Jun 12, 2017
The concept of the “thin branch” enabled by simplifying infrastructure has been around for as long as there have been branch offices. Branch offices are typically a microcosm of the company headquarters, but without the necessary IT staff to run them. It’s common to find a myriad of network and security equipment in a branch including a router, firewall, WAN optimizer, VPN concentrators, along with almost anything else you can think of. This, of course, results in an operational nightmare as network administrators must deal with multiple devices in dozens, hundreds or even thousands of branch locations. In small networks it can be extremely challenging to track all the different hardware components and related software versions across the various locations. In large networks, this task is impossible as the number of possible combinations of hardware and software grows exponentially in relation to the number of locations.
Over the years there have been many attempts to address this problem with things like “God boxes” or “BoBs” (branch-in-a-box). The concept sounds reasonable – take all the disparate infrastructure and consolidate it into a single neat and tidy appliance as one box, in theory a single box must surely be easier to manage than three, five or however many are currently installed. Well, this is kind of true, but it doesn’t solve all problems. Certainly from a hardware management perspective it’s easier to deploy and manage a single device. This approach can yield space, power and cooling benefits as well. But the cost of the hardware is only a small part of WAN TCO as the operational costs are well over 50 percent.
The consolidated branch appliance doesn’t adequately address the operational complexities of managing a WAN, as often each of the functions must be managed as if it were an entirely separate appliance. Very few vendors actually offer all of the branch services required in a branch office so they sensibly partner with other “best-of-breed” providers to fill in the gaps. So even though a branch device looks like a single appliance, it actually has multiple virtual devices, often from different vendors, each with its own management interface so to the remote network operations person it’s déjà vu to the complexities of the pre-consolidation environment.
The rise of software-defined networks has brought tremendous innovation to the WAN, but these new capabilities aren’t being leveraged to simplify branch infrastructure. Most vendors have used concepts like SDN and NVF to simplify branch infrastructure through consolidation of functions, but this doesn’t change the overall architecture or simplify operations. The solution doesn’t lie in trying to fix the old world through incremental improvements. Rather, it’s starting with the concept of throwing out the old model and seeing what can be done with new technology.
With modern branch offices, the solution should be to entirely eliminate some functions through service chaining to places on the network where those functions should sensibly reside. For example, if applications can be identified on the first packet of the flow and then automatically steered directly to web applications, the cloud, or to a central hub for inspection then there is no longer a need for a firewall at every branch. Alternatively, if the routing can be done at the WAN edge or in a regional hub, then there is no longer a need for a router at every branch. Far too often it seems network managers confuse routing with a router. Most branches need to have routing interoperability, but that in no way mandates the need for a physical or virtual router at every location. WAN optimization is another service that doesn’t need to run as a discrete function in every location. In fact, it’s long been my belief that every branch, regardless of size, should have the benefits of WAN optimization, but often the cost of the appliance precludes organizations from deploying it across all locations. An intelligent WAN edge solution that offers integrated WAN optimization provides customers with the benefit without having to think about whether or not the cost can be justified.
By paring branch locations down so that just the essential capabilities are resident onsite, distributed enterprises can dramatically simplify WAN management. The balance of functions can now be delivered through a regional hub or in the data center if latency is not an issue. SDNs and NFV bring a tremendous amount of flexibility and agility to branch infrastructure, but for some reason legacy architectures continue to remain in place. The time is right to take a step back and truly simplify the branch through the elimination of functions rather than consolidation.