This section presents the benefits of SD-WAN and provides an overview of the EdgeConnect SD-WAN and EdgeConnect Branch solutions, with:
- A general description of SD-WAN
- Benefits of EdgeConnect SD-WAN
- Benefits of EdgeConnect Branch.
A Software-Defined Wide Area Network (SD-WAN) is a virtual WAN architecture that enables enterprises to combine different transport services such as MPLS, LTE, and broadband Internet. The expanded capabilities to connect users securely to applications over different transport services enhance overall network performance.
SD-WAN uses a centralized control function that can direct traffic securely and intelligently across the WAN to trusted SaaS and IaaS providers. This increases application performance and delivers a high-quality user experience, which increases business productivity and agility and reduces IT costs.
Unlike SD-WAN, the conventional router-centric model distributes the control function across all devices in the network and routes traffic solely based on TCP/IP addresses and ACLs. This traditional method is rigid, complex, inefficient, and labor-intensive. It is not cloud-friendly and results in a less positive user experience.
SD-WAN enables cloud-first enterprises to deliver superior quality of experience (QoEx) for application users. SD-WAN facilitates intelligent, automated, application-aware routing across the WAN.
With SD-WAN, applications are identified and classified to ensure they receive the appropriate level of service and security policy enforcement, in accordance with business needs.
Secure local Internet breakout of IaaS and SaaS application traffic from the branch provides the highest levels of cloud performance while securely protecting the enterprise from threats.
One of the major benefits of SD-WAN is the ability to shift traffic from high-cost circuits such as MPLS to an Internet circuit intelligently, and with less latency sensitivity. MPLS is much more expensive than a commodity Internet circuit, so relying less on MPLS can lead to significant cost savings over time. With SD-WAN, organizations do not need to increase MPLS circuit sizes to accommodate increasing traffic. In some cases, MPLS circuit sizes can be reduced and MPLS contracts can be renegotiated at a lower rate.
SD-WAN delivers optimal application performance under any network condition or change, including congestion and impairments. Because of continuous network monitoring and self-learning, the business-driven SD-WAN responds automatically in real-time to changes in the state of the network to address network congestion, brownouts, and transport outage conditions without requiring manual IT intervention, so users can always connect to applications. For example, if a WAN transport service or cloud security service experiences a performance impairment, the SD-WAN network automatically adapts to keep traffic flowing while maintaining compliance with business policies.
Most SD-WAN solutions offer streamlined management via a central online portal. In traditional networking, administrators need to access routers remotely and configure the devices manually, requiring significant personnel overhead. The centralized management of an SD-WAN architecture allows organizations to make changes to thousands of devices with relative ease.
Modern Security Architecture
Secure Access Service Edge (SASE) architecture combines branch WAN edge functions, including SD-WAN, routing, segmentation, zone-based firewall, and WAN optimization, with comprehensive security services that are delivered and managed in the cloud.
SASE addresses the need to expand the network quickly as the number of remote users increases and enterprises continue to migrate applications to the cloud, while improving overall application performance and network security.
Traditionally, all application traffic from branch locations crossed over private MPLS services to the corporate data center for security inspection and verification. This architecture was appropriate when applications were hosted exclusively in the corporate data center. However, as applications and services migrate to the cloud, the traditional network architecture falls short. When applications are hosted in the corporate data center. all Internet-destined traffic must traverse the data center and corporate firewall before reaching its destination, causing diminished application performance and user experience.
As more remote workers connect directly to cloud applications, traditional perimeter-based security also has become insufficient. Transforming WAN and security architectures with SASE helps to ensure direct, secure access to applications and services across multi-cloud environments, regardless of location or the devices used to access them.
SD-WAN comprises four core components: centralized management, WAN virtualization, overlays and Edge devices.
- Centralized Management - Centralized management tools are used to define WAN topologies, orchestrate routing, and manage policy.
- WAN Virtualization - Devices can create Virtual WAN Point-to-Point IPsec tunnels using any underlying transport.
- Overlays - Overlay tunnels are malleable, enabling an organization to enforce policy orchestrased to all devices.
- Edge Devices - Management tools provide the capability to build overlays and onboard and manage devices.
Each component is detailed more fully in the EdgeConnect SD-WAN and EdgeConnect Branch sections.