SD-WAN: An agile enabler of enterprise movement towards the cloud
By Wimpie van Rensburg, Country Manager for Sub Saharan Africa, at Riverbed Technology
Gone is the time where IT assets were limited to a handful of data centers. Gone is the time where users and applications were all bound by one unified MPLS network. Gone is the time where the enterprise perimeter was limited to a few centralized Internet breakouts. Today, businesses are increasingly mixing off-premises assets to their existing IT infrastructure. Many have moved commoditised workloads like collaboration (Office 365) to SaaS. Some are moving custom workloads tied to their critical business process to IaaS (in Amazon or Azure). Productive users are everywhere, on-premise but also on the road or at home. The Internet is becoming the backbone of enterprise communications.
As enterprises are becoming more hybrid, the shape of the network itself is dramatically changing. The underlying networks are getting more diverse in terms of performance and security. MPLS is now combined with the Internet using a variety of transports from DSL to fiber and even 4G/LTE. The network perimeter is getting more distributed. Branches are now directly connected to the Internet. On-premises assets are directly tied to off-premise assets to form hybrid cloud workloads. Users in the branch are connecting to off-premise applications and users at home are connecting to on-premise applications.
The traffic mix and the communication requirements are getting richer and more dynamic. Users adopt applications at a faster pace. HD Internet video can rapidly create contention even on fiber. Unified Communication and Collaboration (UCC) is dramatically increasing traffic variance and branch-to-branch flows.
The number of service providers involved in the network and connected assets is exploding. Enterprises are going from one network service provider to multiple, one or more for MPLS, plus one or more for the Internet. Just like network services, SaaS and IaaS services need to managed and monitored.
The network has never been so heterogeneous and distributed. The complexity of configuration and change management of network elements has never been so high. Architectures built for the network as it was 10 years ago are rapidly losing relevance.
- Managing multiple WAN paths is becoming crucial but existing path selection mechanisms are not aware of the applications and of the underlying network, they cannot efficiently manage/hide their diversity.
- With local Internet breakouts, the security perimeter is becoming distributed but existing solutions, including firewalls, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Advanced Threat Protection (APT) that were designed for central locations are too costly to be distributed in the branches.
- Re-creating both a consistent and efficient security perimeter between on-premise assets, off-premise assets, on-premise users and off-premise users is nearly impossible with existing VPN solutions.
- QoS that was already difficult to manage becomes a nightmare to manage. Static policies are not able to follow the dynamics of usage, the traffic matrix is more meshed and complex.
- While network performance can be controlled and optimized on-premise, guaranteeing performance for mobile users and/or off-premise applications is extremely challenging.
- Holistic visibility on the traffic and the network becomes a distributed problem and requires more instrumentation devices than ever.
- Managing SLAs delivered by the multiple network service providers is getting more complex. Visibility on the performance delivered by off-premise cloud service providers is a new problem without a practical solution.
Over the past few years, a novel architecture has emerged to solve similar problems at the data center level: Software Defined Networking (SDN). SDN provides multiple benefits that can be summarized by having a network that is able to support the most modern data center workloads and create Opex and Capex savings at the same time.
Today, vendors are emerging with solutions to deliver guaranteed application performance to the modern users and workloads of the hybrid enterprise, by applying the SDN principles to the WAN in the form of so called SD-WAN solutions. While the market for an SD-WAN solution begins to emerge, the requirements for an excellent SD-WAN solution appear clearly:
- Optimization capabilities for on-premise and Cloud based applications like Office 365 or Salesforce.com.
- A network and application aware path selection capability to direct traffic on the appropriate network (MPLS, Internet…).
- Dynamic tunneling with central control plane allowing secure backhauling of branch traffic to the corporate data center across the Internet.
- A simple interface to zScaler or other cloud-based security services enabling local Internet breakouts without requiring further investment in on-premise Internet security appliances.
- Inbound QoS to manage local Internet breakouts and protect business Internet against surges in recreational Internet.
- Deep and wide visibility on all assets interconnected by the SD-WAN with holistic visibility on network usage, performance and integration with end-user experience monitoring of on-premise and SaaS applications.
In addition, a proper SD-WAN central management console is one that marks the start of an era of dramatic improvement of manageability and usability of control capabilities. While some capabilities like optimization are praised for their ease of use, for years, control capabilities like QoS, path selection or VPN that the industry has delivered have been a nightmare to manage. Ideal SD-WAN management consoles expose to the users an intuitive interface and management plane based on high level abstractions like applications, sites, uplinks or networks that matches the way they see their IT environment. Ideal SD-WAN solutions shall rely on a control plane designed to support intent based configuration that provides a translation of global parameters into local policies.
Thanks to SD-WAN, customers should be able to implement new, more efficient, configuration and change management workflows that make hybrid-networking capabilities really usable. SD-WAN has the potential to deliver to the business, the performance and agility they need for business critical applications, while controlling and reducing network costs at the same time.