The traditional network model of a central, physical data center hub with spokes running out to fixed locations has gone the way of the mainframe and electric typewriter – once mainstays of business. Today’s workforce is increasingly mobile, while business-critical productivity and collaboration applications run in the cloud. The rise of these cloud-based applications enable DevOps teams to deliver good application experiences and require IT teams to optimize cloud connectivity.
This new application- and mobility-centric environment is a challenge for traditional wide area network (WAN) architectures because these applications and services tend to not be bolted in place, network communications and collaboration are increasingly interconnected and complex, and bandwidth requirements can quickly scale beyond the capacity of a fixed connection. The disparate nature of today’s distributed WAN infrastructure also makes it hard to maintain comprehensive visibility of applications and infrastructure, which can hinder things like failure resolution and resource forecasting.
The main goal of replacing traditional WAN connections with SD-WAN technology, therefore, is to enable the delivery of a hyperconnected, business-class, cloud-enabled WAN connection using as much software-based technology as possible in order to quickly adapt as infrastructure and enduser needs evolve. While SD-WAN can be used to simply deliver basic WAN connectivity, its best use is for delivering premium business services such as meshed VPN, WAN optimization to ensure scale and throughput, voice and video conferencing and other forms of collaborations, and an applications delivery control (ADC) to ensure consistent access to applications, maintain QoC for bandwidth-hungry applications, and offload functions such as SSL and web server overhead.
One of the most important elements of the SD-WAN is the controller. A centralized controller can set policies, prioritize traffic, and provide physical or virtual device management for all SD-WAN devices. It can also identify the operational state of SD-WAN tunnels across and between different WANs, manage QoS performance metrics for each SD-WAN tunnel, and maintain identification, connectivity, and performance of critical applications.
Four Critical Reasons For Investing in Your WAN
SD-WAN devices enable businesses to reap the benefits improved of agility and cost that could not be provided by traditional connection methods like MPLS, but also provides other benefits as well, such as:
1. More Flexible Transport Options: SD-WAN gives businesses true transport independence. Since the WAN is virtualized, it can use any transport protocol required. This includes cell transport (3G/4G/LTE/5G), MPLS, the public Internet, Ethernet connections, and Wi-Fi. The point is, businesses that use SD-WAN enjoy complete transport flexibility so they can choose the right connection for different business functions. A dedicated line for access to a central VoIP solution, for example, may still want to leverage MPLS, while access to things like virtual conferencing may want to use a nimbler option like VPN over a public network. In fact, SD-WAN allows organization to run different transport protocols side-by-side to support different applications.
2. Application-Aware Controls: Intelligent pathway controls can specify categories of traffic to send along a specific path. For example, it can assign a specific application to a specific pathway based on a set of application requirements, such as bandwidth, sensitivity to latency, and even the kinds of data it might be carrying. Then, if the performance of that path suffers degrades, the intelligent pathway controller can then steer traffic to another path. And rather than having to define this per SD-WAN device, this traffic-forwarding policy can be set at the centralized controller and then pushed out to all SD-WAN devices. Policies can be based on a variety of conditions, including application profiles, IP address, quality-of-service requirements, or even location of a branch office or the time of day.
3. Single-Touch Provisioning: SD-WAN enables businesses to send SD-WAN devices to branches un-configured. Once it is plugged into the network the device can be automatically identified and connected to the central WAN controller where the device will download critical data such as essential updates, network and security policies, and crypto certificates and keys. It can then automatically start to learn traffic patterns, identify local devices and connections, integrate with the local branch LAN, and in the case of a Secure SD-WAN solution, even begin inspecting traffic, imposing security policies, and baselining behavior—all making provisioning dramatically easier.
4. Secure SD-WAN: Unlike traditional WAN solutions, which handle security through multiple appliances deployed (and usually, also managed) at each branch office, a Secure SD-WAN solution can include all of these functions in-box and at lower cost.
- NGFW and IDS/IPS can be deployed at the SD-WAN edge to protect the branch and devices and systems it connects to.
- Antivirus, SSL inspection, an email gateway, and web application inspection can all be deployed inside the SD-WAN solution to ensure consistent policy enforcement and to ensure that data is free from known malware.
- Dynamic VPN overlays can provide quick and reliable connections between various branch offices and devices.
- Sandboxing can provide deep inspection of content to detect unknown threat.
- SD-WAN can also integrate with a cloud web content filtering service, and offer malware defenses and botnet command-and-control intervention for every branch and remote devices.
Perhaps more important are these two additional benefits: The first is that when security is deployed as an integrated function built into an SD-WAN solution, it is also more likely to be able to be seamlessly integrated across the larger security ecosystem. This ensures that a single security policy can consistently protect data and resources regardless of where they are located. And second, integrating security and WAN networking functionality into a single management interface ensures that policy and performance are never working at cross-purposes.
As digital transformation continues to radically change how businesses do business, it is essential that all parts of the network are aligned to take advantage of new digital business opportunities. Upgrading branch WAN connections with a Secure SD-WAN solution ensures the sort of flexibility, responsiveness, performance, and interoperability that today’s branch users require.
Fortinet’s Secure SD-WAN solution includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering. Find out more about our new SD-WAN ASIC chip.
Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.Fortigate is an enterprise network security appliance that works with Cloud Bare Metal. Contact us to find out our latest offers!