Why SD-WAN Is Taking Over Enterprise Networks?
One of the fastest-growing enterprise networking technologies, SD-WAN can simplify network management and optimize connections to cloud services.
Leased-line and MPLS connectivity can serve your head office well, but for small branch offices and remote workers using SaaS applications, the public internet is often the only option. They could be customer service agents working from home, first responders on scene, or travelling executives all using latency-sensitive voice and video services – something traditional enterprise WANs struggle to support.
The promise of SD-WAN is “more agile, dynamic, and cheaper branch-office connectivity without losing the quality of service,” Ovum distinguished analyst Roy Illsley explained to Data Center Knowledge. But to date, the main business driver for SD-WAN adoption has been the opportunity to save money on access costs.
Broadband services have become more reliable with new fiber laid in the ground, and 5G promises more mobile bandwidth that is also more reliable. “These become serious, cost-effective alternatives to expensive MPLS links,” he said. SD-WAN isn’t going to replace MPLS in the immediate future, but routing what you can over the public internet frees up those expensive circuits for the enterprise’s most critical traffic.
“The transition is from private leased lines and MPLS to some flavor of broadband internet, either in a hybrid fashion or eventually all internet,” Atchison Frazer, head of worldwide marketing at Versa Networks, told us.
It’s not just that broadband connections are cheaper than MPLS circuits; it’s also the ancillary costs. “To accommodate MPLS I have to deploy five different very expensive hardware devices from different vendors that don’t integrate,” Frazer said.
SD-WAN replaces a big integration project with greater network control and flexibility. Ovum’s Illsley explained: “Where previously MPLS was the corporate WAN, and so by necessity all WAN traffic traversed it, SD-WAN enables the enterprise to determine which types of traffic should have priority and when: payroll traffic should be prioritized in the runup to payday, for instance, or a department store's toy section might need more guaranteed bandwidth before Christmas than after it. Priorities can be ratcheted up and down according to such constraints, with traffic routing made to reflect such ad hoc changes.”
That flexibility is what Versa customers are looking for, Frazer said. “Almost everyone we work with tells us ‘we moved from the aggregation of links to cost arbitrage, from MPLS to broadband,’ and that was phase one. Now we're at ‘I need SaaS acceleration, I need to move my data centers, I need to move my apps across, I need to accommodate mobile users.’ They want to extend their SD-WAN fabric to the cloud. The legacy WAN was never designed for that.”
Unusually, Versa’s SD-WAN is software that can run on a variety of hardware or in the cloud. (“We can be deployed on white box, grey box, bare metal, you name it.”) It’s also available through managed service providers who can set policies and offer SLAs.
Versa’s software can replace multiple pieces of network infrastructure, such as wireless access points, firewalls, routers, and so on.
Policy and SLAs promise redundancy and resiliency, even for challenging network workloads like voice and video for geographically dispersed locations: “We can replicate packets, we can do forwarding, we can establish fast-failover high-availability at every single branch, so the likelihood of a brownout of your voice is significantly minimised. Now, you've got an SLA on every user, every app that user uses and every WAN link with their enterprise apps. And it can all be changed on the fly by adjusting a policy. You can set up a policy that looks at bit rates across a WAN link, so you deliver the app to the user close to where the user actually is.” That will be increasingly important as edge and 5G networks arrive.
More Security in SD-WAN, Not Less
In the recent market trends survey, IDG conducted for Masergy improving network security was also a high priority for enterprises moving to SD-WAN.
Regulated organizations, such as ones in the financial services, are moving to SD-WAN so they can use traffic routing and segmentation. Separating the traffic that contains sensitive customer data and PII from routine traffic helps with PCI compliance.
With most SD-WAN solutions that means partnerships and integrations. “Most of what we call the traditional SD-WAN vendors – those who came into existence to deliver SD-WAN functionality in its own right – tend to partner with security specialists, even if many of their customer premises equipment (CPE) devices come with some basic firewalling capabilities,” Illsley explained. “Similarly, the WAN optimization vendors that have moved into SD-WAN do not count security among their core competencies and so partner with security specialists.”
