Prisma SD-WAN: Unified Management and Flexible Licensing for MSPs

Branch transformation is well underway, driven by new hybrid work and digital transformation initiatives. Enterprises are fundamentally changing branch sites, leveraging them as collaboration hubs rather than primary places of work, while retailers are transforming the way they engage in-store with their customers. While these trends are fueling the demand for SD-WAN and secure access service edge (SASE), most organizations are looking at their Managed Service Providers (MSPs) to help them get these projects online faster, from initial design to deployment to full-time operation and management.

MSPs however can struggle to meet their customers’ requirements when dealing with solutions that cobble together disjointed networking and security products. Performance, visibility, and ease of integration with existing operations and business support systems are some of the key differentiators MSPs need. This is why earlier this year, Palo Alto Networks introduced Prisma SASE for MSPs, which provides a scalable multi-tenant cloud management portal solution for MSPs to fast track their enterprise digital transformation with managed SASE services. This portal, in addition to powerful open APIs and flexible licensing models, empowers MSPs with all the right tools to deliver and manage their customers’ SASE projects in a cost effective manner.

With SD-WAN being a core functional pillar of SASE, we have also recently introduced new capabilities in Prisma SD-WAN, specifically designed to help MSPs enhance their managed services with more comprehensive, integrated security and networking services to meet a wide variety of customer needs.

Empowering MSPs with Complete Visibility of Managed SD-WAN Services

One of the most common challenges MSPs are facing is having to manage customers across multiple consoles. With limited functionality and lack of end-to-end visibility, troubleshooting network issues often requires manual data aggregation and correlation.

Prisma SASE for MSPs enables a “single pane of glass” for visibility and management. MSPs are able to centrally manage and monitor all their managed tenants, and apply security policies across mobile users and enterprise networks, including data centers, headquarters, branch and retail locations.

Furthermore, the comprehensive SD-WAN dashboard presents an aggregate network connectivity view that allows MSP admins to get the high-level status of all their managed tenants in a single summary page and monitor the health of their networks.

This dashboard includes key capabilities such us:

• Ability to filter per managed tenant to display network insights for any user-selected customer in a single-tenant view.
• Aggregated views of open alarms across all tenants, branch and link health metrics.
• Short list of top tenants with open alarms and link issues.

Overall, the dashboard provides MSPs with complete visibility and actionable insights to help monitor and act upon alarms or network performance issues, allowing them to meet service level agreements (SLAs) for an optimal end user experience.

Streamlining Management Operations for MSP Administrators

A key benefit of the multi-tenant cloud management portal for Prisma SASE is the common management interface that enables administrators to activate service subscriptions and licenses, manage tenant hierarchies, and configure user permissions, roles, and access control in a seamless manner.

Through the common services interface administrators can perform the following operations:

• Service Subscriptions supports per tenant license management, aggregate views of all licenses and add-ons, and license consumption across all managed tenants.
• Tenancy Management enables the creation and management of a hierarchy of business organizations (tenants) that are associated with authorized service subscriptions and SD-WAN devices.
• Identity and Access Management (IAM) provides a common interface for managing access to tenants through granular role-based access control (RBAC) and setting roles and permissions for predefined or custom roles for network and security operations teams.

These common services functionalities are natively integrated with enhanced onboarding workflows, allowing users to create a tenant hierarchy or select from an existing tenant before assigning product licenses and subscriptions to their customers.

Flexible Services Models for a Hybrid Workforce

Last but not least, we continue to enhance and expand our licensing models with new options that bring additional flexibility and opportunities for service differentiation to our partners.

With the recently launched bandwidth licensing-on-demand, businesses and MSPs have the option to purchase SD-WAN bandwidth as an aggregate pool of Mbps units, that can be automatically allocated to branches where and when it’s needed, to meet the evolving requirements of a hybrid workforce. This new consumption-based licensing model provides customers with additional flexibility when performing site upgrades or adding new branches to accommodate increased traffic, workforce growth or site expansion. MSPs can leverage bandwidth on-demand to introduce new flexible licensing models for their customers.

We are also addressing small and midsize businesses use cases. MSPs and enterprises that need an aggregation hub for deployments with a small number of branch sites will have the choice of using a smaller form factor Prisma SD-WAN physical or virtual appliance with a data center software subscription.

For more detailed information on Prisma SASE for MSPs, read our Prisma SASE for MSPs At a Glance.