All Exclusives FutureWAN18 Sponsored Tech Note Viptela

Treating Your Cloud Like an SD-WAN Branch

  1. SD-WAN as a Service: Meeting Businesses at the Business Level
  2. As SD-WAN Enters Mainstream, Security Features Transform the WAN
  3. SD-WAN: When the Solution Is Greater Than The Sum Of Its Parts
  4. Moving To The Cloud – Network Nightmare or Dream?
  5. SD-WAN: Steering Apps In The Right Direction
  6. Rolling Out SD-WAN at REI
  7. Taking SD-WAN Even Wider at Acadia
  8. Treating Your Cloud Like an SD-WAN Branch
  9. Succeeding With SaaS and Viptela Cloud On-Ramp
  10. The Complex Simplicity of SD-WAN
  11. SD-WAN Changes the Internet Security Model
  12. Approaches to SD-WAN Managed Services
  13. SD-WAN Fabrics Aren’t Interoperable. Should Organizations Care?
  14. The Current State of SD-WAN in Service Provider Networks

The Cloud.

Just reading those words probably conjured a picture in your head. You probably thought about a huge datacenter with racks and racks of equipment all blinking in sequence. You may have thought about a diagram of boxes connected to other boxes all over the world. You may have event thought of a company or logo like Amazon or Microsoft. But, did you think of a branch office? Probably not. But with the help of SD-WAN, you might change your mind.

Hopping Into The Cloud

You’re probably familiar in principle with the way that companies like Amazon and Microsoft configure their public cloud environments to connect to your network. Here’s an example from a recent Amazon presentation at FutureWAN 18:

As you can see, Amazon prefers the Direct Connect model to hook up your data center to their data center. This works in theory provided you have a solid connection to the Internet. It also requires your service provider to have a Direct Connect option as well. Depending on where you live in the country, that option could be a far-off data center:

Service providers would also prefer that you use expensive MPLS circuits to deliver this Direct Connect capability. They get the best of both worlds. They tie you to an expensive piece of infrastructure with promises of a solid service level agreement (SLA). They also know that your increasing reliance on the cloud means that MPLS circuit is going to get filled faster and require you to increase your spending for their services sooner or later.

Amazon and Microsoft don’t care how you access their clouds. They know that VPNs work for the majority of their customers and that diversity in connectivity is the key to cloud adoption. SaaS offerings already benefit from circuit diversity, so why can’t Platform as a Service (PaaS) and Infrastructure as a Service (Iaas)?

The key for providers is closely guarding the termination point of the direct connection. If they are the only ones allowed to terminate a connection in the cloud, they are the ones that dictate which types of circuits must be used and how they will be used. It places organizations in a difficult situation of needed specific requirements for cloud connectivity before they can take advantage of direct connect. If only there was a way to have some kind of VPN termination device in the cloud inside of a VPC/VNET.

Branch To The Rescue

As it turns out, Amazon and Microsoft already have the capability to create pseudo-direct connections to their offerings. Thanks to work done by companies like Viptela, there are a large number of software appliances available on the Amazon marketplace. For example, Viptela uses their vEdge Cloud Router as a virtual edge device installed in an AWS VPC.

Once the vEdge Cloud Router is installed and configured, it joins the existing SD-WAN fabric and acts like any other branch office endpoint as far as the fabric is concerned. The organization gains the huge advantages of using SD-WAN, including circuit diversity over different media types. This means that you can use consumer-grade broadband circuits or 4G/LTE backup links in concert with existing MPLS Direct Connect offerings. In addition, because the traffic in the fabric can be configure to be encrypted by default, you can rest assured that every bit flying into the cloud is protected along the transit path.

The configuration options for the vEdge Cloud Router give you the option to locally specify which traffic will use a given circuit. This means that you can assign your critical traffic, like EMR or CMS systems to use the primary MPLS link while sending other traffic to cheaper circuits. vEdge Cloud Router also allows you to monitor the circuits and provide detailed analytics about speed and reliability. This means that you can ensure that your service provider is meeting their SLA as well as seeing if you can move other traffic to less expensive circuits once you verify their reliability.

Growing Your Cloud

The best thing about this solution is that it grows with you as your business scales up into the cloud. In the beginning, your cloud solution will probably look like a simple branch office. It has some applications split apart into many VPCs for testing or early adoption. In this case, the circuit diversity ensures that your other locations can reach the cloud VPC with no significant issues. It also allows your other branches to talk to each other to continue sharing information as needed.

Once your cloud strategy moves more fully into AWS or Azure, the digram flips around. Now, the circuit diversity becomes less important as speed increases are needed due to the large number of applications hosted in the cloud. Now, the former “branch cloud” now looks more like your headquarters in terms of traffic flow and your existing branches are more focused on communicating directly with it instead of your existing headquarters location.

Bringing It All Together

The cloud isn’t scary. Yes, there are a lot of changes that are going to happen as you start adopting new processes and policies to better use the cloud. But the networking aspect of things shouldn’t be a problem. Instead, just consider the cloud as a branch office. You can use SD-WAN solutions like the ones from Viptela to connect your existing infrastructure to AWS or Azure. Then, as your workloads change and move, the SD-WAN solution helps you identify the best way to move forward and utilize secure and robust cloud support. You can easily build your branch cloud into an entirely new way of thinking about doing business with a few simple tools. And making the cloud even simpler that it already is will be a huge win for everyone on your team.

About the author

Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at

Leave a Comment