What You Need To Know About Secure SD-WAN
Today, enterprise organizations are leveraging cloud-based services across many facets of their business. Everything from telephony and accounting to building operation services is now available as a cloud-based service. Previously, these services would all have been located on-premise.
With the growing adoption of cloud-based services and an organization’s reliance on these services, performance and security are critical to ensuring the continued operation and success of a business—not only over the short term, but also over the long term.
This white paper examines the use of software-defined technology throughout a business and highlights the key considerations when investigating SD-WAN solutions.
The Era of Cloud Computing
While cloud computing may still feel like an emerging technology, the reality is that many organizations have cloud-based applications deployed across at least some facets of their operations. Some examples are voice, customer-relationship management and building management services.
With platforms from organizations like Amazon and Google being established well over 10 years ago, we are now into the second decade of cloud computing. And while many organizations are only beginning their cloud journey, Gartner predicts that more than half of global enterprises that are using cloud technology in some way today will move exclusively to the cloud by 2021[1].
A successful cloud deployment involves many moving parts, including, critically, the network.
Just a few years ago, network planning and deployment were predominantly focused on delivering reliable connectivity within the LAN and across the WAN. Today’s conversation has moved well beyond connection reliability, turning instead to broader discussions on optimizing application delivery and performance from agile, self-managing, programmable networks.
Understanding the nuances of each application, along with who (or what) will be using them, is crucial when choosing the best medium or path with which to deliver the optimal experience. And with the rapid growth in connected devices and the rise of cloud-based applications, flexibility and agility are key to coping with increasing network demands and ensuring the most appropriate path between user and application.
In the past, the only way of ensuring an optimal experience for users and applications was to deploy expensive MPLS services between locations to guarantee performance. And while these services may have met the requirements for an optimal experience, long lead times for installation and deployment could hardly be considered agile or even flexible.
Software-Defined Stuff
The rise of cloud computing has led to a manner of software-defined technology where services have been uncoupled and abstracted from the underlying hardware and now operate as a virtual service or system. This has been most prevalent with the large-scale adoption of server virtualization, and technologies like software-defined storage and software-defined networking. However, when it comes to networking, there are still plenty of challenges to overcome.
Throughout organizations, Software Defined Networking (SDN) is reshaping the networking landscape by decoupling the network control plane from the forwarding plane of the network devices. In doing so, network control becomes directly programmable and the underlying infrastructure can be abstracted for applications and network services. It is important to note that SDN technology changes the behavior of the underlying infrastructure, which is ideal, where that infrastructure is under the administrative control of the organization.
In essence, SDN is the programmatic control of the underlying network and abstraction or virtualization of the decision-making process about how traffic should be forwarded. There are many technologies available and ways to implement SDN throughout an organization, with OpenFlow being the most common. It is important to note that while the use of OpenFlow will result in a Software-Defined Network being deployed, a Software-Defined Network doesn’t necessarily have to use OpenFlow. There are a number of other technologies available today.
Some of the benefits of SDN include:
Greater security
With growing concerns about security, particularly with the rise of IoT, cloud and data aggregation, SDN can deliver greater security. Instead of relying on endpoint security or inspection at the network perimeter, SDN controllers make decisions about how and where to forward traffic on a packet-by-packet or flow-by-flow basis, which means they are far more responsive to changes in traffic patterns throughout an organization.
Better application experience
Along with security, one of the primary advantages of SDN is the ability to shape and control traffic on an application-by-application and flow-by-flow basis, improving networking responsiveness and delivering a better user experience.
Centralized provisioning
Decoupling the decision-making process from the underlying hardware and moving it to a controller makes it easier to gain a centralized view of the network. By abstracting the control and data planes, SDN can also accelerate and simplify the delivery of new services—not just across the network, but across all virtual infrastructure from a single location.
Greater flexibility and agility
A centralized controller makes a network more agile and facilitates more rapid change. The fact that the controller is programmable also provides a quantum leap in the degree of flexibility, allowing organizations to create networks that meet their exact application and business requirements.
While network virtualization and SDN are relatively new technologies, International Data Corporation (IDC) predicts the SDN market will continue to grow at 25% year-on-year to 2021, and now considers that SDN is emerging out of the early adopter and into the early mainstream stage of its development.
