By: Jacob Chacko, Regional Director – Middle East, Saudi & South Africa at Aruba, an HP Enterprise company
The pandemic’s acceleration of cloud migration within enterprises has, at this point, been well documented. Last year’s Flexera 2020 State of the Cloud Report suggested that more than 90 percent of enterprises now have a multi-cloud strategy.
Even in times of great urgency as we have experienced over the last 18 months, enterprise-wide cloud transformations don’t simply happen overnight. In the rush to get their multi-cloud environments off the ground and enable remote connectivity for their workforces, many enterprises will not have suitably adapted their IT and network infrastructure to support applications in a multi-cloud connected environment. Because of this, they will likely now be facing numerous challenges around the performance of mission-critical SaaS applications, automation of cloud security services, and integration of WAN applications in the public cloud, to name just a few.
When it comes to meeting and addressing these challenges, enterprises could consider the benefits of an SD-WAN platform which, through a mixture of optimization, orchestration centralization, and automation can provide a firm foundation for enabling a successful, performant, and secure multi-cloud environment.
Ensuring User Experience Through SaaS Optimization
In a time when applications were hosted in corporate data centers, routing all application traffic from the branch to the data center made total sense. Today, however, with most applications in modern enterprises delivered through SaaS, backhauling cloud-destined traffic to the data center only serves to increase latency and impact application performance.
Recognizing this, enterprises could reduce said latency by looking towards a modern, best-of-breed Edge-based SD-WAN platform, which should offer SaaS optimization features to seamlessly and securely connect users from branch sites to SaaS applications, while simultaneously monitoring the SaaS Quality of Experience (QoE).
Key functionalities that any SD-WAN purchaser should look out for include first-packet identification, wherein applications are identified and classified on the first packet, which enables traffic to be routed dynamically to its intended destination (be that the data center, cloud provider, or cloud security). This, in turn, reduces latency and ensures security policies are adhered to. Similarly, Microsoft Office 365 API integration enables secure internet breakout to the closest Office 365 entry point, thus ensuring the best Office 365 performance available.
Intelligent Local Internet Breakout
Different classes of application require different kinds of treatment to adhere to security policies and controls. As mentioned above, first-packet identification has a part to play here, but other functionalities within leading SD-WAN platforms can bolster security without impacting application performance.
Different applications can be mapped to virtual WAN overlays, each supporting various QoS, transport, and failover characteristics. For instance, trusted business SaaS such as Office 365 can be mapped to an overlay that traffics straight to the closest SaaS instance over the internet, whilst untrusted or unknown traffic is sent to the headquarters-based firewall for closer inspection.
Speaking of firewalls, having a unified zone-based stateful firewall at the WAN Edge is essential to ensure complete, secure local internet breakout. A WAN Edge firewall can connect directly to trusted SaaS applications and IaaS from branch offices, whilst also blocking any unauthorized traffic attempting to enter the branch network from the enterprise LAN.
Network Simplification Through SD-WAN Integration
Complexity is the enemy when it comes to network management, and this is most true for particularly large, global networks with many AWS Virtual Private Clouds or Microsoft Virtual Networks (VNets). However, an Edge-based SD-WAN platform can greatly simplify the management of such large networks.
By connecting directly to public cloud providers’ global backbone networks, reducing the number of point-to-point connections, and connecting branch locations directly to regional points of presence (POPs) the complexity of the SD-WAN overlay is reduced. An SD-WAN overlay should also support branch-to-branch communication without virtual gateways at each Virtual Private Cloud.
The Emergence of SASE
The emergence of SASE has had a profound impact on SD-WAN. Just as SD-WAN is transforming the network infrastructure with uninterrupted connectivity and simplified workflows, SASE takes the logical next step by placing cloud-native security controls closer to the end-users where the data is being generated (at the network Edge) and is, therefore, most at risk.
Although SASE is not a technology on its own, as an architectural framework it offers organizations the capability to bring together security and networking functions into a single, cloud-based service model. In 2021, SD-WAN should form the foundation of a SASE solution: a cloud-programmable networking platform for orchestrating and centrally managing the network, security, and SASE components.
As part of this, any quality Edge-based SD-WAN must integrate with third-party cloud security services from best-of-breed cloud security firms. Advanced API integration within the SD-WAN platform can enable network managers to fully realize enterprise-wide automation of consistent, network-wide security policies. In this way, they can combine the advantages of an advanced Zero Trust WAN Edge on-premises, whilst also enjoying the flexibility and freedom of choice to enjoy the benefits of cloud-delivered security services from their preferred security vendor.