What is the Nile Access Service?
Legacy network management is complex, reactive, and inhibits security and scalability. Nile Access Service is a cloud-native platform that simplifies connectivity, enforces zero-trust principles, and ensures optimal user experience.
Nile delivers wired and wireless connectivity as a service within a cloud-native platform. In this document, we'll explore the architecture and features of the Nile Access Service, along with its deployment model within modern enterprise networks.
A typical network consists of user and devices connecting via wired or wireless at the access layer. Upstream to the access is the core router and/or firewall which connects to the Internet. Nile focuses on providing Network as a Service for all wired and wireless users and devices.
Nile is not an MSP. We provide connectivity infrastructure in the same way Amazon, Google and Microsoft provide cloud compute. You configure the system to deliver services required, and Nile ensures the underlying infrastructure provides the necessary capacity and reliability.
The Nile Access Service is delivered by combining modern cloud architecture with fully integrated hardware. The Nile Service Block (NSB) includes switching, APs and sensors. Which have all been developed in-house, to achieve our goal of bringing an Apple-like experience to the enterprise.
There are a number of notable innovations that support the Nile Access Service;
- 'Outside-In' Approach: Nile utilizes physical and virtual sensors for proactive monitoring, ensuring consistent end-user experience and rapid issue resolution.
- Redundancy by Default: Nile's architecture prioritizes redundancy at all layers, minimizing downtime and maintaining service availability even during hardware failures.
- Layer 3, Host-based Segmentation: Nile replaces traditional VLANs with Layer 3 segmentation, enhancing security and simplifying policy management.
- Campus Zero Trust: Nile enforces granular access controls and micro-segmentation based on device identity, minimizing attack surface and lateral movement.
- Shared Responsibility: Nile's cloud-delivered model provides a clear delineation of responsibilities, simplifying operations for IT teams.
Let's explore each of these in more detail.
The 'Outside-In' Approach
Nile simplifies network management and ensures optimal user experience through proactive monitoring. We've deployed an "Outside-In" approach, utilizing wall-mounted WiFi sensors and virtual sensors embedded within our NSB switches. Nile APs also feature a dedicated monitoring radio, further enhancing our comprehensive data collection.
These sensors continuously measure critical performance metrics:
- Signal Strength: Guaranteeing consistent WiFi coverage for end-user devices.
- Network Availability: Alerting Nile systems of any network outages.
- Capacity: Verifying sufficient bandwidth to support user applications
- Coverage: Validating that the committed number of Nile APs are operational in each area.
This data-driven approach underpins our industry-leading SLAs. Unlike traditional network monitoring that often relies on user-reported issues, Nile's "Outside-In" method proactively identifies and resolves potential problems before they significantly impact the end-user experience.
Additionally, Nile's reporting tools are a fundamental tool in planning future capacity and coverage with your team.
The Nile network is guaranteed to be always-on and backed financially if SLAs are not met.
Nile SLAs
Nile stands apart from traditional connectivity providers with financially-backed SLAs that guarantee network reliability and a 99.5% uptime commitment. We proactively monitor the following metrics for every building on a per-minute basis:
- Availability: Ensuring Nile network components are operational and accessible to users.
- Coverage: Guaranteeing strong WiFi signal (-67dBm or better) throughout the covered areas.
- Capacity: Verifying sufficient bandwidth to support user demand and applications.
Our proactive monitoring allows us to alert you of potential issues before they significantly impact your users. If a violation of our 99.5% SLA occurs, Nile provides financial credits, demonstrating our commitment to exceptional service. We calculate SLA compliance monthly, per building, based on the percentage of time Nile meets the above thresholds.
[INSERT IMAGE OF SLA REPORT]
[JR: I need to understand core/context in greater detail, and where it should fit in this doc?] Core: Core is basically what Nile offers, Secure Wireless and Wired connectivity as a service. Context: Context is the infrastructure that supports the Nile Access Service, these include the Internet, DHCP, DNS , Radius, device and applications
Nile's High-Availability Architecture
Nile's architecture is designed to ensure maximum uptime and minimize service disruptions. We achieve this through built-in redundancy at every layer of the Nile Service Block:
-
Distribution: Nile Distribution switches feature redundant connections to your upstream network (routers/firewalls) and downstream to Nile Access Switches. OSPF dynamically manages path failover, ensuring continuous connectivity even if a hardware component fails.
