NETWORK OPERATIONS. SIMPLIFIED. FORWARD ENTERPRISE HIGHLIGHTS Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification of network policies and configurations. With the only solution that operates across all major networking vendors and services at provider-class scale, Forward Networks provides greater network agility and proactively removes risk from the network.
KEY BENEFITS | FORWARD NETWORKS DELIVERS:
Reduction in human error, Accelerated IT processes Lower costs for managing misconfigurations, and policy large networks for remediation and change violations that lead to network outages windows
Thorough security policy Improved network and security verification policy compliance
ACHIEVE PROACTIVE NETWORK ASSURANCE
Forward Networks has created a revolutionary platform, Forward Enterprise, for analyzing network designs and predicting future behavior to proactively eliminate configuration errors and policy violations. The platform can compare the intent of the network designers to actual behavior and expose any inconsistencies in minutes. Network IT teams can now troubleshoot faster and eliminate problems prior to a security breach or network outage.
Forward Networks is the first accurate software model of large multi-vendor networks to quickly emulate and analyze all possible behavior. Our logical analysis of possible future network activity is an enormous leap from traditional low-level testing tools, like ping and traceroute, or sifting through log files only after a policy violation has occurred.
Forward Enterprise shifts the focus from a reactive approach to a proactive approach of verifying network designs and behavior ahead of deployments. We allow you to go from testing basic network functionality to verifying compliance under all possible traffic scenarios. Get away from tedious, manual device-specific processes, to automated, end-to-end verification in minutes, as every update is considered and made.
Because Forward Enterprise automates the intelligent analysis of network designs and configurations, we provide an immediate and verifiable benefit by accelerating key IT processes and reducing man-hours of highly skilled engineers in troubleshooting and testing the network. Other key benefits include the ability to certify that proposed changes are compliant with existing policies quickly before going live, increasing the overall responsiveness of the IT team to change requests and network updates.
Forward Enterprise Data Sheet 1 FORWARD ENTERPRISE ARCHITECTURE Every Forward Networks installation starts with data collection� �onfiguration and states are Forward Enterprise collects device configuration data and state collected securely from all network devices via information from every network device, including switches, routers, load ���� �he device data is then processed to create a behaviorally accurate model � a copy of the balancers and firewalls. Forward Enterprise can then emulate the behavior entire network, in software� �top the network of the entire network, end-to-end, and reports on potential vulnerabilities, copy, the Forward �latform traces, indexes, and policy violations or risk exposure. Using a series of proprietary algorithms, stores all possible ways that the network can process packets� �his behavioral data is then Forward Enterprise computes a model of all current and potential activity made available to applications� to proactively highlight issues before they arise in live network traffic.
�evice �onfiguration Network �ehavior �ehavior and �tate �ollection �nalysis �atabase
Forward Collector Forward Core Forward Dash�oard �erforms the collection of the �he core is the Forward �latform �n intuitive ������based dashboard device configuration and state computational engine that creates an provides instant access to the ����, ���, F�� tables, etc�� �he accurate model of the network� �t�s where all Forward �pplications� �ll data in the collection is done over an ��� the existing network behavior is indexed and �ashboard is made available via connection� made searchable� �E���
KEY FEATURES AND CAPABILITIES
Forward Search Forward Enterprise creates a large database of network configurations, state and behavior information from a series of individual snapshots in time. Like any database, the Forward Platform can be queried with the behavior and policy results being displayed in an intuitive and interactive network map.
A network search or query takes the form of traffic scenarios, including details �ueries or �earches in Forward such as IP parameters, ports, protocols, reachability, deliverability, access controls, Enterprise are expressed as network and more. The result of a search query is always a set of network paths that would policies� �esults show all viable or possible paths that support the policy� allow that specific traffic pattern. Or, if the traffic scenario is never possible, no Each path and hop along the path can be paths are returned. explored to better understand the impact of potential changes on current policy implementations� Search queries can be refined by applying filters, such as paths through or avoiding specific devices, to a specific port, or using a particular protocol. Any search result allows drilling down into specific device configurations and behavior to quickly isolate and analyze errors and determine remediation steps.
Forward Enterprise Data Sheet 2 Forward Verify Many search queries may actually be network or security policy requirements that we need to continually check for. For example, it’s possible to verify that a subnet is unreachable from traffic on another subnet after every network update. Or to reconfirm simple compliance checks such as no forwarding loops or no Maximum Transmission Unit (MTU) mismatches between devices. All of these policy requirements are aggregated into the Verify screen, and continually checked after every network snapshot or update. The screenshot shows the Verify screen with a number of policy checks, as well as their status in the current network.
Forward Enterprise can verify both the requirement for a specific traffic pattern to be supported, or the requirement that a particular path does not exist (an isolation check). For example, Forward Enterprise can verify there is no possible scenario that traffic from one subnet could reach another subnet or destination. With traditional network tests, it is almost impossible to “prove a negative” such as this. With Forward Enterprise, this type of verification using our mathematical and logical analysis of network designs provides game-changing confidence to IT and Forward Enterprise �uickly compliance teams. highlights which policy rules are violated in the current network design or in a proposed change candidate�
Forward Predict Forward Predict enables network teams to model the correctness and behavior of network changes before they are deployed to production. Configuration changes to a network are typically tested in a lab environment, which never match the scale and end-to-end behavior of a production network.
Forward Predict enables the user to edit network configuration files on any or all devices in a “sandbox”, creating a new version of the network model containing proposed changes. A new verification process can quickly verify the effects of the change on existing compliance and security policies. Forward Predict capabilities are expanding over time, and currently include ACL, NAT, and firewall rule changes.
