AWS

Use IAM access advisor with AWS Organizations to set permission guardrails confidently

AWS Identity and Access Management (IAM) access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts, organizational units (OUs), and your organization managed by AWS Organizations. Permission guardrails help control which services your developers and
/
Google News

Meet David Feinberg, head of Google Health

Dr. David Feinberg has spent his entire career caring for people’s health and wellbeing. And after years in the healthcare system, he now leads Google Health, which brings together groups from across Google and Alphabet that are using AI, product expertise and hardware to take
/

Why You Should Consider Deploying SD-WAN

Software-defined WAN (SD-WAN) and public cloud IaaS services both offer powerful benefits to virtually any business. Many of these same businesses, however, are missing out on an incredible opportunity by either accessing the internet using SD-WAN technology or using public cloud services such as AWS or Microsoft Azure. In other words, you’re using just one of these services when you could be using both.

By extending an SD-WAN into an IaaS service, you can combine the best of what both technologies can offer. And what benefits are there when extending SD-WAN into IaaS? Read on and find out…

1.Scalability

Ask yourself this question: How would my company handle a sudden massive increase in business? By connecting your network into AWS, Azure or even Google Cloud Platform or IBM Cloud, you won’t have to worry about any unexpected increase in demand. Extra compute and storage resources can be created on demand and automated so that you don’t have to rely on a 24/7 system administrator spinning up extra VMs or provisioning extra storage due to a sudden spike in the middle of the night.

This can all be detected and the necessary compute, network and storage resources can be instantiated to accommodate the spike. It’s important to check with your chosen cloud vendor first to understand how exactly scalability (both up and down) is handled within their ecosystem, as this can have a significant impact on expenditure.

2.Cost

As long as your IaaS is configured and managed correctly, it can save your business a lot of money through the virtualization of infrastructure and reduced CapEx, maintenance and IT support costs.

In fact, there are a growing number of enterprises who have gone years without needing to purchase any physical piece of hardware. Meanwhile, WAN networking costs can be reduced through vendor-neutral SD-WAN technology with the most economical data paths selected, which effectively breaks the cycle of a costly MPLS lock-in. SD-WAN infrastructure can also be largely virtualized so that it can be fully managed in the cloud.

Businesses do have to be aware of the risk of shadow IT, though (e.g. unused VMs left in a provisioned state, orphan storage, etc.) – This can lead to money being wasted on resources which are not being used. A thorough TCO assessment needs to be made first to ensure maximum cost savings are realized.

3.Security

SD-WAN adds the benefit of extra security to IaaS deployments. Although security within the cloud is pretty watertight, once data leaves the AWS or Azure edge servers, it is at risk of being intercepted, especially if it is traveling over the open internet. Even with a VPN connection, there is a risk of IP leaks and other forms of vulnerability.

The tunnel overlays in SD-WAN technology provide a native encrypted connection between your business premises and SD-WAN vendor edge device. It also offers per application segmentation. However, no technology is 100% secure and SD-WAN vendors offer different types of security.

There are also third party SaaS solutions, and your IaaS vendor will probably offer application or network security options. These must all be looked at carefully before a decision is made.

4.Performance

By-passing the open internet and prioritizing high-bandwidth and/or business-critical data is the way in which SD-WAN technology can provide much improved performance with low latency and high availability. A combination of load balancing and policy-controlled prioritization ensures that your network can react to any bottlenecks in order to protect priority services such as VoIP connections or media streams.

As with security, not all SD-WAN offerings are created equal, so it is imperative that the various feature options such as path conditioning and traffic shaping are carefully compared before purchase.

5.Visibility and Control

From a management point of view, SD-WAN takes away the need to individually configure devices in favor of a single pane of glass that can be situated either on-prem or in the cloud. This makes changing network behavior and even securing the network that much easier since any configuration changes or policy updates can be applied immediately across the entire SD-WAN.

