- Jim Metzler, Ashton Metzler & Associates
- Distinguished Research Fellow and Co-Founder
- Webtorials Analyst Division
Who Has the Best WAN Solution?
Tweet Follow @webtorials
8 Comments
I think that generalised solution features are being described and they sound good in principle, but if the service providers are not involved in the decision making then I'm not sure that business case will fly to do these dynamic changes. In some countries broadband costs are prohibitive compared to standard leased line connectivity which may be cheaper in other countries. Also upgrades etc. may not honoured if the solution is not prearranged or automated with the relevant the service povider. What I am trying to highlight is the fact that this (IWAN) and anything of a similar nature will need to be integrated with the relevant services providers network technically and commercially to really make the solution intelligent.
Thanks for your comment.
I have to admit that I normally work in countries where the cost of Internet is much less than the cost of MPLS. Would you kindly educate me relative to a few countries in which the cost of Internet is much more than the cost of MPLS?
Also, can you help me understand what coordination has to occur, both technically and commercially, with the relevant service providers if an enterprise wants to implement a SD-WAN that is above and beyond the coordination that has to occur if the enterprise wants to use MPLS and the Internet in a more traditional fashion?
The aspect of managing a WAN in-house is seen in the US, but seldom outside. In other words most of the world uses their carriers for such solutions. Having said that, the largest SD-WAN deployment to date is happening with a US retailer using their in-house IT teams where we are replacing all WAN gear at 1400-sites with Viptela SD-WAN. Currently 200 sites are complete and we are rolling out 20/night. Next, two of the top-10 carriers in the world, Verizon and Singtel, announced SD-WAN offering using Viptela SD-WAN (both with production customers).
Note the cost arbitrage between broadband and MPLS plays a factor but not always the driving force (otherwise the Carrier's wouldn't deploy it). The big benefits come from getting a unified WAN offering on any transport (Broadband, MPLS, and LTE) and even on other carriers transports i.e. you can manage the customer any part of the world even where the carrier doesn't have a footprint. Next is agility, the ability to operate the WAN centrally with zero-touch bring up and policy changes.
Thanks for bringing up a very important point, Shaun.
Ok, let’s get started.
The first question is: What are the key features of your company’s WAN solution?
Today's WANs are complex to operate and are both time consuming and cumbersome to augment. With our SD-WAN solution Virtualized Network Services (VNS) we set out to completely change the way businesses deploy and manage their wide area environment.
Before I run through some of the key features of VNS I’d like to highlight four of the key pain points with todays WAN environments we identified.
• Maintaining a real time view of the running configuration, routes used, addresses/subnets/VLAN tags consumed and the firewall/ACL rules deployed; think about the many Excel spreadsheets the network team maintains…
• The management and monitoring of the ACL’s and firewalls at the branches, HQ and data centers and the care and feeding of the mix of in-router features and dedicated appliances that protect the business traffic and enforce security framework.
• The cyclic pressure to rip and replace the existing branch hardware when bandwidth is increased or new features are deployed.
• The day-to-day pressures to squeeze every last drop of the scarce bandwidth resources and deliver a consistent network experience to an ever changing IT application environment.
To address these issues we based VNS on a three tier SDN based solution set. There is a central policy manager where we store templates and policies for the network, a set of SDN controllers that manage the control plane of the WAN, and lastly the branch software that performs the data plane functions issued by the SDN controllers.
This solution architecture then addresses the pain points from above by:
• Site additions are automated by VNS via its centralized policy manager. All you do to set up a new site is to complete some basic information on the location and branch type, select the functionality to be deployed from your template of networking and security polices and ship the branch hardware to the site. As the information is stored centrally the network team has full visibility in to the running configuration (routing topology, L2 and L3 addresses in use and the security policies deployed).
• VNS provides a different model that increases the micro-segmentation of the security within and across the whole WAN environment. With its comprehensive policy framework, data and location security are centrally controlled and pushed to the branch as a core function of the WAN service. If sites require encryption, you simply enable it on the VNS policy manager and instantly the traffic to and from the site is encrypted. The same applies to firewall rules; if a new rule is required due to business policy change or a new application rollout, via the central manager you select the new rule, the sites to deploy and push the button.
• The branch hardware used with VNS is based on open compute. That’s the same x86 architectures you use in your data centers today, and you know the investment advantage you got from moving to open compute there. With VNS we bring the same investment flexibility to the branch. Since its based on standard off the shelf hardware you have the choice, use Nuage Networks branch hardware or deploy the software at the branch on any suitable x86 based compute you have on hand.
