SD-WAN Extensibility for the Multi-Cloud Transition
September 5, 2018
The cloud imperative stretches the network perimeter from a branch office or remote site location to a distributed-application model wherein SaaS acceleration is key. As traffic moves to and from branch locations and multiple clouds over the Internet, SD-WAN and layered security are required.
Just as the cloud is more than hosting apps and infrastructure, SD-WAN is more than circuit aggregation and dynamic path selection. Organizations need more than reliability and agility; those are table-stakes outcomes. A modern SD-WAN implementation requires a broad set of functions when connecting to multiple clouds like routing, NAT, DOS, DHCP server and relay, stateful firewall, NGFW, IPS, IDS, antivirus and malware detection. A secure SD-WAN platform can provide visibility that can program automated, contextual policies, via a single, versatile and heterogenous platform.
Multi-Cloud is Driving Digital Business Transformation
Enterprises and managed service providers are aligning their business operations with new digital transformation priorities. This is pushing the migration to multi-cloud architectures, with SD-WAN as an enabler and accelerator, driven by several market transitions including:
- Integrated Security is already on the minds of all enterprises, with the cost and complexity of current approaches not meeting today’s multi-cloud needs. This makes a multi-layer and full-stack security implementation in the network fabric a requirement.
- Consumerization of IT in enterprise networking and WAN Edge: Over the next 24 months, we anticipate the need for a radically simpler user and admin experience, sort of like the enterprise equivalent of the similar simplicity of set up/configure/manage/operate that Amazon Alexa or Google Home provide to consumers today.
- Micro-Segmentation is required across the entire network because of the need to reduce risk zones from external and internal threats. This “multi-tenancy everywhere” mindset stems from the demand to consolidate disparate environments into a single virtual network that meets the needs of different lines of business across the same infrastructure.
Some SD-WANs Are Built for Multi-cloud, While Others Aren’t
Enterprise buyers evaluating SD-WAN will discover some are better-suited to support multi-clouds than others. Most SD-WANs address the costs and rigidity associated with traditional WAN architectures. However, not all are optimized to support multi-clouds. Some SD-WANs are purpose-built to support multi-clouds, while others are best-suited for aggregating multiple circuits and executing last-mile performance optimizations.
The key differentiation is how seamlessly SD-WAN directly and securely transports apps to multi-clouds, and how business policies are defined and performed using proactive traffic steering based on application types and where they reside. This smart-cloud approach inherently optimizes network reliability and performance, and ensures security for every application, and for any cloud.
Security is a big concern when mission-critical applications travel over the public Internet. This scenario is where enterprise buyers evaluating SD-WAN need to diligently assess third-party benchmarks like NSS Labs NFGW recommendations, and understand what kind of integrated security was designed, tested and deployed natively within the SD-WAN core.
SD-WAN Shouldn’t be a Roadblock for Multiple Clouds
Versa seamlessly extends on-premise connectivity to public clouds by installing SD-WAN branches in public clouds, like AWS and Azure virtual private clouds (VPCs). With Versa, applications need not distinguish between AWS, Azure or on-premise, as handshakes are abstracted through our SD-WAN fabric. Beyond standard connectivity, the entire SLA monitoring and SD-WAN policy management function becomes seamlessly available for cloud workloads. Enterprises can easily apply SLA criteria to steer traffic to the cloud with the best performance or cost advantage.
Traditional MPLS on-premise WAN architectures weren’t built to support the cloud, and security concerns cause IT to inefficiently backhaul Internet-based cloud traffic through their central data center or bifurcate traffic to third party “scrubbing” centers. Designed for fixed site-to-site connections, where applications reside within the corporate data center, legacy WANs compensate by making cloud applications crisscross unnecessary hops, wasting bandwidth, and increasing packet loss and latency.
Multi-Cloud Connectivity Needs SD-WAN With Integrated Network Security
Enterprises need an integrated security approach for direct cloud access from the branch. Versa’s integrated security includes stateful firewall, DOS, NGFW, anti-virus, IPS, URL filtering, and more.
In a “cloud-branch” topology or acting as a VPC/VNET gateway, Versa provides security for applications known within our app-ID library or custom application signatures for unique cloud-hosted application and database workloads. Versa protects the cloud-premise – preventing malicious events from impacting compute, storage and network resources.
Many enterprises require micro-segmentation for security, compliance and risk management. Versa provides micro-segmentation through native multi-tenancy across data plane, control plane, management and analytics. This allows micro-segmenting of WAN and branch designs to meet compliance and other operational requirements. As a result, enterprises can achieve higher traffic engineering standards and attain SLAs that meet the needs of multiple lines of business.