Extend digital functionality to the WAN edge with business-critical SaaS applications and UC.

May 21, 2019

9 Min Read
Software-Defined Networking

Looking to extend digital business functionality to WAN edge and next-gen branch offices? Fundamental table stakes include business-critical SaaS applications, such as Office 365 and SalesForce; unified communications, including VoIP and videoconferencing; and a growing number of rich media services.

But for this strategy to work effectively, organizations not only need business-critical SaaS tools available across the entire distributed network, but bandwidth-heavy and latency-sensitive solutions such as unified communications also need to be highly available.

As digital transformation continues to distribute more and more users and devices out to the WAN edge, the demand for these services is exploding, causing overall IP traffic to grow at an expected compound annual growth rate (CAGR) of 26% through 2023.

Performance and Interconnectivity

Performance for the new WAN is a serious challenge. Moving to a public internet infrastructure requires connectivity solutions to provide a wide range of sophisticated WAN functionalities, such as load balancing across multiple connections and the remediation of noisy or unreliable WAN connections.

However, operating applications and services across the WAN at digital speeds is only half the battle. All digital transformation can be boiled down to two fundamental requirements — performance and interconnectivity — which means that these applications also need to function across a meshed infrastructure of dozens, hundreds, or even thousands of remote WAN edge locations across an extended network that includes a growing number of endpoint and IoT devices, mobile workers and private and public cloud environments.

Unfortunately, the MPLS connections that traditionally delivered reliable performance for branch applications are too rigid and static for today’s networks. They simply cannot support the agile and dynamic networking requirements of today’s digital businesses. To address this challenge, SD-WAN was developed to use advanced routing technologies across high-performance public internet connections to deliver critical applications to branch users at the WAN edge even when the underlying infrastructure is in constant flux or resources are being moved between different cloud resources.

Because of its speed and flexibility, SD-WAN is now the fastest growing networking technology segment, projected to grow at a 40.4% CAGR through 2022. In addition, according to one survey, more than 85% of companies report that they’re actively considering adopting SD-WAN to increase security and reduce sprawl.

IDC explains that as enterprise customers add software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) services they will increasingly look to SD-WAN as a way of “intelligently automating how application traffic is delivered to branch sites, moving away from traditional hub-and-spoke WAN architectures and the backhauling of internet- and cloud-bound traffic to on-premises data centers, [and] toward the increasing use of broadband internet breakout and other network transports – 4G/LTE and 5G – at the branch for cost-effective application delivery.”

The challenge is that the while the WAN edge continues to expand, the SD-WAN market itself is very new. Because of its rapid growth, however, a growing number of vendors are actively jumping on the bandwagon with a new device or service — many of which are only partially baked. And to complicate matters further, there is little …

… guidance available to help organizations wade through the marketing hype. While third-party testing labs like NSS Labs have begun to establish some baseline parameters around SD-WAN solutions, there are still a number of issues that organizations face in selecting, deploying and managing a solution that meets their current and evolving needs.

Places to Provide Critical Services

As a channel services provider, here are a few things you can focus on to assist your customers through this transition away from MPLS and toward the adoption of a next-gen SD-branch solution, from selecting proper solutions to the deployment and optimization of a consistent branch solution rollout:

  • Automated efficiency for the WAN edge. Advanced routing functionality combined with deep application awareness is fundamental to providing a fast and secure SD-WAN experience. It requires being able to determine application criticality, meeting and maintaining performance requirements, and managing the critical routing challenges being introduced by flexible and dynamic networks.

Any SD-WAN solution under consideration needs to include things like Automated Multi-Path Intelligence to select the most efficient route for SaaS, VoIP and other business-critical traffic to and from the branch office, and WAN Path Remediation, which provides Forward Error Correction (FEC) to overcome adverse WAN conditions, such as poor or noisy links, to enhance data reliability and deliver a better user experience, especially for Unified Communications applications.

  • Application performance. To ensure optimal application performance, SD-WAN solutions must be able to identify a broad range of applications and apply routing policies at a very granular level. Bandwidth-hungry applications can be supported using Tunnel Bandwidth Aggregation that combines two overlay tunnels and then applies per-packet load balancing and delivery to maximize network capacity and performance.

