NEXT GENERATION SD-WAN TUTOTIAL
Software-defined WAN (SD-WAN) has been touted as a transformative technology by industry pundits and enterprise customers, of all sizes and diverse industries.
SD-WAN simplifies traditional network infrastructure by creating an overlay that virtualizes multiple, diverse, and carrier agnostic connections, using centralized control for the deployment and monitoring of branch office services. This transport agnostic overlay network can replace a plethora of legacy and proprietary branch network and security equipment, to simplify operations, lower costs, and provide greater control of the orchestration, monitoring and visibility of WAN infrastructure. Nextgen SD-WAN accomplishes this with application layer control of service policies, to ensure peak performance.
The SD-WAN overlay defines and applies QoS policies and rules and orchestrates the WAN to deliver predictable levels of application performance. It controls the underlying physical network infrastructure with an automated and programmable SD system that reliably and effectively delivers their applications, providing users with a quality experience.
HOW TO MANAGE NEXTGEN SD-WAN USING POLICIES AND APPLICATION-AEARENESS
As with most things, the more advanced the SD-WAN is, the more effective it will be in meeting business objectives, providing deployment flexibility, and ensuring IT operations are future-proofed.
A nextgen SD-WAN will understand individual application SLA requirements and translate them into policies to which the network must adhere. This provides proactive network and application monitoring to ensure optimal traffic delivery and a quality user experience – whether on-premises, private/public cloud, or SaaS.
An automated policy-based framework is propagated through unified control and management, from an easy-to-use, single-pane-of-glass interface. Visibility is enhanced, providing IT with insights into applications, devices, users, and networking, to ensure all functions adhere to the organization’s business intent. This simplifies IT’s ability to define, control and change business requirements across their branches, data centers and cloud/SaaS.
Centralized management using simple, template-driven workflows, eliminate monotonous, error-prone configuration. Cloud-based SD-WAN workflows make it easy to propagate new branches with zero-touch, with consistent and error-free deployment.
SD-WAN deployment can be in branch offices, in multiple clouds, or in a dedicated data center. The elimination of single function proprietary appliances with a consolidation of cloud-delivered virtual network functions (VNFs), provides a cohesive, virtualized network and multi-layered security approach, eliminating siloed, single function appliances that bring unnecessary risk, complexity and cost. Rather than managing WAN complexities and expending time and resources tediously configuring and managing network and security devices, a nextgen SD-WAN allows IT to add applications and services with an automated and programmable cloud-native platform.
HOW TO IMPROVE TRAFFIC FLOW
A nextgen cloud-native SD-WAN brings greater levels of application intelligence to business connectivity. Application aware routing understands the paths applications need to take and provides the management and control to deliver a quality user experience. This means IT spends less time fussing with the networks and the complexities of their underpinnings, and more time and focus can be applied to the applications. Application aware routing reinforces the business intent and context of how applications are used, based on the business policies the organization prescribes.
Rather than only directing traffic using routing protocols, a nextgen SD-WAN identifies, classifies, and secures traffic based on the application ID. For example, Secure SD-WAN leverages a database of over 3600 application signatures and 100 million URLs that match conditions for routing-oriented policies.
Application-based VPNs can also be setup with minimal configuration. For example; a VPN can be cost-effectively deployed within a fully meshed topology, to deliver the highest levels of redundancy, and supports latency-sensitive applications, like voice and video. For compliance purposes, hub-and-spoke VPNs can be set up for FTP and HTTP, to ensure applications are routed through the secure hub site.
HOW TO SIMPLIFY PROVISIONING AND DEPLOYMENT
Provisioning templates are an effective approach to simplifying tedious network configuration tasks and avoiding error-prone manual processes. A nextgen SD-WAN with configuration templates can use workflows that combine class of service to steer traffic; define service chains with a simple drag-and-drop; and automate network configurations to eliminate errors that degrade network performance and even cause network failures. Re-using templates improves productivity and streamlines the entire deployment process, while implementing a modular methodology.
SD-WAN configuration templates have the same relationships applied to multiple branch offices, or groups of branches. Pre-defined configuration templates automate a host of tedious and time-consuming tasks. They mask complexity, by eliminating the need to know every detail about how to achieve a specific task. By simply selecting target elements, the template automatically applies the appropriate configurations.
Provisioning is simplified by providing a single system that pushes final configurations from the central controller to the SD-WAN edge devices located in branch offices. Eliminated is the complex building of monolithic configurations, as SD-WAN templates act as configuration building blocks using small, manageable, modular templates, with distinct permissions for different users. This also provides administrators with a mix-and-match approach to add elements as needed.
