As businesses in Asia adapt to the changing dynamics of Novel Coronavirus (Covid-19), the unprecedented shift toward remote working is creating a mass exodus of employees out of branch offices into their homes. Employees are quickly having to adapt to communicating and collaborating in new ways to maintain business productivity.

This shift is creating an entirely new set of challenges for many IT departments. In particular, connecting a distributed, remote workforce to business-enabling applications and services residing in the data center and the cloud. Some users require access to VoIP systems, virtual desktops and video conferencing that require fast and highly reliable network connections.

As this new reality sets in, businesses are quickly figuring out how to best meet these changing organisational goals. A company that had 50 branch offices yesterday must now grapple with the idea that every user and their home network is a new branch they have to support, representing an exponential increase in the number of sites overnight.

It’s important to have an architecture that allows both non-SD-WAN and SD-WAN users to connect to applications and services remotely. These users have a shared set of requirements:

  • Reliable access to on-network applications (data center and IaaS)
  • Secure and direct access to cloud services (SaaS)
  • Some have unique requirements of real-time applications such as voice, video and virtual desktop infrastructure (VDI).
  • Others require additional performance for high-throughput applications such as software development, large data applications and medical imaging.

Given the need to rapidly deploy, the architecture must have the ability to heavily leverage software and cloud computing wherever possible.

Connecting remote users

No place like home mat
– ThinkGeek

As more employees are sent home, businesses need to find a way to rapidly connect them back into the network and to applications. This is arguably the most difficult element of the architecture.

Many enterprises can simply leverage client-based software for connections to existing security infrastructure. For users that require additional reliability or performance, however, additional mechanisms of performance and reliability can be used. This might be for call center technicians, users who upload and download large files or VDI users who stream their remote desktop.

There are two general architectures under the client software approach. The first is to deploy a client-based VPN and a series of geographically distributed concentrators. Cloud providers such as Amazon Web Services and Microsoft Azure offer client-based VPN solutions, and technology vendors such as Check Point Software or Palo Alto Networks offer remote access VPN solutions that may work with existing enterprise infrastructure.

The second option is to leverage cloud-based enforcement nodes and application connectors, through cloud-delivered security services like Zscaler ZPA.

In both remote connectivity scenarios, the focus is squarely on the security of both the user and the application. There are, however, a subset of users that may need a higher degree of performance and reliability not offered by these approaches.

For those users who require a higher quality connection, are pushing big workloads or need additional visibility and security, an SD-WAN edge platform can be leveraged at the home office. This enables services such as local internet breakout, QoS, path conditioning (packet loss and out-of-order packet correction), WAN optimization, segmentation and a variety of other features, to be applied for a higher quality application experience.

In addition, IT administrators can centrally manage and delegate policies across the entire SD-WAN fabric. Remote and home users can realize the same or better quality of experience than they do working in the branch office.

Configuring regional cloud hubs and data centers

There can be performance limitations introduced when forcing many users into distant, overloaded VPNs. By building out a geographically distributed VPN infrastructure that leverages existing data centers or cloud services, businesses can connect users to the network as locally as possible.

Localizing the user’s connectivity to the network provides the absolute best last-mile experience, while connecting them into a high quality, service-provider grade network. This also reduces the risk of overloading circuits by forcing everyone into the same location.

Once users are connected into a localized hub through VPN or SD-WAN, they can leverage the security, reliability, and performance features of an SD-WAN. A virtual or physical appliance can be deployed to manage policy and connectivity across the rest of network. As users try to access resources in data centres or branch offices, cloud hosted IaaS services or SaaS-based services such as Office365, they do so across a highly reliable and secure SD-WAN fabric.

Connectivity is easily established and policy simply delegated through the use of business intent overlays. Mission critical applications can be prioritized and protected, routing to SaaS services can easily be optimized and cloud-delivered security services can easily be added.

SD-WAN provides easy mechanisms for connecting branch users into the network and provides an easy mechanism for connecting them globally, without sacrificing performance or reliability.

Reliable access for users

While many of these problems aren’t new, businesses normally have more time to prepare for remote users to be incrementally added. Providing the same applications, services and reliable experience to thousands of users in their home offices in such a short period of time represents a herculean effort.

The cloud, combined with SD-WAN, provides an easy way to build a WAN that provides reliable access for users anywhere.

Further reading