Why is this attractive to the enterprise? The reasons vary depending on the use case, but generally they include reduced cost, better performance and improved scalability.
Using cloud-based web security services like these is possible with traditional WANs, but it can be highly complex. Tunnels need to be configured and managed from each location, and various failover mechanisms need to be implemented and tested. Many enterprises give up on this due to complexity and revert to backhauling traffic to the data center before redirecting to the cloud-based service.
In a modern SD-WAN solution, the public cloud service can be defined just as easily as a private service, and policies established to determine which traffic should be directed to the service. Performance-based selection of the best service is usually possible, and failover is handled automatically. This is one of the real benefits of service chaining—matching traffic is automatically sent via the selected services before reaching their final destination.
As a result of this, we are seeing a big increase in interest for public cloud services like this as the adoption of SD-WAN services increases. The automation and intelligence in the SD-WAN layer is acting as an enabler for more advanced solutions through service chaining.
Virtualizing locally provided services—less box chaining
Finally, there are services that are very difficult to take out of an individual site without significantly compromising performance. Complex application-level firewalls are a good example, as are WAN optimization services. These services have traditionally existed as appliances stacked next to routers and other network devices at remote sites.
Most of the first SD-WAN solutions were, counterintuitively, very dependent on hardware—most vendors used proprietary hardware to act as router replacements in the absence of generic infrastructure.
However, we are seeing an increase in enterprise deployments of SD-WAN in truly virtualized environments, and there are many benefits that can be achieved from virtualizing the entire stack of branch office network appliances. This is another variant of service chaining, where Network Function Virtualization (NFV) allows virtual network edge topologies to be built that can chain services together that were previously all delivered as separate hardware. Enterprises operating in highly remote geographies are especially interested in this trend due to the challenges and cost associated with getting proprietary hardware certified and cleared through customs.
We expect to see this trend continue as enterprises become more comfortable with software-based network edge appliances, and to see the number of physical boxes “chained” together in the WAN continue to decrease. The next 12-18 months should see even more interesting developments in the enterprise WAN topology.
Sign up for CIO Asia eNewsletters.