As businesses around the world continue an unprecedented migration to a work-from-home strategy, the underlying technology and infrastructure supporting this transition face extraordinary challenges. In a recent blog post, we shared a work-from-anywhere reference architecture designed to enable IT organizations to quickly and flexibly meet the demands of a now widely distributed workforce. In this blog we’ll review two key complications with business transformation at this pace, then outline the steps required to address them.
The Distributed Workforce at Scale
The mass migration of employees from branch offices to home offices has tested the scalability limits of every organization’s remote connectivity strategy in two key areas:
- Traditionally, VPN infrastructure and throughput are sized to support a percentage of the workforce being remote at any given time – the natural assumption being that on-premises work is the norm. However, this same footprint is now being tasked with supporting most—if not all—users, stressing every point of the solution to its outer limits.
- Businesses also face challenges with connection quality for certain use cases. Medical imaging, engineering development, call centers, and others all require high performance and throughput from the underlying network connections. As these users are also part of the work-from-home migration, their ability to continue doing their jobs relies on the quality of experience being comparable to when they’re on-premises.
Enabling the Remote Workforce
Addressing the connectivity challenges of an entirely remote workforce requires a dynamic solution, one that ties together software, cloud computing, and hardware in unison. At Silver Peak, we recommend an architecture that leverages three core components: an SD-WAN Backbone, VPN client software, and SD-WAN hardware.
SD-WAN Backbone The foundation for any scalable, dynamic, and high-performance connectivity architecture is a robust SD-WAN backbone. Once users are connected via a localized hub, through client VPN software or SD-WAN edge appliances, they can fully leverage the security, reliability, and performance features of the Silver Peak Unity EdgeConnect™ SD-WAN edge platform, enabling critical applications to be prioritized, protected, and secured over any combination of WAN transport.
Enterprise customers already taking advantage of the Silver Peak SD-WAN solution can integrate existing data centers with a cloud instance of EdgeConnect software to connect users to applications directly and securely without sacrificing performance or reliability. An IT team needs only to identify the regional targets, deploy a new EdgeConnect instance from any of the leading public cloud marketplaces with corresponding network and IaaS infrastructure, and then add it to the existing SD-WAN fabric using Silver Peak Unity Orchestrator™ .
The same methodology can be leveraged in businesses without existing Silver Peak infrastructure today, with the additional step involving a deployment and configuration of a virtual instance of EdgeConnect (EC-V) software at any targeted on-premises site in the enterprise. Similar to enterprises with existing deployments, an IT team can immediately begin identifying the regional targets and deploying a new EdgeConnect instance from the marketplace with corresponding network and cloud infrastructure.
VPN Client Software In cases where organizations are looking to rapidly scale their work-from-home footprint while maintaining maximum quality, IT departments can leverage either Amazon AWS or Microsoft Azure client VPNs. These solutions enable instant, regionalized on-boarding to the nearest on-ramp to a high-performance transit backbone. Once users are connected into a regional hub, they can leverage the security, reliability, and performance features of the Silver Peak SD-WAN fabric. Details of the AWS approach are outlined below. (The Microsoft solution follows a similar framework.)
Connecting users to regionalized hubs with Amazon Client VPN:
Once an IT organization has foundational AWS components in place (VPC, Internet Gateway, and Silver Peak EdgeConnect software), they need only build a VPN endpoint to on-ramp users to the SD-WAN Backbone. Amazon provides documentation with detailed configuration steps summarized below:
Create the client VPN endpoint from the VPC menu and input the relevant information for the region, including client subnet, server certificate, and VPC:
Associate it with the VPC an EdgeConnect instance is running in:
Authorize it for some or all of the VPC network. In the case below we’ve restricted it to the Silver Peak LAN-side subnet:
And finally download and apply the client configuration file to each end user’s machine:
Users now have one-click connectivity to a localized hub, from which they can then leverage the security, reliability, and performance features of the Silver Peak SD-WAN fabric.
SD-WAN Hardware For power users who require the highest-quality connection, organizations can deploy an EdgeConnect appliance in their home office. IT administrators need only ship an appliance to the user to add their location to the SD-WAN fabric. During these exceptional times, this approach has proven invaluable to organizations whose business relies on the highest quality of connectivity for their users.
This combination, providing ultra-resilient connectivity at a rapid rate, ensures a seamless transformation to a work-from-home strategy, enabling remote and home users to realize the same, or even better, quality of experience as working in the branch office.
Conclusion
Providing the same applications, services, and reliable experience to thousands of users in their home offices in such a short period of time represents a herculean effort. Thankfully the cloud, combined with SD-WAN, provides an easy way to build a WAN that provides reliable application connectivity for users anywhere.
Watch this on-demand webcast to learn how to securely connect a remote workforce to business applications in the data center or the cloud.