What is SD-WAN?
SD-WAN Explained
A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services—including MPLS, LTE and broadband internet services—to securely connect users to applications.
SD-WAN使用集中式控制功能来安全地和智能地通过WAN智能地直接流量,并直接向可信SaaS和IAAS提供商。这增加了应用性能并提供高质量的用户体验,这增加了业务生产力和敏捷性,并降低了它的成本。
SD-WAN architecture
Traditional WANs based on conventional routers were never designed for the cloud. They typically require backhauling all traffic, including cloud-destined traffic, from branch offices to a hub or headquarters data center where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity.
与传统router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premises data centers, public or private clouds, and SaaS services such as Salesforce.com, Workday, Dropbox, Microsoft 365, and more, while delivering the highest levels of application performance.
How does SD-WAN work?
Unlike SD-WAN, the conventional router-centric model distributes the control function across all devices in the network and simply routes traffic based on TCP/IP addresses and ACLs. This traditional model is rigid, complex, inefficient, and not cloud-friendly and results in a poor user experience.
AnSD-WANenables cloud-first enterprises to deliver a superior application quality of experience (QoEx) for users. By identifying applications, an SD-WAN provides intelligent application-aware routing across the WAN. Each class of applications receives the appropriate QoS and security policy enforcement, all in accordance with business needs. Secure local internet breakout of IaaS and SaaS application traffic from the branch provides the highest levels of cloud performance while protecting the enterprise from threats.
Why SD-WAN?
Times have changed, and enterprises are using the cloud and subscribing to software-as-a-service (SaaS). While users traditionally connected back to the corporate data center to access business applications, they are now better served by accessing many of those same applications in the cloud.
因此,传统的WAN不再适合,主要是因为向总部向云分支机构提供向云分支机构的所有流量来回收延迟并损害应用性能。SD-WAN为云提供了WAN简化,降低成本,带宽效率和无缝的斜坡,具有显着的应用程序性能,尤其是关键应用程序,而不会牺牲安全性和数据隐私。更好的应用程序性能提高了业务生产力,客户满意度和最终的盈利能力。一致的安全措施降低了业务风险。
基本SD-WAN VS业务驱动的SD-WAN
- Not all SD-WANs are created equal. Many SD-WAN solutions are basic SD-WAN solutions or “just good enough” solutions. These solutions lack the intelligence, reliability, performance, and scale needed to ensure a superior network experience. And remember, without a fast, secure, and high performing network, enterprise digital transformation initiatives can stall because they rely on apps that rely on services that in turn rely on the network. SD-WAN is a pivotal digital transformation enabler and is driving strategic decisions across the enterprise. So, what is a Business-driven SD-WAN and why is Basic SD-WAN not good enough?
- Lifecycle orchestration and automation.大多数基本SD-WAN产品提供了一些级别的零触摸配置。但是,基本的SD-WAN解决方案并不总是提供所有WAN边缘功能的全端到端编排,例如路由,安全服务,包括向高级第三方安全服务和WAN优化链接的服务链接。当企业部署新应用程序或需要QoS或安全策略更改时,业务驱动的SD-WAN支持集中配置,从而在几分钟而不是几周或几个月内启用要部署所需的更改。集中的管理大大最大限度地减少了可能会损害性能或安全性的人为错误。
- 持续自学。A basic SD-WAN solution steers traffic according to pre-defined rules, usually programmed via templates. A business-driven SD-WAN, delivers optimal application performance under any network condition or changes including congestion and when impairments occur. Through continuous monitoring and self-learning, a business-driven SD-WAN responds automatically and in real-time to any changes in the state of the network. A business-driven SD-WAN continuously adapts to changes in the network, automatically adapting in real time to any changes that could impact application performance, including network congestion, brownouts and transport outage conditions, allowing users to always connect to applications without manual IT intervention. For example, should a WAN transport service or cloud security service experience a performance impairment, the network automatically adapts to keep traffic flowing while maintaining compliance with business policies.
- Consistent Quality of Experience (QoEx).一个关键的好处的dvanced SD-WAN solution is the ability to actively use multiple forms of WAN transport simultaneously. A basic solution can direct traffic on an application basis down a single path, and if that path fails or is underperforming, it can dynamically redirect to a better performing link. However, with many basic solutions, failover times around outages are measured in tens of seconds or longer, often resulting in annoying application interruption. A business-driven SD-WAN intelligently monitors and manages all underlay transport services. It can overcome the challenges of packet loss, latency and jitter to deliver the highest levels of application performance and QoEx to users, even when WAN transport services are impaired. Unlike a basic SD-WAN, a business-driven SD-WAN handles a total transport outage seamlessly and provides sub-second failover that averts interrupting business-critical applications such as voice and video communications.
- 端到端微分段。While basic SD-WANs provide the equivalent of a VPN service, a business-driven SD-WAN provides more comprehensive, end-to-end security capabilities. In addition to supporting a stateful zone-based firewall, the SD-WAN platform should orchestrate and enforce end-to-end micro-segmentation spanning the LAN-WAN-Data center and the LAN-WAN-Cloud. Centrally configured security policies are far more consistent due to fewer human errors than with a device-centric WAN model or a basic SD-WAN model that often require configuring policies on a device-by-device basis. If a policy requires a change, it is programmed centrally with a business-driven SD-WAN and pushed to 10s, 100s, or 1000s of nodes across the network, providing a significant increase in operational efficiency while reducing the overall attack surface and avoiding any security breaches.
- 为云应用程序安全的本地互联网突破。Many basic SD-WANs provide some application classification capabilities based on fixed definitions and manually scripted ACLs to direct SaaS and IaaS traffic directly across the internet. However, cloud applications change constantly. A business-driven SD-WAN continuously adapts to changes and provides automated daily application definition and IP address updates. This eliminates application interruption and user productivity issues.
Ideally, enterprise customers need to shift to abusiness-driven SD-WAN platformthat unifies SD-WAN, firewall, segmentation, routing, WAN optimization and visibility and control functions, all in a single, centrally managed platform.
Sass的高级SD-WAN功能
Ultimately, the goal of SASE is to deliver the best end-user quality of experience for cloud-hosted applications without compromising security. After working with many enterprises that have designed and deployed their SASE architectures, we’ve learned that basic SD-WAN functionality falls short. An SD-WAN with advanced networking capabilities is required to fully enable SASE:
- Identify application traffic on the first packet and granularly steer it to enforce both QoS and security policies as defined by business intent
- Keep cloud application definitions and TCP/IP address ranges up to date, automatically, every day
- Automate orchestration between the SD-WAN and cloud-delivered security services from a single console to make it easy
- 自动故障转移到辅助云安全执行点,以避免任何应用程序中断
- Automatically reconfigure secure connections to cloud security enforcement points if a newer, closer location to the branch becomes available
- Enable customers to adopt cloud security services—and their SASE implementations—at their own pace
- 最重要的是,为部署新的安全创新提供选择自由,因为它们可以从任何供应商那里获得轻松解决未知未来威胁
Related resources