Choosing a good network and application visibility portal will also enable network engineers to keep a close eye on performance (link utilization, traffic patterns, user/application behavior, bandwidth utilization, latency, packet loss, etc.) over the entire network and quickly apply corrective measures (move loads, assign bandwidth, configure networks, etc.) in response to impending issues or outages. They can also easily pull from custom reports for business meetings, internal reviews, etc.

6.Simplicity

To avoid backhauling data through the data center, WAN deployments can get very complicated, particularly when a business needs to connect several branches to numerous VPCs creating a so-called NxN tunnel mesh. Each tunnel requires manual IPSec configuration at each branch which is not only time-consuming, but also increases the chances of misconfiguration. This can leave the network insecure or even cause a cascade of failures.

Network engineers may have to work with several interfaces when configuring WAN equipment. If they are off sick when changes are needed, there may not be an immediate replacement with the necessary skill set available. This will inevitably lead to delays. If the change is an important security patch, for instance, the network could be left in an insecure state for a dangerously long period of time.

By connecting your network to the cloud via SD-WAN, however, your engineers will only have one interface they need to learn. Through this single interface, they can manage all of the connections between your branches and your SD-WAN provider’s cloud gateway. The IPSec connections to VPCs will be automatically configured by the network policies, which can be instantly updated.

7.Future proofing

We’ve already mentioned that IaaS creates capacity for future scaling, but SD-WAN can also help with future-proofing. Imagine a situation where you intend to migrate to a hybrid network but you really aren’t ready to do so just yet. Cloud-based SD-WAN can be still be set up to proactively manage tunnels between branches, which can be connected to IaaS at some point in the future.

How do you set up and Combine SD-WAN and IaaS?

Deciding on and setting up an IaaS service will depend on many different business-specific factors, so it’s always worth your time to speak with cloud consulting or migration experts for AWS, Azure, and/or GCP. Additionally, for help with choosing and setting up your SD WAN technology, speak to a certified SD WAN solution provider. They’ll be able to help you to extend your SD-WAN into the cloud via an SD-WAN gateway hosted near your chosen IaaS service colo.

By Ben Ferguson

Ben Ferguson

Ben Ferguson is the Senior Network Architect and Vice President of Shamrock Consulting Group, the leader in technical procurement for telecommunications, data communications, AWS Direct Connect, dark fiber procurement, SD WAN Consulting and cloud services.

Since his departure from Biochemical research in 2004, he has built core competencies around enterprise wide area network architecture, high density data center deployments, public and private cloud deployments, and Voice over IP telephony.

Ben has designed hundreds of wide area networks for some of the largest companies in the world. When he takes the occasional break from designing networks, he enjoys surfing, golf, working out, trying new restaurants and spending time with his wife Linsey and his dog,

View Website
Ronald van Loon

What Skills Do I Need to Become a Data Scientist?

Becoming a Data Scientist Leveraging the use of big data, as an insight-generating engine, has driven the demand for data ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Opportunities and Pitfalls When Hiring a Chief Data Officer

Opportunities and Pitfalls When Hiring a Chief Data Officer

The Chief Data Officer As part of their digital roadmap, organizations are increasingly taking advantage of big data and making ...
Why Tomorrow’s Leaders MUST Embrace the Economics of Digital Transformation

Why Tomorrow’s Leaders MUST Embrace the Economics of Digital Transformation

Embrace the Economics of Digital Transformation Why should companies care about Digital Transformation?  Yes, I know it appears as yet another ...
Google News

Meet David Feinberg, head of Google Health

/
Dr. David Feinberg has spent his entire career caring for people’s health and wellbeing. And after years in the healthcare system, he now leads Google Health, which brings together groups ...
Slack

Slack to take unusual route to public markets, likely valuing it around $16 billion

/
NEW YORK (Reuters) - Slack Technologies, the fast-growing workplace messaging and communication platform, is poised for an unusual public listing on Thursday that will see it trade on the New ...
Teradata

AI for Industrials: Why is it different?

/
A few weeks ago I wrote a myth-busting post to tell the truth about using AI in industrial settings. But why is this coming up? What is different about industrial situations, and ...