Corporate data traffic has completely changed in recent years. This has been mainly due to the massive development of the cloud and the use of Software as a Service (SaaS). The Covid years, which made people work from home, has made the situation even more prevalent. The number of cloud applications that corporate employees need for their day-to-day work can already be counted in the dozens. The answer to the new form of data distribution to branch offices and remote employees is a software-defined WAN (SD-WAN).
In the traditional centralized WAN model, applications run in the corporate data centre; branch offices usually connect to them via MPLS lines. All traffic is routed from the branch offices to the head office and only from there possibly to the internet and cloud applications. If you start to incorporate the use of cloud services such as Microsoft 365, Dropbox, or remote collaboration tools into such an infrastructure on a larger scale, you will most likely run into a capacity problem. This is because each such new service would require increasing the bandwidth of the MPLS lines between the head office and branch offices; otherwise, users may start to experience connectivity issues.
The first logical step in such a situation may be a “local internet breakout”, which is when branch offices start consuming cloud services directly over the less expensive local internet connections. This results in less pressure on the capacity of more expensive MPLS lines.
SD-WAN, in which the control and transmission layers are separated, is the element that brings order to this situation. This is because in an SD-WAN environment, the administrator can define in detail which part of the traffic is to be routed to and from the branch directly from the internet and which part would remain reserved for the corporate network. Several transmission lines are available in the network and the control software can balance the load. The administrator defines what link parameters are necessary for the secure application operation. When the line does not meet these parameters (such as when internet connectivity is lost), the system automatically redirects the application to another line (such as MPLS). This method can improve the transmission quality and performance of individual applications, regardless of whether they run from a private data centre or in public cloud infrastructure. Also, staff will have a better user experience, without needing to know what lines are momentarily used for their communication.
“On top of that there are the cost benefits. The network detects what application the user is using and what transmission quality, capacity, and security is required. Based on predefined rules, the orchestrator then decides which communication routes should be used for the data transmission. This allows the data flow to be effectively divided, for example, between less expensive internet (such as for office software updates) and more expensive MPLS lines (for critical data),”adds Martin Čaprnka, Senior Presales Manager at Soitron.
The concept of software-defined networking (SDN) introduces a fundamental change to network management and administration. The separation of the data layer from the control layer enables the administrator to define a whole range of policies. In the software-defined control layer, the administrator can apply all necessary rules for network operation, security policies, user access settings, and updates. SD-WAN also allows for the automation of the activities related to connecting new branch offices and deploying new applications. Centralized management and configuration of the SD-WAN infrastructure minimizes the risk of configuration errors, thus increasing the overall availability and security of the company’s IT infrastructure. Regardless of whether it is a branch office, a home desktop computer or a laptop, uniform rules are applied down to the level of every single endpoint. And if the rules are revised or updated, or a new service is introduced, the change is applied to all users at once.
Improved connectivity and seamless application performance are a major (but not the only) benefit of SD-WAN. The SDN concept also delivers streamlined infrastructure deployment, more efficient troubleshooting and problem solving, and easier deployment of security tools across the infrastructure down to end users.
Currently, several dozen vendors offer various SD-WAN products worldwide. Solutions that Soitron as an implementer recommends to its customers include those from Cisco, who is our partner. At Soitron, we have extensive experience with Cisco products.
In terms of technology, the vBond server is used to create the control environment, the main task of which is to initialize the individual components of the SD-WAN. The vManage dashboard takes care of the management, monitoring, and troubleshooting of the entire network. Network and security policies are also defined within the dashboard. The brains of the control layer are vSmart controllers, which apply the defined policies to data routers and are responsible for initializing and exchanging encryption codes used by the data routers to communicate with each other. vEdge data routers operate only in contact with the control environment.
“Cisco’s SD-WAN solution features ThousandEyes – a smart integration tool which can provide visibility into the availability of individual applications and services through a network of agents deployed across the internet, corporate network, and endpoint devices. If an application is down, ThousandEyes detects whether the problem is with the application, the private communication infrastructure, the ISP, the infrastructure of the public cloud, or the SaaS provider. This allows you to respond to issues before they affect your end users or services. If there is a problem, it can attempt to reroute traffic or at least alert the appropriate provider to fix the problem,” says Miroslav Brzek, a networking expert at Cisco.
We are in the process of finalizing. If you want to be redirected to our old version of web site, please click here.