SD-WAN: Optimizing User Experience for Managed Cloud-hosted Applications

Digital Transformation touches the network

Applications are moving to the cloud – a lot of them. IDC estimates that by 2020[1], 90% of enterprises will use multi-cloud, i.e. multiple pub­lic and private cloud services and platforms, to support their ever-expanding application requirements. Service providers have a unique opportunity to leverage a high-performance managed SD-WAN solution to deliver the best possible cloud connectivity and therefore the best “quality of experience” to enterprise users.

A new breed of applications with different needs

Applications require a different quality of experience based on business priority, geography and security considerations, and consequently, they must be handled accordingly across the WAN. Some trusted business applications like Office 365, Skype and SAP can be sent directly to the internet with confidence, while recreational applications such as Facebook and Twitter might require higher security controls in order to meet enterprise security and/or compliance requirements. Simply put, the SD-WAN internet connectivity option must include the ability to differentiate traffic based on each application to ultimately enforce granular security policies.

Why local internet breakout?

Managed SD-WAN solutions employing local internet breakout offer service providers a way to optimize traffic locally over the internet with a secure direct connection to the SaaS and IaaS cloud-based applications. With this solution, service providers control the traffic to applications to enforce security, saving on expensive bandwidth and improving performance. Sending trusted SaaS and IaaS traffic directly across the internet also provides the highest application performance and quality of experience to users.

Solutions galore, but fundamental problems persist

Do all SD-WAN solutions address all the requirements for secure local internet breakout from the branch? Many SD-WAN solutions claim the ability to breakout traffic locally at the branch. However, they primarily rely on manual programing of IP addresses into Access Control Lists (ACLs) that simply cannot keep pace with with the dynamic nature of SaaS applications, causing initially working security policies to fail. Others guarantee network security, to the expense of always including a security firewall in the traffic path, resulting in higher cost. There are important fundamental requirements to consider when enforcing application specific security policies in real time. The first is the ability to identify the application on the very first packet of the traffic flow, key to automating the granular steering of the application to the correct destination. Second is centralized management and intelligence to automate the updates of constantly changing IP addresses used by SaaS applications, instead of relying on time-consuming manual updates to individual appliances following each change.

Service Provider’s opportunity to breakout

As enterprises continue migrating applications to the cloud, service providers have an opportunity to differentiate their managed service offerings.

A managed service offering must address the following requirements:

  • Support granular, application-driven security policies to automatically steer traffic into the right security without compromising cost
  • Delivery of optimal performance without compromising security
  • Centralized security and policy management

The Silver Peak Unity EdgeConnectSP SD-WAN solution, provides local internet breakout using the advanced First-Packet IQTM classification technology, enabling service providers to offer simplified, integrated application-driven security to enable unique treatment for different applications.

An advanced SD-WAN solution with local internet breakout empowers service providers to:

  • Deliver increased enterprise SaaS application and IaaS performance and availability
  • Improve service agility with flexible security control and policy management that can be easily integrated into any orchestration platform
  • Enable comprehensive integration of managed SD-WAN and managed security services

No-compromise user experience for a cloud-first world

Service providers now have a real opportunity to provide enterprises with an application-driven WAN strategy that securely and directly connects users to cloud services to optimize the experience accessing them. With Silver Peak, service providers can further leverage – and differentiate – their managed SD-WAN service offerings to provide secure local internet breakout to enterprises, increasing customer stickiness by enhancing their user experience and business productivity. With the right solution, they can empower enterprises with the best SaaS and IaaS performance without compromising security, while lowering costs by optimizing the underlying network resources.

[1] IDC FutureScape: Worldwide Cloud 2018 Predictions