sample - gartner1 align the wan architecture with new application deployment models. in most cases,...
TRANSCRIPT
Cloud Needs a New WAN
Digital Business and Cloud Demand New WAN Architectures
Your Cloud Strategy Needs a New WAN
A Secure Extensible Network for your Enterprise and Cloud
Customer Case Study Example: How SD-WAN enables an optimized Cloud and SaaS experience
Learn How SD-WAN Can Benefit Your Organization
2
8
10
12
13
issue 2SAMPLE
2 l
Clo
ud N
eeds
a N
ew W
AN
SAMPLE
Digital Business and Cloud Demand New WAN ArchitecturesTo successfully serve the growing demand for public cloud-based digital business initiatives, infrastructure and operations leaders must fundamentally rearchitect the WAN. Those who do not will inflict an expensive, subpar user experience on internal and external customers.
Key Challenges
• New traffic patterns driven by the adoption of cloud services are not aligned with the traditional hub-spoke, WAN architectures deployed in most enterprises today.
• Application performance does not meet user expectations.
• Enterprises are facing increasing costs for recurring network services and WAN and security appliance solutions.
• Point decisions for carrier services and WAN appliances lead to suboptimal networks.
• Deployment and management of branch routers and additional appliances are complex and time-consuming, and does not meet the requirement for more agile infrastructure.
Recommendations
To plan, source and manage network infrastructure:
• Align WAN strategy and architecture with new business and application requirements by considering the critical issues related to performance, availability, cost and flexibility/agility.
• Compile a strategy team from a broad range of disciplines to map out the new WAN architecture. Communications between and contributions from roles such as network engineering and architecture, and WAN infrastructure management, among other, will improve business alignment and avoid siloed, incremental decisions.
Gartner Research, G00317251, Mark Fabbi, Neil Rickard,
10 November 2016
Cloud N
eeds a New
WA
N l 3
SAMPLE
• Ensure that cloud deployment decisions influence WAN strategies, and that current WAN architectures influence cloud deployment decisions. A two-way dialogue regarding the balance between the capabilities of the WAN and the needs of the application will result in optimized deployment models that would not otherwise have been considered.
• Evaluate new technology and service options when refreshing branch router equipment or renegotiating service provider contracts. Use a router refresh to consider other options, such as SD-WAN alternatives or vCPE carrier offerings. When negotiating a new carrier contract, look beyond the current MPLS services and bandwidth requirements to consider options such as carrier internet gateways or cloud connection services.
Introduction
Today’s ProblemIn support of new mission-critical digital business initiatives, enterprise adoption of public cloud services is forecast to grow 86% between 2014 and 2018. However, the critical foundational WAN architecture has failed to adapt (see Figure 1). With the adoption of public cloud:
• Application performance suffers from increased latency caused by the “tromboning” of centralized internet access over the corporate hub-and-spoke network.
• MPLS cost increases due to backhauled internet traffic. Clients report that backhauled internet traffic represents 50% to 80% of the traffic on their MPLS networks.
• Expectations for agile infrastructure are not met since traditional WAN routers are complex to deploy and configure, with changes often taking weeks to test and implement.
Incremental approaches to these problems will not meet the business demands in most organizations.
For example, a telecom service manager facing increasingly congested WAN and internet connections will simply increase the available bandwidth for the branch MPLS and centralized internet connections. However, this does nothing to relieve application performance issues, while adding additional costs.
Source: Gartner (November 2016)
figure 1. Cloud-Based Applications Break Traditional Network Architectures
4 l
Clo
ud N
eeds
a N
ew W
AN
SAMPLE
WAN management teams often look to hardware-appliance-based options for routing, optimization and security to attempt to solve cloud-related application performance problems. However, reconfiguring traditional routers to reroute traffic directly to the internet has proven to be highly complex, with few successful deployments. Further, this approach does not make the WAN more agile and responsive.
Resolution Summary1 Align the WAN architecture with new application deployment
models. In most cases, this will result in a network that is optimized for internet connectivity (see Figure 2).
