• United States

SD-Branch: What it is and why you’ll need it

Jan 23, 20187 mins

Branch offices are filling up with specialized networking appliances, but SD-Branch promises to reduce the clutter and save money.

bridge between two buildings
Credit: Thinkstock

SD-WAN deployments show the power of software-defined networking and virtualization to improve bandwidth efficiency and deliver application performance, and now this software-centric approach is being applied to the unique requirements of branch offices.

Known as SD-Branch, this next step in the evolution of branch technology can be defined as a single hardware platform that supports SD-WAN, routing, integrated security and LAN/Wi-Fi functions that can all be managed centrally.

+ALSO ON NETWORK WORLD: After virtualization and cloud, what’s left on premises?; Windows Server in the cloud: Can you, should you, and with which provider?; SD-WAN: What is it and why you’ll use it one day+

Why SD-Branch?

The most compelling argument for SD-Branch is operational agility. IT organizations can rapidly deploy and provision a network branch-in-a-box solution for new locations.  Via a centralized management console, they can control and adjust all branch network and security functions.

Reducing or eliminating the need for trained IT personnel to visit remote branch locations results in significant cost and time savings. SD-Branch also promises to reduce hardware costs by deploying software on consolidated hardware as compared to many separate appliances.

Other SD-Branch benefits include:

  • Decreased cost of support and maintenance contracts because fewer vendors will be involved.
  • The ability to right-size hardware requirements for each branch thanks to software virtualization.
  • A smaller hardware footprint, which is ideal for space-constrained branches.
  • Network performance scalability. As network requirements change, the performance of any function can be tuned up or down by changing processor allocation or adding hardware resources.
  • Lower power consumption because one power-efficient platform replaces many appliances.

Over time SD-Branch will be easier to deploy, less complex to manage and more responsive to changing requirements at the branch. The cost benefits in CAPEX and OPEX could be significant as the technology matures.

Before discussing how to plan for and migrate to SD-Branch, let’s take a look at how branch offices came to be crowded with so many single-function devices in the first place.

Overcoming branch sprawl

Distributed organizations rely on communications to and from branch locations to ensure user productivity, provide responsive customer service, and run a variety of targeted applications.  The advent of client/server branch networks began in the late 1980’s with PC LANs being connected to centralized servers over low speed links, typically modems.  The founding of Cisco Systems brought the industry the concept of the multi-protocol router which continues to connect most branch locations to centralized data centers.

The increased popularity of the internet as a WAN connection has increased security demands at the branch. During the late 1990s, firewalls and other network security devices were deployed at the branch to control/monitor incoming and outgoing network traffic.

Wi-Fi became popular in early 2000’s as the means to allow PCs and other devices to access the branch network. Over time, Wi-Fi has become the preferred method for accessing the corporate network locally and is popular for branches to offer Wi-Fi access for customers, guests and partners visiting their locations.

Introduced in 2004, WAN optimization appliances are widely adopted at branch locations to improve the efficiency of data-file transfer over the WAN.  It employs a variety of techniques including de-duplication, compression, and traffic priorization.

A number of start-up suppliers introduced SD-WAN in the 2014-to-2015 time frame, and now several dozen vendors support it to improve WAN communications.  SD-WAN provides a network overlay which improves network uptime, provides for application prioritization via quality of service policies, offers Internet security and centralized management. SD-WAN needs support in branch offices.

The layers of newly introduced product types have naturally led to a proliferation of technologies at the branch.  Each technology typically has its own integrated hardware/software appliance to handle rapidly increasing performance requirements and advanced features.  As a result, the majority of organizations have four to six different network boxes at their branch locations, and most deployments are multi-vendor with unique management interfaces. 

Securing branch networks

The increased number and variety of devices – IoT, phones, tablets – connected to the branch network provides more opportunities for hackers to access sensitive data.  Gartner estimates that fully one third of all attacks occur at the branch.  Over the last 10-plus years IT has deployed a variety of security appliances at the branch including IP VPNs, secure web gateways, intrusion detection and prevention systems and next-generation firewalls. These appliances, with their overlapping functionality which often come from different vendors, create additional operational complexity at the branch.

