📘 Case Study

Multi-Tenant SD-WAN Fabric with Azure Cloud, On-Premise, and Palo Alto NGFW (Multi-vSYS)

👤 Client Profile

A multi-regional enterprise supporting multiple business units, each requiring isolated WAN connectivity, secure Azure access, and centralized hybrid infrastructure across Equinix data centers and remote sites.

⚠️ Challenges

• Required true multi-tenant SD-WAN segmentation across business units with independent routing domains (VRFs)
• Needed centralized firewall inspection across WAN and cloud traffic flows
• Sought regionally optimized connectivity into Azure using ExpressRoute
• Demanded scalable security policies per tenant without compromising performance
• Required seamless integration with legacy MPLS infrastructure and Cisco LAN switching
• Wanted automation-driven provisioning to accelerate branch turn-ups and reduce manual effort

Solutions Delivered

• Designed and deployed SilverPeak (Aruba) SD-WAN overlay fabric using application-aware routing and dynamic path control
• Established per-tenant VRFs across WAN and cloud for full routing isolation and policy control
• Deployed regional SD-WAN hubs at Equinix and integrated with Azure VWAN across regions via 100G ExpressRoute circuits
• Implemented Palo Alto 5460 (Equinix) and 3K/5K (remote sites) firewalls using multi-vSYS for tenant-level segmentation and centralized security
• Integrated Cisco ASR 1000 routers for MPLS handoff and Cisco Catalyst 9Ks for LAN switching
• Built SD-WAN Orchestrator templates and template groups for consistent configuration and provisioning
• Automated deployment using Terraform and Ansible/Jinja2 to ensure repeatability and speed

🚀 Results & Impact

🏢 Delivered full multi-tenancy via VRF segmentation and Palo Alto multi-vSYS firewalling
🚦 Enabled intelligent, app-aware traffic routing with dynamic path control and overlay labels
🧱 Built scalable SD-WAN config templates using SilverPeak EdgeConnect Template Builder
☁️ Provisioned 100G ExpressRoute links for high-performance, regionally routed Azure access
Reduced branch deployment time by 70% using automation and orchestrator-driven policy rollout
🛡️ Enhanced cloud security posture through centralized, per-tenant traffic inspection
🔗 Integrated SD-WAN with MPLS and legacy WAN, preserving compatibility while enabling modernization

🛠️ Technologies Used

SD-WAN Fabric: SilverPeak / Aruba EdgeConnect – Overlays, Application-Aware Routing, Dynamic Path Control
Cloud Integration: Azure VWAN, Azure ExpressRoute
Security & Firewalling: Palo Alto NGFW (5460, 5000, 3000 Series) – Multi-vSYS
Routing & Switching: Cisco ASR 1000, Cisco Catalyst 9K
Automation & Infra-as-Code: SD-WAN Orchestrator, Terraform, Ansible, Jinja2
Data Center Interconnect: Equinix Fabric

Azure Hybrid Cloud via VPN - Page 18.jpeg
SDWAN DC HUB SITE - MULTI-VRF SDWAN (1).jpeg
Previous

Hybrid SDWAN & WAN Modernization