Versa is the exception, he said, a “traditional” vendor that has built security into its infrastructure and will be offering WAN optimization this year.
That’s interesting because SD-WAN also means a major shift in how you handle network security, especially for branch offices. “In a traditional WAN based on MPLS links a branch office's entire data traffic, including their internet access, is routed through the head office in a hub-and-spoke connectivity model. While this can have implications for the user experience in the branch (in that it may result in increased latency on the internet connection), it has distinct advantages in terms of security, because head office can see and impose security controls on all traffic to and from the internet for the branches as well as for HQ,” Illsley said.
Backhauling all that traffic to the data center is highly inefficient, Frazer claimed, and it just doesn’t work when it comes to supporting remote employees.
Plus, the extra information available through the SD-WAN environment gives you extra visibility, meaning that the switch to using broadband connections can help you improve security. “You can make a better risk assessment using SD-WAN because we can tell you what bandwidth capacity apps are using as well as what apps users are using at what time of day.” As machine learning-based security tools become more common, having that kind of detailed baseline for normal network behavior will be key to spotting attacks as soon as they start.
Industry: Telecommunications / Data Center / Data Centre
- CONTRACT- Security engineer AWS | SIEM. OUTSIDE IR35
- Outside IR35
Security engineer AWS | SIEM. CONTRACT OUTSIDE IR35 Deep understanding of AWS Security (Security Hub, Guard duty, Firewall Manager etc) Extensive experience with the development, implementation, monitoring and optimisation of SIEM solutions. Experience working within a cloud migration environment. Additional key experience with Hardening, DevOps, PKI etc Financial Service experience preferred. London Outside IR 35
- Architect | Cyber Security | Public sector Permanent
Architect | Cyber Security | Public sector Permanent Seeking a Security Architect with Public Sector / Cloud Security experience for a lead technical role. Public sector security architecture design experience essential. (MoD) Current project experience delivering HLD / assurance of computer networks / build evaluations. Active Security clearance required. If you are open to hear about a new / exclusive opportunity where you are interested to be more than a number in a company reach out to team today. Chris.email@example.com 07884666351
- CIAM Architect Azure B2C
We are seeking a highly skilled and experienced Azure B2C CIAM Architect for a contract starting on Jan 2024. As an Azure B2C CIAM Architect, you will be responsible for designing, implementing, and deploying an new Azure B2C Solution . Responsibilities: Design and implement an Azure B2C-based CIAM solution that meets the needs of our clients organization. Maintain and support the Azure B2C-based CIAM solution. Provide training and support to our employees on the use of the CIAM solution. Background designing, implementing, and maintaining CIAM solutions. Experience with cloud-based identity and access management (IAM) solutions. Experience with OAuth, OpenID Connect,and SAML. Excellent written and verbal communication skills
- Senior IAM Consultant
- Upto €110,000 depending on level of position
Senior IAM Consultant is needed to help lead and deploy IAM Projects for this expand IAM Consultancy The ideal candidate will have a deep understanding of IAM concepts and technologies, as well as experience in deploying and managing complex IAM solutions. Responsibilities Lead the deployment of IAM solutions for our clients Work with clients to understand their IAM requirements and design solutions that meet their needs Configure and implement IAM solutions using best practices Integrate IAM solutions with other enterprise systems Provide training and support to clients on the use of IAM solutions Stay up-to-date on the latest IAM technologies and trends We are looking for an experieneced IAM Consutlatn with: Strong understanding of IAM concepts and technologies,including identity lifecycle management,access control,and authentication Experience in deploying and managing complex IAM solutions Experience with IAM products and solutions,such as SailPoint,One Identity Manager,and Azure Active Directory Excellent communication and interpersonal skills Ability to work independently and as part of a team Fluent in German Candidates witll need to live and have the right to work within Germany to be considered.