-
Access: Two Nile Access switches are deployed per floor, coupled with a "Salt & Pepper" WiFi configuration. If a switch fails, WiFi coverage remains unaffected, and only half of your wired ports are impacted. OSPF ensures upstream path redundancy.
This proactive focus on high availability underpins our SLAs and allows IT teams to focus on delivering an exceptional user experience instead of troubleshooting outages.
Learn more about the Nile Service Block.
Host-Based Segmentation
Nile simplifies network management and enhances security by replacing traditional VLANs with Layer 3 host-based segmentation. This approach enables granular access control, micro-segmentation, and a streamlined operational model.
-
Flexible Assignment: Nile dynamically assigns segments to devices based on MAC address and device fingerprinting. Unidentified devices can be automatically isolated or placed into a restricted "guest" segment for further review, enhancing security posture.
-
Centralized Policy Enforcement: Nile integrates with security appliances like Fortinet, Palo Alto, and cloud-based services like ZScaler, enabling centralized policy definition and enforcement based on segment membership.
-
Operational Simplicity: With Nile, there's no need to configure VLANs on individual switch ports. Segments are defined and managed globally through Nile's cloud-based platform, significantly reducing configuration complexity.
-
Dynamic Routing: Nile Access Services utilizes OSPF for efficient routing and failover, ensuring network resilience and policy consistency.
Segments within the Nile Access Service are globally defined, allowing consistent policy enforcement across multiple sites (SFO, BLR, FRA, etc.). This eliminates the need to replicate VLAN configurations on every switch, significantly streamlining network management. The segment-based model aligns with Zero Trust principles, enabling granular access control that follows users and devices regardless of their physical location.
The diagram below illustrates how this works for two devices in the same Layer 3 segment.
Learn more about Nile's host based segmentation.
Campus Zero Trust
Nile's architecture incorporates Zero Trust principles to enhance security and simplify network management. This "never trust, always verify" approach minimizes the attack surface and reduces the risk of unauthorized access or lateral movement within your network.
-
Flexible Authentication: Nile integrates seamlessly with existing NAC solutions and can leverage device fingerprinting and MAC authentication bypass for granular access control. Policies are dynamically assigned based on authentication methods, ensuring the principle of least privilege.
-
Layer 3 Micro-Segmentation: Nile's Layer 3 segmentation isolates users, devices, and applications. This approach goes beyond traditional VLANs to provide enhanced security and flexibility, limiting the potential for lateral movement by attackers.
-
Distributed Policy Enforcement: Access control policies are enforced consistently throughout the Nile Service Block. Nile can integrate with upstream firewalls and security services to dynamically apply policies based on evolving needs and threat conditions.
-
AI-Powered Visibility: Nile's cloud-based reporting and AI-powered analytics provide deep visibility into network traffic and potential threats. This enables proactive threat detection and mitigation, minimizing risk within your environment.
Key Benefits
-
Enhanced Security Posture: Nile's Zero Trust model significantly reduces the likelihood and impact of successful cyberattacks.
-
Streamlined Operations: Granular segmentation simplifies policy management, improving operational efficiency.
-
Adaptable to New Threats: AI-driven analytics and dynamic policy integration provide agility in responding to emerging threats.
Learn more about Campus Zero Trust.
Shared Responsibility
Nile simplifies network operations by providing a cloud-delivered connectivity solution. This model ensures optimal network performance and security through a clear division of responsibilities.
Nile's Responsibilities:
- Connectivity Infrastructure: Design, deployment, and continuous operation of the Nile Service Block (switches, APs, sensors).
- Platform Management: All software updates, feature releases, and configuration of the Nile cloud-based management platform.
- Reliable Connectivity: Ensuring Nile components adhere to the strict SLAs, guaranteeing network availability, coverage, and capacity.
- Proactive Monitoring: 24/7 visibility into Nile service health, with proactive issue resolution ensuring an exceptional user experience.
Customer Responsibilities
- Network Strategy: Customers provision their intent on top of our standard system design across campus and branch locations. This includes management of upstream security appliances (firewalls), WAN connectivity, NAC/SASE solutions, and DHCP infrastructure.
- Endpoint Security: Security solutions and policies on end-user devices remain within the customer's domain.
Collaborative Support
Nile provides comprehensive support for the Nile Access Service. In scenarios where issues might require coordination between Nile infrastructure and customer-managed components, clear communication channels and escalation processes enable rapid troubleshooting and problem resolution.
Our commitment to shared responsibility starts with planning your Nile Access Service deployment.