Article | March 31, 2020
Network security today is losing the battle and a lot of it is blamed upon the traditional security devices. Imagine running next-gen IT Infrastructure secured by security tools made to secure legacy IT.Data breaches have increased substantially and IT professionals are continuously looking at new ways to improve their network security. In this scenario, SD-WAN emerges as one formidable option to implementthat will bolster your network security.
Table of Contents:
- What is SD-WAN?
- How does SD-WAN work?
- What are the main benefits of SD_WAN to network security?
- What are the other advantages of SD-WAN?
Let’s dig into it.
What is SD-WAN?
SD-WAN stands for software-defined wide area network (or networking). A WAN is a connection between local area networks (LANs) separated by a substantial distance—anything from a few miles to thousands of miles. The term software-defined implies the WAN is programmatically configured and managed. So, it can be easily adapted quickly to meet changing needs.
How does SD-WAN work?
An SD-WAN connects end users to virtually any application, hosted at any location (e.g., in the public cloud or a company data center), via the best available or most feasible transport service, whether that’s an MPLS (Multiprotocol Label Switching), broadband, cellular or even satellite internet link. To deliver this level of flexibility and performance to users in digital workspaces, an SD-WAN utilizes a control function that continuously analyzes traffic flows across the WAN and intelligently directs traffic in accordance with current policies.
The primary means of control in an SD-WAN is centralized. It often resides in a SaaS application running on a public cloud. Control is decoupled from the hardware to simplify network management and improve the delivery of services. SD-WAN appliances (and virtual appliances) follow operational rules passed down from the central controller. This greatly reduces or eliminates the need to manage gateways and routers on an individual basis.
SD-WAN gateways support hybrid WAN, which implies that each gateway can have multiple connections using different transports—MPLS, broadband Internet, LTE, etc. A virtual private network (VPN) is typically set up across each WAN connection for security. Consequently, the SD-WAN can be an overlay spanning a diverse communications infrastructure.
Dynamic path selection
Another feature of SD-WAN is dynamic path selection—the ability to automatically and selectively route traffic onto one WAN link or another depending on network conditions or traffic characteristics. Packets may be steered onto a particular link because another link is down or not working very well, or to balance network traffic across all available links. SD-WAN can also identify packets by application, user, source/destination, etc. and send them down one path or another based on those characteristics.
Policy is what determines where dynamic path selection will steer traffic and what level of priority (quality of service, or QoS) it is given. Business intentions can be implemented as policies via the central management console. New and updated policies are translated into operational rules and downloaded to all SD-WAN gateways and routers under control.
For example, to ensure the best performance for VoIP and interactive web conferences, a policy may be created by giving their packets transmission priority and routing them onto low-latency paths. Cost savings can be realized by sending file back-ups across a broadband Internet connection. WAN traffic that requires a high level of security can be restricted to private connections (e.g., MPLS) between sites and required to pass through a robust security stack when entering the enterprise.
SD-WAN has the ability chain itself together with other network services. WAN optimization (acceleration) is often combined with SD-WAN to improve network and application performance. Internet traffic leaving and entering a branch office may be routed across a VPN to a cloud-base security service to strike a balance between performance, security, and cost.
Read more: GET THE MOST OUT OF YOUR SD-WAN: FEATURES YOU NEED TO START USING TODAY
What are the main benefits of SD_WAN to network security?
Eliminate VPN concerns
One of the first areas in which SD-WAN impacts security is when a company uses the internet as a method of transport.
Before SD-WAN came along and companies were using internet as a backup or even a primary transport method, they would build a VPN or a DMVPN to ensure secure transport of their traffic. This introduces a couple of issues, the first of which is this proliferation of VPNs that has to be managed. The company must have firewalls sitting at their data center, along with a VPN device or firewall sitting in the remote locations to be able to do these VPNs. Every site is dependent on the effort to be up on the network.
- Hamza Seqqat, Director of Solutions Architecture, Apcela
Failover is an issue with this VPN approach, he said. Companies can’t seamlessly failover from a fiber-based type of transport without having to strike some keys in between. It's hard and expensive to do seamless failover.
“Now you don't have to have firewalls for VPNs. You don't have to worry about building your own VPNs or encrypting your traffic,” Seqqat said. “Every SD-WAN product comes with a controller that takes care of things seamlessly. That means there is this smart software-defined engine that builds all these IPsec tunnels between all the locations as soon as you plug the device in. You're not actually having to build a VPN—the controller does it automatically for you, so all you have to do is give the device an IP address or enable DHCP and let it pick an IP address from the DHCP server. Suddenly it's on the network and its building tunnels to all the sites.”
