In today’s multi-cloud, hybrid environments, cloud environments can be complex networks of office buildings, data centers, branch offices and remote users. The WAN (wide area network) is critical to the performance and security of cloud applications, but traditional network infrastructures are often rigid and difficult to expand or customize. Network managers may lack visibility into traffic patterns or be unable to control the QoS of different types of traffic. Because of these limitations, IT departments are increasingly turning to software-defined wide area networks (SD-WANs) — software-based, programmable overlays that operate on top of existing network infrastructure.
SD-WANs offer greater flexibility in customizing network services, better visibility and management of network traffic and, potentially lower costs. In Gartner’s 2019 Strategic Roadmap for Networking predicts that by 2024, 60% of enterprises will have implemented SD-WAN, up from less than 20% today.
Advantages of SD-WAN
One of the biggest advantages of an SD-WAN is that it can use any transport mechanism, whether that’s MPLS, 4G, VPN over broadband internet or an LTE cell network. Thus, the WAN can use cheaper modes of transport, such as a public internet connection, instead of more expensive MPLS networks.
Another advantage of an SD-WAN is that it is managed via a central interface through which the administrator can provision network services and monitor traffic and routes throughout the WAN. Because network services are controlled by the software, not embedded in the network hardware, an administrator can provision the services at will and set different services for different types of traffic or destinations. Critical traffic can be assigned a priority QoS, so it travels faster than less important traffic.
Advice on how to approach SD-WAN
But implementing an SD-WAN as part of a cloud migration requires the involvement of multiple IT specialties and can’t be undertaken as one-department project. As I note in my blog post “No Network, No Cloud,” too many cloud-related projects are begun as small, isolated ventures that end in failure because they don’t integrate with the company’s existing network, security or cloud technologies. We stressed the importance of assembling a collaborative team of employees or consultants from IT operations, networking and security as well as experts in capacity planning and cloud services.
Security is perhaps the most critical aspect of an SD-WAN deployment. The traditional security solutions that most organizations employ today depend on a defined security perimeter and can’t be easily adapted to WAN and cloud environments. IT security professions will need to understand how the organization’s existing security technologies interact and what new types of security solutions are needed. They will also need to consider the security services that are part of existing cloud applications.
Another issue is that the SD-WAN platforms and devices on the market differ in the type of security they include. Most SD-WAN providers employ IPsec to encrypt data in transit, but a few providers, such as Cisco, include advanced security features such as a secure internet gateway, application aware firewall, URL filtering, anti-malware and real-time threat intelligence. SD-WAN platforms with a full stack of security capabilities can provide a higher level of policy-based, layered protection.
The IT security and network experts on your planning team can best evaluate how the SD-WAN’s security features would integrate with existing on-site or cloud-based security applications, and whether you will need additional security that is provided in the SD-WAN platform. Managed security and network services providers such as TierPoint can assist in evaluating security services as well as provide additional security products and services to fill in any gaps.
Done right, an SD-WAN platform can optimize performance, lower network costs and ensure the success of your cloud migration. There is no cloud without the network.
>> Read the full post on the Cisco blog: No Network, No Cloud
BraveIT Spotlights are guest blog posts from our 2019 BraveIT sponsors. Dominic Elliot is the chief technology officer for Cisco Service Providers in Northern Europe. Cisco is a worldwide leader in networking, security and cloud solutions. Their people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today.
See More at BraveIT 2019
TierPoint’s BraveIT conference is an interactive, thought leadership and networking event designed for the modern IT professional. The 2019 BraveIT conference will take place September 19 in New York City, with a variety of events, activities and speakers. You can see the full agenda, as well as register for the BraveIT at BraveIT 2019.