Transform your WAN for cloud deployments

HOWEVER, despite potentially huge benefits toward streamlining IT, SaaS deployments can have a negative impact on the enterprise network. According to Gartner, SaaS deployments are now largely deployed for mission critical needs; however traditional enterprise wide area network (WAN) architectures are not well-suited for SaaS or Infrastructure-as-a-Service (IaaS) adoption, due to increased latency and the cost of backhauling traffic to centralised gateways.2

Furthermore, the need to provide enterprise-wide access to not only SaaS services, but also IaaS-hosted workloads, moving from testing/development into production only compounds the potential for network issues.
In 2015, at least half of WAN deployments supporting cloud-use cases will suffer from network performance issues.3 The challenge is ensuring IT infrastructure evolves to address new requirements stemming from the use of SaaS and IaaS within the enterprise. A key word here is “evolve” – forklift network upgrades defeat the purpose of pursuing cloud cost benefits. Functionally, the same requirements for cloud applications exist as for on-premise applications: consistent performance and high availability, strong security and compliance, high degree of end-to-end visibility and control. This is regardless of the application type, site or location – that is from the branch office to the large data centre, for premise-based and cloud-based apps, or for regional, domestic and international sites. For these reasons, the demand for an enterprise WAN fabric is emerging, that extends the benefits of traditional MPLS and leased/private line to support mission-critical cloud deployments.

Reliance on internet undermines SaaS performance and reduces visibility
Ensuring SaaS performance is far more complicated than conventional applications that run over an MPLS or private network. If a conventional application has a performance problem, the IT department within an organisation typically has the right levels of visibility and control to respond. Compute or network resources can be added as needed, and IT has control over server architecture and site proximity.
SaaS is more complicated because IT has no control over SaaS resources. This can result in inconsistent performance depending on the proximity of a request to the SaaS provider’s data centre. For SaaS providers with multiple data centres, load balancing algorithms can be non-deterministic and result in different latency measurements to the destination server, depending on the time of day, server load and other factors based on the content itself. Most importantly, SaaS applications reside on the internet, forcing the enterprise to rely on best-effort transport to deliver mission critical applications. Conventional monitoring systems cannot differentiate between various SaaS applications and services using Transmission Control Protocol (TCP) port 443.

For most enterprises using SaaS applications, it’s already clear that there are performance bottlenecks that cannot be easily pinpointed. Generally, the traditional network topology is backhaul through a central hub site, for example, corporate HQ or other large data centres. The issue with this approach is that there is additional latency because of the backhaul.

The opposite would be to provide direct internet access at spoke sites, but then there are issues with security and ensuring comprehensive threat management/attack protection – not always viable in the IT-constrained branch office. Even with direct internet access, the remote site would be subject to the same variations in internet conditions – for example, service provider backbone transit points that add latency or additional hops resulting from localised route calculations. Or, for long distances, the high latency associated with multiple TCP round trips in establishing and maintaining sessions and negative impact on window size and transmission rates.

The significance of an SD-WAN fabric
A fabric approach allows for the enterprise to regain the control plane and extend WAN traffic securely and in an optimised and controlled manner across the internet and into cloud data centre resources.

Similar to the concept of software defined networks (SDN) in the data centre, a software-defined WAN (SD-WAN) enables conceptual abstraction of datapath and control plane. An overlay network of data path nodes is deployed within various locations around the globe – on-premise (data centres or branch), in IaaS data centres or even at the doorstep of any number of SaaS providers’ data centres in virtual or physical form factors. Without affecting the underlying routing protocol-based decisions made by a service provider’s infrastructure, an SD-WAN overlay should make end-to-end decisions based on real-time measurements to destination servers. The overlay should not only determine the best egress path out of the network to SaaS, but also identify varying latency, congestion, and packet loss within the fabric. This combination of overlay multi-pathing decisions enables the enterprise to get the most out of a hybrid connectivity strategy.

For example, a meshed set of overlay WAN interfaces in four large cities – i.e. a 4-node SD-WAN fabric – closest to the most critical SaaS providers’ data centres, as well as a couple on-premise data centres. Multiple link types between these nodes could include MPLS (voice) + ISP 1 (CIFS) + ISP 2 (SaaS) + ISP 3 (catch-all), or they could be load-balanced, based on the least utilised link for all apps, or any other policy that fits the specific requirement.

A key aspect of this is that no forklift upgrade is necessary. The SD-WAN fabric is driven by the adoption of SaaS, but it allows the enterprise to be more agile and take advantage of high-speed, relatively inexpensive internet connectivity. Initially, this translates to augmenting the existing WAN architecture in such a way that existing traffic is unaffected and only new traffic flows, such as those destined for SaaS and IaaS services, are brought under control for performance optimisation and visibility/control. Instead of forcing L4-7 packet processing, where IT resources are limited at the branch, or backhauling everything and causing congestion/latency issues at an oversubscribed central location, the enterprise can leverage the optimised SD-WAN fabric to quickly process flows in a regionalised hub architecture, leveraging IaaS/co-location facilities where needed, while establishing point-to-point meshed tunnels between individual sites, including branch-to-branch, where appropriate.
Take the future of your WAN into your own hands.

Organisations are increasingly considering deploying an SD-WAN fabric that unifies the enterprise network with the internet and the public cloud. The fabric approach gives IT the ability to gain insight into, monitor and control connectivity to the cloud, while providing users with consistent performance for any cloud or enterprise application.

At the highest level, CIOs and the executive team can develop the proper policies and procedures for addressing new SaaS implementations, which means that IT teams can determine how best to treat that traffic.
Ultimately, an SD-WAN fabric addresses the challenges faced by wide spread SaaS and IaaS adoption, in a way that is in line with IT requirements, and without requiring a forklift upgrade. The organisation’s mission critical applications continue to perform as required as latency issues are solved, packet loss and other effects of network congestion are minimised or eliminated, and visibility and control are maintained for all traffic traversing the enterprise network.

Box
Reference
1. http://www.infonetics.com/pr/2014/Cloud-Services-IT-Market-Highlights.asp

2. https://www.gartner.com/doc/2736117/communications-hubs-improve-wan-performance

3. https://www.gartner.com/doc/2736117/communications-hubs-improve-wan-performance