He added that the SD-WAN controller builds a full mesh, so it can talk to every one of the sites without having to go back to the data center. This feature alone can reduce a company’s security footprint significantly because the site-to-site traffic becomes secure, easy, and seamless.
Reduce traffic going through security
A second significant benefit of SD-WAN that impacts security strategy is that it reduces the amount of traffic that needs to go through security parameters because all site-to-site traffic is encrypted. This makes security a bit easier to manage.
“For a lot of companies, when they do VPNs for site-to-site traffic, they have to go through firewalls or some kind of encryption mechanism, and that increases their security footprint. It increases the complexity and the cost of security,” Seqqat said. “SD-WAN changes how traffic is routed through security.”
Seqqat gave an example of a site that has a gig worth of bandwidth, and out of that gig of bandwidth, some traffic goes to the internet and some goes to site-to-site.
“Without SD-WAN, generally you would have to run that whole gig through a firewall, and the firewall will split the traffic into what goes to the data center and what goes to the internet,” he said. “When you do SD-WAN, you don't have to do that. You can separate the traffic at the SD-WAN with a split tunnel, so you take half of the traffic and push it through the firewall to go to the internet and the other half goes straight site-to-site without having to go through a security parameter. Now you have a firewall to handle 500 megs as opposed to a gig, and that makes a huge difference because most security products are based on throughput and utilization. So, that can bring some cost benefits and ease management as well.”
Security inherent to SD-WAN
A third area where SD-WAN changes security strategy is the fact that certain security features can be implemented directly through the SD-WAN platform, which reduces costs and complexity in the actual security platform.
“This depends on what aspects of security you're talking about,” Seqqat said. “For example, security is included in the Silverpeak SD-WAN product, so the Silverpeak devices really do most of the security for you. You don't have to deploy another firewall on top of that. With Versa’s SD-WAN, you can virtualize the firewall, so there’s no need to deploy physical firewalls.”
For sites that simply need very basic security, SD-WAN has some inherent security capabilities. It can do things such as allow and deny certain sites and limit traffic that goes to certain sites.
When you look at most SD-WAN products, you can usually kind of steer toward one or another based on your security requirements. Deploying SD-WAN in itself can really eliminate the need for security at several locations or extend the security you have been using.
- Hamza Seqqat, Director of Solutions Architecture, Apcela
Simplify use of security platforms
In his final point, Seqqat said SD-WAN providers are making a lot of progress in partnering with both cloud security providers and cloud service providers. By making traffic encrypted and secure via SD-WAN, security platforms will only have to deal with public internet traffic.
“SD-WAN providers are really working towards partnering and certifying different security products,” he said. “Consider Zscaler as an example. Some SD-WAN products automatically route all your traffic through Zscalar, which does a cloud-based security parameter before it goes out to the internet or to cloud service providers.”
Seqqat said the most important part comes in the fact that Zscalar is distributed across 35 or 40 data centers that are all security parameters.
“Making that routing decision as to what data center your traffic goes through before it goes out to the Internet is extremely important to performance,” he said. “If your Office 365 instance is hosted in Seattle and your users in Europe are trying to reach that, which Zscalar data center the traffic is going to go through before it goes through the Seattle instance of O365 makes all the difference in what latency is going to be at round trip.
“SD-WAN provides somewhat of an automation and optimization of how traffic goes through Zscalar data centers based on performance metrics. SD-WAN can pull latency and jitter and packet loss and all that kind of stuff, so there is some intelligence that happens when a routing decision is being made as to where user traffic is going to go for security scrubbing or security features before it goes out to the cloud provider or to the Internet. That’s a huge feature that comes into play whenever you deploy SD-WAN.”
Read more: FOR SERVICE PROVIDERS SD-WAN IS A MIXED BLESSING
What are the other advantages of SD-WAN?
SD-WAN has many advantages when implemented well:
More predictable and reliable application performance, which helps support users in any digital workspace, across all connections. Superior connection security for cloud applications, without the performance tradeoffs of MPLS backhauling. Congestion reduction due to lack of bandwidth or brownouts with aggregation of bandwidth via multiple bonded and disparate or redundant links.
