Introduction
As enterprises grow, they need to build network infrastructure that connects branch offices in different geographic regions. IT networking teams must balance the organization’s need for simplicity, performance, reliability and security while considering costs and compliance. Because geographic distance can lower performance and increase cost, choosing how to connect remote sites can be challenging. Moreover, as enterprises continue to embrace digital transformation, the adoption of cloud-based applications introduces new ways to connect users to cloud and software-as-a-service (SaaS) resources. So, what is the best way for enterprises to connect multiple locations and users to business-critical resources while balancing performance, reliability and cost?
Historically, the two most popular wide area network (WAN) connectivity options have been multiprotocol label switching (MPLS) and internet, but in recent years, IT administrators have begun to consider adding a software-defined WAN (SD-WAN) overlay.
MPLS is a private connection linking data centers and branch offices. MPLS is typically outsourced, managed by service providers who guarantee network performance, quality and availability. Because MPLS is essentially a private network, it is considered reliable and secure, but also expensive.
WAN architectures based on traditional multi-protocol label switching use a model where the traffic from the branch is “backhauled” to the cloud through the headquarters or a centralized data center when accessing cloud applications. MPLS becomes even more expensive when traffic is backhauled. Internet is slower due to the latency added by distance and the limited bandwidth available over MPLS.
These disadvantages impact employee productivity and user experience. Moreover, MPLS is not designed to handle the high volumes of WAN traffic that result from SaaS applications and cloud adoption. With greater numbers of applications moving to the cloud, there is more strain on bandwidth. Poor user experience can lead to frustration and low motivation.
Applications are moving to the cloud, driving the need for branches to have direct internet access (DIA) to improve user experience. At the same time, the adoption connected devices and bandwidth-intensive apps push bandwidth demands even higher.
Broadband internet is any high-speed internet service that is always on and faster than traditional dial-up access. Broadband internet is ubiquitous and cost-effective.
Despite these benefits, the limitations of broadband internet can have significant impact on business performance. Compared to MPLS, broadband internet lacks the reliability in the WAN middle mile connectivity that is guaranteed when using dedicated private links. End-to-end network performance becomes less reliable since customers are forced to take their chances with the congested internet as their WAN middle mile. Beyond that, broadband internet isn’t secure. While branch offices and remote employees can access the public internet nearly anywhere, sensitive data, applications and communications aren’t protected when users are accessing the corporate network. When users connect to their network through an unsecure internet connection, their access to corporate data can be compromised.
SD-WAN is a newer approach to wide area networking that separates the network control and management processes from the underlying hardware and makes them available as software that can be configured and deployed easily.
SD-WAN greatly benefits organizations looking for more flexibility to connect remote networks. SD-WAN networks manage multiple types of connections, including MPLS, broadband and long-term evolution (LTE), and route traffic over the best path in real time. In the case of the cloud, SD-WAN can forward internet- and cloud-bound traffic directly to the branch without backhauling. By routing traffic over different network paths depending on priorities, you can empower productive teams, optimize application performance and minimize service disruptions.
SD-WAN can deliver a great user experience and better application performance, but it isn’t without limitations. Because it leverages the congested internet as the WAN middle mile, network performance and reliability can still suffer. IT teams that try to solve these challenges have few options – build their own complex SD-WAN hub infrastructure and interconnects, or hire multiple vendors and service providers, which increases complexity and cost. Finally, unlike MPLS, SD-WAN is not a private network. For that reason, security tends to be bolted on and is usually an afterthought; creating complexity and security risks.
Finding the best connectivity fit comes down to many variables, including geographic spread between corporate HQ and remote branches, operating budget, compliance requirements, needs around flexibility and so on, with one universal factor: security. The right option not only prioritizes network connectivity and WAN optimization, but also puts data protection at the top of the agenda for all organizations.
By unifying the management of networking and security, businesses can avoid having gaps in their security posture.This can also help maintain consistent security policies from the network core out to branches.
Palo Alto Networks SD-WAN can help you connect your branch offices without compromising on security. Read our e-book Consistent Security with SD-WAN: Four Ways to Optimize Security from HQ to the Branch to learn the key SD-WAN features and capabilities you should consider to keep users connected and data secure.