2 Create communications between various teams and stakeholders to ensure that the new WAN architecture is aligned with business and application requirements.
3 Leverage emerging technologies such as SD-WAN and virtualized customer premises equipment (vCPE) services to gain agility and drive down costs.
Analysis
Align WAN Strategy and Architecture With New Business and Application RequirementsIntegrating the WAN into an overarching business-centric network strategy will enable enterprises’ efforts with digital business and IoT cloud strategies.
There are a number of critical issues that need to be considered as part of the new strategy. They can be broadly grouped into the categories of performance, availability, cost and flexibility/agility.
Performance
While provisioning appropriate bandwidth is still important, the primary technique for optimizing performance is to mitigate latency effects. WAN architects can take advantage of a number of approaches, including direct internet access, WAN optimization, content distribution and front-end optimization (especially for external-facing applications).
In order to deal with application performance, it is important to consider where applications are currently hosted (in the branch, enterprise data center or cloud) and where future application deployment is likely to occur. In addition, it is important to consider the geographic distribution of the user population (both internal and external users, depending on the application).
Availability
Network availability is critical for digital business and IoT initiatives. Relying on single connections to remote offices is often not sufficient to meet these needs. WAN architects can consider options such as dual MPLS circuits, hybrid network connections (typically one MPLS and one internet circuit) or using LTE for wireless resiliency. Hybrid networking solutions are emerging as the preferred approach for many organizations, as it is aligned with the requirements for cloud connectivity and digital business.
Cost
Cost reduction inquiries represent more than half of the WAN-related inquiries received in the last 18 months. There are a number of cost factors to consider when architecting the WAN, including:
• Offload internet destined traffic at source. Recurring WAN service costs represent 21% to 25% of the cost to support a typical end-user environment.
• Take advantage of new branch office appliances. Leveraging emerging SD-WAN solutions can help reduce both capital expenditure (capex) and operating expenditure (opex) costs associated with WAN routers. Based on client feedback and contract reviews, we estimate SD-WAN solutions can save 50% of both capex and opex, compared to existing WAN routers.
Source: Gartner (November 2016)
figure 2. Future WAN Architecture
Cloud N
eeds a New
WA
N l 5
SAMPLE
• Plan for traffic growth. We estimate annual WAN traffic growth of 25% to 30%, driven by new Mode 2 application deployments, increasing use of video and growing IoT deployments.
• Evaluate emerging service offerings from service providers, system integrators and managed service providers. New opex-based service options represent a different approach to procuring WAN infrastructure and services. Understanding how these new models affect total costs will be an important consideration when evaluating new WAN architectures and related services.
Flexibility/Agility
As enterprises embrace digital business, we often see requirements for more rapid application deployments, often delivered as cloud services. Dealing with circuit deployment is still an issue, but Ethernet access for MPLS and internet services will make provisioning bandwidth much more flexible.
Key ingredients to consider for the new WAN architecture include:
• Zero-touch provisioning (ZTP) of branch office devices for quicker deployment and refresh of remote locations. ZTP eliminates the need for on-site staff to deploy a branch office router.
• Networkwide business and application policies. A policy-based approach simplifies network configuration and is more closely aligned with business requirements.
• Automated software updates to reduce the effort to test and deploy updates.
• Use of vCPE platforms to reduce appliance sprawl and leverage the increasing availability of managed services. The use of virtual services significantly reduces the time to deploy new functionality.
• Leverage over-the-top (OTT) services for security, performance and reliability.
It is important to note that no single approach is appropriate for all organizations. For example, traditional enterprises, especially those in regulated industries, will often be best-served with a hybrid MPLS/internet solution where they can control and secure mission-critical applications. Organizations that are fully embracing cloud could consider colocation hubs and rely much more heavily on internet services. Midsize organizations are in a position to migrate toward internet-only approaches, while considering OTT security and acceleration services as required.
