Is the WAN Your Weakest Link?
Geoffrey Moore, author of Crossing the Chasm, once said ‘IT is the business.’ To meet the demands of a digital enterprise in a cost efficient manner, the IT team must rely on unification and consolidation of infrastructure. Though infrastructure models and architectures such as the cloud and hybrid networks are cost efficient, they add unmanageable complexity to the WAN. The question is-is this compromise a necessary price to pay?
WAN architecture based on decades-old designs have reached their limits, are the weakest link in the cloud era
The shape of the network is undoubtedly more complex. The network perimeter is becoming more distributed. Branches are now directly connected to the Internet. On-premise assets are directly tied to off-premise assets to form hybrid cloud workloads. Users in the branch are connecting to off-premise applications and users at home are connecting to on-premise applications.
This distributed edge of the network is becoming a hub of communication with strong intelligence, security and performance requirements. The edge receives information from multiple links; communications from branch-to-branch increase as enterprises embrace unified communications.
In order to orchestrate this distributed network perimeter and encouraged by the cost efficiency of public transport over private options, underlying networks are becoming increasingly heterogeneous. MPLS, when it’s not simply suppressed, is now combined with Internet using a variety of transports from DSL to fiber and even 4G/LTE. This also results in heterogeneity in terms of performance and security.
With local Internet breakouts in branch locations, the security perimeter is becoming distributed too. However, existing solutions, including firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS), and advanced threat protection (APT) that were designed for central locations are too costly to be distributed in branches.
Re-creating both a consistent and efficient security perimeter between on-premise assets, off-premise assets, on-premise users and off-premise users is nearly impossible with existing VPN solutions.
Furthermore, with the rise of the cloud-based enterprise, applications are richer and diverse in terms of where and how they are delivered.? The traffic mix and the communication requirements are becoming richer, more dynamic and more difficult to identify:
- ?Users adopt applications at a faster pace. HD Internet video can rapidly create contention even on fiber.
- Unified Communication and Collaboration (UCC) is dramatically increasing traffic variance and branch-to-branch flows.
- Encrypted HTTP (HTTPS) is the new normal for secured communication between clients and servers.
New expectations for agility are incompatible with current WAN characterstics and practices
Though the network is becoming increasingly complex, as enterprises adopt the cloud and its incredible agility, business stakeholders are expecting IT stakeholders to offer similar, extreme reactivity. Organizations are faced with timescales of weeks and sometimes months in the way they must cope with provisioning of network sites. The time it takes to cope with changes in their network parameters and policies, such as with QoS/Classes of Service or VRFs, are no longer compatible with the way applications are deployed and used. Static policies are not able to follow the dynamics of usage; the traffic matrix is more meshed and complex.
In order to ensure predictability in the delivery of applications, holistic monitoring of the distributed network and closed-loop path control is crucial. However, identification of traffic for the purpose of controlling it is now a difficult, and sometimes impossible task as legacy solutions are not able to decipher HTTPS-encrypted applications or those using dynamic port number like UCC. Since existing path selection mechanisms are not aware of the applications and of the underlying network, they cannot efficiently manage/hide their diversity.
Legacy methods of orchestrating, configuring and managing the WAN are not compatible with the rapidly evolving requirements in the hybrid era. While the world of servers and storage is becoming dynamic, agile and software defined, the WAN continues to be for the most part the same: static and fragile. This incompatibility leads to downtime, excessive time to market and the need for specialized personnel at remote locations. In all, it results in high costs and lost revenue.
It’s time to rethink the WAN
‘Complexity is almost always a positive thing that yields a beneficial outcome, especially when the increased complexity is shifted away from the user of a product or the recipient of a service to a practitioner or the intelligent system operating the more complex environment,’ said Peter Sondergaard, senior vice president and global head of research at Gartner in 2005.
This thought is one of the strongest principles that rule the world of IT. Every aspect of IT is undergoing evolutions or revolutions that, through convergence of disparate technologies or other disruptive approaches, are bringing back complexity to a level that is operationally acceptable for enterprises.
This hasn’t happened to the WAN for more than 10 years. Now, it’s time to rethink the WAN.
Over the past few years, a novel network architecture has emerged to solve similar problems at the level of the data center: software-defined networking (SDN). SDN provides multiple benefits that can be summarized in a network able to support the most modern datacenter workloads and create OpEx and CapEx savings at the same time.
Today, vendors are coming up with solutions that explore the application of SDN principles on the WAN for the sake of achieving the WAN revolution: software-defined WAN (SD-WAN).
SD-WAN is about an ability to efficiently deliver guaranteed application performance to the modern users and workloads of the hybrid enterprise. The required principles for a successful SD-WAN implementation are the ones that are driving other software-defined portions of the IT: convergence and automation. Through convergence, disparate technologies can be made more powerful and efficient-better together. Through automation, scalability of operations can be achieved and agility can be delivered.
Riverbed SD-WAN-the application-defined WAN
In an agile and software-defined world, Riverbed wants to help you build a WAN that is an enabler, not the weakest link. Riverbed has working capitalized on the application-aware foundation of its technology to create a novel edge architecture that is automated, converged, secured, hybrid native, open, cloud managed and above all, application-defined.