SD-WAN enables a new cloud-first branch strategy
As enterprises and government agencies continue to migrate applications to the cloud and embrace IaaS, growing numbers are turning to hyper-scale cloud providers such as Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud Infrastructure (OCI) or Google Cloud to connect directly or host their applications and infrastructure. But how do they connect their remote or branch office sites and users to these cloud services without compromising performance, security and the end user experience? AWS prefers enterprises to use its Direct Connect service (a dedicated private connection to directly connect an enterprise's data center to one of AWS's data centers). This works in theory provided you have a solid connection to the internet. It also requires a service provider to have a Direct Connect service as well. Depending on where the offices are located, that option could be a far-off data center, often creating latency and performance issues with cloud applications accessed from remote branch offices that may not have a dedicated private network connection or where data has to be backhauled to the data center. So, how can an SD-WAN play a role in enabling all enterprise branch offices to connect to any of these cloud providers and do so as part of a high-performance managed service? One of most widely deployed enterprise SD-WAN solutions already optimises the performance of SaaS applications and IaaS instances. It optimises SaaS and IaaS performance through an application-aware direct connection to the internet via a broadband network. This enables service providers to offer enterprises any combination of on-net and off-net cloud connections to the cloud providers at their data centers. Application awareness enables the SD-WAN solution to identify web-bound traffic at the application level and enforce a range of security policies on an app-by-app basis. For example, trusted SaaS apps can be steered directly over the internet while recreational or unknown apps can be directed to more advanced security services in the cloud, regional hubs or headquarters data centers. Today, a number of DIY enterprises have opted to use virtual SD-WAN software appliances, EC-V as a virtual private cloud (VPC) instance in either AWS marketplace or Azure marketplace. Enterprises should evaluate whether their managed SD-WAN service provider offers the flexibility for both on-net direct connect and off-net cloud connect services. An advanced managed SD-WAN solution supports this deployment. Mike Sapien, vice president and chief analyst US, enterprise services at Ovum says, "Enterprise customers are using multiple cloud services and have multiple branches, and they need to make sure the performance for those services is acceptable." He adds that this also sees cloud enablement as a top-three use case. "They also need reliable connections to the main cloud resources, be it Amazon Web Services, Microsoft Azure, etc. That means implementing QoS, but also the ability to make changes in a network on the fly to improve its performance or address increased usage, and using automatic traffic routing to create redundancy and diversity. SD-WAN fits that bill." For innovative service providers like KDDI Europe, service providers are able to offer high-performance, cloud-ready managed SD-WAN services powered by solutions that incorporate advanced capabilities that include: WAN optimisation, path conditioning, Internet with local breakout, and SaaS optimisation.
These SD-WAN capabilities enable enterprises to securely and confidently migrate their applications and infrastructure to the cloud without compromising performance for accessing applications from the individual branch offices.