Compile a Strategy Team From a Broad Range of Disciplines to Map Out the New WAN ArchitectureWhen reviewing the nearly 3,000 client inquiries related to WAN and branch office connectivity over the past 18 months, we find they originate from very different parts of the client organization, especially in larger organizations where there is significant role specialization. Communications between and contributions from the following roles will improve business alignment and avoid siloed, incremental decisions (see Figure 3):
• Network engineering and architecture
• Telecom service management/telecom procurement
• WAN infrastructure management
• Application performance management
• End-user computing
• Cloud/application deployment
• Internet/network security
• Business stakeholder
6 l
Clo
ud N
eeds
a N
ew W
AN
SAMPLEWOC: WAN optimization controllers Source: Gartner (November 2016)
figure 3. From Incrementalism to a Unified Team Building a New WAN Architecture
Ensure That Cloud Deployment Decisions Influence WAN Strategies and That Current WAN Architectures Influence Cloud Deployment DecisionsWAN strategy should be focused on supporting the enterprise’s evolving applications, especially those supporting key business initiatives such as digital business and IoT, as well as core, mission-critical applications. Network architects must take into consideration the requirements of users, applications and business processes, and have an understanding of how changing requirements will impact the infrastructure.
However, this must not be a one-way process (see Figure 4). The capabilities and limitations of the network should, in turn, influence other aspects of IT, including application deployment decisions. Too often, the rest of the IT organization makes decisions based on assumptions about the network, without actually determining if this reflects current or achievable realities.
Source: Gartner (November 2016)
figure 4. Network and Application Influences Work Both Ways
For example, decisions to retain applications in the branch are often made based on assumptions about the levels of performance and/or availability of the WAN. These assumptions are frequently either outdated or easily addressable (for example, with cellular backup links to improve availability and/or WAN optimization to boost performance). The cost of the WAN upgrades, if any, required to enable an application to be centralized should be compared to running multiple distributed instances of the application.
Cloud N
eeds a New
WA
N l 7
SAMPLE
At the other extreme, decisions to deploy single-instance applications (for example, most cloud applications) for global delivery, or to use virtual desktop infrastructure to deliver applications globally, are often made without reference to the WAN. Gartner has seen many instances where deployments of SaaS applications such as Office 365 were made without considering the ability of the network to deliver them.
A two-way dialogue regarding the balance between the capabilities of the WAN and the needs of the application will result in optimized deployment models that would not otherwise have been considered, such as distributing the front end of the application while consolidating the data or distributing the application to regional hubs.
Evaluate New Technology and Service Options When Refreshing Branch Router Equipment or Renegotiating Service Provider ContractsWhile a complete alignment of cloud and application deployment approaches with WAN strategies is a worthy long-term goal, the reality will likely include some incremental
developments as network leaders align strategies with changing application deployment options. One pragmatic way to start the effort of rearchitecting the WAN will take advantage of any changes occurring with WAN equipment or services. For example, rather than performing a like-for-like replacement of WAN routers, use the refresh to consider other options such as SD-WAN alternatives or vCPE carrier offerings. These solutions can prepare for potential future architectural changes like direct-to-internet connectivity in the branch. Similarly, when negotiating a new carrier contract, look beyond the current MPLS services and bandwidth requirements to consider options such as carrier internet gateways (to improve internet performance) or cloud connection services (to provide direct connections to key cloud providers). These incremental approaches will provide some short-term advantages and will not inhibit a more comprehensive redesign when time, budget and refresh cycles allow.
Evidence
Gartner analysts take more than 2,000 inquiry calls on WAN architecture and services annually.
8 l
Clo
ud N
eeds
a N
ew W
AN
SAMPLE
Your Cloud Strategy Needs a New WAN
Source: Viptela
There are four key principles that serve as strategic benefits of
your embrace of the Cloud:
1. Agility of operations and procurement
2. Elasticity of application and user workloads
3. High quality of user and consumer experience for application
access
4. Resiliency and high availability of access
Imagine this, your team is deploying Office 365 and your proof-
of-concept due diligence assures you that your experience will
be positive. Day one of production: Your help-desk becomes
overwhelmed by users stating that they are experiencing high
amounts of delay and application lock ups. In other words, they’re
spending a lot of time staring at the “spinning pinwheel of death.”
