SD-WANs in a cloud-native world
We look at where software-defined wide area networks fit in a modern, cloud-native IT architecture
While software-defined wide area networks (SD-WANs) evolved from the need to provide branch offices with access to corporate applications and enterprise software distributed over the public internet, they are less well-suited to the highly distributed nature of today’s IT environment. In the past, organisations based network and IT infrastructure on a hub-and-spoke-style architecture where centralised systems connected to branch offices. However, the Covid-19 pandemic and the trend towards a more cloud-native architecture and enterprise applications delivered as software as a service (SaaS) has led corporate IT to require a more distributed network infrastructure.
This has implications for how corporate networks are provisioned, especially in terms of building sufficient networking infrastructure to support future capacity growth. In its Experience with a globally deployed software-defined WAN paper published over a decade ago, Google presented an approach to linking its datacentres globally. In the paper, researchers noted that WAN links are typically provisioned to between 30% and 40% average utilisation, allowing the network service provider to mask virtually all link or router failures from clients. But this approach increases costs significantly.
Despite their level of over-provisioning, there are also many cases where older software-defined networks (SDNs) are failing to meet the requirements of modern, cloud-native IT infrastructure and supporting highly distributed applications and a remote workforce. This is partially because the networks were designed for a hub-and-spoke, or branch office, setup, which leads to massive administrative overheads when trying to set up networking configurations for the modern distributed IT environment.
In 2021, Enterprise Strategy Group (ESG) published a whitepaper looking at the need to rethink enterprise networking to support business transformation. In the report, the analyst firm noted that digital transformation initiatives are leading to increased IT complexity. This is because there is usually a need to provide connectivity across a highly distributed, heterogeneous corporate IT landscape comprising datacentres, multiple public clouds and edge locations, including support for remote workers.
At the time, ESG pointed out that hub-and-spoke network architectures and castle-and-moat security architectures are not capable of supporting digital transformation initiatives. Enterprise Strategy Group said architectural limitations hinder innovation, impact performance, and often cost more to maintain and operate.
Legacy SD-WANs
For instance, ESG reported that legacy software-defined wide area networks that focus on packet-based Layer 3 traffic information tend to have limited visibility into the application layer. So while they can deliver on network quality-of-service levels, analysts noted that network teams may struggle to guarantee application service-level agreements (SLAs). “For applications in the cloud and edge, organisations may need to implement additional solutions to provide visibility,” said ESG analysts.
Given the increasing pressure on organisations to deliver positive experiences in an increasingly distributed and complex environment, ESG said operations teams may face difficulties in using manual processes and procedures. “While great strides have been made in day one provisioning activities, in many cases day two operational and lifecycle management tasks are performed manually. Regardless of the network solution currently used, virtually all organisations struggle to overcome the complexity inherent in highly distributed application and worker environments,” said the analysts.
Managing security is another factor organisations running legacy SD-WANs may experience. According to ESG, most early SD-WAN providers partnered with IT security specialists to bolt on security in branch offices. This often requires additional time and effort to install and manage, and, as the analysts note, leads to an inconsistent security posture based on an organisation’s existing edge security. The problem is further exacerbated by a highly distributed remote worker environment.
While many industry commentators regard the era of SD-WAN as coming to a close, Gartner’s latest research suggests otherwise. “SD-WAN remains relevant for most enterprises but is evolving as market demands shift and is increasingly being incorporated into broader security offerings like next-generation firewalls (NGFW) or secure access service edge (SASE),” says Jonathan Forest, vice-president analyst at Gartner.
According to Forest, one of the key reasons why questions are being raised on the relevance and necessity of SD-WAN is the shift towards hybrid work models and the rise of what is termed “coffee shop networking”, whereby the traditional office-centric work model is giving way to more flexible, remote, hybrid and work-from-anywhere arrangements.
“Employees are increasingly working from various locations, including homes, coffee shops and co-working spaces,” says Forest, which is leading to a growing need for lighter-weight and lower-cost SD-WANs for branch offices, where users need simple, efficient connectivity.
Business-driven networks
Given the challenge of managing the network policies of tens of thousands, if not millions, of devices, research and advisory firm Forrester Research believes it is now time to open up network operations beyond the IT department, enabling other parts of the business to design, manage and alter the network. As Forrester principal analyst Andre Kindness notes in the Let business outcomes drive network design report, the Wi-Fi industry showed the world this can be accomplished.
“When Wi-Fi was first rolled out in offices, networking professionals managed the access of every user,” says Kindness. “Now, through a simple GUI [graphical user interface] overlay added onto network access control solutions, staff such as lobby administrators can provide visitors with credentials to use the office Wi-Fi.”
Another example is in retail, whereby shops provide a splash page from which guests can log on to Wi-Fi services themselves. And in application development, Kindness says developers now use cloud networking services to support their creations without putting in tickets to IT organisations.
Read more about SD-WANs
- We go through the alphabet soup of secure networks, propelled by artificial intelligence and 5G, which have rejuvenated software-defined wide area network technology.
- The level of interest in secure access service edge architectures has exploded recently as organisations struggle to use traditional, on-premise network and security.
According to Forrester, organisations are still over-provisioning network infrastructure, yet there is also a focus on reducing cost. Kindness points out that when organisations focus too heavily on costs and too little on improving customer experience, they will lose business.
“Much of networking mindshare is directed at cost-cutting technologies, such as software-defined networking, software-defined WAN, and others,” he says. “However, many of these technologies increase costs when all the adjustments, such as redesigning security services or investing in new hardware to support the capabilities, are taken into account.”
Integration of security
To address the security concerns noted earlier, Gartner’s Forest says the integration of SD-WAN and security has evolved to deliver simplicity, tackle equipment sprawl and drive cost synergies. “Traditional standalone SD-WANs are evolving, as modern demands necessitate the need for integrated security features, such as those found in NGFW or SASE solutions,” he says.
This shift towards a unified approach not only addresses the dynamic requirements of distributed work environments, but also more complicated environments. The unified approach to networking, according to Forest, ensures high availability, application performance, and simplified connectivity from enterprise branches to public cloud and other enterprise locations.
Consequently, while the landscape of SD-WAN is changing, Forest says integration with security functionality is now almost essential to meet contemporary networking and security needs effectively.
