Digital transformation is the need of the hour for almost all enterprises globally. Many companies are embracing mobile, video, cloud, and IoT technologies to stay competitive and relevant with the ever-growing demands of their customers and partners. Most CEOs, CTOs, and CIOs agree that the risk of going out of business is definitely high without incorporating digital strategies in their portfolios. Accordingly, there is a good amount of investment going toward research, deployment of new digital methodologies, and up-skilling the workforce in this direction.
Enterprises are now planning to implement multiple new services as part of the digital transformation strategy across their LAN, WAN, and data center.
The Thought Cloud Podcast Series
Episode 17: COVID-19 Marks a Turning Point on the Digital Transformation Timeline
with Naresh Thukkani
For access to more podcast episodes, click here.
Today, given the economics of cloud computing, it is a no-brainer for most CIOs to comfortably move their workloads to cloud providers like AWS, Azure, and GCP and leverage other SaaS applications as well. While few enterprises are going with a single cloud provider, the majority are embracing multiple cloud solutions to avoid vendor lock-in. Apart from vendor lock-in, it is becoming more evident that few workloads seem to perform well or integrate better with an ecosystem of tools in one provider’s cloud compared to others. Hence, in order to get the best-of-breed services for a wide variety of application requirements, enterprises are looking to have their workloads spread across multiple clouds. It is worth noting that many of these cloud services might have their own application SLA requirements to perform better.
Enterprises typically used the data center as the central wall of defense, where they hosted many security appliances to inspect the traffic that was going in and out of the organization. While the architecture has worked well so far, this approach may not work for the multi-cloud strategy. Cloud applications that reside on the internet need to get the best SLAs to ensure a great experience for the employees. Backhauling all the traffic for cloud applications from branches to data centers and from there to the internet increases the latency and results in a poor experience.
For example, an enterprise with 70,000 employees that plans to move its email application server from in-house to Office 365 needs to carefully think of the dependencies on the network characteristics so that the application can perform better without compromising the quality of the user experience.
In an enterprise, the demand for the WAN bandwidth is clearly very high. This can be attributed to the growing number of a wide variety of bandwidth-hungry applications and end points used by employees, partners, and customers. In order to ensure an overall quality experience, the underlying bandwidth has to increase so that the applications are not starving. While enterprises typically used multiprotocol label switching (MPLS) as the primary way of communication across the network for all applications, procuring more MPLS bandwidth for growing bandwidth needs is not a long-term, scalable, or cost-effective solution. Hence, enterprises are looking to have other alternative links, like the low-cost broadband internet as the primary vehicle for communication, along with MPLS.
However, given the best effort and less secure behavior associated with broadband internet and 4G, IT teams are facing challenges in setting up needed secure tunnels, managing the application traffic into respective tunnels, and navigating ongoing changes to the deployment. Additionally, the complexity increases as well with the ever-changing IT policy decisions by management as per new business interests. Hence, there is a need for efficient WAN management to support applications with less operational complexity to ensure IT teams are adding significant value to the business.
While enterprises are marching toward the digital transformation journey, many elements need to be addressed in the right way to ensure they are still compliant with auditing and regulatory standards. Given the data has to be secured before, during, and after the transaction, security has to be treated as a high priority.
If an enterprise moved documents to an AWS cloud and an engineer incidentally opens the S3 document permissions as public or allows complete access to an important application, it can be a serious situation for the company. The complexity manifests even more if the enterprise has multiple cloud providers in place and the engineers need to be trained and certified on multiple domains. Hence, the right skill set, monitoring and visibility tools, network, and security policies should be in place to avoid any breach of security.
IoT and Edge Computing
Many IoT end points, like electrical/mechanical/medical sensors and video surveillance cameras, are being deployed in enterprises to support various use cases. It is expected that 5.8 billion IoT devices will be deployed overall by 2020 in enterprise and automotive markets. Given the huge deployment of IoT devices in the enterprise, it is nearly impossible for IT teams to manage them manually, which is why there is a need for automation, analytics, and assurance of policies that govern the IoT deployment in an agile manner. Additionally, in specific IoT deployments, it is also not possible for IoT devices to send all the data remotely to a cloud or data center that is miles away to turn on or off certain devices. Hence, enterprises are exploring the option of edge computing to collect the IoT data, process it, store it, and take the decisions locally in addition to periodically transferring the data to remote centers for backup. In order to help with better local decision processes at the IoT edge, machine learning/artificial intelligence algorithms can be used at the remote data center, and the resultant schema can be pushed periodically to the IoT edges across the enterprise.
SD-WAN at the Rescue
SD-WAN is the new framework that is widely used to solve these challenges, along with many other business-critical challenges. SD-WAN abstracts the underlying transport links/characteristics at every branch and views them as a single logical link for management purposes. It automatically sets up the secured tunnels in a zero-touch fashion and dynamically adjusts the paths based on network conditions. This completely eliminates the need for manual setup of tunnels. SD-WAN operators can define the traffic policies along with predefined conditions or SLAs for the entire network at a centralized location. This greatly simplifies the operational complexity and, based on the policies defined, traffic moves accordingly on any of the underlying transport links that satisfy the predefined conditions. Operators can additionally fine-tune policies at every branch as needed to accommodate any local conditions or needs. SD-WAN provides the freedom of choice for enterprise operators to now choose any underlying transport from a wide variety of choices without worrying about the complexity associated with them.
Since the internet-based SaaS/cloud applications prefer lower latencies, traffic can now be directed to the internet from the branch directly without backhauling the traffic to a data center and exiting from there. This will greatly improve the user experience as needed for multi-cloud applications. Another important aspect to achieve this is the deep packet inspection (DPI) capability on the SD-WAN edges where most of the applications for the enterprise can be detected and the right treatment can be provided to them as defined by the policy. Since we are now exposing the branch directly to the internet, one might wonder about the security implications and compliance/regulatory considerations in such implementation.
SD-WAN security offers a set of choices to secure the network completely. Today, we see many internet cloud security solutions like Cisco Umbrella, Zscaler, etc., which allow enterprises to centrally define and redirect traffic to these security cloud providers from their branches before reaching internet SaaS/cloud applications. More importantly, the SD-WAN routers at the branches are being enhanced to support security capabilities like zone-based FW, IDS/IPS, URL-filtering, and advanced malware protection.
5G Is a Game Changer
As mentioned earlier, SD-WAN abstracts the underlying transport links like MPLS, broadband internet, and 4G and decreases the complexity for operators. From that perspective, 5G can be thought of as just another new form of communication that provides high bandwidth to enterprises, and SD-WAN manages the traffic across all the available links (MPLS, broadband, and 5G) efficiently.
However, 5G has the potential to address many use cases ranging from mission critical applications that require extremely low latency to big data/virtual reality (VR)/augmented reality (AR) applications that need higher bandwidth. Service providers are investing a lot in 5G transformations to reap the benefits in front of them by serving the enterprises, end users, IoT devices, and various applications. Enterprises are looking to leverage this opportunity to augment their existing services with the next-generation applications to stay competitive and relevant to their customers and partners. As the number of IoT devices continues to increase, it is very important for them to stay connected at every moment to transfer mission critical data to other locations for processing, analysis, and storage, and 5G is seen the reliable technology to make that possible.
Given the capabilities of 5G technology, like greater throughputs, lower latencies, enhanced security, ultra-reliability, and energy-efficient networks, SD-WAN policies can be fine-tuned to achieve the best possible output for specific use cases and next-generation enterprise applications.