Mar 28, 2017
While much of the market is focused on the promise of an SD-WAN to lower connectivity costs, I believe SD-WAN, when done right, can offer significant incremental value beyond the favorable economics of broadband connectivity. A complete SD-WAN solution must assure consistent applications performance and resiliency, make the WAN edge more application-driven, improve network security, and overall, dramatically simplify the WAN architecture for geographically distributed enterprises. It should also enable enterprises to create a thin branch where network functions such as routing, firewalls, WAN optimization along with SD-WAN are delivered as a single integrated solution.
This is why I’m so excited about the latest Silver Peak SD-WAN innovations that we announced on March 28th. The latest innovations and capabilities that we’re delivering in our Unity EdgeConnect SD-WAN solution enable distributed enterprises to build a thin branch, deliver consistent performance for cloud and web-based applications, and migrate to an SD-WAN at their own pace. The result of a thin branch is lower costs, granular application visibility and control and greater business productivity and agility.
Let’s discuss why the time is now for an application-driven WAN edge.
First, the thin branch provides a dramatically simplified branch WAN architecture and is purposefully engineered to power today’s cloud-enabled distributed enterprises. The thin branch simplifies branch office infrastructure by consolidating network functions and management through the centralized orchestration of application-driven policies based on business intent. By deploying a thin branch SD-WAN solution, enterprises can dramatically improve business agility and lower costs without sacrificing network or application performance or security.
Today’s consolidation of network functions like routing, security, application performance optimization into a single piece of hardware isn’t enough to enable a fast transition to the thin branch. Addressing automated business-level intent orchestration with simple service chaining is required to secure applications no matter where they reside. An application-driven model considers business intent with granular application and security policies, application resiliency and performance and centralized management that automatically establishes and enforces business intent across the WAN. This can all be accomplished now from the single pane-of-glass, the Silver Peak Unity Orchestrator global management system.
This unique combination of new capabilities enabled one of our customers to accelerate bringing new branch locations on line in alignment with business growth objectives. With reliance on a critical business application hosted in the cloud that required high availability and robust security for user connectivity, the customer needed to establish and enforce a granular access policy. With the latest capabilities of EdgeConnect, this granular application policy can be configured in minutes and pushed across all locations with just a few mouse clicks. Orchestrator offers an intuitive interface that masks all the underlying complexity associated with network and application policies configuration. The network administrator can now centrally configure simple service chaining to direct traffic to a cloud-based security web gateway as well as define the bonding of primary links to maximize application availability and performance, all with sub-second failover taking into account network brownouts and outages. Granular application policies can be quickly configured and pushed out to every branch across an SD-WAN to simplify operations and eliminate human errors associated with branch-by-branch CLI-based manual configurations.
Second, the thin branch accelerates the performance of all applications, whether they reside in the data center or the cloud. IDC predicts ~ 80% of workloads will be processed in cloud data centers by 2018. This new application consumption model mandates a different WAN architecture. Legacy WAN architectures with limited capabilities offer an all-or-nothing approach to steering internet traffic and cloud applications. Traffic is either sent directly to the internet or backhauled to headquarters. The inability to identify HTTP/HTTPS applications traffic immediately and steer it across its optimal path wastes bandwidth and impairs cloud and web application performance.
Many customers want to leverage the favorable economics of broadband to connect users directly to cloud applications from branch locations, but face a two-fold challenge. They must first have the ability to identify and classify applications traffic based on first packet of each flow so that traffic can be automatically steered to the correct destination. Without this advanced capability, all web-bound traffic is either sent directly to the internet or backhauled to a regional hub or corporate data center firewall. When steering applications traffic directly to the internet, security becomes a key requirement as well. In our latest software release, we’ve addressed both challenges. First-packet iQ, an intelligent software capability goes well beyond traditional Deep Packet Inspection (DPI) and port-level techniques by adding a cloud-hosted internet map and geolocation database with DNS response cache and HTTP get request cache. First-packet iQ incorporates real-time machine learning to provide the highest levels of application intelligence available today. The combination of advanced techniques with machine learning has already enabled Orchestrator to accurately identify more than 10,000 applications and more than 300 million web domains, providing customers with granular visibility and control of their HTTP/HTTPs applications traffic for the first time. Furthermore, we assure the security of granular internet breakout with an integrated stateful firewall for locations that do not host applications and simple service chaining to next generation firewalls at the regional hub or data center should applications traffic require further inspection. Traffic is easily and automatically service chained to next-generation firewalls from industry leading technology alliance partners Palo Alto Networks, Fortinet, CheckPoint located at regional hubs or corporate headquarters, or alternatively traffic can be steered to a cloud-based secure gateway with alliance partner Zscaler.
The result? Users are connected securely and experience a consistent application experience whether the applications are hosted in the data center or the cloud.
Third, customers can migrate to an SD-WAN at their own pace. Customers consistently communicate their requirement to move with agility, but also demand the flexibility of when, where and how they want to deploy WAN infrastructure. Whether they want to bring up a new site or interoperate with legacy sites not yet SD-WAN enabled or replace their legacy routers altogether with an SD-WAN, the pace of implementation and migration can vary from customer to customer. It all depends on the industry, organizational structure, business model, and more. According to Gartner, more than half of WAN edge infrastructure refreshes will be based on SD-WAN versus transitional routers by 2020. To address customer requirements for moving quickly and with flexibility, we have integrated BGP routing into the EdgeConnect SD-WAN solution, resulting in several key benefits. First, it enables seamless interoperability with sites not yet on the SD-WAN, eliminating the need to manually program local subnets and automating deployments in the data center through L3 BGP advertisement without using PBR or WCCP. This results in architecture simplification where network functions are streamlined into a simple and consolidated WAN edge enabling a fast transition to the thin branch. Recently, one of our customers had several branch offices they wanted to transition to an SD-WAN over time. In parallel, the customer also regularly acquires new companies to fuel its business growth. With EdgeConnect, the process of transitioning to an SD-WAN while ensuring communications among legacy branch locations could not be easier. In the first phase, the customer deployed EdgeConnect as an overlay running in line with existing routers, maintaining seamless communications with non-SD-WAN locations. In the second phase, the customer replaced its existing routers with EdgeConnect appliances, dramatically simplifying their WAN architecture without compromising network and application performance or security.
Finally, the latest innovations in the high-performance EdgeConnect SD-WAN solution are a direct result of what we’ve learned from the more than 350 customer deployments to date across a range of geographies and industries. Silver Peak is steadfastly committed to listening, learning and adapting to address the most challenging WAN problems facing our customers today and in the future.