SD-WAN Orchestrator MEA simplifies the configuration of an SD-WAN network by automating tasks and making some decisions for you. It is ideal for a multi-region enterprise network, where hub and edge devices interconnect to create a complex mesh of underlays and VPN overlays. SD-WAN Orchestrator MEA automates the configuration based on profiles that you define for hub and edge devices, allowing you to scale your SD-WAN deployment with ease.
This section describes what components contribute to the automation and when the automation occurs.
The first step is to create the following shared resources for SD-WAN Orchestrator MEA to use for its automation:
- Profile for primary hub devices
- Profile for secondary hub devices, if using
- Profile for edge devices
- Region for hub and edge devices
When you add a FortiGate device to SD-WAN Orchestrator MEA, you specify whether it is a primary hub device, secondary hub device, or an edge device by selecting a profile, and you specify its region by selecting a region. SD-WAN Orchestrator MEA uses this information to automatically perform the following tasks:
- Create full-mesh overlay links between all hub devices
- Create VPN tunnels between hub and edge devices in the same region
- Apply policy templates for SD-WAN from the profiles
After you install the configuration to FortiGate devices, you can monitor the SD-WAN network by using the Monitor tab in SD-WAN Orchestrator MEA. On the Monitor tab, you have real-time visibility across regions, and you can view network performance.
Another way to use automation is zero-touch provisioning. With zero-touch provisioning, you can add a model device to SD-WAN Orchestrator MEA where you specify the profile and region and what action to take when the device first comes online. For example, you can set up the model device to automatically retrieve and install the configuration and upgrade to the accepted firmware version before automatically joining the overlay mesh of the SD-WAN network. Alternately with zero-touch provisioning, you can allow administrators to approve the device when it first comes online before it automatically joins the SD-WAN network.