This shift is creating an entirely new set of challenges for many IT departments. In particular, connecting a distributed, remote workforce to business-enabling applications and services residing in the data centre and the cloud. Some users require access to VoIP systems, virtual desktops and video conferencing that require fast and highly reliable network connections.
As this new reality sets in, businesses are quickly figuring out how to best meet these changing organisational goals. A company that had 50 branch offices yesterday must now grapple with the idea that every user and their home network is a new branch they have to support, representing an exponential increase in the number of sites overnight.
It’s important to have an architecture that allows both non-SD-WAN and SD-WAN users to connect to applications and services remotely. These users have a shared set of requirements:
- Reliable access to on-network applications (data centre and IaaS)
- Secure and direct access to cloud services (SaaS)
- Some have unique requirements of real-time applications such as voice, video and virtual desktop infrastructure (VDI).
- Others require additional performance for high-throughput applications such as software development, large data applications and medical imaging.
Given the need to rapidly deploy, the architecture must have the ability to heavily leverage software and cloud computing wherever possible.
Connecting remote users
As more employees are sent home, businesses need to find a way to rapidly connect them back into the network and to applications. This is arguably the most difficult element of the architecture.
Many enterprises can simply leverage client-based software for connections to existing security infrastructure. For users that require additional reliability or performance, however, additional mechanisms of performance and reliability can be used. This might be for call centre technicians, users who upload and download large files or VDI users who stream their remote desktop.
There are two general architectures under the client software approach. The first is to deploy a client-based VPN and a series of geographically distributed concentrators. Cloud providers such as Amazon Web Services and Microsoft Azure offer client-based VPN solutions, and technology vendors such as Check Point Software or Palo Alto Networks offer remote access VPN solutions that may work with existing enterprise infrastructure.
The second option is to leverage cloud-based enforcement nodes and application connectors, through cloud-delivered security services like Zscaler ZPA.
In both remote connectivity scenarios, the focus is squarely on the security of both the user and the application. There are, however, a subset of users that may need a higher degree of performance and reliability not offered by these approaches.
For those users who require a higher quality connection, are pushing big workloads or need additional visibility and security, an SD-WAN edge platform can be leveraged at the home office. This enables services such as local internet breakout, QoS, path conditioning (packet loss and out-of-order packet correction), WAN optimisation, segmentation and a variety of other features, to be applied for a higher quality application experience.
In addition, IT administrators can centrally manage and delegate policies across the entire SD-WAN fabric. Remote and home users can realise the same or better quality of experience than they do working in the branch office.
Configuring regional cloud hubs and data centres
There can be performance limitations introduced when forcing many users into distant, overloaded VPNs. By building out a geographically distributed VPN infrastructure that leverages existing data centres or cloud services, businesses can connect users to the network as locally as possible.
Localising the user’s connectivity to the network provides the absolute best last-mile experience, while connecting them into a high quality, service-provider grade network. This also reduces the risk of overloading circuits by forcing everyone into the same location.
Once users are connected into a localised hub through VPN or SD-WAN, they can leverage the security, reliability, and performance features of an SD-WAN. A virtual or physical appliance can be deployed to manage policy and connectivity across the rest of network. As users try to access resources in data centres or branch offices, cloud hosted IaaS services or SaaS-based services such as Office365, they do so across a highly reliable and secure SD-WAN fabric.
Connectivity is easily established and policy simply delegated through the use of business intent overlays. Mission critical applications can be prioritised and protected, routing to SaaS services can easily be optimised and cloud-delivered security services can easily be added.
SD-WAN provides easy mechanisms for connecting branch users into the network and provides an easy mechanism for connecting them globally, without sacrificing performance or reliability.
Reliable access for users
While many of these problems aren’t new, businesses normally have more time to prepare for remote users to be incrementally added. Providing the same applications, services and reliable experience to thousands of users in their home offices in such a short period of time represents a herculean effort.
The cloud, combined with SD-WAN, provides an easy way to build a WAN that provides reliable access for users anywhere.
About the author
* Adam Fuoss is vice president of Technical Sales at Silver Peak. He has more than 15 years of experience working with customers and partners on server, storage, cloud, virtualisation and networking solutions. For more information, visit: https://www.silver-peak.com/