Why SD-WAN Is Taking Over Enterprise Networks?
One of the fastest-growing enterprise networking technologies, SD-WAN can simplify network management and optimize connections to cloud services.
Leased-line and MPLS connectivity can serve your head office well, but for small branch offices and remote workers using SaaS applications, the public internet is often the only option. They could be customer service agents working from home, first responders on scene, or travelling executives all using latency-sensitive voice and video services – something traditional enterprise WANs struggle to support.
The promise of SD-WAN is “more agile, dynamic, and cheaper branch-office connectivity without losing the quality of service,” Ovum distinguished analyst Roy Illsley explained to Data Center Knowledge. But to date, the main business driver for SD-WAN adoption has been the opportunity to save money on access costs.
Broadband services have become more reliable with new fiber laid in the ground, and 5G promises more mobile bandwidth that is also more reliable. “These become serious, cost-effective alternatives to expensive MPLS links,” he said. SD-WAN isn’t going to replace MPLS in the immediate future, but routing what you can over the public internet frees up those expensive circuits for the enterprise’s most critical traffic.
“The transition is from private leased lines and MPLS to some flavor of broadband internet, either in a hybrid fashion or eventually all internet,” Atchison Frazer, head of worldwide marketing at Versa Networks, told us.
It’s not just that broadband connections are cheaper than MPLS circuits; it’s also the ancillary costs. “To accommodate MPLS I have to deploy five different very expensive hardware devices from different vendors that don’t integrate,” Frazer said.
SD-WAN replaces a big integration project with greater network control and flexibility. Ovum’s Illsley explained: “Where previously MPLS was the corporate WAN, and so by necessity all WAN traffic traversed it, SD-WAN enables the enterprise to determine which types of traffic should have priority and when: payroll traffic should be prioritized in the runup to payday, for instance, or a department store's toy section might need more guaranteed bandwidth before Christmas than after it. Priorities can be ratcheted up and down according to such constraints, with traffic routing made to reflect such ad hoc changes.”
That flexibility is what Versa customers are looking for, Frazer said. “Almost everyone we work with tells us ‘we moved from the aggregation of links to cost arbitrage, from MPLS to broadband,’ and that was phase one. Now we're at ‘I need SaaS acceleration, I need to move my data centers, I need to move my apps across, I need to accommodate mobile users.’ They want to extend their SD-WAN fabric to the cloud. The legacy WAN was never designed for that.”
Unusually, Versa’s SD-WAN is software that can run on a variety of hardware or in the cloud. (“We can be deployed on white box, grey box, bare metal, you name it.”) It’s also available through managed service providers who can set policies and offer SLAs.
Versa’s software can replace multiple pieces of network infrastructure, such as wireless access points, firewalls, routers, and so on.
Policy and SLAs promise redundancy and resiliency, even for challenging network workloads like voice and video for geographically dispersed locations: “We can replicate packets, we can do forwarding, we can establish fast-failover high-availability at every single branch, so the likelihood of a brownout of your voice is significantly minimised. Now, you've got an SLA on every user, every app that user uses and every WAN link with their enterprise apps. And it can all be changed on the fly by adjusting a policy. You can set up a policy that looks at bit rates across a WAN link, so you deliver the app to the user close to where the user actually is.” That will be increasingly important as edge and 5G networks arrive.
More Security in SD-WAN, Not Less
In the recent market trends survey, IDG conducted for Masergy improving network security was also a high priority for enterprises moving to SD-WAN.
Regulated organizations, such as ones in the financial services, are moving to SD-WAN so they can use traffic routing and segmentation. Separating the traffic that contains sensitive customer data and PII from routine traffic helps with PCI compliance.
With most SD-WAN solutions that means partnerships and integrations. “Most of what we call the traditional SD-WAN vendors – those who came into existence to deliver SD-WAN functionality in its own right – tend to partner with security specialists, even if many of their customer premises equipment (CPE) devices come with some basic firewalling capabilities,” Illsley explained. “Similarly, the WAN optimization vendors that have moved into SD-WAN do not count security among their core competencies and so partner with security specialists.”
Versa is the exception, he said, a “traditional” vendor that has built security into its infrastructure and will be offering WAN optimization this year.
That’s interesting because SD-WAN also means a major shift in how you handle network security, especially for branch offices. “In a traditional WAN based on MPLS links a branch office's entire data traffic, including their internet access, is routed through the head office in a hub-and-spoke connectivity model. While this can have implications for the user experience in the branch (in that it may result in increased latency on the internet connection), it has distinct advantages in terms of security, because head office can see and impose security controls on all traffic to and from the internet for the branches as well as for HQ,” Illsley said.
Backhauling all that traffic to the data center is highly inefficient, Frazer claimed, and it just doesn’t work when it comes to supporting remote employees.
Plus, the extra information available through the SD-WAN environment gives you extra visibility, meaning that the switch to using broadband connections can help you improve security. “You can make a better risk assessment using SD-WAN because we can tell you what bandwidth capacity apps are using as well as what apps users are using at what time of day.” As machine learning-based security tools become more common, having that kind of detailed baseline for normal network behavior will be key to spotting attacks as soon as they start.
source datacenterknowledge
Industry: Telecommunications / Data Center / Data Centre
Latest Jobs
-
- Senior Data Privacy Consultant. Client Facing | London
- London
- N/A
-
Senior Data Privacy Consultant. Client Facing | London Senior Data Privacy Consultant needed for a key client facing opportunity. Must be willing to undergo SC Security Clearance. Hybrid role- onsite with customer / office 2-3 days a week. London Key Responsibilities: Lead and support client facing data privacy projects. Assess compliance, define and deliver strategic projects / implement privacy solutions. Manage project teams and develop business opportunities. Required Experience: Experience in data protection and privacy standards. Background in consulting. Skills and Qualifications: Business consulting experience IAPP Privacy Manager / Privacy Technologist Location Greater London UK based role. Not able to provide VISA sponsorship.
-
- Security Analyst - Internal role. London commutable. Permanent
- London
- N/A
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- SailPoint File Access Manager Consultant/ Architect
- N/A
- discussed on applications
-
SailPoint File Access Manager (SailPoint FAM) Consultant/ Architect is required for an up coming projects, Ideally looking for someone with experience in Designing and deploying SailPoint FAM , this is a new Deployment, you will work with customer in the initial workshop phase, to understand requirements and to get the initial design, you will then be responsible for deploying the solution. This is a home based role, with some onsite visits required during the length of the project. We are looking for someone who has previous experience in Deploying SailPoint FAM (ideally done design work) Need to have experience with SharePoint and ideally Azure and Share file