Secure Access – Anywhere by Prisma, PaloAlto

Global Webinar Series,
Hosted by Prime Infoserv
Supported by
Supported by
Community Partner

Securely Connect
and Scale Remote
Workforces
Hosted by: Faizan Sheikh, CSE, India and SAARC March 30, 2020

Enabling a Secure Mobile Workforce
3 | © 2020 Palo Alto Networks, Inc. All rights reserved.
“India Lockdown for 3 weeks”
“Teachers need to be prepared to educate remotely”
“We only have capacity to supply remote access to
20% of our workforce”
“We do not have the network capacity to support
over 50% of our users working remotely”
Enabling a secure
mobile workforce
is of primary
concern to
organizations
right now

Situation: Remote Access Capacity Challenge
Remote access VPN traffic is backhauled to the data center
PUBLIC CLOUD /
SaaS / INTERNET
DATA CENTER
(PRIVATECLOUD)
MOBILE
USERS
Under-Architected Remote Access
• Finite Scalability: Adding hardware is the only
contingency option
• Deployment Challenges: Procurement,
hardware implementation, connectivity,
location challenges
• User Experience/Internet Connectivity:
Customers may not have Internet capacity to
route all internet traffic through their internet
circuits via datacenter (bi-directional)

A Single Platform to Connect and Secure Everything
SaaS
PUBLIC
CLOUD
INTERNET
DATA
CENTER
BRANCH
RETAIL
MOBILE
2019 Palo Alto Networks. All Rights Reserved.
HQ

Scale Remote Access with the Strata Firewall Platform
Same Security - 3 Consumption Models
On-Premise
Expand NGFW scale in
your existing GP
gateways
Add GlobalProtect to
existing NGFWs
Rapid Expansion and
Hybrid
Quickly add scale to your
on-prem gateways
Hybrid Public Cloud/DC
gateways
Cloud-Delivered
The cloud becomes your
distributed head-end
Reduce constraints on
your network
No scale or capacity
planning burden

Prisma Access is designed for providing secure cloud access
from anywhere
DATA CENTER
(PRIVATECLOUD)
PUBLIC CLOUD /
SaaS / INTERNET
MOBILE
USERS
Solution: Prisma Access
Scalable Remote Access for
Mobile Users
• Deploy quickly: In the cloud, the internet or
the data center
• Global Reach: Remote Access with
connections to the cloud to over 100
locations
• Dynamic Scale up, Scale down: Leveraging
the cloud to ramp with customer demand

Security as a Service Layer
Network as a Service Layer
SaaS
PUBLIC
CLOUD
INTERNET
HQ/DATA
CENTER
BRANCH
RETAIL
MOBILE
Prisma Access:
The Industry’s Most Comprehensive Secure Access Service Edge

Prisma Access
BRANCH
RETAIL
MOBILE
SSL Decryption CASB Cloud SWGZTNA
DNS
FWaa
S
DLPSandboxing
SD-WAN IPSec VPN Policy Based Forwarding
Network as a ServiceSSL VPNQoS
SaaS
PUBLIC
CLOUD
INTERNET
HQ/DATA
CENTER

Dynamic Scalability and
Resiliency

Prisma Access - Multi-Tenancy Architecture
Management Plane / Cloud Orchestration / Operations
Single Tenant
Specific Cloud
Instantiated
Data Plane
Multitenant
Management
Customer 1
Tenant
Customer 2
Tenant
Customer 3
Tenant
Tenancy Architecture
Multitenant
management plane
Single tenant data
plane per customer
Avoids performance
and security issues

Resilient and Scalable Solution
● Auto-Scaling
○ More intelligent scaling algorithms / approaches - taking multiple inputs
○ Dynamic scaling and different methods
● Monitoring
○ Advanced operational monitoring in place
● Cloud Service Providers partnership
○ Commitments from both GCP and AWS regarding scaling in all regions

Situation: Solving the Remote Access Network Capacity Challenge
MOBILE USERS
MOBILE
USERS
MOBILE
USERS
MOBILE
USERS
MOBILE
USERS
MOBILE
USERS
DATA CENTER
DATA CENTER
Limited Internet Circuit
and Gateway Capacity
Public Cloud
SaaS
Web
Inbound remote access user traffic
Internet-bound egress traffic
Cloud fiber network transit traffic
Branch traffic
BRANCH BRANCH

Frequent Questions about Cloud-Delivered Remote Access
Q: Are you adding cloud nodes to your data center for this?
A: No, we leverage public cloud services. Just like why you use public cloud, we don’t want to add
boxes to data centers to scale either.
Q: Will other customers using your service impact my performance?
A: No, our platform provides dedicated customer instances (no shared data plane), customers do
not compete with others for resources.
Q: How many locations are included with Prisma Access, and how much does it cost to add
more?
A: All edge locations are available for all customers, there is no additional cost to leverage all of
them.
Q: Are you expanding capacity for new customers?
A: We don’t need to. We have been onboarding new customers daily and there has been no
impact to other customers

Prisma Access - Tenancy Architecture
Management Plane / Cloud Orchestration / Operations
Single
Tenant
Specific
Cloud
Instantiated
Data Plane
Multitenant
Management
Customer 2
Tenant
Customer 3
Tenant
Customer 1
Tenant
Tenancy Architecture
Multi-tenant
management plane
Single tenant data
plane per customer
Avoids performance
and security issues

