Why SD-WAN Is Taking Over Enterprise Networks?
.jpg)
One of the fastest-growing enterprise networking technologies, SD-WAN can simplify network management and optimize connections to cloud services.
Leased-line and MPLS connectivity can serve your head office well, but for small branch offices and remote workers using SaaS applications, the public internet is often the only option. They could be customer service agents working from home, first responders on scene, or travelling executives all using latency-sensitive voice and video services – something traditional enterprise WANs struggle to support.
The promise of SD-WAN is “more agile, dynamic, and cheaper branch-office connectivity without losing the quality of service,” Ovum distinguished analyst Roy Illsley explained to Data Center Knowledge. But to date, the main business driver for SD-WAN adoption has been the opportunity to save money on access costs.
Broadband services have become more reliable with new fiber laid in the ground, and 5G promises more mobile bandwidth that is also more reliable. “These become serious, cost-effective alternatives to expensive MPLS links,” he said. SD-WAN isn’t going to replace MPLS in the immediate future, but routing what you can over the public internet frees up those expensive circuits for the enterprise’s most critical traffic.
“The transition is from private leased lines and MPLS to some flavor of broadband internet, either in a hybrid fashion or eventually all internet,” Atchison Frazer, head of worldwide marketing at Versa Networks, told us.
It’s not just that broadband connections are cheaper than MPLS circuits; it’s also the ancillary costs. “To accommodate MPLS I have to deploy five different very expensive hardware devices from different vendors that don’t integrate,” Frazer said.
SD-WAN replaces a big integration project with greater network control and flexibility. Ovum’s Illsley explained: “Where previously MPLS was the corporate WAN, and so by necessity all WAN traffic traversed it, SD-WAN enables the enterprise to determine which types of traffic should have priority and when: payroll traffic should be prioritized in the runup to payday, for instance, or a department store's toy section might need more guaranteed bandwidth before Christmas than after it. Priorities can be ratcheted up and down according to such constraints, with traffic routing made to reflect such ad hoc changes.”
That flexibility is what Versa customers are looking for, Frazer said. “Almost everyone we work with tells us ‘we moved from the aggregation of links to cost arbitrage, from MPLS to broadband,’ and that was phase one. Now we're at ‘I need SaaS acceleration, I need to move my data centers, I need to move my apps across, I need to accommodate mobile users.’ They want to extend their SD-WAN fabric to the cloud. The legacy WAN was never designed for that.”
Unusually, Versa’s SD-WAN is software that can run on a variety of hardware or in the cloud. (“We can be deployed on white box, grey box, bare metal, you name it.”) It’s also available through managed service providers who can set policies and offer SLAs.
Versa’s software can replace multiple pieces of network infrastructure, such as wireless access points, firewalls, routers, and so on.
Policy and SLAs promise redundancy and resiliency, even for challenging network workloads like voice and video for geographically dispersed locations: “We can replicate packets, we can do forwarding, we can establish fast-failover high-availability at every single branch, so the likelihood of a brownout of your voice is significantly minimised. Now, you've got an SLA on every user, every app that user uses and every WAN link with their enterprise apps. And it can all be changed on the fly by adjusting a policy. You can set up a policy that looks at bit rates across a WAN link, so you deliver the app to the user close to where the user actually is.” That will be increasingly important as edge and 5G networks arrive.
More Security in SD-WAN, Not Less
In the recent market trends survey, IDG conducted for Masergy improving network security was also a high priority for enterprises moving to SD-WAN.
Regulated organizations, such as ones in the financial services, are moving to SD-WAN so they can use traffic routing and segmentation. Separating the traffic that contains sensitive customer data and PII from routine traffic helps with PCI compliance.
With most SD-WAN solutions that means partnerships and integrations. “Most of what we call the traditional SD-WAN vendors – those who came into existence to deliver SD-WAN functionality in its own right – tend to partner with security specialists, even if many of their customer premises equipment (CPE) devices come with some basic firewalling capabilities,” Illsley explained. “Similarly, the WAN optimization vendors that have moved into SD-WAN do not count security among their core competencies and so partner with security specialists.”
Versa is the exception, he said, a “traditional” vendor that has built security into its infrastructure and will be offering WAN optimization this year.
