Sometimes the combination of single parts create together something that is greater and enables us to reach a breaking point. A moment of true gestalt.
Imagine if there were a self driving electric car waiting for you on every corner. At this point it wouldn’t make any sense to buy your own vehicle. Instead you could have access to a fleet that provides you mobility anywhere, anytime. This would be a fundamental shift for the industry, causing mobility as a service to become mainstream.
SD-WAN has a similarly disruptive potential. It brings the technology landscape to a new level and will make older traditional models unattractive. The key to SD-WAN is the combination of different technologies, making them available as one combined solution that solves many problems at once. From disparate pieces, we now have a whole that allows us to solve what we couldn’t in the past.
The underlying technologies and principles have been there for quiet some time. Networking concepts around automation, visibility and encryption are nothing new. But to implement these individually were often manual time intensive tasks. And they have been addressed previously with different solutions that have not been integrated with each other. With SD-WAN you can solve multiple problems with one solution. This integration enables you to focus on the important problems.
A great example for this is security. Of course encryption make sense for all your WAN links. When your traffic is passing through networks that you don’t own or control there are multiple attack vectors possible. And if somebody is mirroring all your traffic at some point in the WAN you have almost no chance of finding that out. There are still a lot of companies or organizations that do not encrypt their traffic over their WAN links. A traditional VPN setup was hard and time consuming to implement. Or we did VPN encrypted tunnels to the centralized datacenter. This incurs performance problems because all communication always needed to traverse the datacenter. It’s not the best path for office to office communication.
With SD-WAN we get a full mesh any-to-any encryption network and the configuration has automated deployment from the centralized controller. The encryption is not something that runs over the top, once connectivity is established. It is there from day one of the deployment. With that in place, it’s possible to implement segmentation across the SD-WAN infrastructure. Create logical security zones so that we have smaller blast radius in case of an security incident. And last but not least we have a policy enforcement point at the WAN edge of each location. The centralized controller approach also gives us visibility with which we can analyze the traffic and create policies based on that intel.
In the past, the networking layer had very limited information to build security policies. Source, destination and protocol were all we had. With the advanced application recognition the visibility has increased. This also shows how many dependencies we have across the different features and how they interact with each other. With more visibility we can do application based policies that use the logical segmentation and also leverage the automation that is provided by the centralized controller. When all this is working together we have consistent security posture across our complete infrastructure. No more special snowflakes that ends in troubleshooting nightmare. Across a SD-WAN infrastructure everything is consistent and reliable, allowing it to follow the same policies.
It enables us to focus on the important things for which we didn’t have time in the past, because we where to busy to implement basic features. At the end of the day it is the complete package that makes the difference.
- SD-WAN: When the Solution Is Greater Than The Sum Of Its Parts - February 16, 2018