For the last several columns we have been exploring the details of how enterprise Internet access is established.
Most enterprises have precious little bandwidth at most of their remote locations, and Internet access at the branch is often slow and inefficient. The Enterprise WAN needs a lot more Internet bandwidth, and Internet access needs to be high-performance and predictable if it's to support application demands, user demands and enterprise use of public and hybrid cloud computing.
Internet access from branches is slow partly because of limited bandwidth (shared across both intranet and Internet access usage) over MPLS, because MPLS is so expensive. The other main reason is the "trombone" effect. The "trombone" effect results from the hub-and-spoke architecture of the typical enterprise WAN, where access to the Internet is done only from headquarters or a tiny number of data centers. The results of this combination are very high latency in Internet access from branch locations, and sluggish and sometimes unusable performance for many applications – not at all a good recipe if your CEO or CIO wants to move more enterprise applications to the public cloud.
On the other hand, fully distributed Internet access won't fly for many, if not most, larger enterprises, primarily because it makes handling network security management more difficult and probably more expensive.
How, then, to solve these multiple challenges, and deliver high-performance, predictable Internet access to all enterprise locations, while preserving the benefits of centralizing security management?
The Next-generation Enterprise WAN (NEW) architecture is designed to do just this. The key technologies that are part of the NEW architecture here are WAN Virtualization and colocation, although WAN Optimization can also play an important role in improving performance here as well.
The first key change from the traditional WAN architecture is that at the branch, rather than using MPLS alone to backhaul all traffic from the branch, WAN Virtualization enables the use of multiple inexpensive Internet links to augment, or even replace, the single MPLS connection in carrying the live traffic to the central location.
The second change is that rather than backhauling the Internet traffic to a headquarters or private data center location, you instead have it go to a carrier-neutral colocation facility. The colo can easily be made part of your enterprise WAN by leveraging WAN Virtualization and the multiple Internet Service Provider (ISP) connections available there. It is at the colo where any and all network security management technology is deployed: your next-generation firewalls, intrusion prevention systems, email/web security gateways, next-generation threat protection systems, etc.
How many colocation facilities each enterprise will choose to use for this is a function of budget, global locations (especially key offices) and desire/need for optimum performance. You can start with mirroring the number of corporate headquarters or data centers used for backhaul today, and grow from there. It could be that as little as one colo per continent is sufficient. As we'll explore next time, one of the beauties of leveraging colo facilities for this purpose is that only a handful are needed to deliver great performance even for a huge organization with a large number of locations.
WAN Optimization plays the same role here that it does in today's MPLS-dominated architectures accelerating performance across the WAN. Its HTTP/HTTPS acceleration proxies are particularly valuable in this architecture, and its data deduplication capabilities can often offer further performance benefits to branch users accessing the Internet as well.
Next time, we'll look further at the specific benefits this NEW architecture approach brings to enterprise Internet access, including how it reduces the problem of the "trombone" effect while still delivering network security management centralization.
A twenty-five year data networking veteran, Andy founded Talari Networks, a pioneer in WAN Virtualization technology, and served as its first CEO, and is now leading product management at Aryaka Networks. Andy is the author of an upcoming book on Next-generation Enterprise WANs.