GF TECH

Simplified, Integrated Application driven Security
Why Silver Peak EdgeConnect SD-WAN

With more than 1,000 production deployments as of the summer of 2018, customers have identified four unique areas of business value as the reasons they’ve chosen the Silver Peak Unity EdgeConnect™ unified SD-WAN platform. The platform enables customers to build a unified WAN edge that is business-driven, delivers the highest quality of experience, continuously adapts to changing business needs and network conditions. It is designed to enable enterprises to fully realise the transformational promise of the cloud. 
 
Silver Peak named a leader 2018 Gartner Magic Quadrant for WAN edge infrastructure.

What can Silver Peak Offer your Business?


Business-driven SD-WAN

By deploying the EdgeConnect SD-WAN edge platform, application performance, security and routing are dictated by top-down business policies, not bottoms-up technology constraints. Enterprises ensure that the priorities of their business are always reflected in the way the network delivers applications to users. Business intent dictates application QoS and security policies. Business intent also drives the way network resources are applied to match the business criticality of every application.

 

The EdgeConnect SD-WAN architectural model utilises virtual WAN overlays based on business requirements (business intent overlays) for every class of application. Once overlays and their associated policies have been defined via Unity Orchestrator™, configurations are pushed to all sites across the network. At that point, traffic handling is fully automated to optimally route — or steer — applications based on pre-configured parameters. EdgeConnect continuously learns about any network condition changes and automatically adapts traffic handling to maintain continuous compliance to application QoS and security requirements.

Highest Quality of Experience

Leveraging technologies that continuously learn, adapt and automate how traffic is carried across the WAN, the EdgeConnect platform delivers the highest quality of experience for both end users and IT. End users enjoy always-consistent, always-available application performance, including the highest quality of voice and video, across any combination of transport services including cost-effective consumer broadband services. With capabilities including adaptive local internet breakout, path conditioning and the Unity Boost™ WAN optimisation performance pack, Silver Peak enables IT to keep users satisfied and productive.

 

Centralised orchestration simplifies the implementation of changes, minimises human errors and enables faster troubleshooting so that IT can be more responsive to the business. With high application performance and availability and automated network resiliency, even when underlying transports experience disruptions or outages, EdgeConnect frees IT to reclaim their nights and weekends – and to contribute to more strategic digital transformation initiatives instead of just “keeping the lights on.”

Continuous Adaptation

Through advancements in machine-learning, Silver Peak is going beyond automation and templates to enable customers to build a self-driving wide area network that gets smarter every day. The EdgeConnect platform automates real-time response, eliminating the impact of brownouts and blackouts as continuous monitoring and analytics detect changing conditions and trigger immediate adjustments.

Basic SD-WANs can break out some cloud applications by manually scripting ACLs which rely on the overhead of constant, manual updates to address application definition changes. The applications themselves change as new features are added, and the IP addresses utilised by common SaaS applications are updated frequently. However, when application definitions or IP addresses change, a basic SD-WAN will revert to backhauling traffic it cannot classify, resulting in degraded cloud application performance. Silver Peak adaptive internet breakout automates application definitions and IP address updates daily for more than 10,000 SaaS applications and 300 million web domains. With Silver Peak adaptive internet breakout, users can always connect to any application without manual intervention from IT.

Unified Platform

The EdgeConnect SD-WAN edge platform was designed from the ground up as a single system. It unifies SD-WAN, firewall, segmentation, routing, WAN optimisation and application visibility and control in one platform. This is in contrast to competitive offerings that merely integrate key branch wide area network functions through service chaining.

 

EdgeConnect also supports rapid deployment with flexible hardware, software and cloud delivery models that are interoperable through full and open APIs. And, Silver Peak allows enterprises to leverage existing investments, through service chaining to ecosystem partners, including industry leading security, cloud and service providers. In fact, Silver Peak supports the broadest security and cloud partner ecosystem with leaders including Check Point, Forcepoint, McAfee, Opaq Networks, Palo Alto Networks, Symantec and Zscaler; cloud providers including Azure, AWS and Oracle Cloud Infrastructure. In addition, more than a dozen service providers deliver managed service or co-managed SD-WAN offerings powered by the EdgeConnect unified SD-WAN platform.