The user experience is now horrific and your teams are focused
on identifying where the bottleneck and source of your user’s
woes are occurring. Eventually your NetOPs team finds it, the
source of your issues is your WAN.
Traditional WANs break the Cloud
Connecting to public cloud platforms, such as Microsoft Azure
and Amazon Web Services (AWS), over the existing wide area
network is not as easy as it should be. Organizations typically
have to leverage a number of different connections from their
private (on-premises) data centers into their AWS and Azure cloud
environments. For most of their critical information, they have
to set up, manage and maintain point-to-point IPSec tunnels or
MPLS-based connections to ensure the privacy and integrity of
the information in transit.
When dealing with multiple data centers or branches connecting
to multiple public cloud or SaaS providers in multiple geographies,
the topology can quickly become complex. This complexity leads
to cumbersome operations and increased costs, which diminishes
the overall performance, compromises on security, and impacts
the value of the AWS and Azure deployments. To realize the
benefits, organizations need a WAN that is optimized to keep up
with the new demands of these cloud platforms.
Typical challenges you will face as you begin to deploy:
- High latency between the user and cloud application
- Lack of security and segmentation between applications and
lines of business
- Difficulty in achieving resilient access to your workloads
- Complex management and monitoring
- Lack of visibility and SLA based traffic steering
- High cost of business VPN links
The WAN needs to evolve and transform in tandem with your
broader strategic initiatives in order to deploy more cloud-based
applications and workloads. Recognizing this required level of
transformation is key. As a CIO it is imperative that you look to
Software Defined WAN (SD-WAN) as the approach to achieve
a scalable, high performing and elastic solution to address your
enterprise concerns. On your path to understanding more, pay
close attention to the following critical characteristics, which you
must have to ensure a WAN that is optimized for your Cloud
strategy:
Viptela offers a horizontally scalable SD-WAN solution that
creates an elastic, secure WAN that can keep up with an
organization’s cloud applications utilizing the principles of
software-defined networking (SDN). It consists of a centralized
controller that can be deployed within an organization’s private
data centers and/or public cloud environments, such as Azure
and AWS, and distributed forwarding elements that can be put in
Cloud N
eeds a New
WA
N l 9
SAMPLESource: Viptela
figure 1. Four key characteristics for your WANcampus and branch locations, as
well as public cloud entities, setting
up secure connections among
all these endpoints (up to tens of
thousands of sites).
The Viptela Secure Extensible
Network (SEN) is an End to End
solution providing automation,
analytics, management, security,
and scalability for the enterprise
WAN and Cloud. The Viptela
SEN enables ubiquitous transport
access and resiliency to your cloud
and Enterprise workloads in a
consumable and holistic package
to deploy. The Viptela SEN
optimizes your WAN for your cloud.
Source: Viptela
figure 2. Viptela Secure Extensible Network (SEN)
10 l
Clo
ud N
eeds
a N
ew W
AN
SAMPLE
A Secure Extensible Network for your Enterprise and Cloud
Source: Viptela
The Viptela Secure Extensible Network (SEN) transforms
the Enterprise WAN, optimizing it to enhance your IaaS and
SaaS strategies. Viptela SEN accomplishes this by simplifying
the fundamentals into four key functions to address typical
performance bottlenecks, visibility and utilization issues
experienced when deploying cloud-focused business or
productivity applications across your enterprise.
Viptela SEN is delivered with a controller infrastructure, Zero
Touch Provisioning Service as well as key management and an
Enterprise Grade software defined operating system in a single
package for your enterprise needs.
Analytics, Monitoring and Operations
Orchestration and Provisioning – The Viptela SD-WAN
controller provides a Zero Touch Provisioning (ZTP) service that
instantly recognizes the Viptela vEdge appliance providing it with
the necessary parameters to manage device authentication and
configuration management. All configuration and boot setup is
done over a secure control channel, which will also automate the
provisioning of end-to-end encrypted tunnels between Viptela
vEdge appliances and the centralized policy and configuration
controllers within your enterprise and cloud.
