Simplify Multicloud Connectivity with Prisma SD-WAN and Google Cloud

Jul 13, 2021
4 minutes

Enterprise’s multi-cloud adoption is on the rise. As a result, organizations need a networking solution to provide secure access to the cloud. If you have missed it, we recently announced Prisma SD-WAN integration to Google Cloud that simplifies multi-cloud connectivity through Prisma SD-WAN CloudBlades API-based architecture.

Before this announcement, Prisma SD-WAN customers had two approaches to cloud connectivity. They could access applications and workloads in Google Cloud backhauled via their data centers directly connected to Google Interconnect gateways. The traffic hair pinned through these data centers introduced significant delays impacting application performance, while manual operations added to the complexity of managing the cloud connections (Figure 1).

Traditional site to cloud connectivity model - traffic hair pinned through datacenters
Figure 1: Traditional site to cloud connectivity model - traffic hair pinned through datacenters


In the second approach, Prisma SD-WAN customers could extend the SD-WAN fabric to Google Cloud by deploying a single virtual Prisma SD-WAN Instant-On-Network device (vIONs) in Google Cloud (Figure 2). Prisma SD-WAN branch devices then connect to this vION using Prisma SD-WAN secure fabric. In this approach, the deployment of vIONs, configuring static routes on both vIONs and Google Cloud, and setting up VPC peering between workload VPC and vION “peering” port VPC is all done manually. While this works fine for smaller deployments, it significantly adds to the operational complexity for larger ones, mainly focusing on scale.

Site to cloud connectivity model with Prisma SD-WAN vION
Figure 2: Site to cloud connectivity model with Prisma SD-WAN vION


For larger deployments where scale is critical, Google Cloud recently introduced Network Connectivity Center (NCC) that allows turnkey integration with existing enterprise connectivity solutions such as SD-WAN at a higher route capacity and dynamic workload connectivity. Prisma SD-WAN customers can now leverage this capability along with Google’s global backbone to connect their on-premises sites to Google Cloud workloads seamlessly.

Prisma SD-WAN Google Cloud NCC Integration CloudBlade - A Fully Automated Approach

The flexibility of the Prisma SD-WAN CloudBlades platform and Google’s robust API support for NCC paved the way to develop a new CloudBlade, the Google Cloud NCC Integration CloudBlade.

Thanks to this newly developed CloudBlade, network administrators don’t need to worry about IPsec parameters, PSK management, BGP configuration, routing scale, or vION deployments. They simply need to express their intent in the CloudBlade configuration screen regarding which Google Cloud regions to extend the connectivity to, and optionally adjust the characteristics of the policies attached to the CloudGenix branch sites. For example, “I want to extend my Prisma SD-WAN fabric to these three Google Cloud regions” or “Users attempting to access each of the applications/prefixes hosted in Google Cloud should have this X path, Y QoS, and Z security policy applied.

Prisma SD-WAN to Google Cloud Integration
Figure 3: Prisma SD-WAN to Google Cloud Integration


The Google Cloud NCC attachment provides native integration with Prisma SD-WAN vIONs to simplify configuration and improve the overall scalability of the solution.

Additionally, with this integration, Prisma SD-WAN customers will benefit from high availability by automatically deploying a pair of virtual Prisma SD-WAN vIONs in Google Cloud per region specified; allowing customers to extend the SD-WAN fabric to the Google Cloud regions of interest.

An Intuitive Way to Connect

CloudBlades simplifies cloud connectivity across every branch site and region while supporting dynamic routing at scale with an intuitive workflow (Figure 4) that allows customers to automatically:

  • Deploy a pair of vIONs in the Google Cloud region(s) specified
  • Assign each pair of vIONs to a Prisma SD-WAN Data Center Site type for each region specified
  • Provision virtual NICs, dynamic routing to Google Cloud Router, and attachment to Network Connectivity Center
  • Activate the DC Site(s) to build the secure fabric link tunnels from branch offices to Google Cloud.

Automate Cloud Connectivity with CloudBlades
Figure 4: Automate Cloud Connectivity with CloudBlades


Since the CloudBlade platform is not tied to the controller and vION software releases, the Google Cloud NCC CloudBlade allows admins to commit updates to the configuration (e.g. add a new region). Additionally, admins are able to take advantage of future CloudBlade features without forcing a planned outage in the branch or the cloud, thereby ensuring consistent and continued connectivity to the cloud.

Enterprise Connectivity Simplified

Cloud adoption is skyrocketing, with organizations consuming more and more cloud applications and moving workloads to the cloud. They have realized their traditional WAN architecture limits their cloud journey while legacy SD-WAN solutions lack critical capabilities to simplify and automate their branch-to-cloud connections. They need a robust SD-WAN solution like the one provided by Prisma SD-WAN that is application-defined, autonomous, and cloud-delivered.

Prisma SD-WAN integration with Google Cloud further automates and simplifies cloud connectivity while extending SD-WAN capabilities to the cloud, including enhanced application visibility, traffic steering, and ease of troubleshooting to reduce costs and operational complexity.

For more information on Prisma SD-WAN and Google Cloud integration benefits, read our solution brief or register for our "Simplify Enterprise Connectivity with Prisma SD-WAN and Google Cloud" webinar.

Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.