Global Edge Deployment Overview

Cloud Secure Edge's Global Edge Network contains Points of Presence (PoPs), which are hosted and managed Access Tiers provisioned in various selected geographic locations. Points of Presence can be distinguished from Access Tiers in a Private Edge deployment, which are self-hosted and self-managed.

A high-level architecture diagram is shown below.

The diagram highlights the following concepts:

1. Points of Presence are provisioned in locations around the world, using our edge infrastructure provider; the specific number of locations varies based on your organization's needs.

2. A Connector is deployed in the customer network, and it dials out to establish a secure encrypted tunnel with one or more PoPs in the Global Edge Network.

3. CSE allocates a unique Org Domain - of the form {orgname}.banyanops.com - for every organization that is provisioned in the Global Edge Network. The Org Domain resolves via Public DNS (which is configured using geo-proximity routing) to your organization's PoPs in the Global Edge Network.

4. Admins publish CSE services for their end users; service domain names will resolve to the network IP address of the nearest PoP.

5. A user or program running on a device will make a request to a service by using its fully qualified domain name, e.g., wiki.exampleorg.sonicwallcse.com.

6. The PoPs in the Global Edge Network can address the upstream (i.e., backend) service instance by IP address or by name, via the encrypted tunnel that has been set up with the Connector.

7. The PoPs in the Global Edge Network are connected to the Cloud Command Center to receive the security policy it needs to enforce and to report on access events.