SD-WAN deployments show the power of software-defined networking and virtualization to improve bandwidth efficiency and deliver application performance, and now this software-centric approach is being applied to the unique requirements of branch offices.\nKnown as SD-Branch, this next step in the evolution of branch technology can be defined as a single hardware platform that supports SD-WAN, routing, integrated security and LAN\/Wi-Fi functions that can all be managed centrally.\n+ALSO ON NETWORK WORLD: After virtualization and cloud, what\u2019s left on premises?; Windows Server in the cloud: Can you, should you, and with which provider?; SD-WAN: What is it and why you\u2019ll use it one day+\nWhy SD-Branch?\nThe most compelling argument for SD-Branch is operational agility. IT organizations can rapidly deploy and provision a network branch-in-a-box solution for new locations.\u00a0 Via a centralized management console, they can control and adjust all branch network and security functions.\nReducing or eliminating the need for trained IT personnel to visit remote branch locations results in significant cost and time savings. SD-Branch also promises to reduce hardware costs by deploying software on consolidated hardware as compared to many separate appliances.\nOther SD-Branch benefits include:\n\nDecreased cost of support and maintenance contracts because fewer vendors will be involved.\nThe ability to right-size hardware requirements for each branch thanks to software virtualization.\nA smaller hardware footprint, which is ideal for space-constrained branches.\nNetwork performance scalability. As network requirements change, the performance of any function can be tuned up or down by changing processor allocation or adding hardware resources.\nLower power consumption because one power-efficient platform replaces many appliances.\n\nOver time SD-Branch will be easier to deploy, less complex to manage and more responsive to changing requirements at the branch. The cost benefits in CAPEX and OPEX could be significant as the technology matures.\nBefore discussing how to plan for and migrate to SD-Branch, let\u2019s take a look at how branch offices came to be crowded with so many single-function devices in the first place.\nOvercoming branch sprawl\nDistributed organizations rely on communications to and from branch locations to ensure user productivity, provide responsive customer service, and run a variety of targeted applications.\u00a0 The advent of client\/server branch networks began in the late 1980\u2019s with PC LANs being connected to centralized servers over low speed links, typically modems.\u00a0 The founding of Cisco Systems brought the industry the concept of the multi-protocol router which continues to connect most branch locations to centralized data centers.\nThe increased popularity of the internet as a WAN connection has increased security demands at the branch. During the late 1990s, firewalls and other network security devices were deployed at the branch to control\/monitor incoming and outgoing network traffic.\nWi-Fi became popular in early 2000\u2019s as the means to allow PCs and other devices to access the branch network. Over time, Wi-Fi has become the preferred method for accessing the corporate network locally and is popular for branches to offer Wi-Fi access for customers, guests and partners visiting their locations.\nIntroduced in 2004, WAN optimization appliances are widely adopted at branch locations to improve the efficiency of data-file transfer over the WAN.\u00a0 It employs a variety of techniques including de-duplication, compression, and traffic priorization.\nA number of start-up suppliers introduced SD-WAN in the 2014-to-2015 time frame, and now several dozen vendors support it to improve WAN communications.\u00a0 SD-WAN provides a network overlay which improves network uptime, provides for application prioritization via quality of service policies, offers Internet security and centralized management. SD-WAN needs support in branch offices.\nThe layers of newly introduced product types have naturally led to a proliferation of technologies at the branch.\u00a0 Each technology typically has its own integrated hardware\/software appliance to handle rapidly increasing performance requirements and advanced features.\u00a0 As a result, the majority of organizations have four to six different network boxes at their branch locations, and most deployments are multi-vendor with unique management interfaces.\u00a0\nSecuring branch networks\nThe increased number and variety of devices \u2013 IoT, phones, tablets \u2013 connected to the branch network provides more opportunities for hackers to access sensitive data.\u00a0 Gartner estimates that fully one third of all attacks occur at the branch.