• With VNS you get the choice to augment that bandwidth with any connectivity available at the location. With our intelligent traffic steering you can set the branch (via our centralized policy manager) to send your business critical traffic via your premium circuit and to securely offload the more bursty non-critical traffic to another link including the Internet or even mobile broadband. Another area where VNS can utilize alternative bandwidth options at the branch is to improve the availability of your branches. As VNS can utilize any available access technology you can augment your primary branch connection with alternatives. In the event of a failure of the primary connection VNS will automatically invoke the backup circuit and reroute your branch back into the corporate network.
This is a limited view of the complete feature set of VNS but we think that resolving the key pain points of today's WAN including; adding sites, maintaining real-time documentation, enforcing security, and opening up alternative bandwidth options goes a long way to changing the way WAN’s are deployed and managed.
Viptela's SD-WAN solution is used by Mid to Large Enterprises and Global Top-10 Service Providers. The important features are:
See a short demo on Seamless Bandwidth Augmentation.
Cisco’s Intelligent WAN (IWAN) solution is designed to deliver an uncompromised user experience over any connection. IWAN is managed by a centralized controller APIC-EM (Application Policy Infrastructure Controller with Enterprise Module) which provides centralized automation and orchestration of your WAN using the following key features:
These key features help organizations optimize their WAN investments with consistency as the volume of content and applications traveling across networks grows exponentially. All of this is done without compromising performance, reliability, or security, while freeing up resources for new and innovative business services.
To learn more about Cisco IWAN, go to www.cisco.com/go/iwan.
Silver Peak Unity EdgeConnect enables enterprises to dramatically reduce the cost and complexity of building a WAN by leveraging broadband to connect users to applications. By empowering customers to use broadband connections to augment or replace their current MPLS networks, Silver Peak improves customer responsiveness, increases application performance, and significantly reduces capital and operational expenses.
A technical overview of our SD-WAN solution--including zero-touch provisioning, packet-based dynamic path control, and business intent overlays--was presented at our 2015 Tech Field Day.
The Unity EdgeConnect solution consist of three components:
• Unity EdgeConnect physical or virtual appliances (supporting any common hypervisor) deployed in branch offices to create a secure, virtual network overlay. This enables customers to move to a broadband WAN at their own pace, whether site-by-site or via a hybrid WAN approach that leverages MPLS and broadband Internet connectivity.
• Unity Orchestrator is included with Unity EdgeConnect appliance deployments and provides unprecedented levels of visibility into both legacy and cloud applications, and the unique ability to centrally assign business intent policies to secure and control all WAN traffic. Policy automation speeds and simplifies the deployment of multiple branch offices.
• Unity Boost is an optional performance pack that accelerates application performance as needed. The Boost component is unique to Unity EdgeConnect and allows companies to improve the performance of specific applications or locations.
The key features of Unity EdgeConnect are:
• Business Intent Overlays – globally defined policies folded into discretely managed virtual topologies. Using the key tenets of SDN and virtualization, these overlays ensure proper end-to-end handling of WAN traffic according to its business intent.
• Zero Touch Provisioning – A plug-and-play deployment model enables Unity EdgeConnect to be deployed at a branch office in seconds, automatically connecting with other Silver Peak instances in the data center, other branches, or in cloud Infrastructure as a Service (IaaS) with the likes of Amazon, Microsoft Azure and VMware’s vCloud Air. Once connected, the EdgeConnect instances register with Unity Orchestrator. Upon registration, local profiles are mapped to the global business intent overlays. This ensures a highly-visible, tightly-controlled, secure, and high-performing enterprise WAN.
• Dynamic Path Control (DPC) – real-time traffic steering over any broadband or MPLS link based on administratively-defined route policies. There may be multiple paths to and from any corporate location, and DPC monitors and adjusts the usage of these paths based on link quality (loss, latency and jitter are measured at the packet level) and any applied policies (associated with an application or group of applications). In the event of an outage or brownout, DPC automatically fails over to a secondary connection in about one second.
• WAN Hardening – With Unity, all data is secured edge-to-edge via 256-bit AES encrypted tunnels. No unauthorized outside traffic is allowed to enter any branch. WAN hardening secures branch offices without the appliance sprawl and operating costs of deploying and managing dedicated firewalls. There are no middle elements encrypting or decrypting traffic.
• Path Conditioning - overcomes the adverse effects of dropped and out-of-order packets that are common with broadband Internet and MPLS connections. Path Conditioning provides private-line-like performance over the public Internet.
• Cloud Intelligence – tracks and delivers SaaS application data to enable real-time updates on the best performing path to reach hundreds of applications, ensuring users connect to their applications in the fastest, most intelligent way available.
Thank you for developing the guide and giving each of us the opportunity to respond.