The Viptela SD-WAN controller is your centralized configuration
management and monitoring engine for your distributed
virtualized WAN.
Robust Infrastructure
Distributed Network and Application Awareness – The
Viptela vEdge appliances are full-featured IP routers that
perform standard forwarding functions, routing policies and are
the secure intelligent endpoints to the WAN overlay. They are
distributed at each branch, data center and your cloud as either
physical or virtual appliances (VM). Viptela embeds unique and
advanced segmentation capabilities, which provide a discrete,
encrypted VPN-like experience per application, organization or
network; all of this is delivered across any transport and with
unique topologies per segment.
Application Policies
Centralized Policy and Control – The Viptela SD-WAN
controller is your centralized application and policy engine
for your distributed virtualized WAN. The SD-WAN Controller
handles the automated bring-up of secure tunnels between
vEdge endpoints, policy distribution and traffic control for
thousands of enterprise locations.
Source: Viptela
figure 1. Key Functions of Viptela SEN
Cloud N
eeds a New
WA
N l 11
SAMPLE
Transport Independent Fabric
Secure Hybrid Transport – The Viptela Secure Extensible
Network SD-WAN solution provides inherent support for a
multitude of transport options (e.g. LTE, Wireless, MPLS) and
Source: Viptela
figure 2. Viptela Secure Extensible Network components
automates the secure control and data path to provide flexible
VPN topologies across your enterprise WAN per application or
organization.
12 l
Clo
ud N
eeds
a N
ew W
AN
SAMPLE
Customer Case Study Example: How SD-WAN enables an optimized Cloud and SaaS experience
Source: Viptela
Example – Fortune-500 Food Distributor
A large food distributor recognized their existing WAN set up was
not going to be able to handle a move to Office 365. They had
hundreds of branch offices and a couple of data centers, where
they aggregated access out to the Internet over MPLS from two
vendors – one primary (4-6 MBs of MPLS connectivity) and one
back up (T1 line). The performance of Office 365 was throttled
by this set up, resulting in daily complaints from users that they
couldn’t get their work done, particularly in the smaller sites,
where everything was being backhauled.
They decided to make their WAN “cloud-ready”. They started
by transitioning to a single MPLS vendor, a big Internet pipe (50
MBs for their main sites with hundreds/thousands of users, 20
MBs for smaller sites of 30-40 people), and 4G LTE as backup for
every single location. Now that each site had increased transport
Source: Viptela
figure 1. Leveraging DIA or DC Backhaul for O365
access, they needed to deploy a solution that would enable
them to deliver the full capabilities of an enterprise grade WAN
solution.
They turned to Viptela to help them improve the performance,
reliability and security of their deployment. First, they piloted
Office 365 deployments with Viptela, which enabled them to
set up policies that addressed their performance and security
requirements. They created a policy that ensured Office 365 was
accessed through a cloud-based security vendor to inspect the
traffic and another that dictated routing decisions be made based
on the latency of the connections, both in the cloud and up to
Office 365. They immediately saw 3x and 4x improvements in performance and gained the confidence to roll out Office 365 for all their sites.
Cloud N
eeds a New
WA
N l 13
SAMPLE
Source: Viptela
Learn How SD-WAN Can Benefit Your Organization
The WAN is a critical element of any enterprise. Viptela, along
with leading technology providers Microsoft, have identified what
you and your business need to understand and consider when
deploying and re-architecting your WAN for tomorrow.
Visit www.viptela.com to learn more about Software-Defined WAN
and how to achieve
• 50% WAN Cost reduction
• 10x Bandwidth
• 5x Improved Cloud Performance
• No downtime
Cloud Needs a New WAN is published by Viptela. Editorial supplied by Viptela is independent of Gartner analysis. All Gartner research is © 2016 by Gartner, Inc. All rights reserved. All Gartner materials are used with Gartner’s permission. The use or publication of Gartner research does not indicate Gartner’s endorsement of Viptela’s products and/or strategies. Reproduction or distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website.