\u00a0 Over the last 10-plus years IT has deployed a variety of security appliances at the branch including IP VPNs, secure web gateways, intrusion detection and prevention systems and next-generation firewalls. These appliances, with their overlapping functionality which often come from different vendors, create additional operational complexity at the branch.\nIT organizations need to carefully coordinate network security with their security teams.\u00a0 Network security at the branch needs to mesh with security for devices, the campus network and the data center. Ideally, traffic at the branch is inspected for anomalies, with suspect traffic being sent to centralized resources or the cloud for further action.\u00a0 Branch security operations are best when fully automated and when they leverage centralized data-center and cloud-based intelligence.\nSDN and virtualization enable SD-Branch\nThe concepts of SDN and network virtualization have been widely deployed in the data center over the past four-to-five years.\u00a0 Improvements in server processing technology\u00a0 and better network software now allows a wide variety of network applications to be run on common server platforms. The industry is now ready and able to transition from special-function appliances to software applications running on one or more servers.\nPlanning for SD-Branch\nThe branch network is a critical piece of the IT infrastructure for most distributed organizations. The branch network is responsible for providing reliable, high-quality communications to and from remote locations. It must be secure, easy to deploy, able to be managed centrally and cost effective. \u00a0Requirements for branch networks continue to evolve with needs for increased bandwidth, quality of service, security and support for IoT.\nSDN and network virtualization technologies have matured to the point where they can deliver significant benefits for branch networks. For example, SD-WAN technology is rapidly being deployed to improve the quality of application delivery and reducing operational complexity. SD-WAN suppliers are rapidly consolidating branch network functions and have reduced or eliminated the need for branch routers and WAN optimization.\nThe broader concept of SD-Branch is still in its early stages. During 2018, we will see a number of suppliers introduce their SD-Branch solutions. These initial SD-Branch implementations will primarily be single-vendor and may lack state-of-the-art technology in some applications.\nIT leaders should carefully evaluate the benefits of the SD-branch architecture.\u00a0\u00a0 Migration to SD-Branch will likely require significant changes to the existing branch network and may require a forklift upgrade.\u00a0 SD-Branch suppliers should be evaluated on their current and near-future technology, technology partnerships for expertise in areas such as security and deployment options including do-it-yourself, channel partners and managed services.\u00a0\nSD-Branch deployments will make the most sense for greenfield deployments, situations that require rapid deployment of new branch networks and branches with end-of-life equipment such routers and WAN-optimization appliances. IT leaders should continue to deploy SD-WAN solutions with their compelling benefits and plan for a phased deployment of SD-Branch over the next few years.\nA number of SD-WAN, Wi-Fi and router suppliers have recently introduced or soon plan to announce expansions to enable SD-Branch functionality. Early SD-Branch solutions will be largely proprietary and may have limited functionality for some of the network\/security applications. SD-Branch is currently best positioned for rapid deployment at new or temporary branch locations. Over time, it is likely to become the go-to architecture for branch networking.\nChallenges of adopting SD-Branch\nMigration from the current branch-network architecture will be challenging for most IT organizations. First-generation SD-Branch technology that is being introduced now offers state-of-he-art technology in some functions but weaker offerings in others.\u00a0 For 2018, SD-Branch solutions will be focused on single-vendor solutions \u2013 some with application support from partners.\nSD-WAN suppliers are likely to be the most aggressive with SD-Branch as they rapidly expand their offerings, which already include WAN optimization, routing and security, as well as support for LAN functionality - Ethernet switching and Wi-Fi. Wi-Fi and router suppliers are also expanding their capabilities to include SD-WAN functions.\u00a0 IT organizations will have the option to deploy SD-Branch as an appliance, as software on standardized servers or as a managed service with the service provider managing the on-premises software and hardware.\nLee Doyle is Principal Analyst at Doyle Research, providing client focused targeted analysis on the evolution of intelligent networks.