SD-WAN: Hardening external connectivity | Network World


When I began my journey in 2015 with SD-WAN, the implementation requirements were different to what they are today. Initially, I deployed pilot sites for internal reachability. This was not a design flaw, but a solution requirement set by the options available to SD-WAN at that time. The initial requirement when designing SD-WAN was to replace multiprotocol label switching (MPLS) and connect the internal resources together.

Our projects gained the benefits of SD-WAN deployments. It certainly added value, but there were compelling constraints. In particular we were limited to internal resources and users, yet our architecture consisted of remote partners and mobile workers. The real challenge for SD-WAN vendors is not solely to satisfy internal reachability. The wide area network (WAN) must support a range of different entities that require network access from multiple locations.

Key scenarios & challenges

As I said, SD-WAN is primarily for internal resources, but my previous projects had many situations where we had to step outside of this requirement to support mobile workers and partners connectivity.

My customers had many mobile workers located throughout the UK and parts of Europe. They wanted to connect to the SD-WAN, but the current architecture had no way to tie the remote access into SD-WAN. The rise of road warriors means there is no longer a static perimeter. Mobile workers have two options; either they connect directly to the nearest branch bypassing corporate security policies or be directed to the headquarters (HQ) for security screening.

Leave a Reply

Your email address will not be published. Required fields are marked *