Story image

How to streamline branch office connectivity with SD-WAN

04 Aug 2016

Connecting branch offices to an enterprise wide area network (WAN) is time-consuming and often disrupts an organisation’s IT operations. 

Branch office connectivity has long posed a challenge for geographically distributed organisations, a problem that multiplies as organisations enter new markets or expand within existing ones. Essentially, configuring or even changing WAN infrastructure at branch offices can prove a nightmare given its distributed nature and the remote touch points involved. Attempts at delivering the ‘lean’ branch office have sometimes resorted to public cloud services that may fail to meet IT requirements for performance, security and more.

As the migration from private line to broadband and Internet connectivity accelerates, multiplying opportunities for branch offices to utilise SD-WANs, the ability to support any transport technology or any combination of connectivity types becomes ever more valuable. By sourcing appropriate SD-WAN technology, organisations can benefit from the dramatic cost savings realised when using broadband in place of private MPLS links.

Software-defined WAN (SD-WAN) can present a technology paradigm for wide-area networking that delivers easy-to-deploy, inexpensive connectivity to remote offices, while ensuring high performance and quality levels. WAN issues are difficult to address given the distributed nature of the resources, but certain SD-WAN solutions can enable automation and orchestration from a centralised location.

With SD-WAN, IT organisations can dramatically simplify the management, configuration and maintenance of WANs with greater ease, efficiency and effectiveness. Secure paths are created across multiple WAN locations with zero-touch provisioning. Bandwidth can be allocated virtually and network traffic controlled from a single, centralised location.

This solution fits in perfectly with enterprises of varying sizes, locations and vertical markets, and tackles common pain points including the high cost of WAN connectivity caused by WAN transport, equipment and personnel expenses, slow provisioning of network resources and traffic congestion, hassle of complex devices and hardware updates, difficulty in adapting or scaling to aligning to changing business requirements and inadequate level of network performance for cloud applications.

Rapid branch office installation

But, in order to be effective, a large-scale SD-WAN rollout requires a rapid installation process for individual offices, particularly when dealing with branch offices without dedicated IT staff.

Essential requirements for SD-WANs include granular visibility into both data centre and cloud applications, as well as centrally assigned business intent policies to secure and control all WAN traffic. To be implemented at scale, these capabilities must be easily distributed from headquarters to branch offices.

Ideally, the SD-WAN solution should allow for flexible orchestration to ensure rapid branch rollouts. As part of the configuration, administrators can map local traffic classes into deployment profiles. These policies can then be folded into discretely managed virtual topologies and using the key tenets of software-defined networking and virtualisation, these virtual overlays can ensure proper end-to-end handling of WAN traffic according to defined business intent.

Business intent can be applied to separate application sets, which are naturally mapped to VLANs. So, for instance:

  • All voice traffic stays within its own virtual overlay (using its own traffic tunnels), is arranged into a full mesh (as all sites need to talk to each other), uses multiple connection types and requires maximum quality.
  • Similarly, all enterprise data is also segregated and uses a dual hub and spoke topology (data centres as the hubs); it also uses multiple connection types and requires maximum availability.
  • Guest WiFi connects only the sites that offer it; a simple Internet connection gets you by, and the main requirement, as it’s not business-critical, is that the cost is kept low.

And what of security?

Granular security can be assured though a capability known as micro-segmentation, where individual workloads are mapped to underlying resources, and security controls are applied accordingly. By mapping global business policies into local office profiles, your organisation can ensure a highly visible and tightly controlled high-performance enterprise WAN. It enables a level of micro-segmentation that has never been seen before in the WAN.   The integration of zero touch provisioning and the further integration of the global business intent through virtual overlays fulfill the promise of SD-WAN with virtualised wide area networking. Enterprises are assured that their business needs are folded into the enterprise WAN, that the best forwarding decisions are made at any given time, ensuring that individual workloads are entirely secure in a zero trust model.

Article by Peter Skarlatos, systems engineering manager, Silver Peak Australia and New Zealand.

Hitachi Vantara to offer data protection as-a-service
Hitachi Vantara has introduced data protection and data storage offerings that embrace the as-a-service model and come as pre-engineered, fully managed services.
TIBCO aids in effort to boost Vietnam's data talent pool
Training will include ways to understand data analytics, and skills to support the country’s push towards digital transformation.
Snowflake & Anodot to offer AI-based anomaly detection
Customers will have access to Snowflake’s built-for-the-cloud data warehouse and can receive instant alerts and insights from Anodot for potential issues before they cost customers significant ROI.
ABS and Google Cloud partner to demonstrate the feasibility of AI-enabled corrosion detection
The project successfully demonstrated the accuracy of AI in detecting and assessing structural anomalies commonly found during visual inspection.
Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
IDC: APeJ blockchain spending to grow over 80%
Blockchain spending is forecast to grow by 83.9% year over year in 2019, and 77.5% by 2022.
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.