AT&T SD-WAN Network Based service quick start guide After you order your AT&T SD-WAN Network Based service, you can: Create administrator accounts Log in to the SD-WAN orchestrator Configure business policy rules in the SD-WAN orchestrator This guide is meant for network administrators, network analysts, and IT administrators responsible for monitoring and managing network traffic for an enterprise business. For remote training support, see Business policy training support. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.
Contents AT&T SD-WAN Network Based service quick start guide...1 About the AT&T SD-WAN - Network Based service...4 Business policies...4 AT&T SD-WAN - Network Based service reporting...4 Get access to and the portal... 5 Register for... 5 Assign administrator credentials to the portal... 5 Log in to the SD-WAN orchestrator... 6 Locate the links to the portal... 6 Log in to the portal... 6 Business policy overview... 6 Use predefined business policy rules... 7 Add, edit, delete, or import business policy rules... 7 Add a business policy rule... 7 Edit a business policy rule...8 Delete a business policy rule...8 Import business policy rules...8 Customize your business policy rules... 9 Customize rules for a profile... 9 Create or customize rules for an edge... 9 Business policy rule examples... 10 File sharing business policy rule... 10 Business collaboration traffic rule... 11 Rule configuration reference... 12 Match settings... 12 Action settings... 13 Life cycle support... 15 Check order status... 15 Manage user accounts in the portal... 15 Create a user account... 15 Delete a user account... 15 Training and support... 16 AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 2
Business policy training support... 16 Technical support and troubleshooting steps... 16 Related resources... 16 AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 3
About the AT&T SD-WAN - Network Based service AT&T SD-WAN Network Based service uses software-defined technology with deep packet inspection to do these things for you: Identify application traffic Apply QoS (Quality of Service) Dynamically monitor path performance Direct application traffic to the best link or across multiple links Business policies The AT&T SD-WAN orchestrator (portal) lets you define and set business policy rules per application. The portal lets you activate virtual services with 1 click. For each specific application, you can define QoS and choose the link or links you want to use. You can leave the default policies in place or create custom policies that better fit your business needs. The portal provides 4 functions: Configuration of business policies Analytics collection Reporting Status and near real-time monitoring of your network AT&T SD-WAN - Network Based service reporting AT&T SD-WAN - Network Based service lets you see performance and operational characteristics of your service locations. You can monitor your edge WAN links and get usage data from network sources and traffic destinations. To access these monitoring functions, in the portal, in the left menu select Monitor > Edges, and then in the Edge column, click the edge you want to monitor. You can choose these performance monitoring reports in the portal: Overview Provides a site summary, including Internet service provider (ISP), link speed and performance, and a summary of bandwidth usage and top categories. QoE (Quality of Experience) Provides application service-level detail to measure the quality of connections for performance characteristics, such as latency, jitter, and packet loss. Transport Provides an overview of the bandwidth used across all wide area network (WAN) links. Applications Provides detailed usage of more than 2,500 applications. Sources Shows top sources along with details of the sources, such as IP address and operating system (OS). Destinations Shows network usage of network traffic, based on destination. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 4
Business Priority Shows bytes sent and received based on the priority of the traffic. Get access to and the portal You need to assign a primary and a secondary administrator for the portal. Administrators configure, monitor, and perform administrative activities in the portal. First, register user profiles in, and then assign portal access credentials to the administrators. Register for gives you highly secure and easy access online to information about your network, orders, account, and products. We sent an email to the contact provided for your company so they can activate (register) their Business Center user profile. For more information, see How to Activate your AT&T Business Center Account. After the contact person activates their user profile, they can then log in to Business Center. After the first administrator is logged in to Business Center, they can add other Business Center users and administrators. You can add user profiles for the people who need to access the portal, if they don t already have one, including the secondary administrator and others who ll manage policies in the portal. For more information