Use Case: Hybrid WAN

What's Driving Hybrid WAN Adoption?

Digital transformation continues to have a big impact on organizations and especially on IT. As companies move at an accelerating pace to deliver value and business outcomes, IT plays a pivotal role in the transition. To gain more agility and faster response times to business needs, organizations are rapidly moving many of their applications to the cloud. Some industry experts estimate as many as 2/3 of workloads will be cloud-based by 2020.

To support this transition, organizations increasingly are looking to leverage a hybrid WAN approach where lower cost, higher bandwidth broadband services are used in addition to MPLS link(s). This helps in increasing bandwidth capacity and network availability, improving application performance with direct access to cloud services, leveraging existing investments and reducing total WAN cost.

Hybrid WAN Challenges

Organizations implementing a hybrid WAN architecture must address the following challenges:

  1. Inefficient bandwidth utilization – Sending traffic on one active link while the other sits idle is not the best strategy to fully utilize all available bandwidth and deliver the highest application performance. Changing traffic patterns created by the new app consumption model require links to run active-active. (Fig. 1)
  2. Figure 1
  3. No traffic steering - Optimally steering traffic across the best route based on application requirements may require direct connection to public cloud, SaaS and IaaS without backhauling to the data center as it creates additional complexity, latency and wasted bandwidth.
  4. Unpredictable application performance – Users may experience unreliable performance when using broadband links due to congestion and changing network conditions causing frustration and low productivity.
  5. High-security risk – As enterprises continue to look to leverage the Internet as part of their enterprise WAN strategy, vulnerabilities and the risk of attacks increase, potentially jeopardizing business-confidential data and network uptime.
  6. Manual provisioning – Deploying, managing and maintaining network connectivity across MPLS and broadband links is inefficient, time-consuming and error-prone. This exposes the enterprise to potential downtime, security breaches and increased cost.
  7. Limited visibility and analytics – Efficient troubleshooting of poor application performance is challenging without knowing where to look. 

Requirements to Address Hybrid WAN Challenges

As organizations assess their challenges they need to evaluate and consider the following requirements:

  • An intelligent solution that understands and classifies applications, enabling the solution to dynamically steer traffic across the WAN according to business intent rather than being limited by the physical architecture of the network
  • A solution that enables application SLAs over any transport and fully utilizes all available bandwidth while delivering high availability and total application performance
  • A solution that simplifies and automates the utilization of multiple WAN transport services, while providing real-time and historical visibility into issues impacting network or application performance
  • A fully integrated solution with built-in performance features to accelerate applications and security capabilities to protect the branch when using broadband services

Silver Peak Unity EdgeConnect Hybrid WAN Solution

Predictable Application Delivery

Figure 2
  • The Silver Peak Unity EdgeConnect SD-WAN solution enables consistent visibility and policy-based control of all applications whether SaaS, IaaS or hosted at the data center. (fig. 2)
  • Figure 3
  • The solution employs business intent overlays to virtualize the WAN across multiple sources of connectivity simultaneously, delivering performance, QoS and priority for different apps based on business requirements. (fig.3)
  • Intelligent real-time traffic steering based on business policies delivers optimal application performance and user experience.
  • Zero-touch provisioning simplifies and streamlines branch deployments, minimizes configuration errors and decreases the time to turn up new sites.


Figure 4

No Compromise on Performance

  • Path conditioning techniques including Forward Error Correction (FEC) and Packet Order Correction (POC) correct for lost and out-of-order packets allowing consumer broadband links to perform like a private line to ensure application SLAs (fig.4).
  • No Compromise on Performance
    Figure 5
  • Tunnel bonding with traffic load balancing on a per-packet basis creates a single, larger logical connection resulting in increased utilization of available bandwidth, higher application performance and availability and high levels of end-user satisfaction (fig. 5).
  • Dynamic path control steers traffic across the WAN based on defined criteria including application QoS requirements and real-time measurements of packet loss and latency.
  • The optional Unity Boost WAN optimization performance pack mitigates latency over long distances by accelerating TCP and other protocols to improve application response time over any transport.
  • Boost data compression and deduplication techniques eliminate transmission of repetitive data providing further bandwidth efficiencies (fig. 6).
Figure 6

Comprehensive Security

  • Applications are segmented and assigned to a specific business intent overlay to reduce vulnerability risks.
  • Applications are identified on the first packet and mapped to the correct overlay assuring compliance requirements.
  • EdgeConnect removes security concerns by transmitting application traffic through AES 256-bit encrypted tunnels, making the Internet as secure as a private line for WAN communications (Fig. 7).
  • Figure 7
  • A built-in stateful firewall and whitelist app model enable secure internet breakout for SaaS and trusted web applications. Internet-bound communications to and from the branch is limited to traffic initiated by users preventing unwanted threats.
  • A single-click service chaining model simplifies integration with next generation firewalls like Palo Alto Networks, Check Point, and Fortinet as well as cloud-based web gateway services like Zscaler.

Real-time Insights and Control

    Figure 8
  • A site map shows branch connectivity status in real-time with performance monitoring and granular details into application and network statistics (Fig. 8).
  • First-packet application classification technology identifies tens of thousands of applications, IP addresses, and web domains enabling EdgeConnect to correctly assign traffic or block entry to a given business intent overlay.
  • Application identification based on the first packet received – and not the second or tenth – enables intelligent traffic steering to the correct destination, ensuring QoS, minimizing wasted bandwidth and helping to meet compliance requirements (Fig. 9).
Figure 9

Benefits and Business Outcomes

Silver Peak EdgeConnect enables organizations to optimize their hybrid WAN architecture and achieve tangible benefits:

  • Improves application performance by up to 40x enhancing user productivity and satisfaction
  • Enables organizations to fully build an SD-WAN based on broadband WAN services cutting total WAN costs by up to 90%
  • Preserves current infrastructure investments while fully optimizing available bandwidth capacity resulting in tremendous savings on purchasing additional bandwidth
  • Simplifies and accelerates Day 0 deployment and ongoing operations reducing OPEX, minimizing human errors and spinning up new branch offices quickly
  • Reduces security risks drastically with single-click service chaining minimizing manual provisioning and whitelist app model to keep branch offices safe from vulnerabilities and threats

Resources

  • This video highlights how Silver Peak gives enterprises and service providers the flexibility to securely connect users to applications via the most cost-effective source of connectivity available.
  • This data sheet highlights the features and capabilities of Silver Peak Unity EdgeConnect.
  • This e-book, published by networking industry analyst Jim Metzler, describes a hypothetical company, referred to as NeedToChange, which has a traditional approach to WAN design. It then presents Silver Peak's response to how NeedToChange should evolve to a software-defined WAN (SD-WAN).