The Wide Area Network (WAN) is the backbone of the business. It ties together the remote locations, headquarters and data centers into an integrated network. Yet, the role of the WAN has evolved in recent years. Beyond physical locations, we now need to provide optimized and secure access to Cloud-based resources for a global and mobile workforce. The existing WAN optimization and security solutions, designed for physical locations and point-to-point architectures, are stretched to support this transformation.
The Wide Area Network (WAN) connects all business locations into a single operating network. Traditionally, WAN design had to consider the secure connectivity of remote offices to a headquarters or a data center which hosted the enterprise applications and databases.
Let’s look at evolution of the WAN.
First Generation: Legacy WAN Connectivity
Currently, there are 2 WAN connectivity options which offer a basic trade off between cost, availability and latency:
Option 1: MPLS SLA-backed Service at Premium Price
With MPLS, a telecommunication provider provisions two or more business locations with a managed connection and routes traffic between these locations over their private backbone. In theory, since the traffic does not traverse the internet, encryption is optional. Because the connection is managed by the telco, end to end, it can commit to availability and latency SLAs. This commitment is expensive and is priced by bandwidth. Enterprises choose MPLS if they need to support applications with stringent up-time requirements and minimal quality of service (such as Voice over IP (VOIP).
Option 2: Internet Best Effort Service at a Discounted Price
Internet connection procured from the ISP, typically offers nearly unlimited last mile capacity for a low monthly price. An unmanaged internet connection doesn’t have the high availability and low-latency benefits of MPLS but it is inexpensive and quick to deploy. IT establishes an encrypted VPN tunnel between the branch office firewall and the headquarters/data center firewall. The connection itself is going through the internet, with no guarantee of service levels because it is not possible to control the number of carriers or the number of hops a packet has to cross. This can cause unpredictable application behavior due to increased latency and packet loss. Internet-based connectivity forces customers to deploy and manage branch office security equipment.
Second Generation: Appliance-based SD-WAN
The cost/performance trade off between internet and MPLS, gave rise to SD-WAN. SD-WAN is using both MPLS and internet links to handle WAN traffic. Latency sensitive apps are using the MPLS links, while the rest of the traffic is using the internet link. The challenge customers face is to dynamically assign application traffic to the appropriate link.
SD-WAN solutions offer the management capabilities to direct the relevant traffic according to its required class of service, offloading MPLS links and delaying the need to upgrade capacity. SD-WAN solutions, however, are limited in a few key aspects:
Third Generation: A Cloud-based, Secure SD-WAN
With the rapid migration to Cloud applications (e.g., Office 365), Cloud infrastructure (e.g. Amazon AWS) and a mobile workforce, the classic WAN architecture is severely challenged. It is no longer sufficient to think in terms of physical locations being the heart of the business. Here is why:
Limited end to end link control for the Cloud With public cloud applications outside the control of IT, organizations can’t rely on optimizations that require a box at both ends of each link. In addition, Cloud infrastructure (servers and storage), introduces a new production environment that has its own connectivity and security requirements. Existing WAN and Security solutions don’t naturally extend to the new Cloud-based environments.
Limited service and control to mobile users Securely accessing corporate resources requires, mobile users to connect to a branch or HQ firewall VPN which could be very far from their location. This causes user experience issues, and encourages compliance violations (for example, direct access to Cloud services that bypasses corporate security policy). Ultimately, the mobile workforce is not effectively covered by the WAN.
WAN Connectivity and Security Use Cases:
A: Branch to HQ Connectivity
B: Secure and Optimized Branch Access to the Internet/Cloud
For many organizations, the WAN has traditionally been the backbone of their business connectivity – linking remote locations, headquarters and data centers.
But existing WAN optimization and security tools, designed for physical locations and point-to-point architectures, are stretched to their limits to support modern, cloud-based business.
Find out how legacy WAN connectivity has evolved and moved towards a cloud-based, secure SD-WAN system so that you can create safe, reliable cloud and mobile access to your network.