1. technology and computing

A Pertino Product Perspective
What is Pertino?
Introduction and Overview
What is Pertino?
A Pertino Product Perspective
Executive Summary
Network virtualization has enabled medium and large enterprises, carriers, and service providers to
optimize routing, deploy isolated networks, and scale faster at much lower costs. Pertino is leveraging
this technology, coupled with the horizontal replication and vertical scalability of SDN technologies, to
enable companies of all sizes to experience these benefits across their WAN.
The Pertino Cloud Network Engine is easy to deploy, requires minimal management overhead or
hardware costs, and lets IT departments focus on more pressing tasks that drive business.
Pertino’s belief is that customers must be able to
• Create secure, optimized cloud networks in minutes
• Add people and devices instantly
• Deploy network services on demand
• Realize significant cost savings
What is Pertino?
Pertino is an “always on” secure overlay network that leverages network virtualization, cloud, and SDN
technologies. It offers a very quick deployment model wherein VMs, servers, containers, desktops,
laptops, or mobile devices are easily networked with each other. There is no detailed configuration or set
up necessary, no hardware costs to manage, and LAN-like connectivity is provided to users everywhere.
Key Components
The Pertino Data Plane and Control Plane form the backbone of the Pertino Cloud Network Engine.
The Engine is composed of patent-pending software technology deployed within multiple top-tier data
centers around the world.
Once you specify a network, the Pertino Cloud Network Engine does the setup and configuration using a
proprietary algorithm to determine the optimal data center to host it. As a rule, Pertino allocates networks
in data centers within 30 milliseconds of most major population centers. Factors such as geography,
historical network behavior and capacity are considered to provide the best possible performance.
Customers can use a variety of device OS’s—iOS, Android, Windows, Mac, and Linux—to quickly connect
to the network. Clients connect to the Pertino Cloud Network Engine through the data and control
planes. The Control Plane allocates and addresses network resources, and separates and secures
tenants (where traffic is sent), while the Data Plane establishes, maintains, and isolates the network
communications for each tenant or customer (how traffic is sent).
2
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
Pertino then offers an Analytics Plane where specific network-related applications can be deployed.
The Analytics Plane consists of deep packet inspection technologies that interpret and translate network
traffic into meta-data about user and application behavior. Pertino leverages this meta-data to make sure
our Network Engine is delivering the fastest performance and availability to our customers. Moreover, the
Analytics Plane is instrumented via Pertino’s API so Pertino customers and partners can soon address
new markets and cloud use cases. Alternatively, you can also extend your Pertino deployment with
apps from our AppScape store. For example, apps such as NameStation or ADConnect, enable you to
integrate Pertino seamlessly into your infrastructure.
3
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
The Pertino Network Engine is controlled and managed by CloudScape, a uniquely easy-to-use web
console that makes it extremely easy to get up and running. You can build a network in minutes simply
by naming a network, and then adding people and devices. Ensuring people only access appropriate
resources is easy through an intuitive policy design, and you’ll get at-a-glance, real-time activity views
that make it easy to see what’s going on.
The result is a highly available, resilient, and secure overlay network that you can deploy in a matter of
minutes. And, Pertino makes it simple to manage and monitor.
A Typical Deployment
Administrators can set up a network using the Pertino Cloud Network Engine quickly and easily since
Pertino leverages the horizontal scalability of Infrastructure as a Service (on-demand provisioning of
Pertino cloud network virtual instances) and vertical scalability of Network Service Virtualization, or NSV
(dynamically adding more network resources).
In a typical deployment, the administrator begins by defining a new virtual network. This is essentially
the equivalent of deploying a layer 3 switch that supports up to 255 “ports” or connections in the Pertino
cloud. Any number of these switches can be spun up instantly to scale to thousands of endpoints. The
end-to-end configuration of each network takes less than a few minutes.
Once the network is defined, the administrator adds devices and users to the network. Users install a
client on their OS—Pertino supports iOS, Android, Windows, Mac, and Linux—or, the administrator can
authorize a device using machine authentication. In this latter case, devices (end user devices or IT
resources, such as servers) are added quickly and security is maintained as machine authentication can
restrict which networks certain devices can access.
It is important to note that each network instance is private—not shared—with its own virtual data-plane
and IP address space—and since many network attacks are address-based, this design effectively
“cloaks” Pertino networks and their users from numerous security threats.
