Morty Seinfeld

It’s Time To Dump The Private WAN

Morty SeinfeldThroughout the years, changes in computing have redefined the enterprise network.  During the mainframe era, there really wasn’t much of a network, other than small networks that resided inside the company headquarters.  A few locations had remote terminals but most of them were connected via dial-up modems.  Once the client/server computing era came about, organizations leveraged the power of local area networks (LANs) — and then wide area networks (WANs) to connect the LANs together.

As client/server and Internet computing became increasingly popular, businesses started building private networks with a “hub and spoke” design that had exactly one ingress/egress point.  Why?  Well it was the most efficient design for that era of computing.  All clients in all branches communicated primarily with resources in the data center (hub).  Internet traffic was anything but mission-critical so having it go through one choke point, while not ideal, certainly made managing and securing the traffic easier.

Today, though, the industry is in the midst of another major computing revolution as client/server computing gives way to cloud and mobile computing.  This shift in computing, like the others before it, requires the network to evolve.  Cloud and mobility require more direct access to the Internet.  Many of the collaborative tools we use require greater peer-to-peer connections, creating different traffic patterns.  How should IT leaders look to evolve the WAN?  Is it time to deploy that fully meshed MPLS network?  To that, I say “no” and recommend you look to a simpler solution: leveraging the Internet as the company WAN.

Businesses have relied on building networks using technologies such as frame relay, ATM, MPLS, and leased lines over the years because it offered not only secure access but also predictable performance.  Perhaps not the best price/performance, but the predictability typically won out.  For example, when I was a network manager in the late 90s, I worked for a mid-sized retail brokerage firm headquartered in Maryland.  The company was paying a fortune for frame connections so we typically limited our connection speeds to 128K or 256K.  Some of our smaller offices had 56K connections, as it was cost prohibitive to move from a DS0 to a fractional T1.  DSL had just come on the scene and for a fraction (pun intended) of the cost of a T1, I was able to purchase a 768K Internet pipe that we connected to the WAN via VPN.  User satisfaction was through the roof as the performance was so much better than the old DS0, but our ‘old school’ CIO wanted nothing to do with the unpredictability of a DSL pipe versus the consistency of a frame connection, so we stuck with the old stuff.   The company paid more, users suffered, but the old school mentality won out.  I actually picture the old school CIOs sitting around like Morty Seinfeld yelling about Internet access.  “What do you mean you’re accessing stuff using the Internet?! Don’t you know that’s unpredictable?!  You kids today don’t know anything!

Given the fact that Internet access continues to fall in price and speeds continue to grow exponentially, might it not make sense to leverage the Internet instead of overpaying for private lines?  For example, I’m getting 100 MB of access in my home for $100 a month.  What kind of business class circuit could you buy for $100/month?

The key is to build the network in a way that ensures the security, reliability, and performance of the Internet WAN is equal to or greater than the private WAN, using the following steps.

  • Use multiple Internet providers, preferably different mediums.  Purchase high-speed Internet access from multiple providers using different technologies.  Perhaps an Ethernet circuit and cable connection or even 4G wireless if available in your area.  This will protect against downtime due to any kind of facilities issue.
  • Secure the links.  This seems kind of obvious but it’s important to encrypt the traffic and create VPN tunnels over the Internet.  There are plenty of low cost VPN concentrators today that should make this easy to do.
  • Enable split tunnels at each branch location.  If users in the branch need to access Internet traffic, then there’s no point in having traffic route back through a central location.  Create split tunnels and allow branch workers direct access to the Internet for cloud and much of the mobile traffic.
  • Leverage WAN optimization.  This is one of the keys to the strategy.  WAN optimization will ensure that the performance of most of the business applications remains at a level that users have become accustomed to.  If you’re not optimizing the network today, you’ll likely see better performance.
  • Deploy multi-path technologies.  This ensures that traffic is always flowing down the best performing pipe.  Because the Internet is being used, there can be a degree of unpredictability with the traffic and multi-path should smooth that out.  If you’re concerned about adding yet another appliance, don’t be, as many of the leading WAN optimization vendors such as Riverbed and Silver Peak offer multi-path capabilities with their products.

Many old school IT leaders have feared the Internet as a business tool.  However, times have changed and it’s time to embrace the Internet and leverage its ubiquity.  If the right technologies are leveraged, I’m positive that almost all organizations can replace their private networks for an Internet-based WAN and get similar or greater performance at a fraction of the cost.  Don’t be a Morty Seinfeld — embrace change and use the right WAN for this era of computing.

Image credit: WikiSein / CC-BY-SA