The new branch office SD-WAN model


Wrapping up an SD-WAN workshop session with a client last week, I reflected on how rapidly the branch office WAN connectivity and management model is changing. Some great opportunities are emerging for enterprise IT teams that can materially impact how the network is designed, paid for and managed. Here are some thoughts:

1. Public cloud is driving a lightweight edge security model

Most people agree that SD-WAN can facilitate service chaining, and a selective backhaul model is interesting to many enterprises that want to concentrate next-generation firewall services in larger locations. But with the rapid growth of distributed content in public cloud applications (even from Microsoft and Salesforce, who long resisted this trend that Google pioneered) it’s increasingly counterproductive to backhaul browsing traffic long distances from the end users. It reduces performance, and adds significant load at hubs on the network — not ideal when this can represent 80 percent or more of the traffic.

We’re starting to see a two-tier approach emerge for Internet-bound traffic. A lightweight content filtering and threat protection solution (e.g., Zscaler or similar) at the edge for web applications, and more traditional next-gen firewalls at strategically positioned hubs in the network for non-web Internet traffic.

This allows enterprises to select something other than the extreme positions they previously had to work with, and cater for the different traffic types in more appropriate ways. SD-WAN of course is key to this – the selective forwarding behavior needed for each traffic type is much more challenging in a traditional network.

Leave a Reply

Your email address will not be published. Required fields are marked *