Likewise, high-speed Application Awareness should be able to intelligently identify applications on the very first packet of data traffic, natively identify and differentiate between thousands of applications, and prioritize application routing across available network bandwidth based on specific application and user requirements, even if that application traffic has been encrypted. It should also include a process for identifying and classifying new applications.

  • Secure remote connectivity. While its use of public networks is one of the reasons for SD-WAN’s popularity (as there is no comparison between the cost-performance benefits and agility of internet-based connections over an MPLS connection), it does raise some eyebrows when it comes to security. SD-WAN vendors address the need for secure connectivity with virtual private networks (VPNs).

But this requires more than your usual VPN connection solution. Branch offices operating at the expanding WAN edge need to be deeply interconnected to leverage today’s digital networks. Meshed overlay VPNs, built on-demand, allow branch devices, applications and resources to be interconnected and move quickly across, between and through a variety of network environments. VPN overlays also typically include multiple layers of network tunnels per branch. When these overlays are multiplied across an organization with a large number of branches or remote locations, network performance can seriously degrade. Closely examining and determining real VPN connectivity performance, therefore, is a …

… fundamental service you can provide to any IT team scoping out a potential SD-WAN solution.

  • Integrated, high-performance security. According to a recent Gartner survey, “72 percent of respondents said that security was their topmost concern when it comes to their WAN.” That’s why any SD-WAN solution needs to provide a full range of advanced security features. Security solutions need to operate at SD-WAN connectivity speeds. To meet this requirement, several things need to be taken into consideration:

    • Security needs to be natively integrated directly into the SD-WAN solution. This allows for faster performance, simplified single-console management and less IT overhead.

    • SD-WAN security needs to be able to provide deep inspection of your encrypted VPN traffic at digital speeds. Because so many security solutions fail to meet this requirement, many vendors simply refuse to publish their numbers. Fortunately, many third-party test labs do, and this is an item you should pay close attention to.

    • Secure SD-WAN needs to provide a full range of security protection. Your branch office is no different from any other element of your network, and it requires the same level of robust protection, including next-generation firewall (NGFW) functions, comprehensive intrusion prevention (IPS), web filtering, and anti-malware and anti-virus. It also needs to encompass threat detection, including high-performance inspection of SSL-encrypted traffic and sandboxing.

    • Any secure SD-WAN solution also needs to seamlessly integrate with the larger enterprise security framework, including security applied inside the branch LAN, to reduce one-off management overhead and ensure consistent security enforcement across the entire distributed network.

  • Centralized visibility and control. Once an SD-WAN solution has been deployed, IT staff are required to manage WAN optimization and security functions through two different interfaces, often creating gaps in their ability to see and respond to threats. Resolving this challenges requires integrated single-pane-of-glass management that allows remote administrators to manage physical and logical network topologies, ensure that security and networking policies support common objectives and enable seamless integration and orchestration of policies and protocols — not just for the extended branch ecosystem, but across the entire distributed network, ensuring that branch deployments aren’t treated as a separate and isolated network environments.

Rethinking Strategies

To meet their ongoing digital transformation requirements, organizations are radically rethinking their branch and WAN edge strategies. For many, this means replacing static MPLS connections with SD-WAN solutions designed provide fast and efficient interconnectivity between branch offices and other critical resources.

In addition to high performance and advanced routing functionality, however, one of the functions most often overlooked is security. Unfortunately, because most solutions on the market fail to adequately address the issue of security, it can be an easy issue to forget until you are faced with having to build an ad hoc security solution from scratch.

Most IT teams are already stretched thin, and are unfamiliar with the complexity of choosing and deploying SD-WAN solutions. To overcome this challenge, and meet the growing business demand of transitioning a more comprehensive branch strategy, they need help from a trusted adviser. By understanding the requirements of a truly effective, scalable and secure SD-WAN solution, you are in a position to provide the help and guidance they need — and just at a time when cybercriminals are increasingly targeting the WAN edge as one of the weakest links in an organization’s security strategy.

Jon Bove is the vice president of Americas channels at Fortinet. In this capacity, Bove and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States as the company seeks to help them build successful – and profitable – security practices. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales-leadership and channel-leadership positions. During his time at Fortinet, he has been responsible for establishing Fortinet’s national partner program and aligning Fortinet’s regional partner strategy to allow partners to develop Fortinet security practices with the tools and programs to successfully grow their businesses. Follow @Fortinet on Twitter or Bove on LinkedIn.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like