“Simple can be harder than complex. You have to work hard to get your thinking clean to make it simple.” –Steve Jobs
My empathy for network engineers who manage cloud connectivity without SD-WAN (software-defined wide area networking) increased last week. A service provider informed me that settings had to be changed in all of my devices to ensure ongoing access to an email account. Sounds like a simple and quick task, right? Actually not.
What should have been a 15-minute exercise took an hour to complete. In fairness, that was partly because two years have passed since the last time I did it. But the real issue was the ISP provided instructions for only one of my devices and that information wasn’t quite right. I had to puzzle over which settings needed to change and how to do it in each device. There are many other things I would prefer to have done with that hour on Sunday afternoon. Like, read about cloud networking.
The craftsman approach to WAN management
My experience was trivial compared to what network engineers must do to manage cloud connectivity using tools and processes designed for the way things were 15-20 years ago. I call it the craftsman approach. It’s very hardware-centric: routers and gateways are configured on an individual basis using scripts or manual entry via command line interfaces (CLIs). Detailed knowledge of IP address schemes, ports, access control lists, and other network parameters is required. This work is tedious and it’s easy to make mistakes.
A perfect storm of complexity
The craftsman approach to managing WANs is too slow and error-prone to match the complexity of networks and the speed of business in the Cloud era. WANs were less complicated in the past. MPLS was the transport of choice for links from enterprise data centers to edge locations (e.g., remote sites and branch offices). Today there are alternatives to MPLS–broadband Internet, cable, and cellular LTE–that have enabled the deployment of hybrid WANs, which blend multiple transport types to reduce costs and increase network resiliency.
Applying the craftsman approach to WAN management can be frustrating in the cloud era.
There has also been an expansion in the number of connection points. Many edge locations now have Internet break-outs that shorten the distance to public clouds. This can improve application performance, which suffers when all cloud traffic is backhauled through a central location in the enterprise network. Combine this complexity with an accelerating pace of business and you have a perfect storm for network engineers. A simpler way of managing WANs is needed.
Before going on, I’d like to recommend an excellent paper by ZK Research that explains why networks need to evolve as organizations go through digital transformation.
Software-defined simplicity
SD-WAN increases the productivity of network engineers with powerful tools that tame the complexity of modern networks. The first “tool” is a central point of control for all WAN devices. This is not a bolt-on layer of software; it’s an architectural feature that is characteristic of software-defined networking. Large numbers of devices can now be administered from a single management console, which is typically an intuitive GUI (graphical user interface), instead of multiple CLIs.
A second tool is policy-based management, which gives network engineers the ability to author policies for security and performance that are rooted business intentions and expressed in natural language instead of ports and IP addresses. A new or changed policy will be translated into operational rules that are quickly transmitted to devices across the entire network. Automation is what enables speed and consistency in the implementation of policies.
Now let’s see how SD-WAN makes it simple to design, deploy, and manage cloud-connected networks.
Design
Riverbed SteelConnect SD-WAN lets you plan, store, and visualize the entire network before deploying physical or virtual devices. It uses the concept of a shadow appliance–a placeholder that can be configured like a real SD-WAN device–to design network configurations before purchasing appliance hardware. An intuitive workflow in the central management console guides you through the design process including device configuration and connectivity to enterprise sites and public clouds.
Here’s the best part: the work of a network engineer will be finished in the design phase. There is no longer a need to travel to the site and manually configure an SD-WAN device at the time of deployment.
Learn more about designing networks with SteelConnect SD-WAN by watching this 4-minute video.
Deployment
After designing a shadow appliance, the next steps are to enter the serial number of the actual appliance into the central management console of the SD-WAN controller and ship the hardware to the deployment site. When it arrives, a person with minimal or no IT skills just unpacks the appliance, attaches network cables, and turns on the power.
Then, after discovery and identification, a secure connection is made between the appliance and the SD-WAN controller, which proceeds to update software, configure the appliance, conduct remote tests, and bring it online. This is all done via automation and orchestration. The process is called zero-touch provisioning.
I’d like to underscore that a network engineer need not travel to the site or otherwise participate in the deployment of the SD-WAN appliance. Another point worth noting that an SD-WAN gateway can be installed without removing the existing router or other network equipment.
You can also deploy SD-WAN gateways inside the AWS and Microsoft Azure public clouds to manage application traffic as it enters or exits a virtual private cloud (VPC) in AWS or a virtual network (VNet) in Azure. (Note that SD-WAN cloud gateways are not appliances but instances of the SD-WAN software running on the cloud computing infrastructure).
Here’s another great feature: Riverbed SteelConnect provides one-click connectivity to AWS and Microsoft Azure that makes it easy to establish ad hoc VPN connections between enterprise sites and the cloud.
Ongoing management
The combination of centralized control and a mechanism to implement business-aligned policies via automation greatly simplifies the work of managing networks on a day-to-day basis. Consider an example in which executive management decides the traffic of all users in the Finance department must be routed across network links meeting a certain standard of security.
This directive can be implemented very quickly using the policy engine of an SD-WAN controller, as illustrated in the screen image below. New rules will be downloaded to all SD-WAN devices. When packets entering an SD-WAN device are inspected and identified as being associated with someone in the Finance group they will be forwarded onto a network path meeting the security requirement.
Policies aligned with business needs are easily implemented as SD-WAN traffic rules that govern security and performance for applications, user groups, and locations.
Implementing this policy (i.e. traffic rule) via a separate CLI for each network device would take an administrator hours, if not days. Moreover, the risk of an error being made increases with the number of devices.
Business-aligned policies can also be implemented to give certain applications, users, or groups better network performance. For example, the latency-sensitive traffic of unified communications (e.g., Skype, WebEx, etc.) can be routed onto the fastest available path. Conversely, the traffic of storage backups from personal computers to the cloud can be assigned a lower priority.
Learn more about SD-WAN
I recommend downloading Riverbed’s eBook, the Essential Guide to Cloud Networking with SD-WAN, to learn more about SD-WAN and how it can simplify cloud connectivity. This eBook also discusses three ways SD-WAN can improve application performance and how integrated monitoring tools can be used to proactively detect and resolve performance issues.
Leave a Reply