...
7) Why not just use WireGuard or OpenVPN
The WireGuard and OpenVPN allows clients to communicate through their servers which resides in the cloud side. Normally all the endpoints share the same IP subnet in the VPN. All the endpoints of this VPN can talk to each other (if the server does not set limitations). The procedure to setup something for a user laptop to access the edge-node and it's applications is like this:
- run wireguard, and generate private/public keys on device behind firewall
- run wireguard, and generate private/public keys on the user's laptop
- add entry on the wireguard server configuration file for the peers of the new device and the laptop, which include the public keys, internal VPN IP addresses, etc.
- setup routing on the device, the laptop and also on the wireguard server (if the traffic endpoints is not part of the VPN subnet)
- may need to open up a new firewall rule for this wireguard server (UDP packets) on the device side
- make sure the security, address allocation and routing among multiple sessions and multiple enterprises do not have issues
- make sure the server redundancy works
If one is going to automate the above list, it actually is an implementation of a SD-WAN.
While for EdgeView, from device controller just need to click one button to start the EdgeView on the device, it also creates a EdgeView client script to be ready to run on the user's laptop. There is no need to program another server configuration for the IP addresses and public keys. There is no routing needs to be setup, and also there is no VPN IP address allocation issues.
8) Does EdgeView use IP overlay
...