Story image

How virtual services drive real local internet breakout benefits

08 Jun 18

Article written by ZK Research founder and principal analyst Zeus Kerravala, on behalf of Silver Peak

The concept and benefits of local internet breakout have been tossed around for decades. Sure, maybe you know someone, who knows someone who talked to network engineer who deployed it once, but that’s about as close as any of us have come to seeing it in a production environment.

Prior to being an analyst, nearly 20 years ago, I ran networks of various sizes and had wanted to do local internet breakout even back then. The benefits are obvious as it optimises network bandwidth and application performance.

Traffic meant for the data centre from a branch should traverse the wide area network (WAN) and sessions that are bound for the cloud should go directly to the internet.

So why has local internet breakout gone mainstream?

Doing local internet breakout with a traditional MPLS hub-and-spoke type of network was overly difficult as the MPLS connections weren’t really designed for split connections.  However, the rise of software-defined WANs (SD-WAN) has made this possible as the broadband connections are optimised for direct-to-internet connectivity. Even in hybrid configurations, network professionals can architect the WAN so that on-net traffic uses the MPLS connection and cloud-destined traffic runs over broadband.

One challenge remains with local internet breakout and that’s security. Even if the complexity issues are solved, the security issues are so daunting that it’s unlikely businesses would ever have shifted to that architecture.

Historically, there hasn’t been a cost-effective way of securing local internet connections from every branch office. Businesses would ultimately be faced with buying a firewall for every location. In fact, to ensure resiliency it’s likely that two firewalls would need to be deployed.

In addition to a firewall, it’s likely the company would want to deploy a range of other security devices to mirror the DMZ in the data centre. The cost of doing this with conventional hardware appliances could easy eclipse tens — or even hundreds — of thousands of dollars per site.

Companies are forced to compromise between extraordinary costs or sub-par performance.  Fortunately, there are solutions today that enable companies to leverage the benefits of split tunnelling without having to break the bank on security and that comes in the form of virtual services.

Enabling secure local internet breakout

The traditional security model was to deploy one function per appliance per site because the service was tightly coupled with the underlying hardware. Virtual services decouple the security functions from the hardware and allow them to be run in a virtual machine on any device. This includes WAN optimisation devices, commodity servers, conventional routers or SD-WAN appliances.

Alternatively, all the traffic could be run through a cloud provider and the security policies provisioned as a cloud service.  Conventional thinking is that the security features should be deployed in the branch itself, but if the first hop is always to a cloud provider, then having the security functions one hop away makes no difference.

The virtualisation of security services has many benefits.  The most obvious is cost. Virtual security functions typically cost a fraction of a dedicated appliance as there is no custom hardware to buy.

Another benefit is service agility. As an example, consider a business that deploys a hybrid SD-WAN but isn’t ready to implement local internet breakout. After a period of time, network operators become comfortable with this model and seek to test it across a few locations. With traditional security appliances, the hardware platforms would need to be ordered, shipped and an engineer travel to the sit to manually configure each device at each site.

Virtual services can be spun up immediately so the infrastructure requirements are no longer impeding the business. One last benefit is that maintenance and upgrades are easier to do. Because the security functions are software, upgrades can be scheduled and automated across all sites.

The many benefits to local internet breakout range from cost efficiency to significantly improved SaaS performance. Despite the strong value proposition, productions deployments are rare and the complexity of implementation can be overwhelming.

The virtualisation of security functions makes it much easier to deploy whatever security services are required, wherever the company wants.  Finally, local internet breakout can become a reality for companies looking to securely and directly connect branch workers to SaaS applications and IaaS instances.

MNF Enterprise brings calling to MS Teams
Businesses can now use Microsoft Teams for local and international phone calling from their computer or device.
Survey reveals CX disconnect is risky business
Too much conversation and too little action could lead companies to neglect, lose, and repel their very lifeblood, according to Dimension Data.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Microsoft Azure ExpressRoute launches in Perth
This new ExpressRoute location will offer Perth organisations a direct and private connection to their Microsoft cloud services.
NEC concludes wireless transport SDN proof of concept
"Operation and management of 5G networks are very complicated and require automation and closed-loop control with timely data refinement and quick action."
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Avaya introduces private cloud delivery of its UCaaS solution
Avaya is supposedly taking a flexible hybrid approach to the cloud with these new solutions.