By David Klebanov
Many organizations have embarked on the journey of adopting the public cloud. For some it had become a new norm of delivering infrastructure and applications, while others view it as means of augmenting their existing on-premise resources. Whatever the case may be, the question of architecting wide area network connectivity to the cloud is one of the most fundamental building blocks of delivering robust, secure and reliable user experience.
Wide Area Networks had largely stayed stagnant over the course of the last 10 years. MPLS had been the technology of choice for delivering connectivity across the Enterprise. It provided privacy, quality of service and generally higher uptime SLAs compared to Internet VPN alternatives. It would appear that MPLS had check-marked on all the requirements, but that’s when things have changed.
The rise of the public cloud services, such as SaaS and IaaS, had challenged monolithic network connectivity model offered by MPLS. Increasing adoption of the public cloud had shifted the network traffic patterns from being primarily data denter bound to being cloud and Internet bound. While Service Providers offered the option to connect to cloud services directly through the MPLS network, it lacked the flexibility of transport independence, ability to optimally utilize all available bandwidth and provide cost effective solution. The following figure depicts typical traditional Service Provider offering where MPLS plays a pivotal role in providing connectivity to the various services, including the public cloud.
Figure1: Typical model for Service Provider service delivery using MPLS
Software Defined Wide Area Network or SD-WAN disrupts the model of leveraging MPLS as the means of connectivity to consume services, including the services offered from the public cloud. It allows balancing connectivity needs between the different types of transports, which may include MPLS, broadband Internet, metro-Ethernet, point-to-point, 3G/4G cellular, satellite and such. The choice of transports may be dependent on their geographic availability, reliability levels and the desired price points. The following figure depicts the transport independent model of connectivity offered by the SD-WAN.
Figure 2: Transport independent SD-WAN model
Lets now take a deeper look into the two predominant cloud services, Infrastructure-as-a-Service and Software-as-a-Service, and see how SD-WAN can help.
Infrastructure-as-a-Service or IaaS allows organizations to rent resources, typically compute, network, storage and virtualization, from the cloud service providers and either extend or migrate computational tasks from on-premise infrastructure to the public cloud. The most prominent examples of the public cloud IaaS offerings are Amazon AWS, Microsoft Azure, Google Compute Cloud, Oracle Cloud and IBM SoftLayer.
SD-WAN offers the ability to seamlessly extend organizational wide area network into the public cloud instances across the diverse set of underlying transports. This results in higher uptime and more available bandwidth, which in turn results in better user experience when consuming applications hosted in IaaS infrastructure.
Since IaaS instances become integral part of the SD-WAN fabric, it is also possible to extend all SD-WAN characteristics, most commonly security, quality of service and segmentation into the public cloud environments. Furthermore, SD-WAN fabric can simultaneously stretch across multiple IaaS providers resulting in a single cohesive multi-cloud pool of resources. The following figure depicts the principle behind extending SD-WAN fabric into the IaaS public cloud infrastructure in a multi-cloud fashion.
Figure 3: Multi-cloud extension of the SD-WAN fabric
Software-as-a-Service or SaaS is a very popular type of software offering in the cloud where users access only the front-end web interface to consume the service. The most prominent examples of the SaaS platforms are Microsoft Office365, Google Applications, Dropbox, Salesforce, SAP and so on.
Traditional model of Internet connectivity most often dictated that network traffic passes through the Enterprise data center where it is subjected to the security controls enforced by the Firewalls, Intrusion Detection/Prevention appliances, web filtering appliances, proxies, data leak protection appliances and so on. SD-WAN offers ability to effectively engineer access to the SaaS resources, commonly available through the Internet, by either regionalizing or completely distributing Internet access.
Regionalization of the SaaS and Internet access drives many efficiencies and eliminates the need to backhaul all the traffic to the main data centers. Security enforcement still occurs in the regional DMZs, thus Enterprise security posture and necessary compliance can remain in tact.
Complete distribution of the SaaS and Internet access through direct local Internet breakout at each remote site can most times result in best performance, but at the same time can make it administratively challenging and cost prohibiting to maintain entire suite of Internet access security controls at each remote site. Enterprises most often mitigate these concerns by either migrating to cloud security model provided by Zscaler and others or by virtualizing all security elements along-side the SD-WAN edge routers and delivering them on common x86 platform. The later approach still carries the burden of the increases number of administrative touch-points as compared to centralized or regionalized models.
Ultimately, SD-WAN allows Enterprises to automate selection of the best performing path toward the SaaS applications of interest. SD-WAN helps drive better user experience when consuming SaaS applications. The following figure depicts SD-WAN selecting best performing path amongst all possible paths between SD-WAN branch and SaaS cloud applications.
Figure 4: Best performing path between SD-WAN branch and SaaS applications
In conclusion, SD-WAN had forever changed the way Enterprises look at the wide area network for internal applications delivery needs and the public cloud consumption.
David Klebanov leads technical marketing at Viptela, the Software Defined Wide Area Network (SD-WAN) company. He has more than 15 years of diverse industry experience architecting and deploying complex network environments. Prior to Viptela, David spent 6 years at Cisco, where he played a pivotal role in building solutions for large enterprise customers. David is frequent speaker at industry events and regularly contributes educational articles in leading technical publications. You can follow David on Twitter at @DavidKlebanov.