IIT Kharagpur

Journeying from Enterprise WAN to a Secure and Automated Multicloud with SD-WAN – A Success Mantra for Enterprises

In the second part of the article series, we will analyse the trend of enterprises transforming their network environment from traditional WAN architectures to SD-WAN with multicloud.

In the second part of the article series, we will analyse the trend of enterprises transforming their network environment from traditional WAN architectures to SD-WAN with multicloud.

The first article in this series covered the state of legacy network architecture at organisations and the common challenges they face. And these challenges have limited their ability to perform and succeed in a digital-driven business environment. Addressing this critical business need, SD-WAN with multicloud has emerged as the new network sensation in the enterprise world.

According to Gartner, by 2020, more than 50% of customer premises equipment (CPE) refresh initiatives will be influenced by SD-WAN. Large enterprises will continue to leverage MPLS/VPN and integrate SD-WAN to improve business outcomes. Small to medium-sized businesses may choose that approach or employ a complete SD-WAN overlay approach.

For successful SD-WAN adoption, organisations must focus on addressing the below listed fundamental principles before disrupting the legacy architecture.

Hybrid WAN/Reduction in Capex

Today the SD-WAN provides a means for enterprises to manage the relationship of networking costs to benefits more efficiently than underservice provider contracts which are sometimes perceived as inflexible, longer-term and fixed-value, because capacity is effectively over-provisioned most of the time.  One of the ways it does this is by enabling enterprises to use broadband Internet services (i.e. local Internet breakout) as a cheaper alternative including 4G/LTE to the IP-MPLS and Ethernet circuits offered by service providers to carry some or even all of their WAN traffic. The SD-WAN connectivity is generally provided over a hybrid combination of the service provider’s networks and services (e.g. Ethernet and IP-MPLS) and overlays on the public internet.

SD-WAN from a hybrid combination of network platforms, public internet and broadband access links supports policy-driven, dynamic switching and prioritization of network traffic across different network domains, and also enables tighter integration between the SDN overlay and the network underlay. In addition, service provider networks tend nowadays to support dedicated, direct Internet breakout connections to leading public cloud providers, such as AWS or Microsoft Azure. This means that traffic going from the WAN to the public cloud does not need to be backhauled to the enterprise’s campus or private-cloud data centres before it is forwarded to the public clouds, bringing reductions in latency and costs. Zero-touch provisioning of WAN edge devices eliminates the need for on-site technicians to bring new sites online and to carry out further site visits to make configuration changes or corrections.

Unified Approach

To reduce complexity, from multiple devices for routing, security, load balancer SD-WAN provides a unified approach with a single customer premises equipment (CPE) appliance to replace the multiple edge devices at each site. Unifying networking and security in one device are assists simplicity. Furthermore, to cope with a sprawling site footprint and to simplify management of remote sites without expert network engineers, Finally, enterprises are increasingly adopting cloud-hosted solutions for SD-WAN   management–either as a software service or an end-to-end managed service which includes connectivity and CPE.

These solutions further aid with the simplification of tools, as they eliminate the need for enterprises to maintain centralized control software.

Assurance and Prioritization of Applications and Services

Enterprises want to give priority to more important apps, as appropriate. SD-WAN enables traffic prioritization with policies and monitoring to configure and detect service levels per application or even per user. More critical application traffic can be directed over links with guaranteed service levels, such as service provider IP-MPLS or ethernet; meanwhile, less critical traffic is routed across fixed or mobile broadband access and public Internet connections. By providing breakouts and gateways from the private WAN to the public Internet, SD-WAN can also enable direct connections from WAN sites to the public clouds hosting their applications and data. Such internet breakouts or gateways may be directly on the CPE devices or in SD-WAN routing hubs. This improves efficiency, lowers costs and reduces latency from having to backhaul all cloud-directed traffic to the private data centre and then on to the cloud services employed. SD-WAN platforms now provide dynamic, automatic adjustment of per-application routing and capacity across multiple, redundant hybrid WAN links and different connection types to ensure the availability of sufficient bandwidth for the higher-priority applications. Many SD-WAN solutions also provide failover links or link aggregation to assure service continuity in the event of network outages or capacity overloads.

Their ability to collect network data from the SD-WAN CPE device and provide metrics, analytics and reports provides network administrators with visibility into not just the remote WAN connections, but for some solutions they can also get visibility into the remote branch site LANs as well including the links.

Faster Deployment of Sites

SDN-based control and automated workflows across many devices are core to SD-WAN.  Going beyond a central point of management or cloud-based management, software-defined management truly means that new sites, connections can be provisioned and observed across the aggregation of WAN sites and devices. Thus, changes are possible within a few days or hours, where there is no need for uneven or device-by-device changes. SD-WAN gives engineers a holistic view of the network so that they can ensure compliance with existing policies, security, service levels, and application prioritization.

Unified Security

Security is important in all networking, but it is particularly essential for an Internet-connected, hybrid SD-WAN. Carrying more WAN traffic over the public Internet inherently creates potential vulnerabilities, while the multiplication of endpoints and Internet gateways expands the attack surface. So, in parallel to the deployment of the SD-WAN, there is a need to ensure an integrated, unified and comprehensive approach to security.  When deep security measures, such as next-generation firewalling (NGFW) and unified threat management (UTM), are provided as an integral part of an SD-WAN solution, this eliminates the complexity, network load and risks of adding a separate security layer on top of SD-WAN networking.

SD-WAN to SD-Branch -Next Step

Network and security policy management is not limited to the hybrid WAN overlay and private WAN underlays; it extends to the enterprise campus and branch LANs, WLAN or Wi-Fi networks, private clouds and data centres, and public clouds. The scope of some SD-WAN platforms is also being expanded to incorporate integrated management of the whole of the enterprise’s networking operations, including ‘SD-Branch’ and ‘SD-LAN’ alongside SD-WAN. The centralized capabilities of SD-WAN can provide a single pane of glass that enables comprehensive visibility and monitoring of application and network performance across the different network domains and technologies employed. SD-Branch clearly represents a natural evolution of SD-WAN whereby set-up, configuration and operation of the WAN as such is merged with the entire enterprise ICT management. Network design continually being adapted and evolved in the cloud in tandem with, and at the service of cloud-centric ICT.

Conclusion – Future Proofing

Meeting the networking challenges of today, the enterprise needs to ensure that the SD-WAN and other networking platforms and services being deployed have evolvable capabilities and capacity to support further digitization and automation of enterprise processes. Additionally, they need to support the introduction and management of new technologies such as Internet of things (IoT) networks and artificial intelligence (AI). SD-WAN platforms and architectures can play a major role in supporting these goals. First, automated SD-WAN tools, systems and technologies can help remove and abstract complexity and increase productivity with faster (dynamically driven) and smarter (AI-driven) workflows. Many of these additional functions will be (and indeed, already are) driven by artificial intelligence. AI’s immediate use is in the optimisation of power usage, traffic routing, security, and so on. We also see AI/ML solutions emerging for service assurance, Wi-Fi management—practically anything that can be configured and monitored has an AI use case attached.

Lastly, infrastructure such as VNFs and SDN control software must become more openly extensible and programmable. The use of standard APIs will support infrastructure and operations engineers to integrate and automate more agility, reliability and flexibility into the network and their own operational processes.

By Rajeshkumar S, Head of Systems Engineering Enterprise & Govt. Juniper Networks India

Leave a Reply

Your email address will not be published. Required fields are marked *