Finally, administrators layer on additional services through AppScape applications like GeoView,
ADConnect or iOSConnect, or by writing their own custom applications. These are enabled through
Pertino’s API layer that is tightly coupled with the Analytics Plane. This latter component makes the
Pertino Cloud Network Engine a “pluggable platform” for additional, custom network services. This
means you can leverage your existing infrastructure and extend it with Pertino services and applications.
4
Copyright @ 2015, Pertino, Inc.
What is Pertino?
Administrator names
network. Pertino
spins up 255-port L3
switch in cloud.
12:00
A Pertino Product Perspective
Pertino's Data Plane
securely calls Control
Plane to allocate
network.
Pertino secures
network with PKI &
256-bit AES. Network
is allocated.
12:01
12:02
Data Plane
Administrator adds
devices to network,
invites users, adds
servers and VMs.
12:03
Users download on
preferred OS enabling
them to communicate
securely, be located
anywhere and be
more productive!
12:03
Administrator layers
on services:
• ADConnect
• GeoView
• Application Monitor
• Firewall, IDS, etc.
12:07
My Cool Network
Control Plane
Architectural Concepts
The Pertino Cloud Network Engine is a software-defined network (SDN) overlay. It seamlessly integrates
with existing traditional network equipment like routers and switches but requires very little management
and configuration. Inherent in a Pertino deployment are the following core network services:
• Discovery—automatic device discovery
• Addressing—address space schema, IPv4/IPv6 handling, DHCP, DNS, local name resolution, and
network address translation (NAT)
• Capacity—dynamic allocation of VPN tunnels, capacity and peak usage analysis, performance
optimization, and failover and redundancy
• Authentication—multi-factor, key management, certificate authority, and access control lists (ACLs)
• Security—address obfuscation, encryption, firewall, and DDoS prevention
And, because it’s an SDN network, it scales transparently by creating new network instances in minutes
and offers incredible resiliency because new compute resources can be brought online in seconds in
data centers around the world.
Pertino’s High Availability
The Pertino Cloud Network Engine is composed of VMs that are attached to a high-speed network fabric
in multiple data centers. Each data center is connected to the Internet backbone on redundant, multigigabit trunks spanning multiple carriers. This is accomplished via technology that overlays the data
5
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
center routing infrastructure with a virtual LAN-like network. Combining the elastic and redundant nature
of cloud computing with a multi-provider footprint ensures that communication remains seamless should
any single VM, data center, or cloud provider fail.
Once the network is identified, allocating resources can take as little as 60-90 seconds. This illustrates
the benefits of a software-defined network (SDN) where separating the control plane from the underlying
data plane simplifies the process of building a network and adapting it to the needs of specific users
and services.
Pertino Network Engine’s distributed data planes act as a real-time network sensor, constantly measuring
the uptime and performance of the underlying cloud data infrastructure. Pertino has the ability to
failover to a different virtual network within the same data center or to an entirely different data center
within seconds. This means that customer sessions remain up and running with optimal performance
regardless of data center location or provider. (Pertino works with AWS, Digital Ocean, SoftLayer, Google
Compute Engine, RackSpace, Joyent, Rimu, and Linode.)
Indeed, it is possible that this failover occurs within the sliding window timeframe that TCP/IP uses for
connection delay. Pertino’s “beat the stack” functionality means that communication within a virtual
network is seamless and a user’s application running over Pertino is unaffected by - and unaware of - any
reconfiguration or failover within or between data centers.
Control Plane
Encrypted Data Plane
6
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
Pertino’s Security
All Pertino networks are secured and isolated to ensure complete data integrity. Pertino implements
stringent security features to every customer’s deployment by integrating the following technologies in
one easy-to-deploy package:
• PKI: X.509 3-tier Certificate Authority using Elliptic Curve Cryptography
• Encryption: 256-bit AES
• Cloaked IP addressing
Pertino dynamically issues and re-issues certificates in encrypted formats to each client via our public
key infrastructure (PKI) based on custom application protocols. Each secure session is established using
Elliptic Curve session keys based on Diffie-Hellman Ephemeral (DHE) key exchanges that provide AES
256-bit encryption and perfect forward secrecy (PFS).
SSL tunnels secure traffic, keeping tenants separate. Combining the elastic and redundant nature of
cloud computing with a multi-provider footprint ensures that communication remains seamless should
any VM, data center, or cloud provider fail.
Pertino’s Network Service Virtualization (NSV)
Pertino’s NSV features make it possible to deliver secure network services on demand. By combining
the flexibility of an API with a “pluggable” architecture for networking services like switching and routing,
Pertino makes it possible to extend and leverage overlay network technology. Pertino offers several
applications today from our AppScape portal including GeoView and UsageMonitor, and will continue to
offer significant products like Firewalls, Content Filtering and Reporting in the future.
