Friday, December 20, 2024
HomeTechBack Away From the (network) Edge: How cloud-based WAN Optimization can Finally...

Back Away From the (network) Edge: How cloud-based WAN Optimization can Finally Free Enterprises From MPLS

Published on

SIEM as a Service

For years, SD-WAN edge appliances have helped organizations optimize their WANs by balancing performance, traffic priorities, limited MPLS bandwidth, and cost. This balancing act, however, requires an edge appliance at each end of the traffic flow to prioritize, cache, deduplicate, and compress traffic.

With increasing use of cloud-based infrastructure, requiring an edge appliance in the cloud becomes a major headache. New SD-WAN as a Service (SDWaaS) solutions represent the next phase of WAN optimization and SD-WANs, providing SD-WAN as a cloud service that eliminates the need for costly MPLS bandwidth, and by extension, WAN optimization appliances.

MPLS links: reliable…and reliably expensive

 With their efficient routing and low packet loss, MPLS services have been the mainstay of enterprise WANs. Great for remote desktops and other loss-sensitive applications, MPLS services charge a premium for bandwidth. But as the bandwidth requirements for applications have grown and more bandwidth consumed by often non-critical Internet services, bandwidth costs have become an increasingly pressing issue for many enterprises.

- Advertisement - SIEM as a Service

The big problem for MPLS services has been two-fold. One, the capacity or the rate of data that could be sent in a session across a global network. The interaction of distance and packet loss conspired to undermine throughput even when locations are connected by access services with large amounts of bandwidth.

WAN optimization devices provided some relief. Through the use of compression and data deduplication, WAN optimization devices made better use of the data that could be sent. And with application-layer proxying and caching, WAN optimization devices were able to minimize the effects of latency, which also helped improve TCP capacity and the user experience

WAN optimization no longer needed?

But as the WAN has changed there’s been increasingly less of a need for these capabilities. Content delivery networks (CDNs) and the distributed, geographically-redundant nature of major SaaS platforms have continued to push the data closer to the user. With the data closer, there are fewer hops and thus less latency, reducing the need for the latency-reduction techniques of WAN optimization.  Coupled with the use of large, inexpensive broadband pipes, available capacity grew, reducing the need for deduplication and compression.

The first-generation SD-WANs, implemented by edge appliances, overcome MPLS bandwidth problems by offloading MPLS services using broadband Internet access services. Routing non-critical application traffic across the Internet saved on MPLS bandwidth. Overall, the SD-WAN provided to be a great step forward in maximizing WAN usage.

But SD-WAN appliances ran into their own problems. As they required physical infrastructure to be installed on the network edge, SD-WAN appliances where inherently limited to improving only the performance and cost-effectiveness of traffic which stays entirely within the WAN.

Workflows which depend on cloud-based tools (e.g. Dropbox, Azure, Office 365, Google Apps) bump up against the reality that their data won’t be prioritized above anyone else’s.  And if cloud applications are to be optimized, appliances also need to be installed in the cloud, something that’s often difficult if not impossible.

SDWaaS: WAN optimization from above

The first-generation SD-WANs were designed to augment MPLS but they could never replace the service. They still relied on MPLS to carry latency- and loss-sensitive applications, particularly across global networks. Coupled with the fact that SD-WAN required devices to be installed in or near the cloud resources, it’s easy to see why SD-WAN has had to evolve.

The next-generation of SD-WAN, SD-WAN as a service (SDWaaS), do away with the dependency on a private MPLS backbone and provide a cloud-ready solution.

Here’s what makes these solutions work:

  • A global, SLA-backed backbone fed by multiple global Tier 1 IP transit providers which enables reliable and consistent worldwide connectivity at a more affordable price point. Now, branch locations can connect to each other and to central datacenters via the cloud and enjoy the bandwidth of the high-quality last-mile Internet, as well as the lower latencies and packet loss rates associated with MPLS. Throughput optimization (via TCP Proxy) occurs within the backbone, while application QoS prioritization and PBR takes place at the last-mile link to the cloud.
  • Several points of presence (PoPs) strategically placed to provide optimal egress to key cloud service infrastructures, such as Microsoft Azure, AWS, Office 365, and Dropbox. This greatly improves the performance of SaaS by minimizing the latency and packet loss.
  • A full network security stack integrated into the SDWaaS backbone. Since WAN connectivity and security are fully converged in the cloud, network security appliances such as IPS and next-generation firewalls don’t need to be deployed at each remote location to ensure secure direct Internet access.

SDWaaS solutions eliminate the need to backhaul WAN traffic to a central datacenter, thereby solving the problems like trombone routing and saturated MPLS links. Since the network edge effectively moves to the cloud, SD-WAN platforms reduce the complexity, risks, and cost for enterprise networks – all while achieving even better WAN optimization.

Latest articles

Threat Actors Selling Nunu Stealer On Hacker Forums

A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker...

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could...

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit...

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Securing Automated Forex Trading: Best Practices for Safe Algorithmic Transactions

Automated forex trading brings huge opportunities for profit in today's markets. While traders sleep,...

Crafting A Successful Crypto Investment Thesis: Strategies For Long-Term Growth 

Diving into the world of crypto investments has been one of the most exhilarating...

The Role of Cybersecurity in Tampa Bay’s Growing Tech Scene

Tampa Bay, known for its picturesque beaches and vibrant culture, is witnessing a remarkable...