What is the Nile Access Service?

ConnectivityLegacy shouldnetwork bemanagement securedis complex, reactive, and deliveredinhibits as simply as utilities like electricity. This is our foundational belief,security and underpinsscalability. everythingNile wedelivers createa atcloud-native Nile.platform that simplifies connectivity, enforces zero-trust principles, and ensures optimal user experience.

Nile providesdelivers wired and wireless connectivity as a service.service within a cloud-native platform. In this documentdocument, wewe'll will introduceexplore the architecture and functionsfeatures of the Nile Access Service, concludingalong with howits itdeployment ismodel deployed in awithin modern enterprise network.networks.

A typical network consists of user and devices connecting via wired or wireless at the access layer. Upstream to the access is the core router and/or firewall which connects to the Internet. Nile focuses on providing Network as a Service for all wired and wireless users and devices.

Nile is not an MSP. We provide connectivity infrastructure in the same way Amazon, Google and Microsoft provide cloud compute. You configure the system to deliver services required, and Nile ensures the underlying infrastructure provides the necessary capacity and reliability.

The Nile Access Service is delivered by combining modern cloud architecture with fully integrated hardware. The Nile Service Block (NSB) includes switching, APs and sensors. Which have all been developed in-house, to achieve our goal of bringing an Apple-like experience to the enterprise. 

There are a number of notable innovations that support the Nile Access Service;

• 'Outside Outside-In' approachApproach: toNile activeutilizes physical and virtual sensors for proactive monitoring, ensuring consistent end-user experience and rapid issue resolution.
• Redundancy by Default: Nile's architecture prioritizes redundancy at all layers, minimizing downtime and maintaining service monitoring.availability even during hardware failures.
• Redundancy By Default
• Layer 3, host Host-based segmentationSegmentation: Nile replaces traditional VLANs with Layer 3 segmentation, enhancing security and simplifying policy management.
• Campus Zero TrustTrust: Nile enforces granular access controls and micro-segmentation based on device identity, minimizing attack surface and lateral movement.
• Shared ResponsibilityResponsibility: Nile's cloud-delivered model provides a clear delineation of responsibilities, simplifying operations for IT teams.

Let's explore each of these in more detail. 

The 'Outside-In' Approach

OurNile goalsimplifies isnetwork to eliminate complexitymanagement and provideensures aoptimal simple,user scalable,experience andthrough secureproactive networkmonitoring. thatWe've doesn’t require manual configuration by humans. To ensure the service is always on, we have takendeployed an outside-in"Outside-In" approachapproach, usingutilizing physicalwall-mounted WiFi sensors and virtual sensors thatembedded arewithin deployedour acrossNSB theswitches. Nile networkAPs (includingalso AP’sfeature anda switches).dedicated monitoring radio, further enhancing our comprehensive data collection.

We call this the "outside-in approach" because of its simplicity and the ability to easily verify the Nile sensor data. These sensors monitorcontinuously measure critical performance metrics:

• Signal Strength: Guaranteeing consistent WiFi coverage for end-user devices.
• Network Availability: Alerting Nile systems of any network outages.
• Capacity: Verifying sufficient bandwidth to support user applications
• Coverage: Validating that the committed number of Nile APs are operational in each area.

This data-driven approach underpins our industry-leading SLAs. Unlike traditional network itself,monitoring asthat welloften asrelies on user-reported issues, Nile's "Outside-In" method proactively identifies and resolves potential problems before they significantly impact the DHCP,end-user RADIUS,experience.

Internet,

Additionally, DNS,Nile's reporting tools are a fundamental tool in planning future capacity and applications,coverage towith identifyyour anyteam.

issues that can cause end-to-end service interruption. 

The Nile network is guaranteed to be always-on and backed financially if SLAs are not met.

Nile SLAs

FollowingNile stands apart from traditional connectivity providers with financially-backed SLAs that guarantee network reliability and a 99.5% uptime commitment. We proactively monitor the following metrics for every building on a per-minute basis:

• Availability: Ensuring Nile network components are theoperational SLAsand Nile commits to:

  Availability:The goal of this SLA isaccessible to ensureusers.

Nile
• Coverage: isGuaranteeing available for end users/devices. Ourstrong WiFi sensors probe the NSB every minute to ensure it is available. If the probes fail, Nile is in violation for that minute.

  Coverage:The goal of this SLA is to confirm every sensor reports a five barssignal (-67dbm signal67dBm or better), everythroughout minute.the covered areas.

