Organisations are increasingly evaluating retiring their legacy architectures – such as routers at the branch – due to the continuing migration of applications to the cloud. In November 2017, Forrester projected that 2018 would be the year that more than 50 percent of enterprise applications would be hosted in public and private clouds. However, in 2018, that figure reached 96 percent of 997 small-medium sized businesses and enterprise companies surveyed now use cloud services. As the migration to cloud-based applications and infrastructure accelerates further, organisations are coming to realise that conventional router-centric WAN architectures were not designed for the cloud.
Traditional router-centric WANs typically backhaul Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) traffic back to the data centre where advanced security screening – which is too expensive to deploy in every branch – can be applied before routing traffic across the internet. This backhaul introduces latency and impairs SaaS and IaaS performance. As a result, businesses cannot realise the full extent of the productivity gains and efficiencies that are associated with moving applications to the cloud.
Turning to an SD-WAN solution
An advanced, application-aware software-defined WAN (SD-WAN) solution addresses this challenge by enabling secure, direct-to-net access from branch offices to trusted SaaS applications and IaaS instances. By intelligently steering trusted SaaS and IaaS traffic directly over the internet from branch sites, application performance significantly increases. Web traffic that requires verification or further inspection can be automatically directed to security services in the cloud or next generation security infrastructure in regional hubs or data centers.
An advanced SD-WAN solution must also keep pace with constantly changing IP address tables, which are utilised by popular SaaS applications, such as Office 365, Salesforce.com, Box and others and automatically update each site on a daily basis. While some available SD-WAN solutions may be able to selectively breakout web traffic by application using access control lists (ACLs), they will fail when IP addresses inevitably change. Address updates that require highly manual re-programming or reliance on third-party application signature libraries – such as routers – simply can’t keep pace with today’s changing business requirements. Advanced SD-WAN solutions can increase SaaS and IaaS performance while protecting branches from threats by using real-time application identification techniques, secure internet breakout and cloud intelligence.
A unified SD-WAN platform incorporates a stateful integrated firewall, full routing interoperability and WAN optimisation to create a business-first branch WAN edge solution. Not only can an advanced SD-WAN solution replace conventional routers at the branch, it can also replace the firewall in most typical branch environments. When an organisation requires additional security, an SD-WAN can seamlessly service-chain traffic to provide more robust screening facilitated by contracted security providers.
The best SD-WAN solutions are engineered to unify all four key branch network functions – SD-WAN, WAN optimisation, routing and security – all in a single software instance, as well as providing the ability to service chain to industry-leading security solutions. This significantly reduces the hardware footprint at the branch, simplifies branch WAN edge architecture and lowers costs. Having centralized management and orchestration software as an overlay to the SD-WAN means all four functions can be controlled from a single screen, whether it is for 50, 500 or 5,000 branches. This not only increases the operational efficiency of managing the WAN infrastructure but also ensures consistent quality of Service (QoS) and security policy enforcement across the cloud-first enterprise – no matter where the applications reside.
Ultimately, as businesses continue to migrate applications to the cloud, they will find that it is time to move beyond conventional routers and deploy a business first SD-WAN solution to deliver a superior quality of experience for end users and IT teams alike.