The underlying technology utilized to connect geographically dispersed locations – just think of a large corporation’s offices in multiple cities – into a single secure, reliable, and manageable network is changing. When all of those locations require seamless and cost-effective connectivity not only with each other but with the Internet as well, enterprises need a better solution than the traditional SD-WAN.
Enterprise WANs based on MPLS links are quickly being phased out. With the perimeter more porous than ever and networks becoming more virtual and less physical, low-latency but high-cost transport between physical locations looks increasingly like trying to shove a round peg into a square hole. Thus, the emergence of SD-WAN as a service (SDWaaS) platforms.
Why enterprise networks outgrew early SD-WANs
In simpler times, simple solutions sufficed. When corporate networks were still designed and constructed according to the star (or “hub and spoke”) model, appliance-based SD-WANs made sense.
By prudentially reserving costly but reliable MPLS bandwidth for latency-sensitive applications like corporate VoIP at network endpoints, those appliances earned their slot on the network rack many times over by slashing MPLS bandwidth costs. Also, since they encrypted the Internet-carried WAN traffic, the appliance-based SD-WANs also helped keep those networks secure. That security came with one big caveat: only the traffic which remained entirely within the WAN was protected this way.
As more business-critical applications moved out of centralized physical datacenters and into the cloud, increasing numbers of remote locations required dedicated Internet access (DIA) connections. That’s because DIA connections send traffic much more directly to and from sites on the public Internet without the delay incurred by first backhauling that traffic through the WAN into the central datacenter before sending the data out onto the Internet. Using a WAN to access Internet resources of all types (cloud apps for business, industry websites, high-definition video, etc.) also turns the central datacenter (the “hub”) into a potential choke point and single point of failure, because it’s acting as the gateway to the Internet for the entire WAN.
Naturally, network admins turned to DIA connections to fix this WAN bandwidth problem, but of course those DIA connections increased the attack surface of the WAN.
Thus, those remote offices required their own suite of security tools (e.g. next-generation firewalls and URL filters) to protect them. Network engineers and other IT staff were then faced with maintaining, synchronizing, and tweaking two parallel security stacks. Instead of simplifying and securing enterprise WANs, early SD-WANs increased their attack surface and complexity when they were forced to accommodate the realities of today’s networks.
Moving Beyond MPLS
Much like the MPLS links they were supposed to utilize, the appliance-based SD-WANs were completely premised on the idea of stable, physical links between permanent physical locations. Open up that old hub-and-spoke model to the cloud and mobile, and the result is a flat tire.
If the key problems of first-generation SD-WANs stemmed from their incompatibility with the cloud, then perhaps the solution is to put the SD-WAN itself in the cloud. This is exactly the line of thinking adopted by novel SD-WAN as a service (SDWaaS) platforms. These innovative solutions are based on rethinking the whole purpose of SD-WANs – their job shouldn’t be to minimize the costs of MPLS connections, but to replace them entirely.
But hold on – if the SD-WAN resides in the cloud and thus relies on the wild and open Internet, how is that possible?
Let’s go with the short answer: by establishing a SLA-backed privately managed backbone to deliver MPLS-level reliability and real-time responsiveness at Internet link-level costs. SWaaS thus eliminates the need for MPLS links, along with their security and cloud compatibility issues.
SD-WAN advantages, MPLS performance, cloud service pricing
SWaaS platforms deliver all the benefits of the earlier SD-WAN appliances: application-aware optimization and policy-based routing, simplicity of configuration and maintenance, and rapid and easy deployment. And all without the latency and congestion of Internet-destined traffic incurred by traditional SD-WANs. When it comes to security, SWaaS solutions include robust network security baked into the backbone. This eliminates the hassle and cost of integrating security tools from third parties.
Combined with the geographic distribution and instant deployment of upgrades inherent in cloud-based services, all these benefits make SWaaS a necessity for organizations looking to future-proof their WANs.