• Capacity: Verifying sufficient bandwidth to support user demand and applications.

Our proactive monitoring allows us to alert you of potential issues before they significantly impact your users. If a singleviolation sensorof doesour not99.5% receiveSLA this signal level,occurs, Nile isprovides infinancial violationcredits, fordemonstrating thatour minute.

commitment

Capacity:to Theexceptional goalservice. ofWe thiscalculate SLA iscompliance to verify that the committed number of Nile APs are functioning across a floor. If the committed number is not met, Nile is in violation for that minute.

Nile commits to SLAsmonthly, per building, monthlybased .on The SLA is calculated as athe percentage of the time Nile meets the SLAabove threshold.thresholds.

Nile

[INSERT calculatesIMAGE all of the violation minutes reported by all sensors in a building to measure the percentage of time that Nile meetsOF SLA commitments. Unique to the industry, if we fall short on our commitment we provide financial credits back to you.

Our wall pluggable, WiFi physical sensors, and each AP’s 3rd radio sensor monitor the Nile Service Block every minute to measure availability, coverage, and capacity of the network. If an issue with Nile disrupts service, this will be reflected in the Nile tile,directly affecting our committed SLA.

We built redundancy into every aspect of the Nile Service Block (APs and switches), therefore as an admin, you don't have to worry if an AP or a link is down, but rather if service is impacted. Service availability is truly reflected by these metrics that are continuously running.REPORT]

[JR: I need to understand core/context in greater detail, and where it should fit in this doc?] Core: Core is basically what Nile offers, Secure Wireless and Wired connectivity as a service. Context: Context is the infrastructure that supports the Nile Access Service, these include the Internet, DHCP, DNS , Radius, device and applications

Redundancy

Nile's ByHigh-Availability Default

Architecture

OneNile's ofarchitecture theis waysdesigned ourto SLAensure commitmentsmaximum areuptime deliveredand byminimize buildingservice disruptions. We achieve this through built-in redundancy andat capacityevery throughoutlayer of the Nile Service Block.Block:

Distribution

• Distribution: Nile Distribution switches arefeature alwaysredundant deployed with full redundancyconnections to your upstream route/security,network (routers/firewalls) and downstream to Nile Access Switches, andSwitches. OSPF isdynamically used throughout to automatically managemanages path redundancy.failover, Aensuring continuous connectivity even if a hardware failurecomponent of a Nile Distribution switch is never service interrupting. (Capacity)
  fails.

  Access

• Access: Two Nile Access switches are deployed per floor, coupled with a "Salt & PepperPepper" Wi-FiWiFi deployment.configuration. In the event ofIf a hardwareswitch failurefails, Wi-FiWiFi coverage isremains unaffected, and only half of your wired ports are offline.impacted. UpstreamOSPF ensures upstream path redundancy is also automatically managed using OSPF. (capacity)
  redundancy.

  Host

This proactive focus on high availability underpins our SLAs and allows IT teams to focus on delivering an exceptional user experience instead of troubleshooting outages.

Host-Based Segmentation

VirtualNile segmentationsimplifies ofnetwork physicalmanagement networksand hasenhances changedsecurity littleby sincereplacing 1998 whentraditional VLANs were first described by the IEEE 802.1q standard. We have now reached a point where traditional Layer 2 trunk and access port configurations do not meet the security and operational needs of modern enterprise networks.

The Nile Access Service useswith Layer 3 hosthost-based segmentation. This approach enables granular access control, micro-segmentation, and a streamlined operational model.

• Flexible Assignment: Nile dynamically assigns segments to devices based segmentationon MAC address and device fingerprinting. Unidentified devices can be automatically isolated or placed into a restricted "guest" segment for allfurther wiredreview, andenhancing wirelesssecurity access,posture.

  allowing
upstream

• Centralized Policy Enforcement: Nile integrates with security appliances like Fortinet, Palo Alto, and cloud-based services like zScaler,ZScaler, enabling centralized policy definition and enforcement based on segment membership.

• Operational Simplicity: With Nile, there's no need to centrallyconfigure enforceVLANs trafficon andindividual securityswitch policy.

  ports.

  What are Nile Segments?

  Segments are adefined and managed globally through Nile's cloud-based platform, significantly reducing configuration complexity.

