Consumer-facing enterprises are being driven to become more responsive and customer-centric. Inevitably, this pressure works its way through the entire value chain so that both B2C and B2B enterprises are looking for ways to use digital technologies to improve agility and reduce costs.
This “digital transformation” takes many forms, but a key place it’s being felt is in enterprise application development. Enterprises are embracing faster, more innovative DevOps approaches using microservices architectures (MSA) to drive application development. To work as advertised however, this requires a software-driven, automated approach to enterprise networking.
One key characteristic of a modularized approach to software development is that services that support applications no longer reside on a single server. Now, an employee in a branch office, or customer on a mobile device, may be using an application that communicates with services hosted on different virtual machines, containers, or on multiple physical servers, situated anywhere in the enterprise’s data centers or on the public cloud. Save for some latency or jitter requirements for specialized applications — like augmented reality or automation — the location of these various applications, data or microservices isn’t important to the performance.
However, location of services is important if you’re an IT manager responsible for administering security and permissions for users and groups, or managing network connectivity — especially if these services are managed and controlled from separate siloed systems. You could be a DevOps team trying quickly to release a service module that supports a global application, but don’t have time to ensure that all the permitted users of the application have secure connectivity from wherever they are, to all of the microservices that make up the application, wherever they are. To realize the agility and responsiveness of MSA/DevOps, it’s imperative that the underlying complexity of the network and virtualized infrastructure be presented to the application layer as simply as possible.
Many global enterprise players, whether grown organically or through M&As, are probably looking at complex networking environments characterized by different kinds of access from optical and Ethernet for data centers, to copper xDSL, for branch offices. For WAN connectivity to connect data centers, branch offices and public cloud sites, various technologies are at play including IP/MPLS, broadband internet and even 3G/LTE.
In data centers, they will be using a mix of bare metal servers, VMs in a hybrid hypervisor environment and containers. The smallest mistake in provisioning can cause the entire application to break. Time and costs of manually managing this complexity would wipe out any of the savings of MSA and render the agility of a DevOps approach pointless.
Fortunately, SDN, which began as the answer to similar problems in the data center, has also evolved so it can be extended to branch locations and public clouds across any type of WAN transport technology, allowing enterprises automated access to services across the network.
Now SD-WAN, it enables enterprise IT teams to build networks that are more flexible, secure and automated –responsive and flexible enough to support highly distributed cloud applications, and it also keeps IT operating costs from exploding.
SD-WAN’s first generation was primarily used for managing connectivity between branches, especially remote connectivity of offices under-served by IP-VPN services, and until now, was a separate solution from SDN in the data center. Today, the second generation of SD-WAN must act like an extension of SDN to connect data centers, branch locations and public clouds across any kind of WAN transport.
The underlying WAN transport has to first behave seamlessly across all entities – so, gateway border routers must be deployed at key locations: at the WAN and data center boundary and where there is a heterogeneous WAN segment that breaks the connectivity model.
With this seamless infrastructure in place, the SDN/SD-WAN connectivity model can program and automate connectivity of applications originating from VMs in the data center to services that may be hosted in public clouds or even in remote branches. These applications can then be consumed by users on the rest of the enterprise network or WAN, achieving true end-to-end connectivity. SD-WAN 2.0 presents a unified abstraction of the underlying complexity, effectively providing a single pane of glass for the governance and control of the entire enterprise network, automating IT tasks and reducing costs.
For branch offices, SD-WAN also provides a holistic approach using centralized policies to securely connect services that are hosted as virtual network functions on universal CPEs (L7 firewalls, intrusion and detection, session border controllers, WAN optimizers and print servers) to conveniently service local application flows.
Classical perimeter-based security measures are inadequate given the dynamic nature of cloud-based architectures.
A seamless, end-to-end governance model is necessary. SD-WAN 2.0 provides complete protection, flow visibility and analytics to understand the network and the impact applications have on it. Micro-segmentation security measures can be applied to each application across the entire network leaving no segment unprotected. Finally, policies provide automated remedial actions when the network detects threats.
As enterprises embrace digitalization of operations end-to-end, leaving the network out of the equation could defeat the point of transformations in other areas, like DevOps. A second generation SD-WAN solution is needed today to provide enterprises a secure, predictable network platform on which they can build their agile development programs, ramping up responsiveness to their digitally demanding employees and customers.