Connecting branch offices to an enterprise wide area network (WAN) is time-consuming and often disrupts an organisation’s IT operations.
Branch office connectivity has long posed a challenge for geographically distributed organisations, a problem that multiplies as organisations enter new markets or expand within existing ones. Essentially, configuring or even changing WAN infrastructure at branch offices can prove a nightmare given its distributed nature and the remote touch points involved. Attempts at delivering the ‘lean’ branch office have sometimes resorted to public cloud services that may fail to meet IT requirements for performance, security and more.
As the migration from private line to broadband and Internet connectivity accelerates, multiplying opportunities for branch offices to utilise SD-WANs, the ability to support any transport technology or any combination of connectivity types becomes ever more valuable. By sourcing appropriate SD-WAN technology, organisations can benefit from the dramatic cost savings realised when using broadband in place of private MPLS links.
Software-defined WAN (SD-WAN) can present a technology paradigm for wide-area networking that delivers easy-to-deploy, inexpensive connectivity to remote offices, while ensuring high performance and quality levels. WAN issues are difficult to address given the distributed nature of the resources, but certain SD-WAN solutions can enable automation and orchestration from a centralised location.
With SD-WAN, IT organisations can dramatically simplify the management, configuration and maintenance of WANs with greater ease, efficiency and effectiveness. Secure paths are created across multiple WAN locations with zero-touch provisioning. Bandwidth can be allocated virtually and network traffic controlled from a single, centralised location.
This solution fits in perfectly with enterprises of varying sizes, locations and vertical markets, and tackles common pain points including the high cost of WAN connectivity caused by WAN transport, equipment and personnel expenses, slow provisioning of network resources and traffic congestion, hassle of complex devices and hardware updates, difficulty in adapting or scaling to aligning to changing business requirements and inadequate level of network performance for cloud applications.
Rapid branch office installation
But, in order to be effective, a large-scale SD-WAN rollout requires a rapid installation process for individual offices, particularly when dealing with branch offices without dedicated IT staff.
Essential requirements for SD-WANs include granular visibility into both data centre and cloud applications, as well as centrally assigned business intent policies to secure and control all WAN traffic. To be implemented at scale, these capabilities must be easily distributed from headquarters to branch offices.
Ideally, the SD-WAN solution should allow for flexible orchestration to ensure rapid branch rollouts. As part of the configuration, administrators can map local traffic classes into deployment profiles. These policies can then be folded into discretely managed virtual topologies and using the key tenets of software-defined networking and virtualisation, these virtual overlays can ensure proper end-to-end handling of WAN traffic according to defined business intent.
Business intent can be applied to separate application sets, which are naturally mapped to VLANs. So, for instance:
- All voice traffic stays within its own virtual overlay (using its own traffic tunnels), is arranged into a full mesh (as all sites need to talk to each other), uses multiple connection types and requires maximum quality.
- Similarly, all enterprise data is also segregated and uses a dual hub and spoke topology (data centres as the hubs); it also uses multiple connection types and requires maximum availability.
- Guest WiFi connects only the sites that offer it; a simple Internet connection gets you by, and the main requirement, as it’s not business-critical, is that the cost is kept low.
And what of security?
Granular security can be assured though a capability known as micro-segmentation, where individual workloads are mapped to underlying resources, and security controls are applied accordingly. By mapping global business policies into local office profiles, your organisation can ensure a highly visible and tightly controlled high-performance enterprise WAN. It enables a level of micro-segmentation that has never been seen before in the WAN.
The integration of zero touch provisioning and the further integration of the global business intent through virtual overlays fulfill the promise of SD-WAN with virtualised wide area networking. Enterprises are assured that their business needs are folded into the enterprise WAN, that the best forwarding decisions are made at any given time, ensuring that individual workloads are entirely secure in a zero trust model.
Article by Peter Skarlatos, systems engineering manager, Silver Peak Australia and New Zealand.