1. More reliable access to apps and fewer slowdowns due to congestion.
2. Resiliency and redundancy with fast failover when outages impact WAN connections.
3. Quality of service for prioritizing business-critical application traffic.
4. Fast deployments that fuel business agility when bringing applications online at a branch office, or simply changing the configurations. Zero-touch provisioning allows fast set up of sites in minutes with local staff instead of hours or days.
5. Reduced network transport costs and more flexibility through the use of MPLS-alternatives like broadband and cellular. Quick procurement of bandwidth from multiple transport services, contrast to the long lead times needed with legacy WAN carrier-based technologies.
6. Simplified administration with a centralized console eliminates the complexity of configuring edge devices in the field.
7. Deep SD-WAN analytics to monitor links for performance characteristics. Analytics benefit administrators who can use them when troubleshooting problems across the WAN.
8. Simpler branch office infrastructure that doesn’t require management of as many single-function devices
9. Intelligent traffic steering and dynamic path selection
10. Integrated security with leading 3rd-party solutions, including those for SaaS security
Interest in SD-WAN among organizations is on the rise, and we hope to see a tremendous rise in its adoption in network security strategies over the next few years. Vendor selection will be one of the factor for successful implementation of SD-WAN, as many are quickly developing new and effective software-defined platforms. An ideal vendor would be the one who effectively addresses your specific pain points and is able to meet your current as well as future requirements.
Read more: SD-WAN SECURITY: THE IMPACT OF ORCHESTRATED SERVICES MULTIPLICITY
Article | March 20, 2020
Software-defined wide-area network, also known as SD-WAN, is an implementation of software-defined networking (SDN) technology applied on WAN. This can include WAN connections such as broadband Internet, MPLS, and 4G. One of the most common reasons large businesses use SD-WAN is that it helps them connect their branch offices to centralized datacenters located over large geographical distances. While being very helpful to enterprises in a variety of ways, SD-WAN initially lacked several features such as application-aware routing, integrated firewalls, analytics tools, and more.
Article | March 4, 2020
You may be asking yourself, what will the broadcasting industry look like a year from now or five years into the future? How do I successfully transition my broadcast technology to keep pace? Here are five important factors to consider when reshaping your broadcasting technology in this time of rapid change. After all, the decisions made now will determine the technical environment we live with for years to come. If you’re considering broadcast technology transition, begin by asking the question, how should this workflow exist in the future? Does it make sense to keep doing what we do with no changes to operational assumptions? How long do we expect the best practices implemented today to remain best practices?
Article | July 2, 2020
The year 2020 was supposed to be a breakthrough year for many technologies but, most businesses have now been forced back into building an infrastructure to transit their workforce to work remotely and ensure continuity of workflow. Nevertheless, an unprecedented set of events have pushed several industries to accelerate the adoption of technologies as they continue to work from home.
5G and Wi-Fi 6 are two tech advancements that have been turning eyes around the world since their introduction. The two wireless technologies are well on their way to revolutionize the Internet of Things as businesses move fast towards digitization and the world is excited.
Table of Contents:
- Wi-Fi 6: A Breakthrough in Wireless Technology
- 5G: For a Better Connected World
- How are Wi-Fi 6 and 5G Transforming the IoT?
- 5G and Wi-Fi 6: Rivals or Allies?
Wi-Fi 6: A Breakthrough in Wireless Technology
The next-generation Wi-Fi with boosted speed was introduced last year to meet the demand for faster internet amongst the rising internet users. But, Wi-Fi 6 is simply more than a tweak in the speed.
Technically called 802.11ax, Wi-Fi 6 is the advancement in the wireless standard doing the same basic things but with greater efficiency in the device-dense areas, and offering much greater bandwidth than its predecessor 802.11ac or Wi-Fi 5. Wi-Fi 6 promises a speed up to 9.6 Gbps up four times than that of Wi-Fi 5 (3.5Gbps). In reality, this is just a theoretical maximum that one is not expected to reach. Even still, the 9.6Gbps is higher speed and doesn’t have to go to a single device but split up across a network of devices.
A new technology in Wi-Fi 6 called the Target Wake Time (TWT) lets routers set check-in times with devices, allowing communications between the router and the devices. The TWT also reduces the time required to keep the antennas powered to search for signals, which in turn also improves battery life.
Wi-Fi 6 also comes with a new security protocol called WPA3, making it difficult to hack the device passwords by simple guesswork.
In short, Wi-Fi 6 means better speeds with optimized battery lives, and improved security.
5G: For a Better Connected World
5G is the next in line to replace 4G LTE. While Wi-Fi covers small scale internet requirements, cellular networks like 5G are here to connect everyone and everything virtually on a larger scale.