Clients
Clients
Control Plane
Distributed Data Plane
IP/DNS
DPI
NAT
NSV
Secure SSL Tunnel
7
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
Today, for example, GeoView Pro makes it possible to show a Street Level view of the Pertino-connected
devices in your network. This allows you to keep up with your network users as they travel, and track
lost or stolen devices and remove them from the network with a single click.
UsageMonitor displays the number of bytes transferred for each network, person, and device. You can
see “top talkers” and “top listeners” to determine who is consuming the most bandwidth. And you can
show daily and weekly traffic to provide usage reports to management.
Pertino’s API
Pertino’s planned API platform layer makes it possible to extend and leverage the features of Pertino’s
overlay network technology. The “pluggable” architecture offers unique possibilities to write your own
applications using Pertino member and device data, or integrate Pertino features into your application
infrastructure. This allows you to be more flexible in displaying network statistics, usage or data, or
deploying networks to mobile users, or integrating with your customers or partners.
For example, you could leverage the API to integrate Pertino’s Control Plane for network creation and
membership adds, moves and changes into your network infrastructure and management applications.
Service providers, in particular, do this to allocate networks for individual customers (and bill according
8
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
to size) while large enterprises do this for workgroups or silo’d business units that must remain separate
and secure from each other. Or, internet brokers and IaaS vendors can bundle Pertino’s Cloud Network
Engine as a service via the API and keep customers and partners secure and separate.
Pertino’s Analytics Plane makes it possible to extract numerous types of information about users and
their traffic patterns. Application vendors can pull specific usage metrics to provide value-added analytics
services on top of network data. Or customers could integrate that information into existing management
frameworks to facilitate coordinated workflows and/or decision-making.
Integrating Pertino with Existing WAN infrastructure
Traditional network equipment evolved to provide high availability, high security, power efficiency,
and lower costs to link users to applications and resources. But, increased demand for dispersed
application access and workload migration began to illustrate some limitations, such as virtual device
mobility and overlapping IP addressing across multiple tenants. Because Pertino is an overlay network,
it can seamlessly integrate with your existing routing and switching infrastructure, allowing you to fully
leverage your investment. At the same time, you take advantage of overlay benefits such as simplified
management, tenancy separation, and less restriction on geographic localization of specific resources.
Two key examples are indicative of how fast you can add users to your Pertino network. Because it is
an overlay network, Pertino does not require changes to your existing firewall configuration. Moreover,
for network owners who want remote user access to IT resources, but don’t want to run clients on those
resources, Pertino will be offering a solution to seamlessly allow remote access without additional
setup or configuration. So your existing WAN infrastructure is augmented and no significant changes
are needed.
Popular Uses
Since Pertino makes it easy to get users up and running quickly, numerous customers have deployed
Pertino for a variety of needs. Indeed, Pertino is deployed for 5,000 network switches and 30,000
endpoints in over 70 countries today.
Remote access
A logistics and trucking company works with numerous independent sales agents nationwide. Those
agents need to access the vendor’s network from any number of remote locations: coffee shops,
airports, or client sites. However, before Pertino, the agents were logging as many as 25 troubleshooting
calls per day because they couldn’t access the network and couldn’t do their job. When agents were
visiting client sites, a lot of their connections were being blocked by the client’s firewall.
9
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
Rather than deploying a traditional VPN with its attendant installation and deployment overhead, the
customer rolled out Pertino instead. They are using Pertino to support RDP behind the firewall and
terminal services. It is now their “go to” solution for any connectivity issues. And, the agents now log
zero calls.
Hybrid Cloud
An interesting use case implemented by a global consultancy and MSP illustrates the flexibility of
deploying the Pertino Cloud Network Engine. Their worldwide customer base needs VPN access to
resources the consultancy maintains. Customers were using standard VPNs, but the consultancy noticed
that it took an engineer 5-10 hours to configure the network and 30 minutes or so to deploy a client and
document it. The time needed to deploy, configure, and troubleshoot each VPN was expensive.
They noticed Pertino and now realize significant savings. The time to deploy a VPN for a customer has
gone from 6+ hours to 10 minutes and users stay connected no matter where they are. They have moved
from charging “engineer rates” to “technician rates” while increasing their visibility of their customers and
reducing troubleshooting time.
