SD-WANs Solve the Internet Access Conundrum

SD-WANs Solve the Internet Access Conundrum

Merriam-Webster defines the word “conundrum” as an “intricate and difficult problem”. This word can most certainly be used in a business context to describe the challenges associated with providing Internet access to branch and remote office workers. Legacy networks provided Internet access to users through a hub-and-spoke architecture — Internet connectivity came into the hub and then was distributed out to the branches via the spokes. This was never an ideal method of delivering Internet services since the traffic effectively traversed the WAN twice (to the branch and back); most companies lived with it, though, as Internet access wasn’t considered mission critical in the mid-90s.

Fast-forward a couple of decades and businesses have become heavily reliant on the Internet as it connects the business to SaaS applications in the cloud. It’s possible for a worker in a branch office to connect to cloud-based applications for almost all of their daily activities including CRM, unified communications, expense reporting, e-mail and a wide range of other activities. The cloud dramatically changes the role of the Internet within companies. It’s no longer a “best effort” thing. Now it’s perhaps the most important tool that a company has to empower its workers. Poorly performing Internet means lost productivity.

The challenge for network managers is how to provision Internet services in a way that’s secure, manageable and provides the best possible user experience. Unlike the “old days”, there are several architectural options available, including the following:

  • Hub and spoke. While not optimal, there still are some use cases for hub-and-spoke. Business may choose to backhaul all Internet traffic from remote users and small branch locations. An insurance company with just one or two remote agents per location would be a good example where this makes sense.
  • Regional hubs. Many organizations want the benefit of running all Internet traffic through a hub location to apply a consistent set security or application services to the traffic. However, for a global organization, sending all the traffic back to a single location introduces far too much application latency and can saturate the WAN links. In this case, a regional hub makes sense. For example, a global law firm may choose to have a regional hub in Germany specifically to backhaul European traffic.
  • Direct Internet access. For highly distributed organizations, direct Internet access provides the best possible user experience. In this case, all of the security and optimization tools need to be resident in the branch, and users access network services via a “split tunnel” where Internet-bound traffic, like SaaS services, head directly to the Internet without passing through any kind of a hub first. Distributed organizations with branch offices that are well-populated, such as a consulting firm, may choose this model.

In actuality, there is no single architecture that is better than the other, and businesses should not have to choose one and then force their network into alignment. A global enterprise would use some combination of direct access, regional hubs, and hub-and-spoke to optimize for cost, security, and performance.  Also, businesses shouldn’t get stuck with a certain configuration. For example, if a small branch that is connected to a regional hub grows in the number of people or traffic, the network should support a quick migration to direct Internet access.

The problem for most companies is that legacy networks do not have the necessary levels of agility to support multiple access methods. Nor can they support rapid changes from one architecture to the other. Generally, network engineers prefer a hub-and-spoke model as it presents the fewest management challenges.

Companies that want to leverage multiple Internet access architectures and solve the conundrum should evaluate SD-WAN solutions. The agile virtual overlay enabled by an SD-WAN allows network engineers to dynamically create network paths, making it simple to provision Internet access to any branch location using any form of connectivity. Virtual overlays can be easily configured to connect offices using a hub-and-spoke model, for guest wi-fi, or as a full mesh to support voice traffic. Additionally, the architecture can be changed as easily as it was initially set up.

High quality Internet access is more important than ever, and SD-WANs enable businesses to provision any way they want but not be married to a rigid architecture for years. Finally, the Internet access conundrum can be solved.