Hybrid work is driving major shifts in network configuration and architecture. According to Microsoft’s 2021 Work Trend Index, over 70% of workers want flexible remote work options. And with a dramatic rise in video conferencing and cloud-based collaboration platforms, the network is more taxed than ever. In fact, a 2021 Workplace Collaboration Global Research Study found that successful companies were significantly more likely to invest in expanded Internet access, Wi-Fi upgrades, WAN services, SD-WAN, and residential Internet improvements. Aside from the security implications associated with this technology shift, network performance is a top concern as employees work from random locations and with any number of devices.
As a result, it’s put a premium on network visibility, connectivity, and agility. As organizations migrate more to the cloud and leverage technologies such as SaaS, SD-WAN, and NFV, NetOps teams are tasked with ensuring performance and solving problems quickly. But this combination of legacy on-prem networking and cloud can make this a monumental task. So, what are some of the challenges facing NetOps teams as they try to meet the increasing demands of remote workers and hybrid network environments? Here are some of the key issues.
Mixing legacy and new technology
It’s no secret that visibility across the entire network is key. This is especially critical (and basic table stakes) as traditional networks layer on software-defined technologies, like SD-WAN. When performance degrades, there is a tendency to blame the new technology or new part of the network. Without visibility, it’s hard to plan a migration and even harder to identify an issue when it does arise.
For example, let’s look at SD-WAN, which completely changes how traffic is routed. A traditional direct connection or hub-and-spoke model likely has robust connections that are easy to track. But SD-WAN may use alternate paths, and if there's a poor policy (or poor centralized policies), traffic could be routed through a branch office that was not meant to be a transit site (such as a small branch office with a 25 Mbps connection). The result is a poor network experience for the remote worker. This can get even more complex if an organization is cataloging hundreds or thousands of sites – and mixing traditional WAN and SD-WAN – and tracking how they’re communicating with each other. NetOps teams must have a network visibility platform that can see traditional WAN, cloud, and software-defined traffic.
Working and collaborating from anywhere, anytime
Remote workers need to be able to collaborate and reach applications regardless of location. That could be on-prem in a private data center or in a public cloud (or the application could be dynamic across various areas, with the app in the cloud, but data hosted on-prem). To the end-user, applications just need to work. This means applications are often no longer totally under the organization’s control (for example, Salesforce or Office365). These applications may or may not be sanctioned by IT. But being able to see the performance impact of these cloud (or SaaS) applications is important to meeting user demands. And it’s not just important to understand how the traffic is moving from a corporate location up to something like AWS or Azure, but also the performance of a remote user.
Having this visibility has traditionally been hard, but today, organizations can give remote users managed devices that sit in-line to the network or track performance based on access to the data center or cloud workload. But this also means an increase in non-traditional workflows for remote users. Finding a problem when it arises with these workflows puts a premium on network monitoring tools that help manage performance.
Migrating it all quickly
Covid really put pressure on NetOps teams to support remote works quickly. It also put pressure on organizations to change their business models to keep up with the pace of change, for example, around new retail models. Productivity for most organizations is tied to being at the cutting edge of technology. But when migrating the network, for example, to incorporate SD-WAN, you need visibility into performance to set key baselines. It's important to understand what applications are on the network (and which ones to prioritize), what the top talking sites are, and which ones use the most bandwidth. This requires legacy capacity planning.
Without historical data into performance, it’s impossible to understand good or bad outcomes after migration (critical in Day 0 planning). This is even more critical when looking at voice performance associated with application-aware routing policies for SD-WAN. And, once migrated, the policies need to be vetted to ensure it’s meeting performance standards. Cloud migrations are similar, but it’s important to think about bandwidth allocation, as well as understanding how much data is coming from the cloud (as that’s where costs can skyrocket).
Segmenting the network for security
Moving to hybrid work creates a variety of security challenges. But from a hybrid networking standpoint, segmentation is important to isolate various resources like IoT from business-critical applications or guest users from corporate users. In SD-WAN, this is typically done with the notion of a VRF, which is basically a way to segment different parts of the network. For example, guests might be in VRF 1 and corporate users in VRF 2. NetOps could look at top users and talkers in each and see if they’re talking to each other. This can then be reported on to see if this is an acceptable policy or action.
This is also done with multi-levels of macro and micro-segmentation. For example, there could be an IoT macro segmentation, with micro segmentations underneath for types of IoT, such as HVAC and video surveillance. Or more broadly with HR resources and R&D resources. Network monitoring tools can give you this level of visibility into segmentations.
The last 16 months has put increased pressure on NetOps teams to deliver unprecedented levels of network performance and to reimagine what the corporate network looks like. Understanding the key challenges or issues introduced with this shift is key to properly planning to address possible challenges. Stay safe out there.
David Izumo is Principal Engineer at LiveAction.