That’s interesting because SD-WAN also means a major shift in how you handle network security, especially for branch offices. “In a traditional WAN based on MPLS links a branch office's entire data traffic, including their internet access, is routed through the head office in a hub-and-spoke connectivity model. While this can have implications for the user experience in the branch (in that it may result in increased latency on the internet connection), it has distinct advantages in terms of security, because head office can see and impose security controls on all traffic to and from the internet for the branches as well as for HQ,” Illsley said.
Backhauling all that traffic to the data center is highly inefficient, Frazer claimed, and it just doesn’t work when it comes to supporting remote employees.
Plus, the extra information available through the SD-WAN environment gives you extra visibility, meaning that the switch to using broadband connections can help you improve security. “You can make a better risk assessment using SD-WAN because we can tell you what bandwidth capacity apps are using as well as what apps users are using at what time of day.” As machine learning-based security tools become more common, having that kind of detailed baseline for normal network behavior will be key to spotting attacks as soon as they start.
source datacenterknowledge
Industry: Telecommunications / Data Center / Data Centre
Latest Jobs
-
- Contact 12 month- Security Operations- Crowdstrike Falcon Insight EDR / Analyst.
- United Kingdom
- Dependent on experience
-
Security Operations engineer / Analyst with Crowdstrike Falcon Insight EDR experience for a 12 month contract. Experienced Contractor with Crowdstrike Falcon Insight: Endpoint detection and Response (EDR) experience needed - 12 month rolling project. Implementation, configuration and Analyst experience needed with Crowdstrike Falcon Insight: (EDR) Migration project- relocating capability internationally. technically implementing, configuration of that that migration and then transition to BAU role monitoring. DCL Search exclusive associate Project.
-
- SailPoint Consultant
- London
- Upto £75,000 plus benefits
-
SailPoint Consultant is needed for an expanding Financial Service business, this is an exciting time to join the Business as they are in the Process of deploying both IAM and PAM solutions and this consultant will form a key part of the IAM team Location can be flexible but would require the individual to come into the London office a couple of times a month for team meetings and face to face project reviews Duties include · Engage in the Identity & Access Management project to deliver SailPoint IdentityNow and Privileged Access Management · On-board applications and users into IAM tools and customise or configure integrations as required · Regularly review, secure and recertify privileged roles in applications, databases and operating systems · Implement least privilege, just-in-time access, password rotation and vaulting wherever possible · Migrate application authentication to Single Sign-On through the use of SAML and OAuth · Implement and enforce the use of MFA where possible, focusing on critical applications and risky sign-ins · Provide technical support to Centrify and SailPoint users Key experience required: Previous experience with SailPoint, including integrating and deploying into a business, onboarding users and applications, supporting users and performing manual administration tasks. Experience with SAML and OAuth to migrate applications to Single Sign-on. If you are interested in hearing more please reach out to me for more information
-
- Centrify Consultant
- London
- Upto £75,000 plus benefits
-
A Privileged Access Management Consultant is needed for an expanding Financial Service business, this is an exciting time to join the Business as they are in the Process of deploying a Centrify PAM solution,, this consultant will form a key part of the team Location can be flexible but would require the individual to come into the London office a couple of times a month for team meetings and face to face project reviews Duties include · On-board applications and users into PAM tools and customise or configure integrations as required · Regularly review, secure and recertify privileged roles in applications, databases and operating systems · Implement least privilege, just-in-time access, password rotation and vaulting wherever possible · Migrate application authentication to Single Sign-On through the use of SAML and OAuth · Implement and enforce the use of MFA where possible, focusing on critical applications and risky sign-ins · Provide technical support to Centrify users You would also gain expsoure with the IAM toolset as part of an Identity Access deployment. Key experience required: Previous experience with a PAM tool (Centrify would be an added bonus but not essential) including integrating and deploying into a business, onboarding users and applications, supporting users and performing manual administration tasks. Experience with SAML and OAuth to migrate applications to Single Sign-on. If you are interested in hearing more please reach out to me for more information
-
- SOC team lead- Deputy SOC manager - Managed Security Services, Bradford. Exclusive
- Bradford
- £70,000 +
-
SOC team lead- Deputy SOC Manager - Managed Cyber Security Services, Bradford. Exclusive Identifier project. Technical team lead needed to join a Managed Cyber Security Services business. The role will be a hands on lead role and technical escalation point for the team. You will also be responsible for leading, mentoring, growing and developing the team. You will be the deputy SOC manager and be involved in the strategic growth of the capability. A managed security services background is essential, specifically within a managed security operations capability. Current hands on support experience across Firewall, SIEM, Incident Response is essential.