Branch infrastructure is evolving. As we continue to rely upon apps and application services, network teams are turning to software-defined wide area networking (SD-WAN) to take the branch infrastructure to the next level. This article examines the emergence of SD-Branch, its drivers, and presents two use cases – one for service providers and the other for enterprises – illustrating the build and benefits.
SD-Branch: The Evolution of SD-WAN
The SD-Branch is an architectural approach that combines the WAN and the branch into a simplified network, security, and WAN architecture by consolidating multiple functions into a single software-based IP services platform. This approach virtualizes all or most branch connectivity, networking, and security functions and centrally manages them. Software-defining the branch enables enterprises and service providers to go beyond SD-WAN based connectivity and software-define the full stack of services at the branch. The SD-Branch takes advantage of design components such as virtual customer premises equipment (vCPE) to enable the hosting of third-party virtualized network functions (VNFs) — thus furthering the ability to software-define the entire stack of branch services and leverage network functions virtualization (NFV) operational constructs and benefits.
To achieve the transition from an SD-WAN to an SD-Branch requires a range of IP services that deliver highly flexible, scalable, and secure branch and WAN architectures. This means the virtualization and integration of all layers in the branch – the underlay, the overlay, and advanced network and security services – with a centralized management and control framework. The SD-Branch includes the following components:
- A virtualized IP services platform to provide cloud-like elasticity, service chaining, and programmability using cost-effective deployment models.;
- A broad set of VNFs to deliver the robust networking and security IP services necessary in an SD-Branch; and
- A centralized management and visibility framework to provide centralized control, management, analytics, and workflow management service akin to a cloud-like service.
What Is Driving this Evolution?
Cloud adoption and digital transformation is driving SD-WAN to replace the traditional WAN. From this transformation, cloud-based applications and resources are changing not only how we interact with information, but how the branch services the user. First, for cloud-based apps accessed from the branch, there is a need to improve user experience and increase control and security. And second, the rise of new application services will drive the demand for different approaches to segmentation and security. In addition to transforming the branch or WAN, software-defined security is a catalyst that both addresses these emerging challenges and naturally evolves into SD-Branch.
SD-Branch Use Cases – Enterprise
Enterprise networking and security teams often struggle with evolving their WAN and branch office IT architecture to support cloud transition and digital transformation. The requirements for the WAN are multifold, including the need to improve user experience when accessing cloud-based applications and resources while increasing the visibility, control, and security of the information being accessed. Increasing the agility of new site and project deployments are important, as well as ongoing change management. Another major goal is overall reduction of WAN cost and complexity through managing bandwidth requirements and simplifying appliance and software sprawl.
SD-Branch is the solution. It enables enterprises to simplify their WAN and branch by consolidating networking and security functions into a single software platform with a broad set of IP services, instead of deploying multiple hardware appliances and software packages. SD-Branch provides a full set of integrated networking (routing, SD-WAN, Ethernet, Wi-Fi) and security (next-generation firewall, secure web gateway, AV, IPS, etc.) functions running on a low-cost appliance with a single management screen. Enterprises can easily deploy SD-Branch to solve complex WAN and branch architecture challenges and achieve the following benefits:
- Reduced complexity and cost: Capital and operating costs can be reduced by up 80 percent by using a software-based approach to integrate networking and security functions onto a single platform
- Increased IT agility: SD-Branch removes the limitations of legacy WAN and branch architectures. This transforms a formerly rigid network and security functions into an agile, software-based environment that enables IT to rapidly provision new sites and add new third-party services in hours versus weeks, and seamlessly scale capacity as required
- A more secure branch: Provides a wide set of software-defined security (SD-Security) functions that deliver layered protection and control
Photo Source: Versa Networks
SD-Branch Use Cases – Service Provider
The opportunities with SD-Branch for service providers are significant — given the range of networking and security services deployed or planned. With SD-Branch, service providers can offer a unified and fully automated distributed services platform solving customers’ complex business challenges that provide the following capabilities:
- A cloud-native and multi-tenant services platform with native IP networking and security services and centralized management;
- Flexible deployment choices using low-cost white-box appliances;
- Distributed services and centralized control for much greater simplicity and agility;
- A fully virtualized stack of IP services to use in designing offerings; and
- Radically reduced TCO.
Expanding on the capabilities provided by SD-WAN, an SD-Branch architecture delivers a true cloud-like operating model in the enterprise branch that enable providers to deploy a multitenant SD-Branch/SD-WAN software platform on-premises with template service definitions and deployment processes. Providers can instantly provision new branches by drop-shipping low-cost, white-box hardware populated with software that is auto-provisioned to pre-defined templates, and manage them using a multitenant management console across all networking and security functions. The centralized console allows for rapid delivery of additional networking or security services as customer needs grow. Finally, providers can continually monitor and improve each customer’s SD-Branch/SD-WAN service via integrated big-data analyses.
Benefits of SD-Branch
Lower total costs of operations (TCO): By standardizing software and commodity hardware instead of deploying proprietary networking and security appliances, customers can slash their infrastructure capex spend. Customers can significantly lower their opex by reducing or eliminating branch-office truck rolls, shortening help-desk and troubleshooting time, and easily integrating new services into existing deployments. A usage-based pricing model means that customers only pay for what they use.
Significantly increased IT agility due to acceleration of time-to-deployment from weeks to hours: Customers can roll out SD-Branch deployments quickly, without multiple pieces of complex or proprietary hardware. As a result, new deployments can occur within hours. Network IT teams at enterprises and service providers can both adopt an agile, software-based DevOps model and eliminate the provisioning time and hardware dependency of traditional WAN and security architectures.
Improved application performance and security: Applications have become so central to enterprise business success that poorly performing apps or downtime across the WAN can seriously reduce employee productivity, which can impact both the top and bottom lines. As a component of SD-Branch, SD-WAN has the ability to identify applications and map them to the most appropriate connectivity option to further improve application performance and lower overall WAN costs. Additionally, it yields greater control over WAN operations, promising more efficiency and effective application management across the entire corporate WAN infrastructure.
Simplified support and operations: With its zero-touch provisioning and centralized management, SD-Branch enables IT teams significantly reduce the time required to manage networking and security services at the branch, resulting in Opex savings of up to 50 percent. Adding big-data analytics software provides customers with deep visibility and real-time intelligence into all networking and security functions to further simplify ongoing operations.
These drivers, plus the need to stay ahead, will bring the SD-Branch to the fore in 2017 and beyond. Companies are already shifting the way they think about the WAN and branch with SD-WAN, and they will continue to transform their network approach by software-defining the branch to best utilize their network resources to increase performance, enable digital transformation, improve the user experience, provide ubiquitous security, and simplify operations.
SD-Branch will lead the evolution of converting the branch, WAN, and overall network from legacy architecture and physical infrastructure to a software-defined architecture and cloud-like operations.