SaaS
HQ/DATA
CENTER
PUBLIC
CLOUD
INTERNET
BRANCH
RETAIL
MOBILE
STRATA Firewall Platform
The Industry’s Most Comprehensive Secure Access Service Edge

STRATA Firewall Platform
BRANCH
RETAIL
MOBILE
SSL Decryption CASB Cloud SWGZTNA
DNS
FWaa
S
DLPSandboxing
SD-WAN IPSec VPN Policy Based Forwarding
Network as a ServiceSSL VPNQoS
SaaS
PUBLIC
CLOUD
INTERNET
HQ/DATA
CENTER

Clientless / Browser-based Access
Unmanaged / BYO
Connecting Mobile Users to STRATA
GP client can be installed on home
PC via link provided by admin
Managed
SaaS HQ/DATA
CENTER
INTERNET
PUBLIC
CLOUD

Prisma Access
(as a Service)
STRATA: Use Case Flexibility through Firewall as a Platform
Single Policy and
Management
Cortex XDR,
XSOAR for Context
and Automation
NextGen Firewall
(Physical)
VM-Series
(Virtual)
Panorama

(Offer 1)
Points of clarification:
● Ensure the network capacity for the additional user traffic has been reviewed
○ If most traffic is internet bound Prisma Access may be more applicable
● Expedited shipping follows standard process
How to:
● Have the customer log into their CSP
● Goto Support -> Assets -> Devices and click the pencil icon in the Actions column
● Click Activate Trial License -> select the licenses they with to test -> click Agree and Submit
If they have previously activated this license and it is expired, then you can email SalesOps with the device serial # and ask them to process a Trial license extension.
20 | © 2020 Palo Alto Networks, Inc. All rights
reserved.

Cloud Delivered
Remote access VPN traffic goes through the SASE in the cloud
Remote Access Architecture Options
On-Prem
Remote access VPN traffic is backhauled to the data center
PUBLIC CLOUD /
SaaS / INTERNET
DATA CENTER
(PRIVATECLOUD)
DATA CENTER
(PRIVATECLOUD)
MOBILE
USERS
PUBLIC CLOUD /
SaaS / INTERNET
MOBILE
USERS

(Offer 2)
● FREE DEPLOYMENT SERVICES → SKU : PAN-CONSULT-GPCS-ACCEL
○ SoW scope, terms & conditions CANNOT be negotiated
○ Order must be booked within 90 days
● Only applies to Prisma Access Mobile Users in response to COVID-19
● NEW Prisma Access customers = customers that have NOT owned Prisma Access before today
How to:
● AM NSP request to DD and Sales Ops apply 100% discount (with quote comment “COVID-19”)
○ Standard approval process will then execute
○ Standard SoW process will be initiated via this link
○ Signed SoW is required for booking the order (standard process)

(Offer 3)
● Prisma Access Mobile Users ONLY…..not Prisma Access Remote Networks
● Spikes are unbounded…..expectation should be 2-3X
● New customers today = EXISTING customers tomorrow
○ New customers that have immediate spikes will be monitored/reported on
How to:
● No action required - customer needs to ignore admin warnings within Panorama

Our Commitment to Our Customers:
Solutions to help during this COVID-19 Outbreak
24 | © 2020 Palo Alto Networks, Inc. All rights
Prisma Access
Quickstart Service
GP 90-Day
Subscription
Prisma Access
Additional Licensing
For new Prisma Access
mobile customers, free
accelerated deployment
and onboarding
Free 90-day
GlobalProtect
subscription trial for
existing customers
For existing Prisma
Access customers who
need more capacity, no-
cost spike coverage

Our Rapid Response Email
Please direct all COVID-19 related inquiries to:
rapid-response@paloaltonetworks.com

Thank you
27
● Thank you for your attendance and kind co-operations
● Please submit your feedback from which you will receive by mail.
● The session video, presentation etc. will be available on Prime YouTube Channel,
Slideshare and Facebook
● There are upcoming interesting sessions in the coming days, if you have not yet
registered, please register soon.

Stay Tuned for the upcoming programs
2nd April (4pm - 5.30pm)
Application Delivery - Scaling
Capacity & Availability: Mr.Tarun
Verma, A10 Networks
Webex Link:
https://meetingsapac.webex.com/meet
ingsapac/j.php?MTID=m41f69a4efcf49
01a59479ec0dec96501
Meeting number: 577 492 175
Password: adc@123
3rd April (4pm - 5.30pm)
ONE Platform - Connecting
Everything: Mr.Vivek Srivastava,
Soti
Webex Link:
https://meetingsapac.webex.com/meet
ingsapac/j.php?MTID=m3ffe0d1ccd19
b819dfe80e1d6083bfc9
Password: soti@123
1st April (4pm - 5.30pm)
Email Security – Everyone is a
Target
-Mr.Ishtiyaq Shah, FireEye
Webex link
:https://meetingsapac.webex.com/meeti
ngsapac/j.php?MTID=mf1556de342a8c
9fc26cbc02b10b48016
Password: es@123

Secure Access – Anywhere by Prisma, PaloAlto

More Related Content

What's hot

Similar to Secure Access – Anywhere by Prisma, PaloAlto

More from Prime Infoserv

Recently uploaded

Secure Access – Anywhere by Prisma, PaloAlto