Simplifying Multi-Cloud Connectivity through SD-WAN at the Edge

By: Jacob Chacko, Regional Director – Middle East, Saudi & South Africa at Aruba, a Hewlett Packard Enterprise company

The pandemic’s acceleration of cloud migration within enterprises has, at this point, been well documented. Last year’s Flexera 2020 State of the Cloud Report suggested that more than 90 per cent of enterprises now have a multi-cloud strategy.

Even in times of great urgency as we have experienced over the last 18 months, enterprise-wide cloud transformations don’t simply happen overnight. In the rush to get their multi-cloud environments off the ground and enable remote connectivity for their workforces, many enterprises will not have suitably adapted their IT and network infrastructure to support applications in a multi-cloud connected environment. Because of this, they will likely now be facing numerous challenges around the performance of mission-critical SaaS applications, automation of cloud security services, and integration of WAN applications in public cloud, to name just a few.

When it comes to meeting and addressing these challenges, enterprises could consider the benefits of an SD-WAN platform which, through a mixture of optimization, orchestration centralization and automation can provide a firm foundation for enabling a successful, performant and secure multi-cloud environment.

Ensuring user experience through SaaS optimization

In a time when applications were hosted in corporate data centres, routing all application traffic from the branch to the data centre made total sense. Today, however, with most applications in modern enterprises delivered through SaaS, backhauling cloud-destined traffic to the data centre only serves to increase latency and impact application performance.

Recognizing this, enterprises could reduce said latency by looking towards a modern, best-of-breed Edge-based SD-WAN platform, which should offer SaaS optimization features to seamlessly and securely connect users from branch sites to SaaS applications, while simultaneously monitoring the SaaS Quality of Experience (QoE).

Key functionalities that any SD-WAN purchaser should look out for include first-packet identification, wherein applications are identified and classified on the first packet, which enables traffic to be routed dynamically to its intended destination (be that the data centre, cloud provider or cloud security). This, in turn, reduces latency and ensures security policies are adhered to. Similarly, Microsoft Office 365 API integration enables secure internet breakout to the closest Office 365 entry point, thus ensuring the best Office 365 performance available.  

Intelligent local internet breakout

Different classes of application require different kinds of treatment to adhere to security policies and controls. As mentioned above, first-packet identification has a part to play here, but there are other functionalities within leading SD-WAN platforms that can bolster security without impacting application performance.

Different applications can be mapped to virtual WAN overlays, each supporting various QoS, transport and failover characteristics. For instance, trusted business SaaS such as Office 365 can be mapped to an overlay that traffics straight to the closest SaaS instance over the internet, whilst untrusted or unknown traffic is sent to the headquarters-based firewall for closer inspection.  

Speaking of firewalls, having a unified zone-based stateful firewall at the WAN Edge is essential to ensure complete, secure local internet breakout. A WAN Edge firewall can connect directly to trusted SaaS applications and IaaS from branch offices, whilst also blocking any unauthorized traffic attempting to enter the branch network from the enterprise LAN.

Network simplification through SD-WAN integration and automation with public cloud

Complexity is the enemy when it comes to network management, and this is most true for particularly large, global networks with many AWS Virtual Private Clouds or Microsoft Virtual Networks (VNets). However, an Edge-based SD-WAN platform can greatly simplify management of such large networks.

By connecting directly to public cloud providers’ global backbone networks, reducing the number of point-to-point connections, and connecting branch locations directly to regional points of presence (POPs) the complexity of the SD-WAN overlay is reduced. An SD-WAN overlay should also support branch-to-branch communication without virtual gateways at each Virtual Private Cloud.

The emergence of SASE

The emergence of SASE has had a profound impact on SD-WAN. Just as SD-WAN is transforming the network infrastructure with uninterrupted connectivity and simplified workflows, SASE takes the logical next step by placing cloud-native security controls closer to the end users where the data is being generated (at the network Edge) and is therefore most at risk.

Although SASE is not a technology on its own, as an architectural framework it offers organizations the capability to bring together security and networking functions into a single, cloud-based service model. In 2021, SD-WAN should form the foundation of a SASE solution: a cloud-programmable networking platform for orchestrating and centrally managing network, security and SASE components.

As part of this, any quality Edge-based SD-WAN must integrate with third-party cloud security services from best-of-breed cloud security firms. Advanced API integration within the SD-WAN platform can enable network managers to fully realize enterprise-wide automation of consistent, network-wide security policies. In this way, they can combine the advantages of an advanced Zero Trust WAN Edge on-premises, whilst also enjoying the flexibility and freedom of choice to enjoy the benefits of cloud-delivered security services from their preferred security vendor.

Final word

Multi-cloud environments can be incredibly complex, and managing their connectivity across an enterprise’s WAN can quickly become an unruly, laborious affair. Not only are IT teams tasked with deployment and management of these environments, but simultaneously they must ensure the highest performance levels and security are achieved for their businesses’ end users, alongside delivering the full transformational promise of the cloud through lifecycle management and orchestration.  

IT teams rely on automation and orchestration to manage the complexity of multi-cloud, and businesses must look to further simplify these processes for their teams, particularly as network complexity grows. An important first step is selecting the right SD-WAN platform to simplify the integration of private cloud, SaaS and IaaS hosted applications.

The pandemic has shifted how, when and where employees work, and it is still unclear as to whether these changes will become permanent fixtures after the pandemic has ended. Even if they do not, much of the investment and groundwork has already been laid. The impetus is now on businesses to follow through on their cloud transformation journeys and create a network infrastructure that is resilient and manageable to deliver consistent and secure application performance over any WAN infrastructure to all users, anywhere, and from any device.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.