In my last Industry Insight, I discussed the fundamentals of secure access service edge (SASE). In this article, I will discuss how software-defined wide area network (SD-WAN) technology forms the foundation of SASE by providing the required features.
The trend toward cloud computing and cloud storage, software as a service (SaaS), infrastructure as a service, mobility, ubiquitous internet connectivity and a WFA (work from anywhere) workforce renders traditional WAN architectures obsolete.
Starting with networking
The goal of SASE is to provide secure WFA user access to all applications and data, whether resident in a data centre, cloud platform, or at a SaaS provider. That’s what today’s enterprises want and need.
SD-WAN is the key to SASE and the technology of choice for an enterprise WAN onramp to SASE and multi-cloud connectivity. SASE encompasses hosted SD-WAN, security and routing in the cloud.
Trends in cloud computing and services, distributed workloads, a burgeoning WFA workforce and direct internet access (DIA) have made traditional WAN architectures obsolete.
SD-WAN technology enables a client-to-cloud architecture: internet-based backbones, traffic routing from anywhere, direct cloud access, and path selection to optimise quality of experience. Figure 1 compares the networks of the past to the networks we’re seeing in today’s enterprises.
Ramping up with SD-WAN technology
SD-WAN technology offers several key capabilities to enable optimal performance in a client-to-cloud environment:
- Application-awareness and traffic classification.
- DIA and intelligent traffic steering.
- Global gateways to secure on-ramping from any location.
Routing traffic from WFA employees requires application traffic to be classified accurately and immediately. Your employees’ traffic, application classification, security, traffic prioritisation and traffic steering are paramount all the way to the endpoint device.
Routing traffic from WFA employees requires application traffic to be classified accurately and immediately.
SD-WANs deliver much greater agility and lower transport costs across your network than traditional architectures. Using local DIA breakout at branch locations, or for mobile workers enables traffic to use the most efficient and optimal path to access cloud applications.
SD-WAN gateways are globally available and provide distributed secure, reliable and high-performance access to cloud applications, services and resources, in addition to providing cloud-delivered SASE. Enterprises may have their own gateways (their own SASE service) or use provider gateways (a provider’s SASE service).
Understanding genuine SD-WAN
SASE is an expansion of SD-WAN capabilities to provide a cloud-delivered networking and security solution. This is done via a distributed system of edge software and cloud gateways to enforce consistent, unified and global policies across cloud, home, mobile and on-premises locations.
SD-WAN is the onramp to SASE and is the technology of choice for enterprise WAN and multi-cloud connectivity. SASE encompasses hosted SD-WAN, security and routing in the cloud. Because SD-WAN is the foundation for SASE, organisations must consider the key attributes required for a genuine SD-WAN solution.
Cloud gateways extend an organisation’s SD-WAN backbone from their premises (branch offices, regional sites, campuses, data centres and home offices) to the front doorstep of SaaS and other cloud resources around the world. SASE converges network and security services in the cloud, on-premises, or as a combination of both, as shown in Figure 2.
Some of the necessary attributes of a genuine SD-WAN include:
* Advanced routing capabilities:
o Enhanced voice and video
o Traffic conditioning and restoration
o SaaS application optimisation
o Advanced routing decisions based on end-to-end SLA
o Application visibility
* Quality of service
* Traffic optimisation
In my next article, I will discuss extending security to client and cloud.
Share