Virtual Private Cloud
Leveraging Pertino and Docker containers in combination can enable significant savings if your network
needs are bursty. In this particular case, a software vendor noticed that most of their software checkins
were taking place at the same time in the build cycle, saturating their limited resources and delaying
product ship dates. But rather than buy specialized hardware that might sit unused for a few weeks per
month, they decided to recruit cloud resources as needed to handle the additional load.
The customer isolated their intellectual property using Docker and then linked all the resources together,
whether they were located in the data center or the cloud, with Pertino. That way, checkins could occur
when needed and builds were not delayed because Pertino enabled cloud resources to be scaled up
to take over the additional, bursty load. And the customer didn’t need to buy $6,000 of hardware that
would go mostly unused.
Machine to Machine/Device to Business
A pharmaceutical services customer runs hundreds of headless Linux appliances and needs an easy
way to access them when problems arise. They also want to be able to move any solution out of their
infrastructure and into their data center, requiring a flexible solution. They previously used a custom
system that initiated a new connection whenever an appliance needed attention but did not allow
extensive flexibility—they needed to deploy a keyboard and monitor for each appliance, drastically
reducing the effectiveness and flexibility of the solution.
10
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
To rectify that situation, they initially deployed Pertino on a small portion of appliances, essentially
creating an overlay disaster recovery network. Given Pertino’s easy deployment model, they moved to
deploy it on all Linux appliances. They feel Pertino’s “always on” connectivity is a big improvement over
creating new connections to an appliance every time an issue comes up.
Ad Hoc Networks
One particular customer, a concert and entertainment vendor, chose Pertino for its pop-up ticketing
stations at remote venues. In their established environment, they had deployed VPN tunnels to handle
transactions. Every moment counts when you’re trying to get a show started and, unfortunately,
traditional VPNs are unforgiving regarding packet loss. As the bandwidth at each location is variable
and inconsistent, the customer’s service was often significantly delayed causing possible lost revenue.
Indeed, one venue had to provide a dedicated line at enormous cost to address the issue.
Pertino solved multiple problems for this customer: with its resilient architecture and “always on”
features, there is no loss of service connectivity due to disconnects or re-connects. Moreover, the
customer reported lower latency, zero dropped connections, and a reduced need for additional
bandwidth compared to their traditional VPN deployment. Going forward, they plan on expanding their
Pertino deployment into multiple networks to provide secure and resilient connectivity to their array of
consultants and global digital signage vendors.
Summary
Pertino’s overlay network technology and “always on” connectivity address many key topics facing IT
departments today. By enabling customers to quickly deploy, secure, and optimize flexible services
to their users, Pertino removes additional layers of management and troubleshooting over traditional
network topologies. Instead of taking days or weeks to roll out new services to local or remote users,
it is possible to get entire departments up and running in a matter of minutes wherever they are. There
is no ongoing configuration and no onsite equipment to maintain or troubleshoot. And that means IT
administrators can finally go home on time.
11
Copyright @ 2015, Pertino, Inc.
What is Pertino?
A Pertino Product Perspective
About Pertino
Pertino is a modern way to network designed for the mobile and cloud era—simple, secure and
delivered as a service. Mobile and cloud technologies are transforming IT, resulting in a hybrid IT model
where mobile workforces, cloud applications, and workloads are reliant on public Internet connectivity.
Our Cloud Network Engine enables any size business to build and manage a private cloud network
that overlays the public Internet, securely connecting people, devices and resources anywhere. With
AppScape, our network services app store, Pertino cloud networks can be extended with enterpriselevel visibility, security, and control services. This modern approach to networking combines the power
and pervasiveness of the cloud with SDN and virtualization technologies, eliminating the cost and
complexity of traditional hardware-based networks. Finally, a wide-area network that is cloud-agile and
works the way businesses work today without hardware, hassles, or high costs. Founded in 2011, Pertino
is venture funded by premier firms and headquartered in Los Gatos, Calif. For more information or to try
Pertino free, please visit pertino.com.
The Pertino Cloud Network Engine enables
any size business to build and manage a
private cloud network that overlays the public
Internet, securely connecting people,
devices and resources anywhere. Simple.
Secure. Software-defined. Visit pertino.com
to get started for free.
Contact Us
Pertino.com | 973 University Ave., Los Gatos, CA 95032
408-354.3900 | [email protected]
Try Pertino Free >
12
Copyright
@ 2015,
Pertino,
Inc.Inc.
Copyright
@ 2015,
Pertino,