For many years, the technology of choice for linking together remote locations into a seamless and secure WAN has been MPLS links, since network boundaries coincided with physical ones. With the rise of the mobile, geographically-dispersed workforce, however, the cost of MPLS bandwidth and the inherent limitations of the traditional appliance-based SD-WANs are becoming too burdensome, even when supplemented with VPN appliances meant to accommodate offsite users. SD-WAN as a service (SDWaaS) platforms are the mobile-ready solution today’s organizations really need.
Due to their low latency, packet loss, and downtime, MPLS network links have been a mainstay of enterprise networks, linking the LANs of individual branch offices to each other and to the central HQ and thus forming an organization-wide WAN. MPLS links, however, come with high price tags for bandwidth compared to Internet links. Although traditional SD-WANs based on rack-mounted appliances enabled organizations to reserve MPLS bandwidth solely for the latency-sensitive business applications which needed them, only users at the central datacenter or MPLS-linked remote offices could enjoy the performance and encryption benefits.
Why VPN appliances aren’t a fix for SD-WANs
For workers such as offsite contractors, staff accessing network resources from their mobile devices, employees who work from home, and freelancers working for a corporate client, this has become a major pain point. Since all of them are outside the WAN, they need a secure way to log in. Inevitably, VPN appliances are used to augment the SD-WAN.
Network engineers usually employ one of two methods to do this:
Option #1: Have all these people connect securely via a VPN to a single WAN access point (usually the main datacenter), and from there these outside users can access files and applications on the WAN and access the Internet securely.
Option #2: Set up and maintain a dedicated Internet access (DIA) link to serve as a WAN entry point, with accompanying VPN appliances, at each remote location.
Option #1 naturally leads to the central WAN entry point becoming a traffic chokepoint and single point of failure for an entire organization’s remote workforce. Option #2 increases both the WAN’s attack surface while adding complexity since it requires IT departments to install, configure, maintain, patch, and eventually upgrade multiple VPN appliances, not to mention other complementary network appliances like firewalls.
The key to resolving this conundrum is by first realizing that appliance-based SD-WANs are a physical solution meant to manage physical network links between physical permanent locations and provide connectivity to users permanently within those locations.
The second step is understanding that all those physical networks should be virtualized and cloud-based, accessed through much more affordable last-mile Internet links. This is what SDWaaS is all about.
Cloud WAN solutions for the cloud era
By moving the SD-WAN to the cloud, SDWaaS delivers the same cloud benefits enterprises are already enjoying in other areas of their infrastructure:
- Redundancy: no single point of failure
- Geographical coverage: no single point of congestion and more efficient routing based on proximity
- Simplified and unified configuration and monitoring
- Access to network infrastructure wherever there’s an Internet connection
SDWaaS also fixes another problem associated with VPNs: the lack of granular access policies and visibility into WAN traffic usage. Since SDWassS platforms provide real-time monitoring, fine-grained access controls, and historical metrics through an easy to use dashboard, the businesses which use them are in a much better position to fulfill the data security requirements often included in the RFPs of potential customers. In this way, SDWaaS can actually drive more revenue through cost-effective security compliance.
Lastly, SDWaaS solutions can even replace MPLS throughout the entire corporate WAN. That’s because these platforms combine point of presence (PoP) location proximity to major cloud service provides like Microsoft Azure and Amazon’s AWS with an optimized backbone which comes with an SLA. The result is MPLS-level performance for standard business Internet price.
With so much of the network infrastructure of many organizations already in the cloud (or heading there), it makes a lot of sense for them to migrate their SD-WANs there as well. Through leveraging the scalability and flexibility of the cloud, and a global backbone with a comprehensive integrated security stack, SDWaaS provides performance and security to mobile and offsite users without the cost and headache of managing more network appliances.