about how to create Business Center users, see Create a user profile in Business Center. Assign administrator credentials to the portal After you order the AT&T SD-WAN Network Based service, you ll be contacted by an AT&T representative. You ll be asked to provide the names and email addresses of the primary and secondary administrators who plan to manage the AT&T SD-WAN - Network Based service. The administrators have full management capability of your AT&T SD-WAN account. This permission includes the ability to add and delete users, and reset user passwords in the portal. We ll send the primary and secondary administrators an email with a temporary login ID and password for the portal. If you can t find the email, have your primary or secondary administrator contact your assigned project implementation manager (PIM) for help. Whichever administrator signs in to the portal first needs to create a login ID and password for the primary administrator. The primary administrator can then log in to the portal and create login IDs and passwords for other administrators and users. For more information, see Manage user accounts in the portal. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 5
Log in to the SD-WAN orchestrator To log in to the portal for the first time, on the Business Center Network Inventory page find the link to the portal. Save the link as a bookmark so you can access the portal directly without the need to log in to Business Center. Note: To access the portal, you ll need a PC, laptop, or mobile device that s connected to any AT&T Virtual Private Network (AT&T VPN) site. Locate the links to the portal 1. Log in to as a company administrator. Note: For a good browser experience with Business Center, use Google Chrome. 2. Go to the Network Inventory page. In the top menu, click Manage > Network > View All Inventory. 3. On the left of the page, under Services, check AT&T FlexWare to show only the locations that have the AT&T FlexWare service (optional). 4. Expand the location, and then expand AT&T FlexWare. The primary and secondary links to your portal are shown under SD-WAN Orchestrator. 5. To access the portal, under Primary SD-WAN portal, click the link. If the primary portal doesn t respond, click the link under Secondary SD-WAN portal. The AT&T SD-WAN Orchestrator log in page appears. Note: Always try the primary link first. Log in to the portal Log in with the temporary ID and password that was emailed to you. Click Sign In. If you re the first person to log in to the portal, create login IDs and passwords for other administrators and users. For more information, see Manage user accounts in the portal. Business policy overview Business policies let you control the flow of traffic through a FlexWare device. You can define business policy rules based on match (either source, destination or application). You can then apply an action to that match. You can set business policies at the profile level or the edge (device) level. A business profile defines a standard configuration for 1 or more devices and defines a list of virtual local area networks (VLANs), cloud virtual private network (VPN) settings, and interface settings (wired and wireless). Edge configurations provide a complete group of settings you can assign to a location or to an edge device. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 6
Note: An edge configuration overrides settings or policies in the profile. Edge configurations inherit the settings of the business policy profiles. Use predefined business policy rules Your AT&T SD-WAN Network Based service comes with predefined business policy rules. More than 2,500 applications are already set in your default profile. The predefined configurations let you use your service without the need to set any additional policy settings. This picture shows the default settings for several application categories. Using this chart, you can see that the Microsoft Skype app (which is an audio/video application) has predefined rules set as normal priority and real-time traffic. High Normal Low Real Time Business Collaboration Audio/Video Transactional Remote Desktop, Business Application Infrastructure, Auth Management, Network Service, Tunneling and VPN Internet IM, Web, Proxies, Gaming, Media, Social Networking Bulk Default settings for various categories of applications Email File Sharing Peer to Peer Storage and Backup To learn how to customize your default business policy, see Customize your business policy. Add, edit, delete, or import business policy rules Business policy rules for profiles are inherited by edge profiles. Edge profile rules override profile rules. Add a business policy rule Edit a business policy rule Import business policy rules Delete a business policy rule Add a business policy rule 1. In the portal, in the left menu, click Configure, and then do 1 of these things: AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 7
