BlogEnabling a Cloud-First Model with an SD-WAN Architecture

Network modernization is a logical first step toward cloud-readiness. Traditional WANs based on conventional routers are not inherently “cloud-friendly.” They typically require backhauling all traffic – including that destined to the cloud – from branch offices to a hub or headquarters data center where advanced security inspection services can be applied.

As a result, many organizations are moving to a software-defined wide area network (SD-WAN). An SD-WAN is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – MPLS, LTE, and broadband internet – to connect users to their business applications securely. Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to support applications hosted in on-premise data centers, public or private clouds, and SaaS solutions while delivering consistent levels of application performance.

Consider this… How do you ensure that latency-sensitive VoIP traffic gets priority over data heading to the public internet? How do you maintain latency-sensitive data connections during a fail-over to another network link when MPLS failover times can be as long as 60 seconds? How do you harden a broadband Internet connection? How do you address network latency of broadband? Traditional WAN architectures often break when trying to meet these quality-of-service demands.

Enabling a Cloud-First Model with an SD-WAN Architecture

Organizations are swapping routers for SD-WAN because the latter uses a cheaper and more flexible architecture for secure access to software running in the cloud or the private data center. Benefits include having latency-sensitive VoIP traffic getting priority over data headed to the public internet. In addition, SD-WAN routing consolidates many critical additional network services, including malware detection and security controls to WAN optimization across the wide-area network.

So How Does an SD-WAN Enable the New Cloud-First Model?

An SD-WAN uses software and a centralized control function to steer or direct traffic across the WAN more intelligently. A sample security policy might be:

  1. Send known, trusted business SaaS traffic directly across the internet
  2. Send “home from work” applications like Facebook, YouTube, and Netflix to a cloud-based security service
  3. Backhaul untrusted, unknown or suspicious traffic such as peer-to-peer applications or traffic to or from a foreign country back to a headquarters-based next-generation firewall

The intelligence and ability to identify applications provide an application-driven way to route traffic across the WAN and delivers a much better QoE than possible with a router-centric WAN model.

Ensuring a “good” end-user experience is also essential before you move your business applications and services to the cloud. Review the need for WAN or SaaS acceleration and investigate the need for application performance management or end-user experience management. Traditional monitoring solutions are often focused on a single technology area or cannot scale to support the cloud’s dynamic, distributed environment. They miss the big picture and what matters most: the human experience. It is important to collect detailed performance analytics across all devices, apps, networks, and infrastructure for a holistic view of the digital experience of your customers and employees.

About the Author

Mark Teter, Corporate Technologist

Mark Teter, Corporate Technologist

In his role, Mark is responsible for the strategic direction of ASG’s emerging technology offerings and advancing the deployment of present-day hybrid cloud solutions for our customers. Mark has served as Faculty Staff Member at Colorado State University and has written over 50 white papers on subjects including Data Center Ethernet, Linux and Open Source, Storage Area Networks and Computer Virtualization. He published Paradigm Shift in 2006, a book on emerging technologies. He is a Google Certified Professional Cloud Architect.