This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
There's a lot of innovation going on in the WAN these days. New strategies from a variety of network companies hold the promise of building better security, control and performance into regular broadband and LTE networks.
Cradlepoint is the latest vendor to announce its software-defined wide area network architecture. The Cradlepoint NetCloud platform enables software-defined and cloud-based wired and wireless broadband networks for branch, mobile and IoT.
Cradlepoint is known for providing wireless WANs utilizing 4G LTE. Last December the company acquired software-defined network specialist Pertino. The Cradlepoint NetCloud platform is based on the integration of Cradlepoint's Enterprise Cloud Manager platform for management and zero-touch deployment of its 4G LTE-enabled routers and M2M/IoT gateways with Pertino's Network-as-a-Service (NaaS) platform that leverages cloud, software-defined networking (SDN) and Network Function Virtualization (NFV) technologies. The result is a next generation network architecture.
If you think about it, we've been building wide area networks in the same way for the past 20 years. Private branch networks built largely around MPLS have been the norm, but this no longer matches the way companies operate today. Three mega forces – cloud, mobile and IOT – are converging to drive the need for new network architectures.
For instance, the use of SaaS applications has grown to the point where it is changing the topology of corporate networks. In the past, everything workers needed to access was behind the firewall in the data center, but today the momentum is shifting to cloud-based applications. This makes companies question the current configuration of backhauling branch traffic to the data center in order to access cloud apps. Why not go directly from the branch to that particular application?
By 2020, IDC expects that 72% of the U.S. workforce will be mobile. People work where and when they want to work and they need access to a full range of resources to be productive. Ideally mobile workers should have all the same policies and services when they are mobile as they have when they are in the office. Why can't the network effectively follow them wherever they go, with the same performance and capabilities as the office wireless LAN?
Last but not least is IoT. The moment a company attaches a "thing" to its enterprise network, the company is compelled to see it, secure it and control it to make sure the thing is compliant with policy. Ensuring this level of visibility, security and control can be a huge challenge when tens or hundreds of thousands of "things" are involved. IoT ushers in the need for networks with extreme scale and automation because humans won't be able to deal with the size and scale of next generation networks.
The NetCloud platform is designed to address all of these types of challenges. It will be rolled out in several phases over the coming months. The first part that is available now is the NetCloud Engine. Cradlepoint says the single pane of glass management console and the router integrations will follow within 90 days of this late July announcement. The platform strategy is shown in the graphic below.
NetCloud Engine is the SDN part of the architecture. It's a cloud-based software-defined Network-as-a-Service platform that offers a managed global network. The ability to add services to this network provides the visibility, security and control that customers require. What's more, there is a compelling value proposition that comes from dramatic savings over MPLS, a reduction in human capital needed, and a reduction in the complexity of building wide area networks.
The NetCloud Engine uses public cloud data centers as network PoPs. Building overlay network nodes in cloud data centers provides Cradlepoint with a tremendous amount of low-cost power and puts the vendor one hop away from every major network connected on very high performing BGP highly optimized connections. Cradlepoint puts its multi-tenant SDN stack on these public cloud PoPs, which allows the WAN provider to spin up customers' virtual networks. All of this means that Cradlepoint customers can rapidly deploy their own low cost virtual network.
That virtual network, for all intents and purposes, works just like a virtual LAN switch in the cloud. It connects all the devices, people and places illustrated on the right-hand side of the graphic image to the overlay network and it functions like a Layer 3 wireless switch in the cloud.
Then Cradlepoint can do other things to these private virtual networks, like encrypt them end-to-end. They have their own private address space, which is a strong security factor because it's completely abstracted from the underlying physical Internet. Cradlepoint creates this safe private network environment that can't be hacked because the private address is not visible to the outside world.
Customers can micro segment their virtual network to really control which users and things have access to various applications. The network is fully meshed so it works just like a LAN. Customers can have any-to-any connectivity without any configuration. There are services around LAN emulation for mobile workers so that the network functions exactly like the wireless LAN in the office. A mobile worker on a WiFi connection in a coffee shop gets connected to his overlay network that is the Cradlepoint-enabled office network. There is literally no change to how the mobile person works even though he is remote to the office.
Cradlepoint has the capability to spin up virtual services within the data plane; for example, security functions around content filtering, IP reputation, URL reputation, deep packet inspection, next generation firewall, single sign-on functionality, and more.
Adding people to this overlay network is simple. An administrator can push the Cradlepoint client out to Windows machines on the network and authenticate users to the network directly. Another way is to invite users to join via an email and let them download the Cradlepoint client onto their endpoint device.
There's more to this SD-WAN solution, and Cradlepoint says it will roll-out additional capabilities in the next 90 days. The bottom line is that NaaS is an innovation that greatly simplifies wide area network setup and operations and provides meaningful enhancements to security as well.