The network perimeter is being redefined, as perimeter-based demarcations and defenses are becoming more difficult to wrap our arms around, and effectively control.
IT no longer has discrete control over internal users connecting from inside a corporate office or private network for branch users. Today, users and IoT systems are connecting from external networks using a bevy of devices. And, both corporate office and branch users are accessing applications from multiple cloud and SaaS services. IT faces challenges beyond security and connectivity, as enterprise data and applications are no longer located on servers they physically own, control, and protect; but hosted in some form of public or hybrid cloud network.
For decades, traditional WAN infrastructure relied upon private, point-to-point networks, like MPLS. However, modern networks with SD-WAN, enable the enterprise to expand bandwidth using lower cost, and more adaptable broadband links. Despite what many SD-WAN vendors claim, MPLS is not going away any time soon. In fact, SD-WAN can take full advantage of MPLS, along with any other link type to deliver a better user experience.
If your goal is to reduce bandwidth costs and gain greater agility, you can add broadband Internet into the mix. SD-WAN also enables segmenting of traffic, such as routing business-critical and real-time apps through MPLS, and non-critical traffic to an Internet link, and deliver resiliency across every link. SD-WAN also allows you to easily segment application types over certain links to better understand traffic usage. This is all orchestrated through the SD-WAN controller. So, now IT can provision, manage, and have an SLA for every traffic type. And with zero-touch branch deployment capabilities, you can easily support thousands of remote locations.
Getting Control of the Expanded Enterprise Perimeter
Supporting the extended network perimeter requires new methods of network and security implementations. Implementing cloud-based network and security services with a traditional WAN can be a very complex undertaking, that requires configuration and management of individual tunnels at every branch location. It also requires various failover methods to be created and tested.
With SD-WAN, cloud services can be defined from a single, centralized controller using policies to automate and determine which traffic will be routed to each service. SD-WAN applies an overlay that delivers greater elasticity in service provisioning, and frees network and security services from traditional hardware-bound connectivity. With SD-WAN service chaining, application performance and reliable path selection are automatically built into the network operations, matching traffic types with selected services for traffic in-route to cloud services.
Hardware-based network and security services can be challenging to remove from branch offices without compromising reliability, performance and security. However, SD-WAN introduces a virtualized environment, that uses service chained Network Function Virtualization (NFV), to virtualize the entire stack, replacing hardware-based network and security appliances, with a low-cost platform to deploy a wide variety of virtual network functions (VNFs). This creates a virtual network edge topology that efficiently chains together multiple services previously delivered as separate hardware appliances, to simplify operations, improve performance, lower costs and significantly reduce branch IT footprints.
SD-WAN central orchestration and automated management of branch offices, distributed users and IoT devices, enables enterprises with the control they need, as network perimeters expand with cloud, SaaS, IoT and mobility.