HOW TO SETUP MICRO-SEGMENTATION FOR CONTROL, CONSOLIDATION, AND INCIDENT CONTAINMENT
A nextgen SD-WAN can segment the network by class of traffic and types of data, essentially setting up an intra-enterprise multi-tenancy. Micro-segmentation across the LAN, WAN, cloud and data center reduces vulnerabilities and risks from external and internal threats. Segmentation and embedded security can limit the impact of data breaches by keeping ransomware and other attacks from quickly spreading. It also provides more time to detect, block and purge unfolding exploits. Segmentation enables the ability to securely consolidate disparate physical environments into a single network. In doing so, you can support diverse lines of service, such as IT, guest Wi-Fi and mission-critical traffic across a common infrastructure, while retaining management and control.
HOW TO ACHIEVE END-TO-END CONTROL
A nextgen SD-WAN should have functional capabilities that include routing, connectivity, WiFi, LTE, security, NGFW with UTM functions, rich SD-WAN functions, and robust WAN optimization. The combination of all these capabilities enables advanced analytics, visibility and automation, that together, create a consolidated and unified software platform.
With these services embedded within a single software stack, and the data, such as logging, events, and other information collected into the central controller, IT has a single location for control, analytics, and visibility. Administrators only need to go to one interface to see routing, transport, security, and SD-WAN events. This simplifies the correlation of everything. It also eliminates the complexity of having to manage and correlate the data from every individual function, like firewall, WAN optimizer, router, and SD-WAN, from multiple vendors.
A single software stack can optimize performance through its native service chaining architecture. Network and security functions can be connected logically and cohesively while carrying information along the service chain, as packets proceed on the chain, from one function to another. A single memory copy operation can extract packet information for fast performance, and perform lookups based on the information extracted. Operations can be further optimized when a packet is offloaded to the fastest path. The nextgen SD-WAN can process the rest of the packets in the same flow without requiring detailed lookups, and achieve consistent execution of forwarding, packet manipulations, QoS/HQoS functions, packet encapsulation and decapsulation, etc.
HOW TO IMPLEMENT ROBUST MULTI-LAYERED SECURITY
A nextgen SD-WAN with embedded security will protect against increasing Internet and branch cyber threats that are growing more complex every day. Security functions like firewall, access control and filtering, anti-virus/malware, and DNS, are required when data center and cloud resources are accessed by branch office users. The challenge for IT is how to efficiently deploy and monitor all this functionality within their remote offices. They need centralized provisioning, deployment, and monitoring, and have little to no technical personnel located within the branches. This is where nextgen SD-WAN shines.
Whereas, traditional networks have a complex jumble of diverse single-function proprietary hardware appliances that require technicians to deploy and monitor, a nextgen SD-WAN simplifies this, with a central controller and edge devices deployed in each branch. Rather than being hardware-bound, the SD-WAN is software-based, built on software-defined networking (SDN), with a network functions virtualization (NFV) approach and cloud principals.
By leveraging robust network and security virtual network functions (VNFs), the SD-WAN can provide all the security functions at the branch offices – all deployed and monitored centrally. Cost and operational flexibility are obtained by leveraging an open-standard-based cloud-native, multi-stack solution for embedded network and security applications with robust features, as well as, third-party VNF services using their brand preference.
Secure SD-WAN reduces costs through WAN flexibility, and simplifies operations with centralized provisioning, management, policy control and application visibility. Secure SD-WAN’s multiple layers of security protect against Internet and branch cyber threats. Organizations can reduce the Capex and Opex of their WAN and branch networks, while increasing IT responsiveness to meet business needs.
Eliminated are the plethora of individual proprietary network and security devices, each requiring different skill sets to install, configure, test, and maintain. The time required to manage the network is minimized and branch security is strengthened.
Secure SD-WAN is built for hosting virtual enterprise native network and security apps and services and supports third-party VNFs. This new model is a streamlined solution that consolidates and optimizes the interactions between the stack layers, and the interactions between the various apps and services themselves. Secure SD-WAN’s virtualization layer has robust routing, SD-WAN, and security functions natively embedded.
Enterprises and service providers can deploy the VM of their choice. And Secure SD-WAN is built on a multi-service, multi-tenant software platform, based on cloud principles to deliver scale, segmentation, programmability and automation. Secure SD-WAN provides both networking and security functions within a single software platform, with streamlined service chaining capabilities. This gives users the flexibility to choose the solution they want, free from vendor lock-in.