IT organizations need to carefully coordinate network security with their security teams.  Network security at the branch needs to mesh with security for devices, the campus network and the data center. Ideally, traffic at the branch is inspected for anomalies, with suspect traffic being sent to centralized resources or the cloud for further action.  Branch security operations are best when fully automated and when they leverage centralized data-center and cloud-based intelligence.

SDN and virtualization enable SD-Branch

The concepts of SDN and network virtualization have been widely deployed in the data center over the past four-to-five years.  Improvements in server processing technology  and better network software now allows a wide variety of network applications to be run on common server platforms. The industry is now ready and able to transition from special-function appliances to software applications running on one or more servers.

Planning for SD-Branch

The branch network is a critical piece of the IT infrastructure for most distributed organizations. The branch network is responsible for providing reliable, high-quality communications to and from remote locations. It must be secure, easy to deploy, able to be managed centrally and cost effective.  Requirements for branch networks continue to evolve with needs for increased bandwidth, quality of service, security and support for IoT.

SDN and network virtualization technologies have matured to the point where they can deliver significant benefits for branch networks. For example, SD-WAN technology is rapidly being deployed to improve the quality of application delivery and reducing operational complexity. SD-WAN suppliers are rapidly consolidating branch network functions and have reduced or eliminated the need for branch routers and WAN optimization.

The broader concept of SD-Branch is still in its early stages. During 2018, we will see a number of suppliers introduce their SD-Branch solutions. These initial SD-Branch implementations will primarily be single-vendor and may lack state-of-the-art technology in some applications.

IT leaders should carefully evaluate the benefits of the SD-branch architecture.   Migration to SD-Branch will likely require significant changes to the existing branch network and may require a forklift upgrade.  SD-Branch suppliers should be evaluated on their current and near-future technology, technology partnerships for expertise in areas such as security and deployment options including do-it-yourself, channel partners and managed services. 

SD-Branch deployments will make the most sense for greenfield deployments, situations that require rapid deployment of new branch networks and branches with end-of-life equipment such routers and WAN-optimization appliances. IT leaders should continue to deploy SD-WAN solutions with their compelling benefits and plan for a phased deployment of SD-Branch over the next few years.

A number of SD-WAN, Wi-Fi and router suppliers have recently introduced or soon plan to announce expansions to enable SD-Branch functionality. Early SD-Branch solutions will be largely proprietary and may have limited functionality for some of the network/security applications. SD-Branch is currently best positioned for rapid deployment at new or temporary branch locations. Over time, it is likely to become the go-to architecture for branch networking.

Challenges of adopting SD-Branch

Migration from the current branch-network architecture will be challenging for most IT organizations. First-generation SD-Branch technology that is being introduced now offers state-of-he-art technology in some functions but weaker offerings in others.  For 2018, SD-Branch solutions will be focused on single-vendor solutions – some with application support from partners.

SD-WAN suppliers are likely to be the most aggressive with SD-Branch as they rapidly expand their offerings, which already include WAN optimization, routing and security, as well as support for LAN functionality – Ethernet switching and Wi-Fi. Wi-Fi and router suppliers are also expanding their capabilities to include SD-WAN functions.  IT organizations will have the option to deploy SD-Branch as an appliance, as software on standardized servers or as a managed service with the service provider managing the on-premises software and hardware.

Lee Doyle is Principal Analyst at Doyle Research, providing client focused targeted analysis on the evolution of intelligent networks.

lee doyle

Lee Doyle is principal analyst at Doyle Research, providing client-focused targeted analysis on the evolution of intelligent networks. He has over 25 years’ experience analyzing the IT, network, and telecom markets. Lee has written extensively on such topics as SDN, SD-WAN, NFV, enterprise adoption of networking technologies, and IT-Telecom convergence. Before founding Doyle Research, Lee was group vice president for network, telecom, and security research at IDC. Lee holds a B.A. in economics from Williams College.

More from this author