• United States

5 steps for modernizing enterprise networks

Aug 11, 20217 mins

Software-defined networking, artificial intelligence, cloud, new Wi-Fi and 5G options, and network security can combine to improve performance of traditional networks.

Conceptual image of a network labeled 'Zero Trust.'
Credit: Olivier Le Moal / Shutterstock

The business value of the network has never been higher, and this is driven by digital transformation as borne out businesses accelerating their digital initiatives by as much as seven years due to the pandemic. This is had a profound impact on the enterprise network as most of the enabling technologies such as cloud, mobility and IoT are network centric.

This intense focus on digital transformation has exposed many flaws with legacy networks. They are rigid, require intensive manual processes, and lack the agility and intelligence to meet the demands of digital business. Organizations need to make network modernization a priority if they are to maximize their investments in other technologies. Here are five steps that all businesses should consider when modernizing the network.

Software-define everything

With legacy infrastructure, the data and management planes are tightly coupled together so when a change is made network-wide, each device must be reconfigured. This can lead to lead times of months when making changes—far too long for a digital business. Software-defined systems decouple the control plane from the data plane enabling the control plane to be centralized. This lets engineers make changes from a centralized location and propagate it out across the network in near real time. The shift to a software-based system is foundational to network modernization.

It’s important to note that the original definition of SDN was related to the data center,and SD-WANs were later used as part of the modernization of the WAN. The underlying technology shift is the same with SDN as it is with SD-WAN, but the implementation is quite different, which is why the vendors in those markets are different. For most companies, the teams that run the data center and  those that run theh WAN are distinct; there isn’t really an incentive to purchase data-center SDN and SD-WANs from the same vendor outside of purchasing simplicity. It makes sense to start with SD-WAN because the return on investment is normally significantly bigger, and the architectures used to build existing WANs is likely two to three decades old and in need of a refresh. Data center SDNs should be done as part of a larger data-center modernization initiative, such as shifting to a private cloud.

Embrace AIOps

Networks now are significantly more complex than ones in years past.  At the same time, they are more important from a business standpoint as network outages or even poor-performing networks cost businesses big money. To help network engineers better manage their networks, most vendors provide real-time telemetry data. The problem is the volume of data can be too much for even the best engineers to interpret quickly and error-free.

AIOps systems, on the other hand, are constantly watching and can alert network-operations teams to the smallest anomalies that can create performance problems.

Once confidence in the system is earned, changes can be automated, but don’t expect perfection immediately as AI systems need to learn. The threshold for justifying AI is for it to be better at a task than people are, and given that human error is the single biggest cause of downtime, that’s an achievable bar. Start by employing AI at the most challenging parts of the network first—Wi-Fi and SD-WAN—and look to expand from there.

Leverage the power of the cloud

The cloud has transformed every part of IT except the network. Compute, storage, app development, even security all leverage the cloud to provide better scale and agility. Now it’s time for the network to follow. Decoupling software from the underlying hardware allows networks to be centralized. Early in the software-defined cycle, the software was centralized in on-premises controllers, but most vendors also offer a cloud option, which can provide a number of benefits. First, all the data from across the entire network can be centralized providing a larger, end-to-end view of the network.

On-premises controllers typically limit the data collected to a single location as the storage requirements for the entire network can be massive. Also, the cloud enables massive scale for compute-intensive workloads such as AI.

A unique capability of cloud-management systems is that the providers can compare one organization’s metadata with other organizations’ metadata enabling network engineers to understand how their environments compare to others. Because only metadata is used, there should be no sensitive or proprietary data used in the comparative analytics. 

Upgrade to Wi-Fi 6, Wi-Fi 6E, and 5G as appropriate

Wireless networks used to be considered the network of convenience while the wired network was the one that offered the best performance. That’s not so today as there are many mission-critical services that are wireless—healthcare, manufacturing, and warehousing, to name a few. The rise of video is putting tremendous stress on legacy Wi-Fi networks, which impairs the quality. Newer wireless solutions are markedly better, but the number of options can be confusing.

Wi-Fi 6 builds on Wi-Fi 5 but brings in many features from the world of cellular to reduce congestion, improve battery life and extend range. Wi-Fi 6E is uses the 6Ghz spectrum for faster access and even less congestion than Wi-Fi 6 but isn’t backwards compatible with Wi-Fi 5 and earlier versions. Private 5G brings Wi-Fi speeds to the cellular network using standards such as CBRS.

None of these is better, per se; they each serve different purposes. The general deployment model would be a mix of all three where Wi-Fi 6 is used for general purpose connectivity. Areas with a higher density of clients can be augmented with Wi-Fi 6E. Private 5G would be used for mission critical use cases, such as manufacturing floors. 

Make security intrinsic to the network

Historically, network and security technologies were deployed independently with the latter typically being an overlay to the network. This was never ideal but worked well enough to stop the majority of breaches. Network engineers would design the network, and security professionals would deploy security tools at each point of ingress.

One of the challenges today is that there are hundreds if not thousands of points of entry ranging from SaaS applications to VPN tunnels to guest access on Wi-Fi networks. Even if a business had infinite dollars, it would be impossible to deploy all the necessary security tools to defend each point.

Another point of complexity is that the number of security tools continues to grow. In the past, firewalls and IDS/IPS systems were sufficient to protect an enterprise. Modern security includes those but also zero trust network access (ZTNA), secure web gateways (SWG), cloud access security brokers (CASB), endpoint and network detection-and-response, and other tools.

One growing way to secure an enterprise is by embedding security into the network as a cloud service. This is more commonly known as secure access service edge or SASE, and it enables businesses to deploy corporate-grade security anywhere in the network, including a worker’s home. Success with SASE is dependent on bringing the security and network-operations teams together. This can be a challenge but is necessary for any organization that wants to modernize its network.

Network pros’ skill sets

It’s worth mentioning that today network engineers need to become software power users because modern network equipment can be managed, configured, and programmed through software APIs and developer interfaces.

A few years ago, there was a push to have network engineers become developers to take advantage of these software systems. However, this created significant pushback from the network industry as most network professionals had little to no interest in becoming developers.

In reality, network pros do not need to become developers, but they should be familiar with how to work with software. Making an API call to perform a certain task is considerably simpler than using a command-line interface, and it significantly reduces the chance of making an error. While network hardware has been outfitted with software interfaces for years, adoption has been light. If the network is going to be modernized, so must the skill set of the people running it.


Zeus Kerravala is the founder and principal analyst with ZK Research, and provides a mix of tactical advice to help his clients in the current business climate and long-term strategic advice. Kerravala provides research and advice to end-user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.

More from this author