To add an edge rule, in the left menu, click Edges. In the Edge column, click the edge you want to add a rule to. To add a profile rule, in the left menu, click Profiles. In the Name column, click the profile that you want to add a rule to. 2. On the Business Policy tab, on the right, click New Rule. The Configure Rule window opens. 3. In the Rule Name field, enter a name for the rule. 4. In the Match and Action sections, make the changes you want. For information about these settings, see Rule configuration reference. 5. Click OK. On the Business Policy page, at the top of the list, the new rule appears. 6. At the top of the page, on the right, click Save Changes. A success message appears. Edit a business policy rule 1. In the portal, in the left menu, click Configure, and then do 1 of these things: To edit an edge rule in the left menu, click Edges. In the Edge column, click the edge you want to edit a rule for. To edit a profile rule, in the left menu, click Profiles. In the Name column, click the profile that you want to edit a rule for. 2. On the Business Policy tab, in the Rule column, click the name of the rule you want to change. The Configure Rule window opens. 3. Make the changes you want. For information about these settings, see Rule configuration reference. 4. Click OK. 5. At the top of the page, on the right, click Save Changes. A success message appears. Delete a business policy rule 1. In the portal, in the left menu, click Configure, and then do 1 of these things: To delete a rule for an edge, in the left menu, click Edges. In the Edge column, click the name of the edge that has the rule you want to delete. To delete a rule for a profile, in the left menu click Profiles. In the Name column, click the name of the profile that has the rule you want to delete. 2. On the Business Policy tab, in the Rule column, check the box for each rule you want to delete. 3. On the right, click Actions, and then click Delete. 4. At the top of the page, on the right, click Save Changes. A success message appears. Import business policy rules 1. In the portal, in the left menu, click Configure, and then do 1 of these things: To import an edge rule, in the left menu, click Edges. In the Edge column, click the name of the edge you want to import a rule to. To import a profile rule, in the left menu, click Profiles. In the Name column, click the profile you want to import a rule to. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 8
2. On the Business Policy tab, on the right, click Actions, and then click Import. The Import Rules window opens. 3. In the Profile list, select the profile you want to import business policy rules from. 4. Do 1 of these things: To add the rules from the profile you selected, click Append Rules. To replace all the rules in the current profile with the rules from the profile you selected, click Replace Rules. 5. Click OK. 6. At the top of the page, on the right, click Save Changes. A success message appears. Customize your business policy rules You can customize your business policy rules for profiles and edges. You can have your AT&T SD-WAN Network Based service up and running in a matter of minutes. Customize rules for a profile 1. In the portal, in the left menu, click Configure, and then click Profiles. 2. In the Name column, click Quick Start VPN. 3. To see the current business policy rules for this profile, click the Business Policy tab. 4. In the Rule column, click the name of the rule you want to change. For example, the Skype rule. The Configure Rule window opens. 5. Make the changes you want. For information about these settings, see Rule configuration reference. 6. Click OK. The Business Policy page appears. 7. In the top right, click Save Changes. A success message appears. Note: These changes are inherited by all edges unless an edge rule overrides this profile rule. Create or customize rules for an edge You can set business profile rules on your edges. This customization lets you define a group of settings for a location or an edge device. You can define settings for interfaces, Wi-Fi radio, Domain Name System (DNS), authentication, and firewall. Note: An edge configuration for a location or device overrides policy settings in the profiles. 1. In the portal, in the left menu, click Configure, and then click Edges. The AT&T Edges page appears. 2. In the Edge column, click the edge you want to configure. 3. To see all the rules assigned to the edge you selected, click the Business Policy tab. This includes edge overrides rules and rules inherited from the profiles. Note: Setting business policies on an edge overrides rules set in the profile. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 9
