What is SD-WAN?
A software WAN (SD-WAN or Software-Defined Wide-Area Networking) is a virtual WAN architecture, under which all combinations of network transport types (not only MPLS links.
but also broadband, cellular and satellite Internet) can be virtualized and associated, then centrally managed in a software environment, to securely connect users to applications and workstations, while respecting policies. In essence, SD-WAN is an SDN network for the WAN.
Like SDN, SD-WAN separates control and forwarding panels, allowing administration independent of the underlying hardware. In this way, an SD-WAN solution offers an alternative to infrastructures such as legacy edge routers and point security solutions, simplifying the configuration of remote sites through contactless provisioning and integrated network and network management. Security.
Network management is highly streamlined in SD-WAN solutions. Application traffic can be dynamically routed based on prevailing network conditions, policies, prioritization rules, and/or cost considerations, while link bandwidth is aggregated to ensure economical use and performance. driven by strategies.
How does SD-WAN work?
What is SD-WAN? |
Through network virtualization, an SD-WAN creates one or more virtual network overlays to connect remote sites, data centres and other sites such as sharing spaces. Each overlay can have its own network policies and security rules, which are enforced in real-time by an application-oriented software solution for traffic passing over one or more types of network transport.
SD WANs are both scalable and programmable. They can take advantage of physical, virtual and cloud appliances, with flexible deployment options, for centralized and consistent management of application policies and flows for all WAN sites. Security, load balancing and quality of service (QoS) measures are applied continuously for some applications, depending on how the SD-WAN platform classifies them and balances their requirements with the overall network condition.
From a more technical point of view, SD-WAN offers an optimized user experience when it connects to virtual applications, public cloud and SaaS, in particular, thanks to the following characteristics:
- Association of various network links: SD-WAN technology can integrate multiple MPLS, broadband Internet, cellular and satellite links, then send the application traffic to the optimal type of link at a given time. Bandwidth-intensive applications, such as audio and video, streaming and file sharing applications, benefit from increased bandwidth for guaranteed performance.
- Advanced Application Control: SD-WAN is capable of automatically discovering and accelerating thousands of separate public and private cloud applications, as well as virtual and SaaS applications. In turn, it knows what level of quality of service to offer, and which paths to select on the WAN.
- Real-time routing decisions: An SD-WAN solution can use inline and edge routing modes to dynamically insert services, as part of a packet-based approach to manage and regulate traffic. In this way, it can limit jitter, latency, congestion, and packet loss, and send traffic over various associated links for superior performance.
- Complete and automated security: Instead of resorting to the performance degrading transmission process required for security in traditional WANs, SD-WAN includes built-in peripheral security mechanisms (latest generation firewall, anti-malware protection, SSL inspection and intrusion detection/prevention systems (IDS / IPS)), and integration with secure web gateway providers.
- Disaster recovery and network resiliency: With under-a-second disaster recovery, available from select vendors under the right conditions, the WAN remains resilient. Likewise, SD-WAN provides enterprise-grade cloud and SaaS access through a managed service with a special disaster recovery function, which preserves application performance, even in the event of a power outage or failure. voltage drop.
- Automated Cloud Gateways: A cloud gateway through SD-WAN provides direct, secure and highly available connections between remote sites and IaaS / PaaS clouds or different regions. With a virtual SD-WAN appliance in the cloud and an SD-WAN appliance at the remote site, an SD-WAN tunnel can be created. Connections can be configured for major cloud providers.
- Direct SaaS Connectivity: SaaS applications, including mission-critical voice and video applications, and UCaaS require better performance than that offered by traditional data centre transmission functionality. SD-WAN can optimize performance through a private network, which provides link association, QoS and disaster recovery when connecting to nearby points of presence, co-installed and associated with SaaS platforms and popular cloud.
- WAN Optimization: SD-WANs can integrate WAN optimization functions to further improve application performance, for example through compression, data deduplication and TCP optimization, and simultaneously reduce associated bandwidth expense.
Properly implemented, SD-WAN provides a high-performance, scalable, and cost-effective WAN that meets the needs of increasingly remote end-users in the cloud age, thus driving digital transformation.
What common network problems can SD-WAN solve?
Compared to traditional hub-and-spoke WANs connected by MPLS links, SD-WANs offer increased operational flexibility and guaranteed performance, making them a preferable choice for managing application traffic from the hungry Internet. in bandwidth. In the age of ubiquitous cloud connectivity, an SD-WAN is a critical upgrade over the MPLS WANs of yesteryear, which poses global challenges:
Problem 1: Ensure application performance
For years, MPLS has been the best low latency option for forwarding WAN traffic, since MPLS routers were able to read the label in the header of a packet and send it over a path.
predetermined, without wasting time searching through routing tables. But as organizations have led their digital transformation and seen their network traffic load increase and become more complex, MPLS networks are now less efficient and economical.
To manage it properly, MPLS-based WANs typically pass cloud and internet traffic through a head-end, data centre type, to enforce policies, resulting in significant delays. This bottleneck in the transmission process dramatically decreases employee productivity, making their cloud and virtual applications much less reliable.
