The genesis of the next architectural evolution

The close coupling of SD-WAN, SASE and SD-Branch will enhance security and lead to improved operational efficiencies in the remote-working age.
Read time 4min 50sec

The warning is distinct and stark: If an organisation’s goal is to accept the “new normal” and the work-from-anywhere ethic, it will have to grasp the benefits of the modern digital transformation and realise the full potential of cloud technology to keep pace with applications and devices that become increasingly distributed.

To achieve this, a comprehensive blueprint is required to address both wide area networking (WAN) and security architectures, and transform legacy datacentre-centric, perimeter-focused security architectures into a cloud-centric, secure access service edge (SASE) architecture.

This architecture will have to eliminate compromises between security and the optimal user-experience and provide a consistent, entirely-safe virtual environment as users increasingly choose between working from home, the road or the office on any given day.

I’ve highlighted the Gartner research group’s counselling on this subject before: “The legacy perimeter must transform into a set of cloud-based, converged capabilities created when and where an enterprise needs them − that is, a dynamically created, policy-based secure access service edge.”

It’s becoming clear that an intelligent, software-defined WAN (SD-WAN) incorporating a SASE architecture is required to unify embedded security capabilities at the network’s edge together with the automated optimisation of cloud-based and cloud-delivered security services.

While much has been said about the advantages of such a converged SD-WAN/SASE solution – which is currently gaining traction within the remote-worker milieu − the genesis of the next architectural evolution has now been recognised.

SD-Branch is a new network architecture designed to extend software-defined principles to a branch location, preferably replacing or supplementing an already-existing branch network system.

In some circles, SD-Branch is seen as a significant evolution of SD-WAN technology – a new portent even − while others somewhat simplistically describe it as a “branch network in a box”.

As the SD-WAN market ramps up – it’s predicted to exceed $30 billion by 2026 – it is becoming congested in terms of vendor participation.

No matter how it is viewed, being a centrally-controlled, singular platform, SD-Branch’s association with the provision and benefits of agility in a remote and/or branch office environment is unquestioned.

As such, an SD-Branch architecture is able to help implement consistent role-based policies that link identity, device and application at the same time, extending control over the network, from the wired core to the wireless edge and beyond.

In summary, the close coupling of SD-WAN, SASE and SD-Branch can be expected to significantly enhance security and lead to improved operational efficiencies in the remote-working age.

As the SD-WAN market ramps up – it’s predicted to exceed $30 billion by 2026 – it is becoming congested in terms of vendor participation.

As vendors endeavour to differentiate themselves, be it on the basis of features or services and – naturally – price points, the choices become more difficult and the decisions increasingly complex.

For example, entry-level SD-WAN offerings, while attractively priced, are generally feature-limited. They are designed-down in order to appeal to the budget-constrained client.

On the other hand, organisations searching for feature-rich SD-WAN/SASE/SD-Branch solutions − and a vendor with the specific feature set that aligns with the organisation’s often-unique requirements − may find their spectrum of choice to be extremely narrow.

Robert Sturt, representing the Forbes Business Council, an invitation-only growth and networking group of business owners and leaders, lists some key features that could help organisations identify SD-WAN-based solutions that “fit the bill”.

For instance, he says not all SD-WAN vendors provide true next-generation security features such as anti-malware, threat protection and Zero Trust architectures, He suggests working with a vendor that provides built-in SD-WAN/SASE security.

More specifically, Sturt encourages users to place emphasis on the latest SD-WAN architectures that incorporate a cloud-native application platform and feature automated infrastructure provisioning and configuration. These features will obviate the need to choose between DIY, co-managed or fully managed services.

“If your SD-WAN vendor has got complete control over your entire technology stack, then they should be able to offer you a blend of all three,” he notes.

Sturt adds that some SD-WAN solutions offer VPN access into their private internet backbone. “If you’re an organisation with cloud resource locations that mirror the private network, you can get speed and reliability assurances through your SLA with the vendor.”

In their search, corporations may discover solutions with – for example − differing degrees of set-up ease, some possibly requiring specific skill sets. And they will come across solutions claiming “unique status” for seemingly innovative hardware options and supposedly more advanced – but unproven − security technologies.

In this context, Sturt suggests working with an independent specialist who is able to navigate the increasingly-crowded and stormy waters and assist with the allocation of resources based on an independent, in-depth study of current corporate requirements and future objectives.

Such a meeting of the minds – if successful − will go a long way to maximising the “vendor investment” over the long-term.

Perhaps the last word on the subject should go to Alex Lichtenberger, an acclaimed DevOps Institute consultant and corporate transformation coach. He says a common mistake is to judge a vendor solely on the proposal.

“Did you also consider the capability of the vendor to deliver and can you imagine working with him? Does the vendor make the impression to go ‘the extra mile’ with you? And are there signs that he really wants to win the bid?”

Paul Stuttard

Director, Duxbury Networking.

Paul Stuttard is a director of specialist distributor Duxbury Networking. Currently Cape-based, he has been with the company for 29 years and has extensive experience in the IT industry, particularly within the value-added distribution arena. His focus is on the formulation of future-oriented network optimisation strategies and business development objectives in collaboration with resellers and end-users in Southern Africa.

See also