The emergence of second-generation SD-WAN
Enterprises must adopt a software-driven, automated approach to networking to become more responsive and customer-centric.
Enterprises of all sizes and verticals address this implementing a dynamic multi-cloud strategy to create workload flexibility across any set of compute resources. We’ve seen massive growth in the adoption of public cloud services (IaaS, PaaS) and adoption of SaaS services (e.g., O365, Salesforce). A shift toward edge-computing requirements has recently occurred, in addition to moving toward hosting network applications on uCPE×86 devices.
All these factors collectively drive home the importance of network automation, to adapt to any workload anywhere in the network.
One key characteristic of a modularized approach to software development is that services supporting applications no longer reside on a single server. An employee in a branch office, or customer on a mobile device, may use an application that communicates with services hosted on different virtual machines, containers, or on multiple physical servers, anywhere in the enterprise’s data centers or on the public cloud, without location affecting performance.
Enterprises are looking at complex networking environments characterized by different kinds of access from optical and Ethernet for data centers, to copper xDSL, for branch offices. For WAN connectivity to connect data centers, branch offices and public cloud sites, various technologies are at play including IP/MPLS, broadband internet, and even 3G/LTE.
For data centers, enterprises will use a combination of bare metal servers, VMs in a hybrid hypervisor environment, and containers. The smallest mistake in provisioning can cause the entire application to break; the time and costs of manually managing this complexity would wipe out any potential savings and benefits.
Fortunately, SDN, the original answer to similar problems in the data center, has evolved to extend to branch locations and public clouds across any type of WAN transport technology, allowing enterprises automated access to services across the network. With SD-WAN, enterprise IT teams can build more flexible, secure, and automated networks, that are responsive enough to support highly-distributed cloud applications and save operational costs.
First-generation SD-WAN solutions were predominantly used for managing connectivity between branches, especially remote connectivity of offices under-served by IP-VPN services – until now, SD-WAN was considered separate from SDN in the data center. Today, SD-WAN 2.0 acts as an addition to connect data centers, branch locations, and public clouds across any kind of WAN transport.
The underlying WAN transport must behave seamlessly across all entities, requiring gateway border routers deployed at key locations: the WAN, data center boundary, and where diverse WAN segments break the connectivity model.
With comprehensive infrastructure, the SDN/SD-WAN connectivity model programs and automates application connectivity, originating from VMs in the data center to services hosted in public clouds or remote branches. These applications are then consumed by users on the rest of the enterprise network or WAN, achieving true end-to-end connectivity. SD-WAN 2.0 presents a unified abstraction of the underlying complexity, providing a single pane of glass for governance and control of the entire enterprise network, automating IT tasks and reducing costs.
For branch offices, SD-WAN provides a holistic approach, using centralized policies to securely connect services hosted as virtual network functions on universal CPEs (L7 firewalls, intrusion and detection, session border controllers, WAN optimizers and print servers) to conveniently service local application flows.
Traditional perimeter-based security models are ill equipped given the dynamic nature of cloud-based architectures. SD-WAN 2.0 is a seamless end-to-end governance model, providing complete protection, flow visibility, and analytics to monitor the network and impact of traffic. Micro-segmentation security measures can be applied to each application across the network to ensure no segments are left unprotected. Finally, policies provide automated remedial actions when the network detects threats.