Branch infrastructure continues to evolve. As we increasingly rely on application services and apps, network teams have turned to software-defined wide-area networking (SD-WAN) in order to take their branch infrastructure up to the next level. In this article, we will be examining the emergence of SD-Branch, along with its drivers, and cover two use cases – one for enterprises and another for service provides – to illustrate the benefits and build.
SD-Branch: How SD-WAN Has Evolved
The SD-Branch is a type of architectural approach that combines the branch and WAN into a simplified WAN architecture, security, and simplified network by consolidating several functions into one software-based IP services platform. The approach virtualizes most or all security, networking, and branch connectivity functions and they are centrally managed. Software-defining the branch allows service providers and enterprises to go past SD-WAN based connectivity to software-define at the branch the entire stack of services.
The SD-Branch takes full advantage of certain design components like virtual customer premises equipment (VCPE) to allow virtualized network functions (VNFs) from third parties to be hosted – and therefore further the capability for software-defining the whole branch services stack, as well as leveraging network, functions virtualization (NFV) benefits and operational constructs.
To accomplish the transition from an SD-WAN into an SD-Branch requires several IP services that provide secure, scalable, and highly flexible WAN and branch architectures. That means the integration and virtualization of layers within the branch – the advanced, the overlay, and the underlay security and network services – with a centralized control and management framework.
The following components are included in the SD-Branch:
- A virtualized IP services platform provides programmability, service chaining, and cloud-like elasticity that using deployment models that are cost-effective;
- A broad series of VFNs that deliver the necessary robust security IP and networking services for an SD-Branch; and
- A centralized visibility and management framework to provide workflow management, analytics, management, and centralized control service similar to a cloud-like service.
What Are The Major Drivers Of The Evolution?
Digital transformation and cloud adoption are what is driving traditional WAN to be replaced by SD-WAN. From that transformation, cloud-based resources and applications are changing how we interact with this information as well as how the user is serviced by the branch. First of all, for cloud-based apps that are accessed from the branch, it is necessary to increase security and control as well as improve user experience. Second of all, with the emergence of new application services, will be driving the demand for various approaches to security and segmentation. Along with transforming the WAN or branch, software-defined security serves as a catalyst that addresses the emerging challenges and evolves into SD-Branch naturally.
Enterprise SD-Branch Use Cases
Enterprise security and networking teams frequently struggle with evolving their branch office IT and WAN architecture to support digital transformation and cloud transition. There are multiple WAN requirements, which includes the need for improving the user experience when cloud-based resources and applications are accessed while increasing the security, control, and visibility of the information that is being accessed. It is important to increase the agility of new project and site deployment, in addition to ongoing change management. One other main goal is the overall reduction of complexity of SD WAN cost by managing bandwidth requirements as well as simplifying software and appliance sprawl.
The solution is SD-Branch. It makes it possible for enterprises to simplify their branch and WAN through consolidating security and networking functions into one software platform with a broad range of IP services, rather than devolving multiple software packages and hardware appliances. SD-Branches offer an entire set of integrated networking (Wi-Fi, Ethernet, SD-WAN, routing) and security (IPs, AV, secure web gateway, next-generation firewall, etc.) function as operating on a low-cost appliance with one management screen. SD-Branch can be easily deployed by enterprise to solve complex branch architecture and WAN challenges and the following benefits are achieved:
- Reduced cost and complexity: Operating and capital costs may be reduced by as much as 80 percent by utilizing a software-based approach for integrating security functions and networking onto one platform.
- Increased IT agility: The limitations of branch architectures and legacy WAN are removed by SD-Branch. That transforms a formerly security and network functions into a software-based, agile environment that allows IT for rapidly providing new sites and adding new third-party services into hours versus weeks, and scale capacity seamless as needed.
- Highly secure branch: This provides a broad range of software-defined security (SD-Security) functions that provide layered control and protection
Service Provider SD-Branch Use Cases
With SD-Branch there are significant opportunities for service providers – given the rage of security and networking services planned or deployed. When service providers have SD-Branch it allows them to offer a fully unified automated distributed service platform to solve the complex business challenges of customers that provide the capabilities below:
- A multi-tenant and cloud-native services platform with centralized management, security services, and native IP networking;
- Flexible deployment choices that use white-box low-cost appliances;
- Centralized control and distributed services for much greater agility and simplicity;
- A completely virtualized stock of IP services for using it to design offerings; and
- TCO that is radically reduced.
Expanding on the capabilities that SD-WAN provides and an SD-Branch architecture provides a genuine cloud-like operating model within the enterprise branch that allows providers to deploy multi-tenant SD-WAN/SD-Branch software platform on-premises using deployment processes and template service definitions. Providers can immediately provision new branches through drop-shipping white-box, low-cost hardware that is populated with auto-provisioned software to pre-defined templates, and a multi-tenant management console is used to manage them across all security and networking functions. This centralized console enables rapid delivery of security or networking services as the needs of customers grow. Finally, providers can continuously improve and monitor new customer’s SD-WAN/SD-Branch service by utilizing big-data analyses.
Reduced total costs of operations (TCO): Through standardizing commodity hardware and software rather than deploying security appliance and proprietary networking, customers are able to significantly reduce their infrastructure spending. Customers can significantly reduce their OPEX through eliminating or reducing branch-office ruck rolls, which shorten help-desk and troubleshoot time and integrate new services easily into existing deployments. When a usage-based priced model is utilized this means the customers only have to pay for the things that they actually use.
Significantly increased IT agility from time-to-deployment acceleration from weeks down to hours: Customers are able to quickly roll out SD-Branch deployments, without multiple pieces of proprietary or complex hardware. This means that new deployments are able to happen within hours. Service provider and enterprise network IT teams can adopt a software-based, agile DevOps model and also eliminate the provisions of hardware and time dependency of traditional security and WAN architecture.
Improved application security and performance: Applications have evolved into being so central to the success of enterprise business that apps that perform poorly or downtime across WAN may reduce employee productivity significantly which can significantly impact the bottom line. As an SD-Branch component, SD-WAN is able to identify applications and then mapped to the connectivity option that is most appropriate to improve application performance further and reduce overall WAN costs. It also produces increased control over WAN operations, which promises more effective and efficient application management across the whole corporate WAN infrastructure.
Simplified operations and support: with its centralized management and zero-touch provisioning, SD-Branch allows IT teams to significantly reduce the amount of time that is needed to manage security and networking services at the branch, that results in Opex savings by as much as 50 percent. When big-data analytics software is added it provides customers with real-time intelligence and deep visibility into all security and networking functions to simplify ongoing operations even further.
Those drivers, along with needing to stay ahead, is bringing the SD-Branch to the forefront. Already companies are changing the way they think about branch and WAN with SD-WAN, and continue to transform their approach to their network by software-defining their branch to utilize their network resources the best to increase performance, improve user experience, enable digital transformation, simplify operations, and provide ubiquitous security.
SD-Branch will result in the evolution of the WAN, branch and overall network being converted from physical infrastructure and legacy architecture into cloud-like operations and software-defined architecture.