This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
In recent weeks I've written about several vendors in the software defined wide area networking (SD WAN) space. There's one thing I've learned as I've talked with these companies: each one takes an approach to wide area networking that plays to the company's strengths. Silver Peak just had a major announcement pertaining to SD WAN, and not surprisingly, this company is building on its deep expertise in WAN acceleration.
In mid June, Silver Peak announced its Unity EdgeConnect product set. This SD WAN solution brings broadband Internet into the WAN in a way that delivers private line-like performance and security. I'll get into the "how" of the solution in a moment, but first I want to discuss the "why" of software defined wide area networking.
Today, multi-protocol label switching (MPLS) is pretty much the standard way for enterprises to connect their branch offices back into the corporate data center. MPLS has been a good solution for at least the past decade. As a technology, it's predictable, reliable, and relatively secure. It allows enterprises to connect their remote users to applications in the data center in a private, secure way.
However, MPLS has its drawbacks. It's expensive and inflexible, and it can take months to bring up a new branch. Companies have limited control over their MPLS implementations because they have to be outsourced to a carrier or service provider.
But the biggest drawback to MPLS is that it's out of sync with the way that companies deploy enterprise applications today. According to Gartner, 80 percent of enterprise traffic today is destined for the Internet. In order for a branch office to reach applications in the cloud, the traffic has to go from the branch over the MPLS line to the data center to an exit point out to the Internet and then to the application, and then back again. It's inefficient but this is the way to do it if MPLS is the branch's primary point of access. Unfortunately it means that cloud-based applications are going to suffer from poor performance.
SD WAN solutions address this shortcoming in traditional WAN architectures. By putting an overlay on top of the WAN, companies can deploy broadband links on the network to augment or even replace the MPLS links.
This is what Silver Peak does, but the vendor brings its WAN acceleration expertise into the mix for a unique solution that emphasizes high performance for cloud applications. Silver Peak's SD WAN solution consists of three elements:
- Unity EdgeConnect is a zero-touch virtual or physical appliance for branch locations. It can be deployed in minutes to create a virtual network overlay that leverages both MPLS and broadband connectivity.
- Unity Orchestrator provides visibility into both legacy and cloud applications, and the ability to centrally assign business intent policies. Using templates, Orchestrator can assign policies with limited or no manual intervention.
- Unity Boost is an optional performance pack that is an on-demand subscription. It's for applications where acceleration is really needed; for example, data replication at the end of the work day. This is a real differentiator of the Silver Peak solution.
The Unity architecture is the fabric that brings all the elements of the WAN together. Customers can take baby steps to get into SD WAN or jump into it full force. There's no need to change traditional routers, switches or connectivity; Unity can ride over all of those but in addition it's possible to bring in broadband using cable, DSL, LTE, or whatever the preference is.
I mentioned the Unity ConnectEdge appliance is zero-touch. An administrator can create templates for policies the organization wants to put in place, such as the acceptable latency rate for traffic. A company can define a couple of templates and match them to its applications. Then the Orchestrator automatically pushes out these policies to the branches based on what applications are in use.
Dynamic path steering over SD WAN is a common feature for all solutions. Typically, if one path to/from a branch goes down, another one takes over so there is no loss of traffic. Silver Peak kicks this feature up a notch and calls it dynamic path control. It's not just based on downtime of a path, but also on quality of service (QoS) and better performance on one path over the other. This is where Silver Peak's years of experience in driving the WAN based on optimized performance comes into play.
Silver Peak also uses path conditioning on broadband, similar to that which MPLS uses. The vendor is able to condition the network tunnels to make sure they provide the best possible performance. The company claims to have a "secret sauce" to keep track of packets to give private line-like performance over the Internet lines. A cloud intelligence service that is part of Unity EdgeConnect assures that Silver Peak knows the best, most optimized route on the WAN to take.
Silver Peak also claims to provide better security over broadband through WAN hardening than MPLS provides with its private line connection. It starts at the point of IPSec tunneling. Silver Peak uses a 256 AES encrypted tunnel so that every packet on the WAN is completely encrypted. Traffic can only be read at the other end of the WAN by another Silver Peak device. No unauthorized traffic is allowed to enter; the WAN only carries traffic from trusted devices on either end.
The final piece to this solution is the monitoring and reporting that provide more control and understanding of what's happening on the network.
Silver Peak has tossed its hat in the SD WAN ring and it's bringing to bear all the lessons it has learned over years of providing WAN acceleration solutions.