Service Provider: Hybrid WAN

What’s Driving Hybrid WAN Adoption?

Digital transformation continues to have a big impact on organizations and especially on IT. As companies move at an accelerating pace to deliver value and business outcomes, IT plays a pivotal role in the transition. To gain more agility and faster response times to business needs, organizations are rapidly moving many of their applications to the cloud. According to IDC, more than 85% of enterprise IT organizations will commit to multicloud architectures by 2018, driving up the rate and pace of change in IT organizations.

To support this transition in the enterprise, service providers are being driven by their customers to offer a managed hybrid WAN solution combining multiple WAN transport services, such as MPLS and broadband connectivity, in a single, integrated solution (Fig. 1). Service providers can offer enterprises additional flexibility by combining higher bandwidth broadband services alongside existing MPLS services. Because broadband services are usually faster to provision, service providers can accelerate customer deployments and improve their customers’ application performance, including direct access to cloud services, while improving business agility.

Figure 1: Hybrid SD-WAN

Service Provider Challenges

Service providers implementing a hybrid WAN architecture must address the following enterprise challenges:

  • Improve bandwidth utilization – Existing managed hybrid WAN solutions with multiple links are often provisioned and deployed as separate links. One may be an active link while the other sits idle as a backup, resulting in inefficient utilization of the available bandwidth.
  • Enable high-performance cloud connectivity – Managing the changing mix of public and private cloud applications without compromising performance or security using any WAN connection is very complex with current hybrid WAN and broadband solutions.
  • Provide performance-based SLAs – Delivering a set of performance-based SLAs that include a mix of the service provider’s managed WAN service plus a third party unmanaged broadband service provider is highly customized and complex.
  • Address security concerns – Providing assurance that the hybrid WAN service addresses vulnerabilities of network security attacks originating from within any WAN transport or branch location regardless of the service provider is complex.
  • Automate provisioning – Multiple provisioning and OSS tools to manage and maintain hybrid network connectivity across different MPLS and broadband networks is time consuming and error-prone when done manually.
  • Improve visibility and analytics – Visibility of software application performance can require expensive tools to monitor the performance in a multi-provider environment. Without analytics, the troubleshooting and remediation of app performance requires significant manual service provider support resources.

Requirements to Address Challenges

As service providers assess their challenges they need to evaluate and consider the following requirements:

  • An intelligent SD-WAN solution that understands and classifies applications, enabling the solution to dynamically steer traffic across the WAN according to business intent policies that are abstracted from the physical architecture of the underlay network(s).
  • A solution that enables application SLAs over any combination of transport services, including consumer broadband, and fully utilizes all available bandwidth while delivering high availability and total application performance.
  • A solution that simplifies and automates the utilization of multiple WAN transport services while providing real-time and historical visibility into issues impacting network or application performance.
  • A flexible solution with additional, optional performance features such as WAN and SaaS optimization to accelerate applications.
  • A solution that can be easily service chained to network security solutions.
  • An extensible platform to simplify VNF integration with vCPE, service chaining with network security vendors, service provider network management, portal and orchestration platforms.
Figure 4

Silver Peak Unity EdgeConnectSP Hybrid WAN Solution

Predictable Application Delivery

Figure 2
  • The Silver Peak Unity EdgeConnectSP SD-WAN solution enables consistent visibility and policy-based control of all applications whether SaaS, IaaS or hosted in the end customer’s data center. (Fig. 2)
  • The solution creates business intent overlays to virtualize the WAN across multiple sources of connectivity simultaneously, delivering performance, QoS and priority for different apps based on business requirements. (Fig. 3)
  • Intelligent real-time traffic steering based on business policies delivers optimal application performance and user experience.
    • Figure 3: Business Intent Overlay - Manage application groups (Guest Wi-Fi, Credit Card Processing, VoIP) based on application QoS and security policies with virtual WAN overlays leveraging any hybrid WAN transport
  • Zero-touch provisioning simplifies and streamlines branch deployments, minimizes configuration errors and decreases the time to turn up new sites.
  • RESTful APIs enable easier integration into a service provider’s provisioning, orchestration and web portals.
  • Support for vCPE from an ecosystem of platform partners allows service providers the flexibility to build a hardware-agnostic VNF-based solution.

Optimizing Performance

  • Path conditioning techniques including, Forward Error Correction (FEC) and Packet Order Correction (POC), correct for lost and out-of-order packets. When combined with tunnel bonding on a per-packet basis, consumer broadband links perform like a private line resulting higher application performance and availability to enable application SLAs. (Fig. 4)
  • Dynamic path control steers traffic across the WAN based on defined criteria including application QoS requirements and real-time measurements of packet loss and latency.
  • The optional Unity Boost WAN optimization performance pack reduces the effects of latency over long distances by accelerating TCP sessions to improve application response time.
  • Boost also includes data compression and deduplication techniques that eliminate transmission of repetitive data providing further bandwidth efficiencies. (Fig. 5)
Figure 5

Comprehensive Security

  • Applications are segmented and assigned to a specific business intent overlay to reduce vulnerability risks.
    • Figure 6
  • Silver Peak First-packet iQ application classification technology identifies applications on the first packet and maps them to the correct overlay assuring compliance requirements. (Fig. 6)
  • EdgeConnect removes security concerns by transmitting application traffic through AES 256-bit encrypted tunnels, making the internet as secure as a private line for WAN communications. (Fig. 7)
    • Figure 7
  • A built-in stateful firewall and whitelist app model enable secure internet breakout for SaaS and trusted web applications. Internet-bound communications to and from the branch is limited to traffic initiated by users, preventing unwanted threats.
  • A single-click service chaining model simplifies integration with next generation firewalls like Palo Alto Networks, Check Point, and Fortinet as well as cloud-based secure web gateway services like Zscaler.

Real-time Insights and Control

  • A site map shows branch connectivity status in real-time with performance monitoring and granular details into application and network statistics.
  • First-Packet iQ, identifies tens of thousands of applications and millions of web domains enabling EdgeConnect to correctly assign traffic or block entry to a given Business Intent Overlay.
  • First-Packet iQ enables intelligent traffic steering to the correct destination, ensuring QoS and security policy enforcement while minimizing wasted bandwidth and helping to meet compliance requirements.

Benefits and Business Outcomes

Silver Peak EdgeConnectSP enables service providers to optimize their hybrid WAN service offerings and achieve tangible benefits, including the ability to:

  • Generate new revenue streams for managed hybrid services
  • Accelerate the expansion of service footprint outside existing service regions
  • Enable SLAs for a managed hybrid WAN service in and out-of-region
  • Speed time-to-service deployment by on-boarding new branch offices quickly
  • Automate provisioning and on-going operations, reducing OPEX
  • Improve customer loyalty and satisfaction by improving application performance, reliability and customer experience