• Dynamic Routing: Nile constructAccess operatingServices atutilizes LayerOSPF 3for ofefficient the ISO model. Rather than defining an SSID to be on VLAN 2 we define the SSID to be a segment. Internally, a Segment maps to a subnet rather than a VLAN. This gives Nile the flexibility to map usersrouting and devicesfailover, toensuring segmentsnetwork rather than configure ports with VLANs. In the Nile world there is no port level config on a switch. When a device plugs in it is assigned a segmentresilience and getspolicy anconsistency.

  IP
from

the subnet that was mapped to that segment

Segments within the Nile Access Service are globalglobally construct.defined, Forallowing exampleconsistent ifpolicy youenforcement haveacross threemultiple sites,sites (SFO, BLRBLR, FRA, etc.). This eliminates the need to replicate VLAN configurations on every switch, significantly streamlining network management.  The segment-based model aligns with Zero Trust principles, enabling granular access control that follows users and FRA, you can create a segment called Employee and map it to all locations. Once configured, you can define a subnet per geographic location. Segments will follow the user or devicedevices regardless of physical location, versus being tied to atheir physical port.

Imagine a world without having to manage complex VLAN port configurations across your switched infrastructure, a world where  typographic mistakes in configuration files or command line are a thing of the past, a world where Campus Zero Trust access is a reality.location.

The diagram below illustrates how this works for two devices in the same Layer 3 segment.

Campus Zero Trust

Nile's architecture incorporates Zero Trust principles to enhance security and simplify network management. This "never trust, always verify" approach minimizes the attack surface and reduces the risk of unauthorized access or lateral movement within your network.

• Flexible Authentication: Nile integrates seamlessly with existing NAC solutions and can leverage device fingerprinting and MAC authentication bypass for granular access control. Policies are dynamically assigned based on authentication methods, ensuring the principle of least privilege.

• Layer 3 Micro-Segmentation: Nile's Layer 3 segmentation isolates users, devices, and applications. This approach goes beyond traditional VLANs to provide enhanced security and flexibility, limiting the potential for lateral movement by attackers.

• Distributed Policy Enforcement: Access control policies are enforced consistently throughout the Nile Service Block. Nile can integrate with upstream firewalls and security services to dynamically apply policies based on evolving needs and threat conditions.

• AI-Powered Visibility: Nile's cloud-based reporting and AI-powered analytics provide deep visibility into network traffic and potential threats. This enables proactive threat detection and mitigation, minimizing risk within your environment.

Key Benefits

• Enhanced Security Posture: Nile's Zero Trust model significantly reduces the likelihood and impact of successful cyberattacks.

• Streamlined Operations: Granular segmentation simplifies policy management, improving operational efficiency.

• Adaptable to New Threats: AI-driven analytics and dynamic policy integration provide agility in responding to emerging threats.

Shared Responsibility

Nile simplifies network operations by providing a cloud-delivered connectivity solution. This model ensures optimal network performance and security through a clear division of responsibilities.

Nile's Responsibilities:

• Connectivity Infrastructure: Design, deployment, and continuous operation of the Nile Service Block (switches, APs, sensors).
• Platform Management: All software updates, feature releases, and configuration of the Nile cloud-based management platform.
• Reliable Connectivity: Ensuring Nile components adhere to the strict SLAs, guaranteeing network availability, coverage, and capacity.
• Proactive Monitoring: 24/7 visibility into Nile service health, with proactive issue resolution ensuring an exceptional user experience.

Customer Responsibilities

• Network Strategy: Customers provision their intent on top of our standard system design across campus and branch locations. This includes management of upstream security appliances (firewalls), WAN connectivity, NAC/SASE solutions, and DHCP infrastructure.
• Endpoint Security: Security solutions and policies on end-user devices remain within the customer's domain.

Collaborative Support

Nile provides comprehensive support for the Nile Access Service. In scenarios where issues might require coordination between Nile infrastructure and customer-managed components, clear communication channels and escalation processes enable rapid troubleshooting and problem resolution.

---

Nile Service Architecture

Overview

Nile Cloud Platform

Providing everything you need to order, deploy and manage Nile Services, the intuitive Nile Cloud Platform can be used in the native web ui or via API.

Nile Service Block Hardware

NSB hardware, deployed throughout your sites, serves as the common access layer for both wired and wireless users, along with devices such as surveillance cameras and printers. The physical components of NSB include WiFi 6E APs, Distribution and Access Switches. 

There are no local interfaces to NSB hardware. The Nile Cloud Platform manages all aspects - from ordering and provisioning to operation and monitoring.

NILE DASHBOARD IMAGE

How is a Nile Service deployed?