The rise of cloud and SaaS applications is driving more network traffic over the public internet and wireless networks. The rapid deployment of connected devices and sensors — for the internet of things — places new demands on network bandwidth, reliability and security. To address these requirements, IT organizations need to upgrade their WANs.
Organizations are rapidly adopting cloud-based software networking technologies, such as software-defined WAN (SD-WAN), to meet these next-generation WAN requirements. SD-WAN benefits include secure, reliable access to cost-effective internet bandwidth and a higher quality of service necessary for critical applications.
Key trends affecting the branch network
The rise of cloud-based applications, growth in mobile workforces and BYOD policies creates new challenges for IT managers tasked with providing secure, reliable access to applications for highly distributed end users. The trends toward mobility, increased video traffic and pervasive use of cloud-based applications increase bandwidth requirements and make the performance of many applications sensitive to the quality and latency of WAN services.
IT organizations are increasingly challenged to provide quality of service (QoS) to cloud-based applications. According to IDC, more than 80% of new corporate applications will be deployed via the cloud. Cisco models project that business WAN bandwidth will increase, on average, over 20% per year.
The internet of things (IoT), meanwhile, is rapidly emerging. IoT systems can improve the operational efficiency of a business, increase customer satisfaction and lead to higher profitability. When billions of new devices connect to the network, however, enterprises have no choice but to deploy intelligent, scalable infrastructure at the edge.
Branch compute and storage in the cloud era
Organizations have a multitude of options when evaluating the placement of appropriate compute and storage resources for remote branch locations. The trend is for an increased percentage of compute and storage capacity to be centralized, either at the corporate data center or, increasingly, in a public cloud.
For many organizations, application requirements for low latency and high reliability dictate an IT architecture with local compute and storage capabilities. And IoT applications, especially those with high data volumes and low latency requirements, continue to support computing capacity at the edge, such as a branch or remote location.
The distribution of compute and storage will continue to affect WAN requirements by presenting specific challenges for security, latency and reliability. IT leaders will need to adjust branch WAN architectures to meet the evolving requirements of users, applications and IoT at their remote locations.
A mess of incompatible boxes
Current branch networks are not well-suited to automation, mobility, cloud and IoT. Most branch networks consist of a slew of incompatible boxes from different suppliers. Each box has a different application and management interface. Security must be patched together across firewalls, unified threat management platforms and virtual private networks (VPNs) — often completely separate from the network.
A typical branch network may have all of the following:
- Ethernet switch
- Wi-Fi controller
- WAN optimization device
- IP VPN
Provisioning, managing, operating and securing these network systems is well beyond the technical capacities of most workers at the branch. And, unfortunately, most of the installed branch networking gear lacks good centralized automation and management. Because the branch network gear comes from multiple suppliers, inconsistent and incompatible management interfaces add to the complexity.
In some cases, IT personnel need to travel to branch locations to provision, upgrade and fix networks. While many operational tasks can be done remotely, the number of network elements at the branch makes it difficult to identify and remediate network reliability, performance or security concerns. As a result, most IT teams struggle with hardware costs and the time required to address branch network issues.
What the branch needs
The lack of trained IT personnel at most branch locations demands a simple, automated infrastructure. Provisioning a branch WAN needs to be as simple as plugging in power; making the WAN connection should take a few easy clicks. Management and monitoring of the branch network is most effective when centralized at headquarters. And cloud-based software can assist IT personnel in understanding the key performance metrics and steps to alleviate any slowdowns.
Security of the branch network is always a key concern, and threats only increase as more devices join the network.
Network security should be baked into the operations of the network. Any anomalous traffic must be immediately identified and quarantined. Security policies should be pushed from a centralized console. Automated security requires coordination between several elements of the network branch, including network security, router, SD-WAN and Wi-Fi controller. Suppliers are working to increase end-to-end security capabilities, but these are typically limited to architectures unique to their products and ecosystems.
Software abstraction, such as software-defined networking, enables centralized management and administration of branch networks. Many suppliers have added cloud or data center-based consoles to provide improved centralized management.
The challenge is the lack of interoperability among the multitude of branch network elements. This requires centralized IT personnel to operate multiple consoles in a swivel-chair management approach. To add to the challenge, software-based network elements at the branch are poorly integrated with the branch compute and storage products.
Software converges the branch network
To meet the challenges of evolving branch network requirements, IT organizations are deploying new software and cloud-based tools, including SD-WAN.
SD-WAN benefits the branch network by identifying devices and applications and then applying policies to deliver the appropriate QoS. Its functionality enables hybrid WAN architectures to take advantage of plentiful and inexpensive internet bandwidth, which augments traditional Multiprotocol Label Switching networks. SD-WAN benefits, such as centralized management, enable a business to enjoy rapid, zero-touch provisioning at its branch locations.
Cloud-based intelligence provides improved visibility into traffic flows and identifies potential security threats. Centralized policy management allows the policy to follow the user, thus eliminating time-consuming, manual management tasks. This software reduces the complexity of needing to set up secure VPN tunnels and establish the virtual WAN topology.
SD-WAN is leading the way in terms of innovation at the branch network. The challenge is that SD-WAN is only one component of a complex range of branch network functionality.
A number of vendors are promoting specific software-based network branch architectures to converge and simplify network functionality. This converged technology is in its early stages, and it is generally unique to a specific vendor’s architecture and products.
Recommendations for IT leaders
For most IT organizations, it is complex and costly to operate, manage and secure networks at branch locations. The migration of applications to a cloud or SaaS model, BYOD and the advent of IoT place further stress on branch networks. Pervasive security threats mean that the branch network must be just as secure as the data center.
These new WAN requirements will require a transformation of the way organizations build and operate branch networks. The distributed branch network needs to support WAN cloud and mobility initiatives. This new WAN architecture can lead to simplified operations, reduced hardware costs and more efficient use of bandwidth.
New software-based networking technologies and cloud-based intelligence have the potential to significantly improve network operations. SD-WAN has matured as a technology and can provide immediate benefits to distributed organizations, such as with bandwidth efficiency and improved application performance.
However, the broader concept of the converged branch, where all network functionality is together on a single platform, is still at the prototype stage. Initial implementations from network suppliers will be largely single vendor, and those are likely to require significant upgrades to existing architectures. IT leaders with distributed locations should take advantage of SD-WAN benefits — as appropriate for their business — and evaluate a potential migration to a converged architecture over the next few years.