency Services.

Does Lumen offer WAN acceleration and optimization?

Real-time analytics visibility and control allow Lumen to optimize cloud and application performance whilst direct internet access is available in remote locations to make business-critical cloud-based resources more accessible. For the Versa Networks SD WAN offering, optimized bandwidth is available, integrating public and private transport to remove bottlenecks, backhauling and passive connectivity. The VMware offering includes Dynamic Multipath Optimization (DMPO), which provides optimized performance for business-critical applications, aggregated broadband internet, LTE and MPLS circuits and application-aware, per-packet link steering and on-demand remediation. For the Cisco Meraki offering, cloud optimization and on-premises application performance are offered to increase user productivity. It includes real-time analytics, control and visibility.

How does Lumen support remote users?

Remote users are supported by Remote Connect, virtualized appliances or cloud-delivered services dependent on the SD WAN vendor. Teleworkers are supported through Lumen solutions for Microsoft Teams to provide unified communication and collaboration tools for remote workers. This solution unifies Lumen's advanced analytics and user experience with the collaboration and communication tools of Microsoft Teams across various devices. Leveraging Microsoft Teams with Lumen provisions businesses with a secure platform for applications and data with Lumen heavy-lifting collaboration tools and complex calling. This allows companies to adopt "work-from-anywhere" policies for their remote staff whilst maintaining data security and optimal user experience to ensure a superb customer experience.

What is the Lumen managed, co-managed and DIY services solution? 

Lumen offers four managed service offerings, each of which is based on the vendor offering chosen by a client. Though specific features vary, every solution is supported by a Lumen staff team, which helps design, configure, deploy and manage clients' networks. 

The most granular offering is based on Versa Networks. It includes automatic, customer enabled and pre-defined identification for over 3,100 applications, allowing for application QoS, intelligent path selection, packet duplication and policy-based control. Constant support for WAN, event management, support for design, configuration, deployment and activation change management, appliance upgrades and appliance and circuit monitoring are all included in the service wrapper. The Versa Networks-based solution is compatible with hybrid WAN and can offer WAN optimization for Ethernet, Broadband, MPLS and 4G/LTE. There are also options for co-managed, where clients have constant access to the Customer Self-Service Portal.

Lumen's Cisco Viptela managed services solution similarly offers a range of features, including the VManage Network Configuration and Monitoring System, network configuration management and monitoring, compatibility with VMware vSphere ESXi Hypervisor with 8GB of memory and a minimum of two CPUs, Overlay Management Protocol to eliminate bottlenecks, and security features such as the Trusted Platform Module (TPM) chip, which authenticates routers joining the network. This is also integrated with a firewall and supports IPsec, VPN, NAT and ACLs, with encrypted control and data traffic, scale-out architecture and end-to-end network segmentation.

Cisco Meraki and VMware-based managed services have fewer features than the previous two. However, Meraki offers a PCI 3.2 certified cloud-based managed service, with 24/7 support for the entire solution. The service wrapper includes event management, appliance and software updates and support for configuration, deployment, site activation and appliance/circuit monitoring. The VMware solution includes centralized control and visibility for streamlined operators and a cloud-based multi-tenant SD WAN orchestrator.

What Reporting and Management is available via the Lumen Portal?

The Lumen portal offers an automated capability named the "digital buying experience". This allows customers to design their network without the help of the Lumen staff - diverse implementation and circuit paths are included. In real-time, clients can also connect and modify their entire network, from WAN to cloud environments.

What is the Lumen SLA?

Lumen does not offer a publicly available Service Level Agreement. However, Lumen may provide it on request.