By: Srini Addepalli
Like many emerging disciplines, there are several significant challenges standing in the way of achieving success and overcoming them requires innovative approaches and strategies.
In the past, organizations with multiple offices typically utilized dedicated links to connect these offices, and relied on ISPs for Internet connectivity.
With the emergence of SD-WAN, however, the traditional approach of using dedicated links has shifted. Dedicated links have been replaced by the use of SD-WAN providers for last-mile connectivity via ISPs, as well as middle-mile connectivity among the SD-WAN provider POPs that connect various offices of organizations. Organizations adopting SD-WAN solutions experience reduced costs without compromising on isolation and bandwidth guarantees, while also benefitting from operational efficiencies.
SD-WAN providers take charge of optimizing network traffic between the offices by implementing various WAN optimization techniques, including “deduplication,” “compression,” and “traffic shaping.” Deduplication prevents duplicate traffic from being transmitted across the last-mile and middle-mile connections. Compression reduces the volume of traffic sent over the links, and traffic shaping ensures that critical traffic receives priority during instances of network congestion.
Newer SD-WAN providers are extending WAN optimization capabilities to SSL/TLS-based application traffic. Certain WAN optimization techniques are less effective, however, when applied to SSL/TLS encrypted traffic. To maintain the application of WAN optimization techniques, modern SD-WAN providers offer SSL/TLS MITM (Man-In-The-Middle) services. This involves intercepting traffic in its unencrypted form, applying optimization measures, and subsequently re-encrypting the traffic.
SD-WAN providers also incorporate TCP optimization by acting as double TCP proxies at both the client and server sides. This allows for the dynamic adjustment of TCP parameters, such as window size, congestion controls, and retransmissions, based on prevailing network conditions. This improves throughput and latency of TCP.
Furthermore, SD-WAN providers have begun offering network-level encryption, such as IPsec, across all network hops. This layer of encryption ensures that malicious actors can’t access unencrypted data at any point within the network.
The evolution of networks has led to the adoption of SD-WAN. The integration of WAN optimization techniques, encryption mechanisms, and TCP optimization contributes to enhanced performance, security, and efficiency across geographically dispersed offices.
While current SD-WAN providers are addressing critical challenges, a question remains: are capabilities offered by SD-WAN vendors sufficiently aligned with the evolving needs of modern organizations? Today, network requisites surpass the realm of last and middle-mile connectivity, optimization, and network-level encryption. Let's delve into the transformative shifts transpiring within organizations.
Network-Connected Devices: The era of exclusively linking laptops, desktops, and servers to organizational networks is gone. Today, there’s an array of network-connected devices spanning IoT devices, printers, HVAC systems, and security systems. This has compounded the challenges of network management and troubleshooting for IT leaders.
Multi-Cloud Application Deployments: Organizations are progressively adopting public clouds for application deployments, as well as embracing multiple cloud providers and diverse regions to replicate applications to cater to geographically dispersed workforces and customer bases. This necessitates the utilization of numerous networking, load-balancing, DNS, and application security services from various cloud service providers.
Edge Computing: Organizations are embracing edge computing to execute application processing closer to data sources, resulting in accelerated response times and cost reduction. Edge computing doesn’t involve the entirety of application operation, however; specific portions of applications (like microservices) operate on the edge, while the rest reside in the cloud.
Remote Workforce Paradigm: Ensuring constant connectivity for critical resources working remotely necessitates the use of multiple ISPs. Basic VPN connectivity no longer suffices; instead, multiple VPN tunnels must be established to leverage multiple home WAN links and distribute traffic across these tunnels.
Elevated Network and Application Security Complexity: Traditional security entails the deployment of myriad security appliances. Typically, organizations employ 40+ distinct security appliance types. Now, consider contemporary organizations spanning multiple clouds, edges, and a distributed workforce.