WAN Virtualization’s benefits 'beyond the WAN' for security, cloud computing

Next-gen Enterprise WAN architecture enables centralized complexity, lower IT OpEx

Last time, we covered the network benefits of WAN Virtualization. Here, we look at how WAN Virtualization delivers benefits “beyond the WAN” to the security and computing sides of the enterprise IT shop.

While the benefits of WAN Virtualization for the Enterprise WAN itself – far greater bandwidth, far lower monthly costs, greater reliability and application performance predictability, sacrifice-free centralization of network complexity and reduced troubleshooting costs – are quite substantial on their own, and in the shorter term alone justify its deployment, when combined with colocation and the other key technologies of the Next-generation Enterprise WAN (NEW) architecture, the benefits for security and computing are ultimately potentially even greater, if for no other reason than that most every enterprise IT shop spends far more on computing plus security than it does on the network itself.

To start, WAN Virtualization enables further server and service consolidation. This trend towards server consolidation in the data center began many years ago, of course, and has been accelerated and made more possible by well established WAN Optimization technology. WAN Virtualization complements WAN Optimization and further supports server consolidation – whether implemented as a private cloud or not – not only by providing more bandwidth, but also by addressing the performance-killing effects of packet loss and bouts of high latency. And in conjunction with colocation and server virtualization, WAN Virtualization makes it possible to use colocation facilities as cost effective, reliable data centers on the enterprise WAN. This is ideal, for example, for supporting a set of Asia Pacific or European offices of a U.S.-based multinational company.

Using WAN Virtualization together with server virtualization at a colo facility – server virtualization enabling a small physical footprint for deployment at the relatively expensive in terms of real estate, but dirt cheap in terms of bandwidth that a colo offers – is an extremely powerful way to do server consolidation, whether or not you move quickly or slowly to the rest of the management tools and data center LAN setup involved in building private cloud computing.

Next time, we’ll delve further into how WAN Virtualization and colocation are the keys to enabling the move to not just private cloud computing but also public cloud services and/or hybrid cloud computing. Here we’ll focus on the case for WAN Virtualization even for those for whom a migration to cloud computing might be far off.

WAN Virtualization enables the cost effective deployment of applications which are otherwise difficult to deploy and support over a far-flung WAN. Videoconferencing and VDI/DaaS are the best examples of these. We covered the basic points here. WAN Virtualization’s ability to move traffic to a better path sub-second, and to selectively replicate traffic across multiple paths when bandwidth is available are key to improving application predictability and reducing troubleshooting costs for these highly loss and jitter sensitive applications. Of course, any desire to utilize hosted UC solutions to augment or replace purely internal VoIP, videoconferencing or UC implementations will also be made much easier using a WAN Virtualization-based enterprise WAN.

Any security expert will tell you that one of the tenets of good security is to minimize the number of points of entry to be secured. This is why most large enterprises backhaul all traffic to and from the Internet to the data center, using any Internet connections available at the typical branch only for VPN backup connectivity, rather than allowing direct Internet access from each branch location. Yet with the rise in the importance of the cloud, with the growing importance of the Internet for every day business, and with the current generation of workers who expect constant access to Internet-based social media, video, etc., many experts suggest that a distributed or “split-tunnel” approach to providing Internet access is the way forward for the enterprise.

With WAN Virtualization, enterprises can maintain the centralized security model they prefer. Indeed, even those who have chosen to go with distributed Internet access will likely benefit from switching to the NEW architecture approach of backhauling all Internet traffic through colo facilities. Not only does this minimize the number of expensive IPS or next-generation firewalls to purchase and manage while increasing bandwidth and reducing bandwidth costs, ensuring uniform security throughout, but it makes it easier going forward to take advantage of newer security technologies and tools, and to leverage cloud-based security services on a case-by-case basis, all while keeping network design simple.

WAN Virtualization enables this complete server/service centralization for all applications, and centralization of security, without paying unacceptable performance penalties, in the same way WAN Optimization did this for remote file access and email/backup services.

Backup, especially backup of data not stored in the data center, has traditionally been a painful challenge across the WAN. The WAN Virtualization-enabled NEW architecture makes storage backup significantly easier and lower cost. By using distributed, replicated file service technologies – Microsoft DFS with replication being just one example of many – combined with the cheap Internet-based bandwidth WAN Virtualization makes possible at the branch using broadband and at the colo-based data center, enterprise IT managers literally never have to run backups to branches or even medium sized sites across the enterprise WAN. In fact, even from a headquarters data center, running backups should be largely unnecessary, replaced with continuous synchronization to storage based at one or more colo facilities.

At the colo, of course, unlimited amounts of cheap bandwidth make possible Internet-based backups either to another colo facility also on the enterprise Intranet (thanks to WAN virtualization) or else to a cloud-based backup service – a service no doubt based at some colo facility somewhere in the world.

In addition to reducing the cost and complexity of backup (which becomes solely a colo-based data center issue), this NEW architecture can further reduce storage costs by actually reversing the recent trend of which files to locate where. For administrative simplicity, most ordinary smaller files have been migrating to data centers, with WAN optimization technology used to deliver acceptable performance access to this data, often (but not always) with LAN-like speeds. Stored video files were the exception to this, since to deliver acceptable video playback performance – and to avoid clogging expensive thin WAN pipes – these files are frequently positioned at the branch, perhaps using an enterprise CDN solution. But with video becoming more prevalent and files ever larger, storing a copy of all videos at every remote site can get expensive both in terms of bandwidth consumed transporting those files from data center to every WAN location, and by the storage needed at each site to hold the files.

With the combination of the ample bandwidth – especially downstream bandwidth – at each branch, and the fact that WAN Virtualization can deliver video for playback reliably over the WAN, it now makes more sense to reverse these file storage placements. Those huge video files can be stored only centrally, at one or more colo-based locations, while the larger number of comparatively smaller non-video files can be replicated to each site using distributed replicated file service technology, and thus enabling actual LAN-speed performance every time, even for the first time a file is accessed from any given location.

Disaster recovery / business continuity is the last computing “application” we'll cover where WAN Virtualization and the NEW architecture can play a role. WAN Optimization technology remains critical for this, but with the DR site being at a colo facility, and possibly the “main” location for most or even all applications being at a colo as well, DR is enhanced. The enormous amount of bandwidth needed to facilitate DR becomes much more affordable. The most time-sensitive and mission critical applications for industries like finance may well continue to require private optical point-to-point connections to allow DR to deliver acceptable recovery times, but for all applications for many industries, and most applications even for those more highly sensitive industries, a NEW architecture solution expands the ability to provide timely disaster recovery at costs far lower than were possible just a few years ago. And that’s even before taking into account the possibility of leveraging public cloud IaaS services at DR and/or primary location sites.

Made possible by WAN Virtualization and the use of colocation for the corporate intranet, moving the Enterprise WAN to the NEW architecture – whether piecemeal or in an aggressive rollout – offers WAN managers the chance to be heroes with their CIO and their security and computing peers by helping to centralize complexity for simpler deployments, lowering overall IT CapEx and OpEx – not just networking OpEx – and enabling private cloud computing and (as we’ll see more next time) a smooth, at-your-own-pace migration to leveraging public cloud services.

A leading expert in WAN/LAN switching and routing, Andy founded Talari Networks, a pioneer in WAN Virtualization technology, and served as its first CEO. Andy is the author of an upcoming book on Next-generation Enterprise WANs.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022