[caption id="attachment_21956" align="alignright" width="229"] By Phillip Gervasi, VMware Radius Contributor[/caption]
The SD-WAN (software-defined, wide-area networking) story began five or six years ago as a tale of speeds and feeds, bits and bytes. Since then, SD-WAN technology matured. And with it, real-world use cases emerged. By and large, cloud connectivity is what makes SD-WAN one of today’s hottest technologies.
Growing Cloud and SaaS Adoption
Public cloud—from providers such as Amazon Web Services (AWS), Microsoft Azure and the Google Cloud Platform (GCP)—is no longer an interesting, emerging technology. Most organizations have some public cloud footprint today. And even if a company isn’t heavily invested in moving workloads from its own data centers into AWS, for example, chances are it uses software-as-service (SaaS) platforms like Microsoft Office 365 or Salesforce.
In a way, this means most organizations are multi-cloud. A small organization relying on Office 365 for email and productivity software, Dropbox for Teams for file sharing and AWS as a location for server backups, is using three completely separate public cloud vendors. And if you ask any of the CIOs responsible, they will tell you all of these cloud services are mission-critical to their businesses.
Yet, legacy network methods used to build high-quality connections to several public cloud providers require high-end engineering skills, advanced technical design, and often expensive direct connections. And IT organizations continue to jump these hurdles to empower their businesses with AWS, Azure and their favorite SaaS platforms.
But, there’s a better way now: SD-WAN.
Because SD-WAN is software-driven and controller-based, it sees the entire network as one system, including the organization’s cloud presence. An instance in AWS or Azure is just another node on the network, governed by centralized policy. That makes standing up a new connection to the public cloud:
- More secure.
- And often less expensive than the traditional, manual way.
It doesn’t matter if IT is virtualizing an SD-WAN router to run in AWS or deploying purpose-built, cloud-native SD-WAN software in Azure. Public cloud resources appear as simply another branch location within the SD-WAN, making it very simple to manage and secure.
An SD-WAN is much more agile than a legacy wide-area network. New sites, such as the temporary healthcare facilities constructed to deal with the COVID-19 pandemic, can be spun up in a matter of minutes. An SD-WAN doesn’t rely on any type of underlying connectivity. So, standing up a new site with a 4G link and broadband means an organization easily accommodates rapidly changing needs.
Moreover, because an SD-WAN can be built on inexpensive commodity internet circuits, an enterprise network can be extended to remote employees working from their homes or temporary facilities. By aggregating several inexpensive links into one logical connection, an SD-WAN can provide high-quality connectivity to a company’s resources much better than simply connecting over a remote access VPN. And this includes real-time traffic, such as enterprise voice and video.
Routing, Security and Connectivity Benefits
Centralizing policy has wide-ranging benefits to organizations—both in terms of the routing and security. And SD-WAN aggregates multiple active connections to provide high-quality connectivity, even over the public internet. SD-WAN also simplifies intelligent path selection, which isn’t a trivial technology. For example, protocols such as the VMware VeloCloud Dynamic MultiPath Optimization (DMPO) enable an SD-WAN to always choose the very best path for traffic destined to a public cloud provider.
Though the term “public cloud” encompasses SaaS, connecting these platforms is different from connecting to AWS, Azure or GCP. An organization can’t instantiate its own router in Office 365, Zoom, Salesforce or other SaaS platforms. So, how can IT teams ensure high-quality connectivity and security to these services?
Mature SD-WAN vendors directly addressed this problem. And they did this not by instantiating their own SD-WAN routers in the Microsoft Office 365 cloud, but also creating software that provides exceptional connectivity to those SaaS resources.
In addition to great connectivity, access to cloud resources must be secure—especially during the pandemic. The increase in remote workers compounded with a shift to the public cloud gives cybercriminals more attack vectors to exploit. However, centralizing policy with an SD-WAN also means centralizing an organization’s security posture. This includes certificate management, access control, data loss protection and advanced firewall services like day-zero threat detection, intrusion detection and prevention.
An SD-WAN consolidates these security features into one service stack rather than through many disparate platforms. And this makes network security less burdensome on a network operations team. It’s also much easier to keep both consistent and in-line with a company’s security standards.
App-Aware Routing Optimizes Experiences
Application-aware routing, enabled by an SD-WAN router, can:
- Recognize traffic destined to a particular SaaS provider.
- Prioritize it.
- Route it differently than other traffic.
This alone may be sufficient to ensure great connectivity, but SD-WAN vendors go further by partnering with SaaS providers. Together, they team up to steer SaaS-destined traffic to the geographically closest SaaS points-of-presence to the branch. These two methods of dealing with SaaS traffic mean:
- SD-WAN makes connecting to SaaS resources easier for IT.
- The technology outperforms legacy WANs when it comes to providing a better application experience.
The SD-WAN story that started half a decade ago has matured and expanded into more compelling use cases, some of which have accelerated due to the pandemic. Today, SD-WAN has moved beyond bits and bytes to powering our cloud world of connectivity.