Lumen SD WAN & Cybersecurity Solutions

Lumen SD WAN & Cybersecurity Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Lumen and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Lumen SD WAN solutions are ideal for enterprises in the following industry verticals: Retail, Financial Services, Healthcare, Educational Institutions, Media & Entertainment Providers, Government Entities and Local Government Organizations. Lumen’s solution utilizes a single point of contact for global network and cloud based services supported by access to vendors in IT infrastructure management and networking - they are a good choice for large multi-national enterprises, with geographical requirements.

Lumen deliver SD WAN via strong partnerships with Versa Networks, VMware, VeloCloud, Cisco Meraki and Cisco Viptela, which combined with their large global network underlay infrastructure makes them a viable option for large global enterprises. Their solution is feature rich, with a robust portfolio including Content Delivery Networking (CDN), Unified Communications as-a-service (UCaaS), Data Center Hosting as well as security and professional services.

About Lumen

Lumen Technologies was founded in 1968 and is a telecoms company headquartered in Monroe, Louisiana, United States. The company offers network, security, communications, voice and managed services as well as cloud solutions. Lumen is the 2nd largest U.S Communications Provider to Global Enterprise Companies, employing 43,000 staff with 4,000 IT Professionals worldwide. The company is also named as a Leader in the 2021 Gartner Magic Quadrant for Network Services, Global. Lumen’s services include:

What is the Lumen SD WAN Solution?

Lumen SD WAN uses a single, automated platform that can be monitored and managed from a central control dashboard. The solution is provisioned via various SD WAN vendors with each offering different features and capabilities depending on the appliance used and suitability for business needs. 

Lumen SD WAN Versa Networks:

Lumen’s SD WAN offering based on Versa Networks is aimed at multi-site deployments, creating a more efficient use of resources by providing centralized cloud management, bandwidth management and monitors performance of business-critical applications. 

• SD WAN: Lumen-Versa Networks offer a flexible WAN solution, designed to fit individual site needs on a global scale if need be, along with Border Gateway Protocol (BGP), Open Shortest Path First (OSPF) and Carrier-Grade Network Address Translation (CGNAT). All SD WAN hosted infrastructure, including software licenses and rental customer premises equipment (CPE) can support up to 10 Gbps. Multiple virtual routers are available to enable unlimited forwarding paths and complete traffic segmentation. The service is compatible with Lumen’s own connectivity, but also offers a ‘bring-your-own-transport’ service, which supports Ethernet, MPLS, broadband, 4G/LTE and dedicated Internet.
• Managed Services: Clients are offered SD WANaaS, including managed and co-managed options (See, What is the Lumen managed, co-managed and DIY services solution?).
• Security Features: Security features include stateful firewalling with Geo-IP based firewall rules including Intrusion Detection System (IDS) /Intrusion Prevention System (IPS), URL filtering, IP filtering and content filtering. Authentication, encryption and key exchange are also available, along with real-time reporting with historical analytics as well as pervasive visibility from Layer 2 to Layer 7, including sites, circuits, applications, threats and SD WAN. 

For more information on Versa Networks, please see our vendor listing here. 

Lumen SD WAN VMware (VeloCloud):

VMware and Lumen offer a granular SD WAN solution which includes Dynamic Multipath Optimization (DMPO) to provide secure branch to datacenter to cloud access to business-critical applications such as voice and video. 

• Configuration: Lumen-VMware offers over 100 PoPs worldwide with thousands of Edges, along with over 2,000 cloud gateways and more than 65 orchestrators. Direct SaaS application access is also provided via cloud breakout that does not involve data center backhauling.
• Dynamic Multipath Optimization (DMPO): VMware’s DMPO product is available from Lumen SD WAN. It includes performance optimization for business-critical applications in real-time, application-aware per-packet link steering with on-demand remediation and supports LTE, MPLS and broadband internet circuits.
• Zero-Touch Deployment: Leverages and hyper scale solution, with push or pull activation. 

Cloud Based, Multi-tenant Orchestrator: Offers centralized management and visibility, in a cloud-hosted, multitenant environment (see, What is the Lumen managed, co-managed and DIY services solution?).

For more information on VMware, please see our vendor listing here. 

Lumen SD WAN Cisco Meraki:

The Lumen-Meraki solution is ideal for enterprises looking to lower their operating costs whilst also improving their multi-site resource usage through a single, centralized, PCI 3.2. certified cloud-based management service wrapper. 