4. Do 1 or both of these things: To change the settings on a rule, in the Rule column, click the rule. The Configure Rule window opens. To create an edge rule, click New Rule. The Configure Rule window opens. 5. Make the changes you want. For information about these settings, see Rule configuration reference. 6. Click OK. The Business Policy page appears. 7. In the top right, click Save Changes. A success message appears. Business policy rule examples File sharing business policy rule Business collaboration traffic rule File sharing business policy rule You can create a simple rule for file sharing. We ll create a rule on an edge and set the priority to Low and the service class to Bulk traffic. 1. In the portal, in the left menu, click Configure, and then click Edges. The AT&T Edges page appears. 2. In the Edge column, click the edge you want to add a rule to. 3. On the Business Policy tab, on the right, click New Rule. The Configure Rule window opens. 4. In the Rule Name field, enter File sharing. 5. In the Action section, complete these fields in order: Field Priority Network Service Service Class Selection Low Direct Bulk Selections for a file sharing business policy rule 6. Click OK. On the Business Policy page, at the top of the list, the new rule appears. 7. Drag the rule down to where you want it in the list. Note: Rules are applied in the order they appear on the Business Policy page. 8. In the top right, click Save Changes. A success message appears. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 10
Business collaboration traffic rule You can create a rule that lets business collaboration traffic use all available WAN links. For this rule, set these things: Packet loss and jitter limits High priority and real-time traffic Use public wired WAN links 1. In the portal, in the left menu, click Configure, and then click Edges. The AT&T Edges page appears. 2. In the Edge column, click the edge you want to add a rule to. 3. On the Business Policy tab, on the right, click New Rule. The Configure Rule window opens. 4. Click New Rule. The Configure Rule window opens. 5. In the Rule Name field, enter Business. 6. In the Action section, complete these fields in order: Field Priority Network Service Service Class Link Steering Transport Group Selection High Multipath Real-Time Transport Group Public Wired > Preferred Selections for a business collaboration traffic rule 7. Check the Error Correct Before Steering box, and then do these things: In the Loss (%) field, enter 2. In the Jitter (ms) field, enter 15. 8. In the NAT row, click Disabled. This picture shows these settings in the Actions section of the Configure Rule page. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 11
Settings for a business collaboration traffic rule shown in the Configure Rule window 9. Click OK. On the Business Policy page, at the top of the list, the rule appears. 10. On the top right, click Save Changes. A success message appears. Rule configuration reference We ll review some options you can set in the Configure Rule window when you create a rule or edit an existing one. Match settings In the Match section of the Configure Rule window, you can specify rules for network traffic based on: Traffic source Traffic destination Type of application that generated the traffic AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 12
Source settings To configure the Source setting, do 1 of these things: If you want this rule to apply to traffic from all sources, select Any. If you want to narrow the source traffic to 1 or any combination of these things select Define: VLAN IP address Port range Operating system Note: You can use (*.*.*.*) to accept all possible values for the IP address, and Ports fields. For non-sequential ports or IP addresses, create separate rules. Destination settings To set the Destination settings, do 1 of these things: If you want this rule to apply to traffic to any destination, select Any. To narrow the destination traffic to 1 or a combination of these things, select Define: IP address Hostname Protocol (GRE, ICMP, TCP, UDP) Ports Note: You can use the IP address or Hostname fields to specify a specific Internet or edge device. You can use (*.*.*.*) to accept all possible values for the IP address, and Ports fields. For non-sequential ports or IP addresses, create separate rules. Application settings To set the Application settings, in the Application row, click Define. Under Browse List, select the application type. Then on the right, select the specific application. Action settings Settings in the Action section of the Configure Rule window are filled in for you. But you can change settings for these things: Priority Network Service Link Steering NAT Service Class Note: Depending on the Match settings you choose, some actions may not be available. The following are some examples of the actions settings: AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 13
Priority settings You can set the Priority setting to High, Normal, or Low. You can also select the Rate Limit box and set the percentage of the link s bandwidth that can be used for inbound and outbound traffic. Network service settings You can set the Network Service to these things: Direct Traffic goes directly to the destination without passing through a gateway. This option is typically used for non-critical applications. Multi-Path Traffic goes to a Gateway. The gateway determines the multilink paths to use. Cloud-proxy Traffic is redirected to a cloud proxy. Internet Backhaul Internet traffic is redirected to a firewall or a custom site before it goes out to the Internet. Link steering settings You can choose any of these options for Link Steering: Auto