Secure SD-WAN – Providing a Flexible Platform for Teleworkers

group of people human resources global network diversity picture id1184804471
iStock

Building flexibility into our networked environments is the hallmark of digital innovation. It allows organizations to be more nimble when it comes to delivering critical resources and applications to customers and employees. It agilely adapts to changes in the marketplace. And it allows organizations to maintain a competitive advantage in a world where change is the only constant.

The need for this kind of flexibility has been highlighted by the current crisis. Organizations with a flexible and distributed infrastructure already in place were able to quickly adapt to new remote worker requirements with minimal impact on business continuity. Without proper strategies, solutions, and infrastructures in place, organizations were not only unprepared to address this crisis, but even normal requirements, such as digital innovation, present significant technological challenges to enterprises. Without the flexibility to provide application access, maintain optimal performance, and ensure uninterrupted connectivity to critical assets/resources can cripple their ability to compete and survive in today’s digital marketplace.

SD-WAN Keeps Your Organization Connected 

Continued connectivity is essential for a smooth transition to any new business paradigm, especially for individuals working from branch offices. In addition to providing access to applications and resources to branch users, it is also a powerful solution for a teleworker model as well.

Rather than having everyone dial into the main campus directly, and overloading both bandwidth and VPN aggregators, remote workers can dial into their branch office and then use SD-WAN to provide secure connectivity back to the core network, as well as to cloud-based resources and the internet. Similarly, smaller SD-WAN desktop devices can be deployed to support power users in their home office, such as remote IT technical support teams, emergency support personnel, and executives who need fast, reliable, and secure access to a wide range of sensitive or confidential network resources.

For this to happen quickly and seamlessly, however, SD-WAN connectivity and security cannot be deployed as separate solutions. An overlay security system can require enormous labor and overhead to set up, especially when IT teams are already overloaded. Instead, security and connectivity need to be designed as a single system that allows security to not just respond to network changes due to, say, a suddenly unstable connection, but to actually be part of the system that sees and initiates those changes. This eliminates security gaps resulting from security having to catch up, while ensuring that any changes to the WAN never exceed security’s grasp.

Such a Secure SD-WAN strategy can then both support and secure multiple WAN connections, including MPLS, broadband, and LTE. Organizations then have the flexibility of load-balancing remote workforce traffic across different links to ensure redundancy in case of a WAN link failure without ever sacrificing security. And at the same time, security needs to be able to secure WAN redundancy without sacrificing performance, which ensures your remote workforce stays connected to datacenters, the internet, and the cloud at all times to access critical resources without impacting user experience. 

Optimizing User Experience for Critical Applications

To ensure smooth collaboration and reduce friction between teams, a large remote workforce requires consistent access to critical applications such as voice, video, and screen sharing. Of course, these applications require real-time processing that can be easily impacted by network conditions such as latency, packet loss, and jitter caused by suboptimal infrastructure or service provider issues.

Because of this, a Secure SD-WAN solution must also provide accurate detection of critical real-time applications. Immediate application visibility helps ensure that the best possible WAN link is chosen for traffic forwarding based on known application requirements, enabling systems administrators to define business policies with precise service level agreements for network parameters, such as latency, packet loss and jitter.

And it needs to also continuously monitor those connections, so in the event that bandwidth conditions degrade for a given application it can seamlessly switch to a better performing – and appropriate – WAN link without impacting application delivery. And in a worst-case scenario, where all WAN links are degraded, it needs to be able to remediate network conditions with advanced techniques such as forward error correction. 

This is especially critical for remote workers connected to a home network. Bandwidth issues can be compounded when multiple users – including family members, guests, and connected devices – all try to use several bandwidth-intense applications at the same time, such as teleconferencing while others are streaming entertainment or gaming online. When an SD-WAN solution is able to define application-specific business policies for the home network, the best possible utilization of bandwidth can be ensured through precise QoS prioritization for critical applications and the rate-limiting of non-critical applications that can impact performance. 

Simplified Collaboration 

Low latency connections through public internet links enable shared applications such as Office365 to become part of the trusted and reliable WAN infrastructure. This becomes especially critical as remote workers also use advanced, feature-rich, cloud-hosted applications such as Zoom and RingCentral for voice and video conferencing. While these applications provide enhanced voice and video capabilities, they also demand even more bandwidth availability.

And in many cases, that traffic also needs to be encrypted, which puts even more pressure on things like traffic inspection. A Secure SD-WAN solutions needs to be able to detect sub-applications and provide encrypted applications with SSL inspection capability at line rates, while steering applications to the best-performing WAN link to provide optimal performance. 

Integrated Management, Control, and Analysis

By integrating security and connectivity into a single solution, administrators can leverage a single-pane-of-glass management console to simplify and consolidate deployment, configuration, and provisioning. This allows them to quickly roll out business policies to best suit remote workforce expansion without related network downtime or unplanned outages. In addition, centralized management simplifies the implementation of WAN configuration revisions and other improvements to enhance application experience and enforce local security measures. 

The centralization of SD-WAN business and security policies also enables NOC and SOC teams to tailor policies to achieve the best user experience. Comprehensive analytics on bandwidth utilization, application definition, path selection, and the security threat landscape not only provide visibility into the extended network, but also enable administrators to quickly re-design policies based on live data to improve network and application performance. 

Secure SD-WAN for Branch and Home Offices

SD-WAN solutions comes in a wide range of appliances, including those designed for remote sites and even small home offices, enabling organizations to procure and install a solution at the home offices of critical users to handle routing, connectivity, security, and wireless access needs through a single, integrated platform to improve application performance and maximize the existing bandwidth limits of users and their ISPs.

Learn more about how to maintain business continuity through broad, integrated, and automated Fortinet Teleworker Solutions.

Read more about how FortiGate Secure SD-WAN helped Fortinet optimize network performance in this case study

Related:

Copyright © 2020 IDG Communications, Inc.