Benefits and Business Outcomes

  • Greater Business Agility and Responsiveness
  • Increased Application Performance Across the WAN
  • SD-WAN Is Not a Substitute for WAN Optimisation
  • High Application Availability
  • Assure Business Intent with Advanced Application Visibility and Control
  • Robust Edge-to-edge Security and Micro-segmentation
  • Extensibility to 3rd Party Solutions via Service Chaining

SD-WAN Explained


What is SD-WAN?

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.

An SD-WAN uses a centralized control function to securely and intelligently direct traffic across the WAN. This increases application performance, resulting in enhanced user experience, increased business productivity and reduced costs for IT.

Traditional WANs based on conventional routers are not cloud-friendly. They typically require backhauling all traffic – including that destined to the cloud – from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity. Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premise data centers, public or private clouds and SaaS solutions such as Salesfore.com, Workday, Office365 and Dropbox, while delivering the highest levels of application performance.

What is SD-WAN?
An SD-WAN securely connects users to any application, whether hosted in the data center or in the cloud across any WAN transport service including broadband internet services.
How does an SD-WAN work?

SD-WAN for cloud-first enterprises

How does an SD-WAN enable the new cloud-first model? An SD-WAN uses software and a centralized control function to more intelligently steer or direct traffic across the WAN. An SD-WAN handles traffic based on priority, quality of service and security requirements in accordance with business needs. The conventional router-centric model distributes the control function across all devices in the network - routers simply route traffic based on TCP/IP addresses and ACLs.

Sending SaaS and IaaS traffic directly across the internet delivers the best application Quality of Experience for end users. However, not all cloud-bound or web traffic is created equal. Many cloud applications – and their providers – natively apply robust security measures. Accessing these “trusted” applications directly from the branch, across the internet provides the needed security to protect the enterprise from threats. A few examples include Salesforce, Office365, ServiceNow, Box, and Dropbox.

However, other cloud apps and web traffic may be less trusted, unknown or even suspicious, requiring more advanced traffic screening. A sample security policy might be:

  • Send known, trusted business SaaS traffic directly across the internet
  • Send “home from work” applications like Facebook, YouTube and Netflix to a cloud-based security service
  • Backhaul untrusted, unknown or suspicious traffic such as peer-to-peer applications or traffic to or from a foreign country back to a headquarters-based next generation firewall.

The intelligence and ability to identify applications provides an application-driven way to route traffic across the WAN instead of simply using TCP/IP addresses and ACLs. This software-driven approach delivers a much better QoEx than possible with router-centric WAN model.

Actively use any transport including MPLS, Broadband and LTE

An SD-WAN virtualizes WAN services including Multiprotocol Label Switching (MPLS), broadband internet services and 4G/LTE, treating them as a resource pool.

But why aren’t more internet connections used for enterprise WAN services? Simple. Historically, the internet was a best-effort amalgam of networks. It wasn’t secure or reliable enough to meet business needs. And it certainly didn’t perform well enough to support latency-sensitive or bandwidth-intensive business applications.

Overcoming the challenges of broadband

With internet access redefining the economics of networking, the time is now to actively use broadband services in the enterprise SD-WAN. That is, as long as concerns over performance, reliability and security can be overcome. Common concerns include:

  • How do you harden a broadband internet connection to create a secure SD-WAN?
  • How do you address the latency and performance limitations of broadband?
  • How do you make sure that streaming cat videos don’t override the priority for business-critical applications?
  • And if a business has hundreds or even thousands of branch offices, how do you make it simple to configure, manage and expand?

The solution is to shift to a business-driven SD-WAN platform The solution is to shift to a business-driven SD-WAN edge platform that unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions in a single platform.

Advanced software-driven security and performance features enable enterprises to securely, reliably and actively use broadband to transport application traffic instead of simply using it as an idle backup. By augmenting or even replacing MPLS with broadband, enterprises can significantly increase WAN bandwidth while lowering overall WAN costs.

Continuous self-learning and automated adaptation

By continuously monitoring applications and WAN transport resources, an SD-WAN can quickly adapt to changing network conditions to maintain the highest application performance and availability. An advanced SD-WAN delivers the highest levels of end-user Quality of Experience, even if a transport service experiences an outage or a brownout (excessive packet loss, latency or jitter). This improves business productivity and end user satisfaction.