• Deployment: The Lumen-Meraki offering can be deployed as ‘over the top’ of existing networks, bundled or as a tailored solution.
• Analytical Tools: Latency, MOS, packet loss and jitter can all be monitored through historical or real time analytics and reporting. This provides customers with visibility into their networks as well as the ability to monitor network performance.
• Support: The Lumen-Meraki solution features Wi-Fi capable hardware and built in LTE capability. This offering provides support for DIA, MPLS and LTE connectivity.
• Security Features: This solution supports dynamic path selection and intelligent routing as well as integrated security such as: Content filtering, Intrusion detection & prevention, Stateful firewall, Geo-IP based firewall rules and Site-to-site auto VPN.

For more information on Cisco Meraki, please see our vendor listing here. 

Lumen SD WAN Cisco Viptela:

The Lumen-Viptela solution is ideal for complex enterprise networks that require proficient security, routing and segmentation. The service includes four components: vEdge Routers, vSmart Controller, vManage Network Configuration and Monitoring System and vBond Orchestrator. This solution provides centralized policies and orchestration for large scale networks. 

• Deployment Options: The Lumen-Viptela offering can be deployed via: Dual broadband, Broadband + LTE or MPLS + DIA. This provides deployment options for low-priority remote locations to sites with mission-critical applications such as headquarters or data centers. 
• vManage Network Configuration and Monitoring System: A virtual appliance provided by Viptela that runs on VMware vSphere ESXi Hypervisor with a minimum of two vCPUs and 8GB of memory, enabling configuration management and monitoring of the SD WAN solution. The solution also offers the Trusted Platform Module (TPM) chip, that is designed to authorise vEdge routers requesting to join the network. Overlay Management Protocol eliminates bottlenecks, and speeds up network changes and end-to-end network segmentation for protection against both internal and external security threats, and scale-out architecture protects the network from multiple overlay failures. Security features include encrypted control and data traffic with the ability to scale to over 10,000 network endpoints and over 100,000 routes and integrated firewall services which includes user policies such as IPsec, VPN, NAT and ACLs.
• vEdge Routers: There are three vEdge router types available, these are: vEdge 100, vEdge 1000 and vEdge 2000. The vEdge 2000 router has 10Gbps encryption capacity, with full-widths and 1Rack Unit (RU). The vEdge 1000 router has 1Gbps encryption capacity, with half-width and 1RU sizes. The vEdge 100 router has 100Mbps encryption capacity and includes tabletop with 1RU sizes. Lumen-Viptela vEdge devices automatically authenticate new vEdge devices on the network through preinstalled security credentials and leverage integrated enterprise firewall functionality.  Functions such as: Border Gateway Protocol, Open Shortest Path First, Access Control Lists and Quality of Service as well as routing policies can all be performed by the IP routers. vEdge devices will auto-establish IPsec sessions with other vEdge routers, however when connected to the vSmart controller it will auto-establish a secure Datagram Transport Layer Security session instead. Policy constructs can manipulate extranets, access control, service chaining, routing information and segmentation through the vSmart controller’s centralized policy engine.
• vBond Orchestrator: The vBond Orchestrator is a virtual appliance that requires a minimum of two vCPUs and 8GB or a minimum of two vCPUs and 4GB of memory when run on VMware vSphere ESXi Hypervisor.
• vSmart Controller: The vSmart Controller is a virtual appliance that provides secure connections to network vEdge routers via DTLS. The controller operates through VMware vSphere ESXi Hypervisor and shares route, policy and security information via an Overlay Management Protocol (OMP).

For more information on Cisco Viptela, please see our vendor listing here.

What is the Lumen SASE security solution?

Lumen's SASE platform integrates with their managed security services and network infrastructure assets. The platform offers solutions from Versa Networks, VMware, Cisco Meraki, Cisco Viptela, Palo Alto Networks and Fortinet to deliver the following capabilities: 

• Cloud Access Security Broker (CASB)
• Secure Web Gateway (SWG)
• Zero Trust Network Access (ZTNA)
• Firewall as a Service (FWaaS)
• Data Loss Protection (DLP)
• Direct Denial of Service (DDoS) Mitigation
• managed firewalls
• URL filtering
• Remote Browser Isolation (RBI)

The platform is offered via flexible service models, which offer clients DIY, co-managed or fully managed options. Fully managed SASE services from Lumen include:

• constant monitoring
• site-by-site design
• service provisioning and configuration 
• migration
• management and monitoring 
• routing and security policy management 

Lumen also offer extensive managed security services with constant monitoring, management incident response and analysis services. The service includes managed firewall, endpoint security, unified threat management, web application firewalls and IDS/IPS. Network and cloud-based security services include Direct Denial of Service (DDoS) prevention, email filtering and DNS sink holing services, secure cloud and network-based firewalls. Intelligence feeds, reputation monitoring, threat monitoring and reporting and threat detection as well as Security and Event Management (SIEM), incident analysis, malware detection and removal and log management are all included in the offering.