Network Query Engine Forward Enterprise forms a large database of all device configuration files from potentially thousands of network devices, coupled with the device’s current state information. This data is parsed and normalized into a flexible, open data model that is accessible to other applications, dashboards and programs. Important network health checks can now be developed in only a few minutes in a powerful standardized data query language, GraphQL. Querying the network like a database can quickly automate many tedious IT tasks while identifying errors and anomalies from across a large network.
Forward Enterprise Data Sheet 3 Virtual Network Support | VMware NSX One of the leading obstacles to managing virtual networks has been the inability to correlate activity between the overlay network and the physical network that supports it. Separate management consoles and platforms, and frequently separate teams, were required that typically did not share information and could not quickly identify root cause issues, or correlate identified problems in virtual network behavior with a physical device issue.
Forward Enterprise overcomes this issue by applying common network assurance and verification methodology across physical and virtual network planes, but integrating policy and path-based views of both into a single network view for the first time. Virtual network designers also benefit from being able to apply the latest technology for network verification to virtual network policies and designs.
Public and Hybrid Cloud Support | Amazon AWS The path-oriented focus that Forward Networks provides is natural to extend to AWS hybrid cloud environments. Having the same visibility and policy verification for the cloud component of your infrastructure greatly accelerates adoption of hybrid and public cloud projects and simplifies network operations.
Imagine if instead of a “black box” subnet view, each virtual network devices could be represented as an extension of your physical infrastructure on an always up-to-date topology diagram. This includes the ability to analyze and verify the end-to- end path behaviors flowing from any on-premises devices all the way through to any cloud workload.
With support for Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS), Forward Networks extends network verification and analysis to the public cloud and hybrid cloud environments. Forward Enterprise provides the ability to define and verify end-to-end policies for security and connectivity through on-premises networks all the way through AWS in a single consistent view and topology map. You even have full visibility to networking behavior extending into multiple VPCs.
� view of an ��� �irtual �rivate �loud in Forward Enterprise allows end�to�end path visibility and analysis for hybrid cloud infrastructure�
Cisco ACI Support Cisco ACI allows customers to define policies by assigning applications to security groups, called end-point groups (EPGs). Forward Enterprise verifies EPG policies and how they are translated to VLANs to affect traffic flows and access permissions. Forward Enterprise can then go on to compare the resulting behavior to network intent and see if there are any deviations or policy violations that should be addressed.
Forward Enterprise Data Sheet 4 Behavior Diffs Forward Enterprise takes and saves snapshots of network configurations, topology and device state at numerous points in time. Not only does this provide an ideal historical record of network behavior and compliance at any point in time, but Forward Enterprise allows comparisons of behavior between any two snapshots for further diagnostics and troubleshooting purposes.
Want to compare network configurations back to a previous Forward Enterprise shows diffs between two network week before an issue arose? snapshots, showing newly Forward Enterprise can quickly created and removed links in the topology� compare snapshots and isolate changes that could cause the incorrect behavior. Device Inventory Management Forward Enterprise automatically and Topology Management tracks network topologies, as well Forward Networks provides an as device configurations and ideal solution for managing and inventory lists over time� documenting network topologies, device configurations and inventory over time. The snapshots of network designs are archived for easy search and retrieval, including comparisons of changes between points in time. There’s no more wasted effort documenting changes or wondering if you are troubleshooting from the most accurate topology diagram.
Deployment Options Forward Enterprise can be deployed fully on-pemises or as a SaaS solution in the cloud. In both cases the latest security best practices are in place to protect customer’s sensitive data. on-premises deployment SaaS deployment requirements: network requirements: requirements: A machine (virtual or physical) with at least SSH must be configured and Forward Enterprise is deployed as a Virtual two dedicated cores and 4GB of RAM. working on the network devices Machine (VM-OVA format) for KVM and ESXi Supported Operating Systems:Ubuntu Linux from which the Forward Collector environments. The deployment requires the (14.04 and 16.04), Apple OS X (10.12), and will collect data following resources: Windows 7 (or later versions). The OS instance on which the ++ Cores: 16 ++ The machine must be able to access the Forward Collector is installed https://fwd.app webpage via HTTPS. must have IP and SSH port ++ RAM: 64 GB of reserved memory. Performance reachability to the network may improve with more memory availability, ++ The user must have admin privileges on devices, either directly, or via a but only when individual snapshots are large. the machine. jump server. ++ Disk: 250 GB of disk. The amount of disk ++ The latest versions of Chrome or Firefox consumed will depend on the number of are required to access the Forward historical snapshots to be stored, as well as Enterprise UI. the size of each one.
Forward Enterprise Data Sheet 5 SUPPORTED VENDORS AND DEVICES Forward Enterprise supports over 456 device types and more than 1479 OS verisons, including:
++ A10 Networks ++ Citrix ++ Juniper Networks
++ AVI Networks ++ Cumulus Networks ++ Palo Alto Networks
++ Arista Networks ++ F5 Networks ++ Pica8
++ CheckPoint ++ Fortinet ++ Symantec Blue Coat
++ Cisco Systems ++ HPE ++ VMware
Please contact us at [email protected] for more details about supported devices and vendors.
ABOUT FORWARD NETWORKS
Forward Networks’ mission is to de-risk and accelerate network operations, by increasing efficiency, reducing outages and verifying network intent. Built on a series of breakthrough algorithms, the Forward Platform provides enhanced network visibility, policy verification and change modeling for legacy, SDN or hybrid environments.
Forward Networks is headquartered in Palo Alto, California, and funded by top-tier investors, including Andreessen Horowitz, DFJ, A.Capital, SV Angel, and several luminaries in the networking and systems space.
CONTACT US
www.forwardnetworks.com
@fwdnetworks
facebook.com/forwardnetworks/
Forward Enterprise Data Sheet 6