Victoria - Fotolia

What are the SD-WAN requirements for a multicloud environment?

SD-WAN is becoming an important option for businesses migrating branch and other edge communications to the cloud. But what makes a successful deployment?

This article can also be found in the Premium Editorial Download: Computer Weekly: Are schools delivering on digital skills?

In the past few years, software-defined WAN (SD-WAN) has become an important option for many enterprises migrating branch and other edge communications to the cloud.

It’s a notable shift, but also a pragmatic one: the backstory to this move – the rise of multicloud in the enterprise – has mostly happened by accident as a defensive and logical response to the emergence of various cloud operators and software-as-a-service (SaaS) offerings, and a desire by IT departments to pick what’s needed while not being tied to a single infrastructure-as-a-service (IaaS) provider.

Multicloud means something a bit different from hybrid cloud. It describes a company’s use of two or more IaaS platforms, such as Amazon Web Services (AWS) or Microsoft Azure. Next to this, many organisations are today using an assortment of on-premise and private and public cloud resources to enable their wider agile IT operations.

Choose carefully

When it comes to SD-WAN, how does it fit with multicloud?

Above all else, some argue an SD-WAN option needs to be flexible and supplier-agnostic, because the public cloud is a dynamic space. Patrick Hubbard, head geek at IT monitoring outfit SolarWinds, is one who takes this view.

“It needs to work with an actionable fabric and automate and monitor the network connections in just the right way for the enterprise’s needs, and for the kind of cloud options being used,” he says.  

That’s something that some might not necessarily feel confident about when choosing. “There are a great many SD-WAN offers putting out different messages and aligning with particular product sets,” says Hubbard. “So a company that’s making choices must do its homework. It’s also worth the IT department going back to fundamentals and asking how easy it is to experiment with the code or access a user community for answers when problems arise with an SD-WAN.”

Ask some questions

But if Hubbard is arguing to be wary, what kind of work and self-reflection is needed up front? The essential questions might be:

  • What cloud platforms do you need to access?
  • Where are they hosted?
  • Where are your company sites and employees?
  • Which cloud-based applications are business-critical?
  • Do you have existing internet circuits with sufficient bandwidth?
  • What issue do you want an SD-WAN to solve?

A crucial further question, says Nikki Lee of telecoms business Nice Network, is how an SD-WAN works with the public internet.

“We always advise that, while you can’t control packet performance over public internet, some SD-WAN offers do include compression, shaping and prioritisation, depending on the detected underlying network performance.

For example, if latency increases, you can apply more available bandwidth to a critical application and curb non-essential traffic; but an attempt to optimise the access circuit is no guarantee of performance over the public internet from end to end.”

Dedicated control

So far, so complicated, you might be thinking. But another aspect to the evolving story, when it comes to multicloud and SD-WAN platforms, is that many SD-WAN suppliers are now busy improving their ability to meet expectations in a multicloud world by partnering with the leading IaaS providers – Amazon, Microsoft and Google – to enable dedicated control.

Plus, many SD-WAN platforms can recognise traffic, by using IP addresses, to and from all the top SaaS providers, and thereby apply the appropriate security and compliance policies. These aren’t changes to be sniffed at, clearly.

Microsegmentation matters

Next to this, multicloud security is also now deploying microsegmentation to isolate certain traffic flows, applications and network segments.

“This evolution of SD-WAN and its security capabilities definitely matters when it comes to multicloud,” says James Leavers, chief technology officer of managed cloud service provider Cloudhelix.

“One of the reasons enterprises today are getting into cloud environments is for faster development in a quickly transforming business context, and security matters in this respect.

“Some will be using a software-based virtual architecture option like VMware NSX-T, for example, to connect disparate deployments such as Kubernetes and AWS. More important than simply connecting them, however, is enforcing very granular microsegmentation policies to stay safe.” 

This is especially of interest, says Leavers, in containerised deployments where iterative development zooms along at breakneck pace, but where you still need to enforce enterprise security policies.

Gategroup’s SD-WAN journey

One well-established unified SD-WAN platform is by the Swiss company Open Systems, which offers a managed secured SD-WAN that puts security front and centre.

