The purpose of this short article is to illustrate why we have been hearing the term SD-WAN for a few years now and what the limitations of the now dated Legacy WANs are.
By Luca Giordano, Tech Expert VEM Sistemi
Let’s start by understanding how traditional WAN infrastructures were built and what the issues are now.
For years, the classic architecture was Hub-and-Spoke: all branch office traffic converged through the corporate data center. For some time, this method was acceptable, as all the applications the branches needed resided within the data center and bandwidth consumption was limited.
Now, however, with the increasing shift of applications to the cloud, be it private or public, the antiquated infrastructure that converges all traffic to the star centre, using only an MPLS network, has become a real bottleneck! It no longer makes sense to depend heavily on the central site, penalising the performance of Public Cloud-based applications that could instead be reached directly from the peripheral sites.
And that’s where SD-WAN comes in
With SD-WAN, on the other hand, we can make more elastic and scalable use of all the connectivity at our disposal: the individual branch office will thus be able to distribute network traffic dynamically and intelligently. This way, Cloud systems will enjoy direct access via one or more local Internet breakouts, improving application performance and optimising the user experience.
That said, we can summarise the advantages of SD-WAN in 4 categories:
Improved performance: as mentioned above, traffic is distributed intelligently and dynamically.
We must also remember that, in addition to increased performance, an SD-WAN solution also increases the resilience of our infrastructure. Through the continuous monitoring of lines, in fact, traffic is managed flexibly, without any manual reconfiguration by IT staff. For example, if one of our connectors is congested or becomes inaccessible, the SD-WAN technology is able to find the best route itself, transparently for the user.
Security: Our SD-WAN solutions have an eye for Information Security. Communication between branches takes place via IPSec VPN overlays, which allow encrypted tunnels to be established on any underlay, whether public (Internet) or private. Notably, FortiGate Secure SD-WAN features robust SD-WAN threat protection, including security controls from level 3 to level 7, not commonly found in other combined SD-WAN and firewall solutions:
– Comprehensive threat protection including firewall, antivirus, intrusion prevention system (IPS) and application control;
– High-throughput SSL/TLS inspection: no need to sacrifice throughput for comprehensive threat protection;
– Web filtering to strengthen Internet security without requiring a separate Secure Web Gateway (SWG) device.
Cost optimisation: Traditional MPLS networks are, often, very expensive, but, even more obviously, inflexible. In fact, all points in an MPLS network must have connections from the same Operator. An SD-WAN network architecture, on the other hand, allows enormous flexibility while being cost-controlled, freeing us from dependence on a single Carrier. By creating VPN overlays, in fact, we will be able to connect the various Branch Offices and Head Quarters using heterogeneous links, whether Internet, LTE or MPLS.
Simplified management: SD-WAN is able to “virtualise” WAN connections, greatly simplifying the process of transforming legacy WAN perimeter infrastructures. With a single management console, the FortiManager will also provide the ability to manage the entire SD-WAN ecosystem in a centralised manner from a single platform. Administrators can update and distribute corporate WAN policies to all locations or reconfigure individual devices. All data, both traffic and overall performance, will be available for consultation and reporting via Fortianalyzer.
On the basis of what has been said so far, Fortinet is already able to provide all the tools to implement an SDWAN infrastructure on any network topology, whether HUB&SPOKE, Full Mesh or Hybrid.
On each interconnection point to be connected there will be a FortiGate that will exploit the connectivity present to interface via overlay tunnels either to the main data centre (HUB) or to hypothetical neighbouring sites (Spoke). The variety of appliances available allows us to cover any need, from the home office to the large production site to the public cloud.
VEM Dedicated Solution Service
VEM has also developed a professional ad hoc service on Fortinet SD-WAN technology that takes charge of configuring, managing and monitoring (reactively and proactively) all aspects of its customers’ SD-WAN networks. With a monitoring console specifically developed to take into account every element of SD-WAN networks.
The target audience are customers of any size, with multiple locations and multiple types of geographic connectivity and/or providers, to whom we offer the provision or management of an SD-WAN infrastructure built with Fortinet products, from which to obtain the best possible performance in support of business applications.
Also included in the target are organisations that are unable to provide their own internal IT to manage the SD-WAN, either due to a lack of personnel or, above all, due to a lack of technical skills or the specific competencies required to manage the environment properly.
