In this article, I want to focus on the branch. In my opinion, SD-WAN has impacted branch connectivity the most. With SD-WAN you have more control over your traffic than ever before. The additional control gives you lots of options on how traffic is classified and subsequently handled. Most vendors include basic firewall options in their branch devices at a minimum. Some vendors, like Riverbed, include NGFW/UTM capabilities! With Riverbed SD-WAN, you have more flexibility and security than ever before.
The flexibility starts in the overlays – yes that’s overlays with an “s.” Need to run traffic back through centralized data centers for access to internal applications? There’s an overlay for that! Need to allow branch-to-branch traffic to support voice, video, and other collaboration suite traffic? There’s an overlay for that!
With SD-WAN you can dump your MPLS connection and just use Direct Internet Access (DIA) or Broadband, but rather than dump it you can supplement it with those options as well. This allows you to use the MPLS links for internal traffic that might be more latency-sensitive. Then, rather than using the internet link as a failover, you can utilize that for internet access from the branch and let the next-gen firewall protect the branch and scrub the traffic. You can dump traffic to trusted SaaS providers directly from the branch and then backhaul all other internet bound traffic back through central data centers and run it through content filters. Or, take advantage of service chaining and send the traffic to trusted security partners. The options are nearly endless!
Now, so far, what I’ve discussed is the sort of SD-WAN standards. Most SD-WAN solutions include the above. Riverbed is an outlier for a couple of reasons: 1) its NGFW functionality – as not all SD-WAN solutions include that, and 2) for their WAN Optimization! Only a few SD-WAN solutions currently offer WAN optimization, others only have it on their road map. Take all the efficiencies you get with SD-WAN alone and then add it Riverbed’s WAN Optimization and you’ll have the leanest, most efficient, and secure WAN you’ve ever had!
I think that the NGFW functionality is really key here. Most other competing solutions only put basic firewall functions, if any, into their SD-WAN products. This means you’ll get basic firewall rules at the branches and then have to send traffic elsewhere, central data center appliance, cloud service, or whatever, for additional processing. Either that or you’re buying another product altogether. The NGFW functionality of the Riverbed SD-WAN appliance lets you get more granular with your rules. You can allow or deny traffic based on specific applications, the box will stop viruses and malware in their tracks and not let it get into the branch.
Riverbed SteelConnect EX
Behind all of this power and capability is the Riverbed SteelConnect EX. This powerful series of appliances come in a range of sizes to fit more for any branch or data center. There’s even an option that includes LTE, Wi-Fi, and PoE! Additionally, cloud appliances are available so you can place virtual edge devices in your public cloud infrastructure for easy, secure, and optimized access from all of your locations.
First, let’s talk form factor. I’m impressed with the form factor because most of these devices are desktop sized. You can set it on a table or mount it to a wall in a DEMARC. No need to get a bulky rack or cabinet. In most branch MDF’s, there’s rarely room for a proper telecom rack anyway, so why try to shoehorn on in? Only the largest device is rack-mountable and even then it’s only 1 RU!
Throughput is also very impressive. From the smallest branch device to the largest through ranges anywhere from 150Mbps to 10Gbps. This all depends on what you’re trying to do, whether you’re just straight routing traffic or if you’re running it through the NGFW/IPS/UTM functions as well.
Now, looking at the datasheet it may appear as if not all of these devices are created equally. If you want to leverage that sweet, sweet Riverbed WAN Optimization, you seem to only have your pick of two devices, and it’s their top two in size, the EX780 and EX3080. Well, those devices have the WAN Optimization features built-in. With the smaller appliances, you can achieve the same results by putting a SteelHead appliance in the physical path.
To learn more about the SteelConnect EX, Riverbed has a ton of great information out there. Start here on the SteelConnect EX page. On there you’ll find links to videos, datasheets, and more! Also, check out their technical series on YouTube. There are also links to the other portions of their SD-WAN solution, the aforementioned SteelConnect Director and SteelConnect Analytics platform.
So, if you’re considering the move to SD-WAN, and you should be, make sure Riverbed is on your list to check out!