How does Lumen access cloud vendors?

Lumen’s Cloud Connect solutions allows enterprise cloud migration and access to leading private and public clouds. Cloud Connect provides secure, high performance connections to cloud vendors such as Oracle, AWS, Microsoft Azure, IBM Cloud, Google Cloud and others. These cloud providers support: AWS Direct Connect, Microsoft ExpressRoute, Oracle Cloud Infrastructure FastConnect as well as Google Cloud Partner Interconnect, Google Cloud Carrier Peering, IBM Cloud Direct Link, IBM Cloud Managed Services and IBM Resiliency Services.

Does Lumen offer WAN acceleration and optimization?

Real-time analytics visibility and control allow Lumen to optimize cloud and application performance,  whilst direct internet access is available in remote locations to make business-critical cloud-based resources more accessible. For the Versa Networks SD WAN offering, optimized bandwidth is available, integrating public and private transport to remove bottlenecks, backhauling and passive connectivity. The VMware offering includes Dynamic Multipath Optimization (DMPO) which includes optimized performance for business-critical applications, aggregated broadband internet, LTE and MPLS circuits and application-aware, per-packet link steering and on-demand remediation. For the Cisco Meraki offering, cloud optimization and on-premises application performance is offered to increase user productivity. It includes real-time analytics, control and visibility.

How does Lumen support remote users?

Remote users are supported by Remote Connect, virtualised appliances or cloud delivered services dependent on the SD WAN vendor used. Teleworkers are also supported through Lumen solutions for Microsoft Teams to provide a unified communications and collaboration tool for remote workers. This solution unifies Lumen advanced analytics and user experience with the collaboration and communication tools of Microsoft Teams across a variety of devices. Leveraging Microsoft Teams with Lumen provisions businesses with a secure platform for applications and data with Lumen heavy lifting collaboration tools and complex calling. This allows businesses to adopt ‘work from anywhere’ policies for their remote staff whilst maintaining data security and optimal user experience to ensure a superb customer experience.

What is the Lumen managed, co-managed and DIY services solution? 

Lumen offers four managed services offerings, each of which is based on the vendor offering chosen by a client. Though specific features vary, every solution is supported by a team of Lumen staff, who help to design, configure, deploy and manage client’s networks.  

The most granular offering is based on Versa Networks, and includes automatic, customer enabled and pre-defined identification for over 3,100 applications, allowing for application QoS, intelligent path selection, packet duplication and policy-based control. Constant support for WAN, event management, support for design, configuration, deployment and activation change management, appliance upgrades and appliance and circuit monitoring are all included in the service wrapper. The Versa Networks-based solution is compatible with hybrid WAN with the capability to offer WAN optimization for Ethernet, broadband, MPLS and 4G/LTE. There are also options for co-managed, where clients have constant access to the Customer Self Service Portal. 

Lumen’s Cisco Viptela managed services solution similarly offers a range of features, including the VManage Network Configuration and Monitoring System, network configuration management and monitoring, compatibility with VMware vSphere ESXi Hypervisor with 8GB of memory and a minimum of two CPUs, Overlay Management Protocol to eliminate bottlenecks, and security features such as the Trusted Platform Module (TPM) chip, which authenticates routers joining the network. This is also integrated with firewall and supports IPsec, VPN, NAT and ACLs, with encrypted control and data traffic, scale out architecture and end-to-end network segmentation, as standard. 

Cisco Meraki and VMware-based managed services have fewer features than the previous two. However, Meraki offers a PCI 3.2 certified cloud-based managed service, with 24/7 support for the entire solution. Included in the service wrapper are event management, appliance and software updates and support for configuration, deployment, site activation and appliance/circuit monitoring. The VMware offer includes centralized management and visibility for streamlined operators and a cloud-based multi-tenant SD WAN orchestrator.

What Reporting and Management is available via the Lumen Portal?

The Lumen portal offers an automated capability, named the ‘digital buying experience’. This allows customers to design their own network without the help of the Lumen staff - diverse implementation and circuit paths are included. Clients can also connect and modify their entire network, from WAN to cloud environments in real-time.

What is the Lumen SLA?

Lumen do not offer a publicly available Service Level Agreement, however it may be offered on request.