The technology is based on the Orthogonal frequency-division Multiplexing (OFDM) that reduces interference by modulating a digital signal across several channels. Ability to operate in both lower bands (like sub-6 GHz) and mmWave (24 GHz and above), 5G promises increased network capacity, low latency and multi-Gbps throughput. 5G also uses the new 5G NR air interface to optimize OFDM to deliver not just better user experience but also a wider one extending to many industries, and mission-critical service areas.
The 5G technology, in a nutshell, has brought with it ultra-high speeds, increased and scalable network capacity, and very low latency.
How are Wi-Fi 6 and 5G Transforming the IoT?
5G and Wi-Fi 6 will fill up the speed gaps that our existing networks are not able to especially, in crowded homes or congested urban areas. It's not just about the speed. The two wireless technologies will increase network capacity and improve signal strengths.
On the business front, 5G and Wi-Fi 6 are both living up to the hype they created since their introduction.
Wi-Fi 6 has emerged, as the enabler of converged IoT at the edge. It has put IT into OT applications, connected devices and processed data from devices such as IP security cameras, LED lighting, and digital signage with touch screen or voice command. Wi-Fi 6 can now be used in office buildings for intelligent building management systems, occupancy sensors, access control (smart locks), smart parking, and fire detection and evacuation.
It’s (Wi-Fi 6) built for IoT. It will connect many, many more people to mobile devices, household appliances, or public utilities, such as the power grid and traffic lights. The transfer rates with Wi-Fi 6 are expected to improve anywhere from four times to 10 times current speeds, with a lower power draw, i.e. while using less electricity.
- Tom Soderstrom, IT Chief Technology and Innovation Officer at NASA’s Jet Propulsion Laboratory (JPL)
Similarly, 5G will open doors for more devices and data. It will increase the adoption of edge computing for faster data processing close to the point of action. The hype around 5G is because of the three key attributes it comes with: enhanced mobile broadband (eMBB), ultra-reliable low-latency (uRLLC), and massive IoT device connectivity (mMTC). But there is the fourth attribute that sets it apart from its predecessor: use of a spectrum that operates at the low-end frequency range (typically 600 MHz). Called as ‘low-band 5G’, it delivers high speeds with signals that go for miles without propagation losses and ability to penetrate obstacles. The 5G operates in the new millimetre-wave bands (24 to 86 GHz) delivering more capacity to enable many low-power IoT connections.
If we were to point down the benefits, these two wireless technologies are bringing to the Internet of Things those would be:
Increased Human-Device Interactions
Increased Data and Devices
More IoT investments
Advancing to the Edge
Acceleration towards Industrial IoT
Enhanced use of IoT devices
5G and Wi-Fi 6: Rivals or Allies?
In February, Cisco estimated that by 2023 M2M communications will contribute to 50% or about 14.7 billion of all networked connections. Cisco’s Annual Internet Report reveals that 5G will enable new IoT applications with greater bandwidth and lower latencies and will accelerate innovations at scale. The same report estimates that 10.6% of global mobile connections in 2023 will be 5G, while Wi-Fi 6 hotspots will be 11.6% of all public Wi-Fi hotspots growing 13 times from 2020 through 2023.
Wi-Fi6 will serve as a necessary complement to 5G. A significant portion of cellular traffic is offloaded to Wi-Fi networks to prevent congestion and degraded performance of cellular networks (due to demand).
- Thomas Barnett, Director of Thought Leadership, Cisco Systems
The two technologies are here to feed different data-hungry areas with gigabit speeds.
With lower deployment costs, Wi-Fi 6 will be dominating the home and business environments where access points need to serve more users covering devices like smartphones, tablets, PCs, printers, TV sets, and streaming devices. With an unlicensed spectrum, the performance of Wi-Fi 6 depends on the number of users, that are using the network at the same time.
5G, with its longer range, will deliver mobile connections and accelerate smart city deployments and manufacturing operations. Like LTE, 5G speeds will depend upon users’ proximity to base stations and the number of people using that network.
The performance of the two depends largely on the area where they are being deployed. For instance, Wi-Fi can very well handle machine-to-machine communications in a managed manufacturing unit, whereas 5G can enhance campus-wide manufacturing operations efficiently. Businesses will have a decision to make which among the two wireless networks fulfils their data appetite.
In conclusion, the two wireless technologies continue to develop in parallel and causing the next big wave in the Internet of Things.