In today’s increasingly competitive environment where flexibility and agility are critical, these benefits are the minimum expected by organizations. But they rely on the underlying infrastructure being under the administrative control of the organization. So what happens when they’re not, which is the case for modern Wide Area Networks (WANs) that are controlled by the entities delivering the services?
Step Up to SD-WAN
Meeting performance service-level agreements for applications to ensure an optimal user experience is not a simple task. Until recently, the most common method was to deploy a Multi-Protocol Label Switched (MPLS) network across the WAN.
MPLS relies on traffic being tagged or labeled based on the application and its performance requirements across the WAN. While MPLS absolutely delivers on the application experience promise, the cost in terms of dollars per megabit is high, and the deployment of new services can take many weeks, or even months, with even simple policy changes taking upwards of 24 hours to be applied. This removes a lot of flexibility from this option.
In fact, IDC in their technology spotlight on SD-WAN(SD-WAN: Momentum Builds as Early Adopters Experience Tangible Benefits[2]) lists the below as the three most important WAN challenges:
- Security requirements related to web and Internet applications
- The complexity associated with interconnecting multiple transport types (MPLS, Ethernet, Internet, leased lines, DSL, LTE)
- The need for better analytics and visibility into applications and resources delivered by the network
SD-WAN deployed as an overlay service can help overcome these and other challenges encountered in the WAN environment.
Performance
In order to deliver an optimal user and application experience, classification of traffic and the selection of the most appropriate path is crucial. Today with most applications being web-based, the use of Deep Packet Inspection (DPI) is used to identify individual applications. Link quality is continuously monitored to ensure the most appropriate path across the WAN is used, to meet the performance requirements of each application. In addition to enabling fine-grained performance control, DPI provides greater visibility over applications and resources delivered across the network, enabling better planning and smarter decisions. And the use of multiple services not only provides the benefit of being able to choose which service provides the most appropriate path, it also delivers increased availability as the chances of a failure of multiple services is lower than the failure of just one service.
Agility
SD-WAN can be deployed as an overlay service across any suitable WAN service. Where one or more WAN services exist today, the deployment of an SD-WAN enabled device instantly delivers SD-WAN connectivity. And where SD-WAN connectivity needs to be rapidly deployed, 4G and 5G services can be leveraged to overcome the lead times associated with fixed-line services, with the performance of today’s mobile carrier services exceeding that of many fixed line services.
Flexibility
Not only does SD-WAN deliver the tools that are required to manage performance, but it also delivers the ability to rapidly deploy policy across an organization. With the use of centralized administration tools, greater consistency and responsiveness to the requirements of a business are also achieved.
Security
With the explosion in the number of connected devices and the almost daily reporting of exploits, integrating security at the network edge is critical. Leveraging an SD-WAN solution that integrates security and prevents data leakage, protects connected devices and ensures the confidentiality of information between sites and up to the cloud. Centralized administration tools also ensure that policy is deployed consistently across the entire organization, reducing one of the most common vulnerabilities in organizations today—human error.
Cost
SD-WAN solutions reduce the cost of connectivity by enabling multiple low-cost carrier services to be aggregated, and by using continuous link quality monitoring to select the most appropriate service based on the requirements. That’s not to say that MPLS can’t be used or has no place in an SD-WAN environment—it just becomes one of a number of links that can be used. Because it’s not used to carry all traffic, the aggregate cost for all services is reduced.
Conclusion
Today’s organizations are increasingly adopting cloud-based services with the ability to rapidly deploy new services and adopt the latest functionality with minimal effort to deploy. The same is true of the adoption of software-defined technologies with the ability to deliver greater performance and flexibility, while at the same time reducing cost.
Deploying SD-WAN technology goes hand-in-hand with the increasing adoption of cloud-based technologies, where the WAN is critical to a user's application performance experience.
In addition, the ability to leverage integrated security—to provide greater protection for users and information, and automation tools to reduce management time and improve consistency—means SD-WAN should be under consideration by every enterprise organization today.
Secure SD-WAN is a solution from Allied Telesis that improves the performance, flexibility and agility of traditional WAN infrastructure, with the added benefits of built-in security and reduced operating costs. To find out more, please contact your local Allied Telesis office.
https://www.gartner.com/smarterwithgartner/cloud-computing-enters-its-second-decade