Branching out: SD-WAN meets the intelligent edge

As more enterprises send SD-WAN deployments live on the back of convincing pilots, many CIOs are already looking to take software-defined networking to the next level with SD-Branch. But how does this concept work, and why is its future success inextricably linked to intelligent edge computing?

A branch office IT installation comprises multiple entry points and network devices with siloed functions. Changing a function, be it increasing bandwidth or altering security policies, can impact any number of these devices. This introduces unwanted risk, and extended testing time must be factored in, too. It’s little surprise, therefore, that enterprise networking and IT teams struggle to evolve their WAN and branch office IT architectures to support cloud migration initiatives. With IDC estimating that 80 percent of new applications will be deployed in the cloud by 2030 and branch office network traffic doubling every three years, this is a major issue.

Cloud applications are now core to every business process. According to IDC, the current spend on cloud computing is seven times the rate of overall IT spending and shows no signs of slowing down. If users find apps slow to respond, or experience downtime across the WAN, it can have a detrimental impact on productivity, innovation, collaboration and on the bottom line. Gartner analyst Andrew Lerner estimates that the average cost of network downtime alone is around $5,600 per minute.

Network downtime

IT teams are under continuous pressure to enhance the user experience of cloud-based applications while increasing the visibility, control and security of information being accessed. At the same time, they need to deploy new sites, support fresh digital projects and make network and security modifications quickly.

Network managers are tasked with reducing WAN costs and complexity. They have the added pressure of a lack of technical skills and space in large branch office networks to support networking infrastructure. SD-Branch provides a compelling answer to simplify appliance sprawl through virtualization. It enables IT departments to quickly and easily provision a "branch in a box" at any location. A centralized management console enables network and security functions to be configured, controlled and tweaked as required.

Putting SD-Branch under the microscope

According to Geraldine Steinberg, Marketing Director, Connectivity Services at Orange Business, "SD-Branch is the next evolution in branch networking. It enables enterprises to simplify their WAN and branch office architecture by using software defined networking (SDN) to consolidate networking and security functions into a single software platform with a broad set of IP services, instead of deploying multiple hardware appliances and software packages, which are costly and time consuming to manage."

SD-WAN is an integral component of SD-Branch, alongside other virtualized services − such as a router, Wi-Fi controller, WAN optimization, session border controller and next-generation firewall − all running on a low-cost appliance. SD-WAN provides the ability to manage multiple types of connections – from broadband to LTE and MPLS – to deliver a better end-user application experience at any location. SD-WAN integrates these diverse communications links into more flexible and reliable WAN bandwidth pools.

Universal customer premise equipment (uCPE) offers one of the most compelling cases for moving to virtualized network functions (VNFs). It provides a remotely manageable platform on which multiple VNFs can be managed, streamlining operations and reducing costs.

Gartner believes SD-WAN and uCPE, or vCPE (virtualized CPE) as it’s also called, will help transform networks from "fragile to agile." It recommends enterprises explore vCPE as an alternative to traditional mission-specific applications when refreshing network edge devices and as way of reducing branch appliance sprawl.

What benefits will SD-Branch bring?

SD-Branch brings many benefits to make the truly connected branch office a reality. By consolidating multiple functions, such as software as a service (SaaS), routing and security firewalls, it can increase performance, reduce support and maintenance requirements, and lower power consumption – all contributing to reduced overall costs.

This brings greater agility and scalability. SD-Branch can be deployed and third-party services added far faster without complex proprietary hardware and software configurations. Performance can also be scaled up and down by altering processor allocations, for example. SD-Branch is also able to improve application performance and security through the integration of SD-WAN. All of these contributes to an accelerated roll out, which equals a faster return on investment and increased productivity.

SD-Branch will deliver IT infrastructure to branches in a centralized model, managed from a single portal. On the security front, a variety of software-defined security (SD-Security) solutions can be used to provide layered protection and control, which can be added as the threat landscape or business needs change. At the same time, network segmentation can be used to further enhance the cyber resilience of an enterprise.

"An enterprise may opt for high-speed, cloud-based scanning of all web traffic at most of its locations, for example using the Zscaler Web Content Protection suite. But at smaller office locations, there may not be sufficient traffic to go down this route, and a virtualized security appliance on an SD-Branch-in-a-box solution works as a cost-effective low latency alternative," explains Steinberg.

SD-Branch and the intelligent edge

The SD-Branch takes a holistic approach to simplifying branch networking at scale. But it’s extremely dependent on the careful management of workloads and where they need to be processed − at the edge of the network versus in the cloud.

SD-Branch can choose the best possible path for mission-critical applications with deterministic routing to avoid congestion. Many applications require real-time computing power, but data can take time to travel across long distances to the cloud, causing delays. To overcome this, the SD-Branch can use "intelligent edge computing" − built-in logic that enables critical data to be processed at the edge of the branch office network − and less urgent data can be sent to the cloud and processed there. This provides a number of benefits, including reduced latency, lower bandwidth requirements and better reliability.

"Consider CCTV cameras and cloud-based surveillance systems in retail stores," explains Steinberg. "It’s impossible to send all the anonymized video of shoppers to detect potential shoplifting, as the large file sizes would put huge strains on the network, potentially impairing the performance of other applications. The good news, however, is that a branch store can use filter analytics to analyze footage locally in real-time first. The remainder of the anonymized footage could be sent to the cloud and stored inexpensively for a defined period for audit and forensic purposes."

How will we see SD-WAN and SD-Branch evolve?

Networking delivers essential connectivity and bandwidth. But it also provides crucial network and security services that speed up and optimize application service performance at the edge. Significant innovation is happening here, and we’re seeing SD-WAN and SD-Branch morph into intent-based networking.

"Intent-based networking is a significant development for the networking industry. It encompasses not only advanced levels of visibility, automation and assurance, but it is the platform on which new machine learning-based network management functionality will be built," says Rohit Mehra, Vice President, Network Infrastructure, IDC. This is important as the network of the future will use machine learning and AI to become cognitive, proactive, and ultimately self-driving, continuously adapting to changing conditions.

"With intent-based networking, the way in which connectivity is delivered will adapt automatically, based on the business rules and criteria you define," explains Steinberg. "Intent-based networking will analyze traffic events against key performance indicators, flagging suspicious activities and implementing security measures as needed. It will scale bandwidth up and down according to application priority. What you’ll have is an automated, self-adapting network requiring zero customer intervention."

The future of SD-WAN

With organizations looking for reliable and cost-effective solutions to meet their software-defined networking needs, there is little doubt that SD-WAN is on an evolutionary journey to SD-Branch and network as a service (NaaS). As well as being able to merge multiple WAN and branch office functions, SD-Branch clears the ground for intelligent edge and intent-based computing and innovative technologies, such as artificial intelligence (AI) and machine learning.

SD-Branch represents the next step in SD-WAN and is one that organizations weighed down with the complexity of branch office infrastructures should consider.


For more tips on defining your SDx (software-defined everything) journey, download our eBook – SD-WAN: the future is now.