The common workaround of adding dedicated Internet access lines to offload MPLS from some of the traffic in favour of network transport with more bandwidth can be useful, but it also comes with a set of problems. Bandwidth can be underutilized, even as expenses increase from managing multiple disparate plans and the costly and time-consuming MPLS provisioning process.
What are the advantages of SD-WAN? SD-WAN technology combines links of several types within a network overlay, thereby promoting the use of a high-speed Internet connection in addition to or in place of weaker MPLS connectivity. QoS and WAN optimization measures can also be applied, in addition to automated cloud gateways, for a better SaaS, PaaS and IaaS experience. Additionally, SD-WAN's built-in edge security capabilities are much less risky for the user experience than the MPLS trunking paradigm and provide multi-layered threat protection optimized for cloud environments.
Problem 2: maintain visibility and control
Traditional WANs were designed for the pre-cloud era, when most application traffic passed through corporate data centres, not through IaaS and PaaS services owned and managed by external vendors. Therefore, they offer limited capabilities to visualize the status of the network at any given time and to contain threats to data and network performance.
These flaws are perhaps more obvious when it comes to security. MPLS WANs lack firewalls and are only secure because they are kept away from the public Internet. Additional point solutions, such as firewalls, must be managed separately. This lack of integration and artificial intelligence means dealing with countless alerts, which can quickly become unmanageable, increasing risk.
At the same time, the lack of visibility is the cause of application performance problems. In the event of deep network congestion, perhaps due to a sudden increase in the use of VoIP and videoconferencing by teleworkers, it is difficult to react within the limits of the traditional WAN, which does not have application recognition and the real-time intelligence needed.
What are the advantages of SD-WAN? SD-WANs centralize network and security management in the software environment, providing complete visibility and full control. They identify and redirect traffic over WAN links by programmable and scalable policies, while using several built-in security mechanisms (from firewalls to IDS / IPS platforms) to secure application flow without compromising performance. SD-WAN is also starting to be integrated with a larger Secure Access Service Edge (SASE) architecture, for extended protection.
Problem 3: Manage high costs
MPLS connectivity is much more expensive than comparable broadband, cellular, or satellite Internet links. Not only does it require an expensive custom router infrastructure, but the amount of bandwidth available for the cost is still not enough to reliably run real-time applications and chatty cloud services.
Other costs are also emerging. The complexity of legacy WAN infrastructure and security architectures, the management of different connectivity plans, and the drudgery of moving, adding, and changing at remote sites are costly.
Outdated security models also pose the threat of a data breach. Frustrated with the constant redirection of WAN traffic, end-users risk resorting to insecure Shadow IT applications.
What are the advantages of SD-WAN? SD-WAN combines several network transport modes to transport TCP and real-time applications. Although MPLS still have a role to play within an SD-WAN architecture, the WAN as such is no longer subject to its limits, thanks to the presence of other more economical sources of bandwidth. SD-WAN technology brings all of these types of connectivity together in a single framework and aggregates everyone's bandwidth.
Problem 4: struggling with scalability and flexibility
Relocations, additions and changes are real hardships in a traditional WAN, due to its fundamental dependence on hardware architecture, as well as security considerations. Additionally, the provisioning of vendor-based MPLS can take months. Simply connecting a new remote site to the corporate WAN can take a lot of effort.
For example, an assortment of specialized equipment will undoubtedly be necessary, as well as a team on-site to configure it and then take care of its management. These constraints are often unrealistic,
because organizations have limited technical staff and rigid IT budgets. As a result, they are unable to scale their WANs to accommodate emerging network and security challenges.
What are the advantages of SD-WAN? Contactless provisioning as part of SD-WAN enables the implementation of WAN connections in just minutes. Secure Internet access points at these sites also mean that application access is both secure and efficient, creating a durable WAN architecture capable of accommodating a wide range of on-premise applications and workstations. , Web, virtual, cloud and SaaS. Finally, SD-WAN policies can be updated smoothly as the context changes.
What are the main advantages of Citrix SD-WAN technology?
Citrix SD-WAN delivers an optimized user experience regardless of application, location, device, or network transport. The following 10 benefits illustrate its overall value:
- A premium application experience for all types of applications and workstations, with guaranteed performance and built-in security across the WAN.
- Cloud and SaaS application detection through deep packet inspection from the Citrix application control engine, and automated cloud gateways for optimal connectivity.
- An assortment of network transport modes for more scalable and economical networks capable of combining MPLS, broadband Internet, cellular and satellite links.
- Flexible and programmable strategies, applicable through measures such as traffic control, two-way QoS, prioritization of real-time applications and the use of security services.
- Comprehensive security including stateful and next-generation firewalls, malware protection and integration with secure web gateway providers.
- Dynamic path selection and bandwidth aggregation to ensure optimal routing of applications and full use of links.
- A more modern WAN infrastructure, with fewer single-function devices, and the ability to integrate SD-WAN into a larger SASE framework.
- Centralized and simplified administration, which eliminates the complex configuration of peripheral devices in the field.
- High resiliency and redundancy, with rapid disaster recovery to limit the impact of power outages on WAN connections.
- Accelerate deployments and changes with contactless provisioning and flexible deployment options in the public cloud.
Commentaires
Enregistrer un commentaire