Cloud and SaaS applications are becoming increasingly pervasive among enterprises. While all enterprises need to evaluate their WAN strategies for cloud readiness, the task takes on unique architectural challenges for highly distributed enterprises -- those with many branch locations, such as retail, financial, hospitality, and other chains.
Traditional distributed enterprise networking solutions like MPLS work well for corporate datacenter-oriented computing, with minimal Internet and cloud flows. Branch Internet traffic is back-hauled over the MPLS network to the corporate datacenter, and then channeled off to the Web. But as the Internet and cloud services become integral to enterprise operations, four key issues emerge.
- Capacity: Cloud, mobile devices, and video traffic are driving up branch bandwidth requirements. A T1’s 1.5 Mbit/s is simply inadequate, often by an order of magnitude. The limited availability and expense of higher-capacity access, such as NxT1 and Ethernet, restrict their deployment in distributed networks.
- Security: Branch sites are heterogeneous and vary significantly in their requirements for access to cloud and Internet-based services. Securing a large branch network by deploying a centralized firewall at the datacenter can be challenging due to the complexity of managing policy rules that simultaneously need to provide the required flexibility while ensuring strong security.
- Performance: Making the datacenter a detour on the way to the Internet could have an impact on application performance. Moreover, there's the introduction of additional points of failure.
- Cost: Backhauling traffic over MPLS just to drop it off to the Internet is an inefficient use of these expensive connections. The problem is compounded with higher-speed access such as Ethernet, with significantly increased costs.
Many distributed enterprises are deploying new kinds of WAN architectures that address these challenges and enable them to achieve their strategic cloud and Internet objectives. These solutions are rooted in advances in broadband networking and premises technologies.
Broadband networks have made significant gains in stability, price/performance, and scale. Average access speeds are typically in excess of 12 Mbit/s, with 50 Mbit/s speeds on the anvil, according to an Akamai report. Excellent throughput is being delivered even at peak hours -- all at costs well below T1 access, as indicated in the "2013 Measuring Broadband America—February Report" from the FCC.
On the premises side, technology price/performance has improved so significantly that capabilities once viable only for large sites are now cost-effective to deploy at all sites. For example, UTM (unified threat management) technology has been incorporated into low-cost devices through use of ASICs.
Advanced WAN optimization is being realized as embedded software in these same devices. In fact, comprehensive systems are now available that combine routing, security, and WAN optimization in a single device.
Unlike earlier generations of broadband VPNs (also called IPSec VPNs), the latest-generation broadband VPNs are delivering high performance that can often significantly exceed the capabilities of MPLS networks. The use of integrated premises technology brings strong security and end-to-end quality of service (QoS), while retaining the high capacity and price/performance of broadband. And having their origins in the Internet, these networks are naturally Internet friendly.
Next-generation broadband networks can be deployed either as an overlay to a private IP network or as a full replacement. In the first approach, Internet traffic is sent directly from the branch over a high-capacity broadband network secured through the premises UTM. And given the latest optimization technologies, traffic can be prioritized -- for example, SaaS destinations over general Internet access.
As a bonus, the broadband network can also act as a backup to improve availability. With the replacement approach, a single access pipe carries Internet traffic as a split tunnel, while a secure tunnel carries private traffic to the datacenter, delivering a highly capable WAN at lower costs than MPLS.
The strategic advantages of next-generation WANs that leverage improvements of broadband networks with advances in premises-based technologies are significant. By employing broadband public/private hybrid architectures, progressive enterprises are realizing the maximum levels of performance, security, and cost benefits -- making cloud computing faster, more secure, and more manageable.
— Sampath Ramaswami is a senior director in the Enterprise Group, North American Division, at Hughes Network Systems, responsible for product strategy and roadmap for enterprise markets.