Two key SD-WAN capabilities

Two key features of advanced SD-WAN architectures are:

  • Centralized Orchestration. By centralizing the configuration of an SD-WAN as well as application performance and security policies, enterprises can significantly reduce WAN operational expenses.
  • Zero-Touch Provisioning (ZTP). With ZTP, configurations and policies are programmed once and pushed to all branch locations without having to manually program each device individually using a CLI. It eliminates the need to send specialized IT resources out to branch locations whenever a new application is added or a policy is changed. ZTP also reduces human errors, resulting in more consistent policies across to enterprise.
Why SD-WAN?

As applications continue to migrate to the cloud, networking professionals are quickly realizing that traditional WANs were never architected for the cloud.

Applications are no longer hosted solely in enterprise data centers. They are also hosted in:

  • On-premise data centers
  • Public or private clouds
  • Subscription-based Software as a service (SaaS) solutions such as Salesforce.com, Workday, Office365, Box and Dropbox

The traditional router-centric model that backhauls traffic from the branch to headquarters to the internet and back again no longer makes sense.

Backhaul adds latency – or delay – that impairs application performance resulting in poor user experience and lost productivity. Employees often report that their business apps run faster at home or on their mobile devices than at the office. Learn more reasons why it’s time to think outside the router.

Geographically distributed enterprises are embracing SD-WANs at an accelerating pace because they help businesses become more agile, enhance business productivity and dramatically lower costs.

SD-WAN benefits for enterprises

  • Increase business productivity and user satisfaction
  • Enhance business agility and responsiveness
  • Improve security and reduce threats
  • Simplify branch WAN architecture
  • Reduce WAN costs by up to 90 percent
7 Facts of SD-WAN infographic
SD-WAN vs. SDN

SD-WAN vs. SDN

Software-defined Networking (SDN) concepts and the OpenFlow protocol were introduced in 2011 to deliver increased agility, flexibility, operational efficiency and choice to data networking. Fundamental to SDN was the separation or disaggregation of the control or management function (plane) from the data forwarding function (plane) of the network. SDN proposed centralizing control while leaving the data forwarding function distributed amongst network elements (switches and routers).

The SD-WAN architectural model is similar to SDN in many ways:

  • Centralized management or orchestration – the control plane
  • Distributed data forwarding function – the data plane
  • Application-driven traffic routing policies

However, unlike SDN, SD-WAN offerings do not allow interoperability between SD-WAN vendors and the creation of industry standards. Various SDN industry working groups continue to propose and debate, but have yet to fully agree upon standardized SDN controller and network services Application Programming Interfaces (API).

SD-WAN delivers value to enterprises of all sizes

In contrast, SD-WAN vendors focused on delivering production-worthy WANs and providing value to enterprises of all sizes. SD-WAN interoperability efforts focused on working with existing WAN infrastructure such as routers, firewalls and transport services and not on multi-vendor SD-WAN solutions.

SD-WAN delivers a tangible ROI

SDN with all of its underlying complexity continues to struggle with identifying and delivering tangible ROI to all but the largest communications service providers, web-scale cloud providers and only the largest of enterprises. SD-WAN, on the other hand, is being rapidly adopted in production by companies of all sizes and in all industry verticals. As of the second half of 2018, SD-WAN has moved beyond the early adopter market acceptance phase to the early majority, with more than 10,000 production SD-WAN deployments industry-wide.
sdwan

SD-WAN vs MPLS - It’s not either or!

There have been some misconceptions that SD-WAN and MPLS are mutually exclusive. In fact, they are quite complementary. While most SD-WAN deployments include active utilization of broadband services, many continue to utilize MPLS circuits as part of the WAN transport resource pool.

Enterprises with dual MPLS circuits at each branch site often allow one contract to expire and then continue with a hybrid strategy. We are beginning to see customers allow their secondary MPLS contracts to expire as they become comfortable moving forward with dual broadband services only. The result is tremendous bandwidth improvements and cost savings.

An intelligent SD-WAN platform can combine transport services into a single, logical high-bandwidth link, improving application performance. More advanced platforms continuously monitor the throughput, packet loss, latency and jitter of all transport services. The SD-WAN then automatically routes traffic – and when necessary, reroutes traffic – to maintain compliance with Quality of Service and security policies.