Laurent Zimmerli, head of product marketing for Open Systems, says that its customer companies opting for SD-WAN aren’t doing it as a straight technology replacement: the aim, as you’d expect, is to leverage the capabilities to orchestrate and manage a multicloud or hybrid cloud environment.

The airline caterer Gategroup is one Open Systems customer that in 2013 transformed its MPLS network into a global SD-WAN based on hybrid technology with strong integration of Microsoft Azure Cloud. It works directly with airlines to manage complex, high-volume operations around the world, and has 165 facilities across more than 30 countries on six continents.

“The operation depends on always being able to access the stock and order systems, as well as the latest airline information. The priority, above all else, is on-time performance, and that means network integrity is an equal priority,” says Zimmerli.

Read more about SD-WAN

In 2013, the group decided to adopt SD-WAN and simultaneously move many of its datacentres to Azure.

“That is the step many organisations take,” says Zimmerli. “Many have cloud-native ambitions, but they get there in stages. Today, Gategroup also uses AWS heavily in its business-to-consumer operations, though its core system that integrates with the airlines is on Azure. It also uses Office 365 extensively, plus Skype for Business.”

Gategroup uses Open Systems’ SD-WAN edge devices for physical branch deployments, giving good performance for local internet breakouts to Office 365 and other applications, as well as having SD-WAN in the cloud.

“The headline benefit of the migration, which only happened after extensive testing, was a cost saving of 25% versus the prior MPLS-dependent setup, while achieving a tenfold increase in bandwidth,” says Zimmerli.

“More than that, though, the SD-WAN have given Gategroup the flexibility it needs to flex and pivot and grow globally, and particularly when it comes to launching at short notice in new locations with its current multicloud setup.”

SD-WAN and IaaS integration

While supplier-agnostic flexibility lies at the heart of the SD-WAN proposition as it relates to multicloud environments, the other thing that’s happening is the deep integration of some SD-WAN offerings with certain IaaS platforms, even if the approach is versatile enough to incorporate other IaaS propositions.

An example of this kind of move is seen with the ever-deepening integration in 2018 of Citrix with Microsoft Azure Virtual WAN, enabling more automation, and with Citrix SD-WAN delivering optimisation and orchestration.

Valerie DiMartino, who is an SD-WAN product expert at Citrix, says: “The integration we have now with Microsoft is deep and broad. It’s another approach to the enterprise infrastructure and networks challenge.

“With SD-WAN and large-scale automated branch connectivity, it means companies just don’t have to undertake manual work at the branch. Automation of APIs [application programming interfaces] can take just minutes through an Azure portal, which sweeps away manual effort. So much can be centralised, from firewalls to Office 365 policies. That’s one way SD-WAN is delivering for today’s enterprise environments.”

Need for (development) speed

If many corporates will inevitably look to build on longstanding technology relationships to leverage SD-WAN for their hybrid and multicloud environments, and often feel the benefit of the integration work put in by suppliers, it’s also clear that part of the story here is the versatility, speed and agility that enterprises need more than ever to deliver on container projects and more.

As the world speeds up, SD-WAN’s capabilities to orchestrate and optimise core systems and navigate multicloud is only a part of the picture. Next to this is the development challenge, and we should expect the story of SD-WAN and multicloud to keep changing there, too.

SD-WAN connectivity to multicloud: six examples

In a multicloud world, SD-WAN connectivity can provide secure, reliable, low-latency access to data and applications.

Cisco: Cisco SD-WAN offers Cloud OnRamp for SaaS applications and partners with AWS and Azure for IaaS connectivity.

Citrix: Citrix has partnered with Microsoft to provide access between a customer’s SD-WAN application-aware platform in a branch location and the Azure Virtual WAN service.

CloudGenix: CloudGenix AppFabric enables the deployment of cloud and SaaS applications to branch offices with application identification and automatic path selection.

Riverbed: Riverbed SteelConnect offers one-click VPN connections to both AWS and Azure cloud platforms.

Talari: Talari Cloud Connect offers multilink visibility and bidirectional quality of service while accessing cloud and SaaS-based applications.

Versa Networks: Versa offers direct cloud access optimisation for popular cloud sites. Versa Director can spin up Versa instances in private clouds – like VMware and OpenStack – and public clouds.

Read more on Software-defined networking (SDN)