The traditional network model of a central, physical data center hub with spokes performed at fixed locations has paved the way for the mainframe and the electric typewriter – once a pillar of business. Today's staff is becoming increasingly mobile, while mission-critical productivity and collaboration applications are running in the cloud. The emergence of these cloud-based applications enables DevOps teams to deliver good application experiences and requires IT teams to optimize cloud connectivity.
This new application and mobility center environment is a challenge for traditional WAN (Wide Area Network) architectures, as these applications and services are usually not stuck, network communication and collaboration are increasingly interconnected and complex, and bandwidth requirements can quickly be scaled out of capacity of a fixed connection. The disparity of the current distributed WAN infrastructure also makes it difficult to maintain extensive visibility of applications and infrastructure, which can hamper issues such as failure resolution and resource forecasting.
The main purpose of replacing traditional WAN connections with SD-WAN technology is therefore to enable the delivery of a hyperconnected, business-class, cloud-enabled WAN connection that uses software-based technology as much as possible to quickly adaptable as infrastructure and the needs of end users evolve. Although SD-WAN can be used to provide simple WAN connectivity, its best use is to provide first-class business services such as meshed VPN, WAN optimization to ensure scaling and throughput, voice and video conferencing, and other forms of collaboration and delivery of application control (ADC) to ensure consistent access to applications, maintain QoC for bandwidth-hungry applications and offload functions such as SSL and web server overhead.
One of the most important elements of the SD-WAN is the controller. A centralized controller can set policies, prioritize traffic, and provide physical or virtual device management for all SD-WAN devices. It can also identify the operational status of SD-WAN tunnels across and between different WANs, manage QoS performance statistics for each SD-WAN tunnel, and maintain the identification, connectivity, and performance of critical applications.
Four critical reasons for investing in your WAN
SD-WAN devices enable companies to reap the benefits of maneuverability and costs that traditional connection methods such as MPLS cannot provide, but also offer other benefits such as:
- More flexible transport options: SD-WAN gives companies real transport independence. Because the WAN is virtualized, it can use any transport protocol. This includes mobile transport (3G / 4G / LTE / 5G), MPLS, the public internet, Ethernet connections and Wi-Fi. The point is that companies that use SD-WAN enjoy full transport flexibility, so they can choose the right connection for different business functions. For example, a special line for access to a central VoIP solution can still use MPLS, while access to things like virtual meetings might want to use a nimbler option such as VPN over a public network. With SD-WAN, the organization can execute different transport protocols next to each other to support different applications.
- Application Aware Controls: Intelligent path controls can specify traffic categories to send along a specific path. For example, it can assign a specific application to a specific path based on a set of application requirements, such as bandwidth, latency sensitivity, and even the types of data it can carry. If the performance of that path decreases, the intelligent pathway controller can then send traffic to another path. And instead of having to define this per SD-WAN device, this traffic information policy can be set on the centralized controller and then pushed to all SD-WAN devices. Policy can be based on a variety of conditions, including application profiles, IP address, service quality requirements or even location of a branch or the time of day.
- Single-touch provisioning: With SD-WAN, companies can send SD-WAN devices to unconfigured branches. Once connected to the network, the device can be automatically identified and connected to the central WAN controller, where the device downloads critical data such as critical updates, network and security policies, and cryptocertificates and keys. It can then automatically get to know traffic patterns, identify local devices and connections, integrate with the local branch LAN, and in the case of a Secure SD-WAN solution, even begin to inspect traffic, enforce security policies and baseline. behavior – all making dramatically simpler provisioning.
- Secure SD-WAN: Unlike traditional WAN solutions, which control security through multiple devices deployed (and usually also managed) in each branch, a Secure SD-WAN solution can include all these functions in the box at a lower cost.
- NGFW and IDS / IPS can be implemented on the SD-WAN edge to protect the industry and devices and systems that it connects to.
- Antivirus, SSL inspection, e-mail gateway and web application inspection can all be implemented in the SD-WAN solution to ensure consistent policy enforcement and ensure that data is free from known malware.
- Dynamic VPN overlays offer fast and reliable connections between different branches and devices.
- Sandboxing can thoroughly inspect content to detect unknown threats.
- SD-WAN can also be integrated with a cloud web content filtering service and provide malware repellants and botnet command and control intervention for each branch and external devices.
Perhaps even more important are these two additional benefits: first, when security is implemented as an integrated function built into an SD-WAN solution, it is also more likely that it can be seamlessly integrated into the larger security ecosystem. This ensures that a single security policy can consistently protect data and resources, regardless of where they are located. And second, the integration of security and WAN network functionality into a single management interface ensures that policies and performance never work in contradiction.
Main takeaway meals
Because digital transformation is radically changing the way companies do business, it is essential that all parts of the network are aligned to take advantage of new digital business opportunities. Upgrading branch WAN connections with a Secure SD-WAN solution provides the kind of flexibility, responsiveness, performance, and interoperability that today's branch users need.
Fortinet& # 39; S Secure SD-WAN solution includes the very best next-generation firewall (NGFW) security, SD-WAN, advanced routing and WAN optimization options and delivers a security-based network WAN edge transformation in a uniform offering. Read more about our new one SD-WAN ASIC chip.
Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the Niagara District School Board Fortinet implemented& # 39; S Secure SD-WAN to reduce network complexity, increase bandwidth and reduce security costs.