Software-defined WAN (SD-WAN) and public cloud IaaS services both offer powerful benefits to virtually any business. Many of these same businesses, however, are missing out on an incredible opportunity by either accessing the internet using SD-WAN technology or using public cloud services such as AWS or Microsoft Azure. In other words, you’re using just one of these services when you could be using both.
By extending an SD-WAN into an IaaS service, you can combine the best of what both technologies can offer. And what benefits are there when extending SD-WAN into IaaS? Read on and find out…
Ask yourself this question: How would my company handle a sudden massive increase in business? By connecting your network into AWS, Azure or even Google Cloud Platform or IBM Cloud, you won’t have to worry about any unexpected increase in demand. Extra compute and storage resources can be created on demand and automated so that you don’t have to rely on a 24/7 system administrator spinning up extra VMs or provisioning extra storage due to a sudden spike in the middle of the night.
This can all be detected and the necessary compute, network and storage resources can be instantiated to accommodate the spike. It’s important to check with your chosen cloud vendor first to understand how exactly scalability (both up and down) is handled within their ecosystem, as this can have a significant impact on expenditure.
As long as your IaaS is configured and managed correctly, it can save your business a lot of money through the virtualization of infrastructure and reduced CapEx, maintenance and IT support costs.
In fact, there are a growing number of enterprises who have gone years without needing to purchase any physical piece of hardware. Meanwhile, WAN networking costs can be reduced through vendor-neutral SD-WAN technology with the most economical data paths selected, which effectively breaks the cycle of a costly MPLS lock-in. SD-WAN infrastructure can also be largely virtualized so that it can be fully managed in the cloud.
Businesses do have to be aware of the risk of shadow IT, though (e.g. unused VMs left in a provisioned state, orphan storage, etc.) – This can lead to money being wasted on resources which are not being used. A thorough TCO assessment needs to be made first to ensure maximum cost savings are realized.
SD-WAN adds the benefit of extra security to IaaS deployments. Although security within the cloud is pretty watertight, once data leaves the AWS or Azure edge servers, it is at risk of being intercepted, especially if it is traveling over the open internet. Even with a VPN connection, there is a risk of IP leaks and other forms of vulnerability.
The tunnel overlays in SD-WAN technology provide a native encrypted connection between your business premises and SD-WAN vendor edge device. It also offers per application segmentation. However, no technology is 100% secure and SD-WAN vendors offer different types of security.
There are also third party SaaS solutions, and your IaaS vendor will probably offer application or network security options. These must all be looked at carefully before a decision is made.
By-passing the open internet and prioritizing high-bandwidth and/or business-critical data is the way in which SD-WAN technology can provide much improved performance with low latency and high availability. A combination of load balancing and policy-controlled prioritization ensures that your network can react to any bottlenecks in order to protect priority services such as VoIP connections or media streams.
As with security, not all SD-WAN offerings are created equal, so it is imperative that the various feature options such as path conditioning and traffic shaping are carefully compared before purchase.
From a management point of view, SD-WAN takes away the need to individually configure devices in favor of a single pane of glass that can be situated either on-prem or in the cloud. This makes changing network behavior and even securing the network that much easier since any configuration changes or policy updates can be applied immediately across the entire SD-WAN.
Choosing a good network and application visibility portal will also enable network engineers to keep a close eye on performance (link utilization, traffic patterns, user/application behavior, bandwidth utilization, latency, packet loss, etc.) over the entire network and quickly apply corrective measures (move loads, assign bandwidth, configure networks, etc.) in response to impending issues or outages. They can also easily pull from custom reports for business meetings, internal reviews, etc.
To avoid backhauling data through the data center, WAN deployments can get very complicated, particularly when a business needs to connect several branches to numerous VPCs creating a so-called NxN tunnel mesh. Each tunnel requires manual IPSec configuration at each branch which is not only time-consuming, but also increases the chances of misconfiguration. This can leave the network insecure or even cause a cascade of failures.
Network engineers may have to work with several interfaces when configuring WAN equipment. If they are off sick when changes are needed, there may not be an immediate replacement with the necessary skill set available. This will inevitably lead to delays. If the change is an important security patch, for Instance, the network could be left in an insecure state for a dangerously long period of time.
By connecting your network to the cloud via SD-WAN, however, your engineers will only have one interface they need to learn. Through this single interface, they can manage all of the connections between your branches and your SD-WAN provider’s cloud gateway. The IPSec connections to VPCs will be automatically configured by the network policies, which can be instantly updated.
We’ve already mentioned that IaaS creates capacity for future Scaling, but SD-WAN can also help with future-proofing. Imagine a situation where you intend to migrate to a hybrid network but you really aren’t ready to do so just yet. Cloud-based SD-WAN can be still be set up to proactively manage tunnels between branches, which can be connected to IaaS at some point in the future.
Deciding on and setting up an IaaS service will depend on many different business-specific factors, so it’s always worth your time to speak with cloud consulting or migration experts for AWS, Azure, and/or GCP. Additionally, for help with choosing and setting up your SD WAN technology, speak to a certified SD WAN solution provider. They’ll be able to help you to extend your SD-WAN into the cloud via an SD-WAN gateway hosted near your chosen IaaS service colo.
By Ben Ferguson