The AT&T SD-WAN Network Based service determines how to do link steering. Transport Group WAN links are bundled based on these types of networks: Public Wired, Public Wireless, or Private Wired. The AT&T SD-WAN Network Based service detects all WAN carrier links by using GeoIP location. If you have 2 links, and you select the Public Wired option, both links are used to improve performance. Interface Associate the WAN link with a physical interface for link steering. WAN Link You can specify the type of WAN carrier. For example, AT&T MPLS Private Network Transport or Internet. These additional settings are available for the all link steering options except for Auto: Mandatory Traffic isn t steered to another link for any reason. Even if the link is down or when a better link is available. Preferred Traffic is sent to the second link if the second link is better than the current one, even if the current link isn t down. If you check the Error Correct Before Steering box, it checks for error corrections on the link (packet loss and jitter limits) before steering traffic to a better WAN link. Available Traffic is steered to another link if the current link is down. This direction applies to all link steering options (Auto, Transport Group, Interface, and WAN Link). NAT settings You can enable or disable network address translation (NAT). If you choose the Multi-path option for the Network Service setting, you can select the source and destination NAT IP addresses. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 14
Service Class settings You can set the Service Class to Real Time, Transactional, or Bulk. We recommend that you choose: Real Time for high-priority traffic Transactional for normal priority traffic Bulk for low-priority traffic. Note: Service class settings are typically used for custom applications. Life cycle support This section provides information about how to check your order status and manage users in the portal. Check order status You can view your order status in. For detailed instructions, see View your order status and details. Manage user accounts in the portal The primary and secondary administrator can create additional users with different user roles, as needed. Note: Only the primary administrator can reset user passwords. Create a user account 1. In the portal, in the left menu, click Administration, and then click Administrators. The Administrators page appears. 2. In the top right, click New Admin. The New Admin page appears. 3. Complete these fields in order. 4. Click Create. A success message appears. Delete a user account 1. In the portal, in the left menu, click Administration, and then click Administrators. The Administrators page appears. 2. Check the box for the users you want to delete. 3. In the top right, click Actions, and then click Delete Admin. The Are you sure you want to delete the selected item? message appears. 4. Click OK. The Admin Deleted message appears. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 15
Training and support You can get training and support to help you get up and running quickly. Business policy training support If you need help with business policies, you can get training with our specialists at no cost to you in 2 sessions (pre-installation and post-installation). The training includes a functionality review of the portal, reporting, managing users, and more. After you place your order for the AT&T SD-WAN Network Based service, a specialist will contact you to schedule your training sessions. To help you with your business policy configuration needs, you can get ongoing support at $109 per 45 minutes. Specialists are available Monday through Friday, 8 a.m. to 8 p.m. ET (excluding U.S. holidays). If you have questions about training, or if you d like to schedule support services, contact our support team at 866.951.9803. Technical support and troubleshooting steps If you think you have an issue with your circuit access, contact your access provider. If you experience issues with your AT&T SD-WAN service, first determine if the issue is due to an underlying network transport issue. 1. If you have 1 or more broadband connections, verify there are no WAN connectivity issues being registered by the modem or router that s provided by your ISP. For details, see the troubleshooting guides provided by your ISP (including AT&T), or contact your ISP customer service for assistance. 2. If you think the issue is with the AT&T SD-WAN service itself, troubleshoot the AT&T SD-WAN service, and then, if needed, create a trouble ticket. For more information, see AT&T SD-WAN - Network Based help and trouble ticket guide. For additional support, you can call the AT&T VPN fault management customer service center at 866.AVPNATT (866.287.6288). Select option 2 for technical support (24/7). Related resources For help viewing, managing, and paying your bills in Business Center, see Billing help topics. Customer Expectation Document for AT&T SD-WAN Network Based service AT&T SD-WAN - Network Based help and trouble ticket guide AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property. Page 16