I am constantly talking to customers that need to go through an Enterprise network transformation because of a business-critical technology they are embracing. Some examples are:
- Enterprise IT is moving to an on-demand consumption model for compute infrastructure and applications to drive efficiency and productivity.
- Decision making within Enterprises is increasingly data-driven, hence, there is more focus on collecting data, analyzing it and extracting actionable business information.
- The number of IP enabled end-points within the Enterprise is growing exponentially with the advent of IoT and this creates unique security and compliance challenges.
In this blog, I will discuss some of these trends and why traditional Enterprise network deployment models can be a roadblock for customers that want to evolve their businesses. Khalid Raza, CTO at Viptela, will elaborate further on these points during his webinar and outline why the Viptela solution is poised to help Enterprises embrace change.
Enabling Hybrid Cloud
All of our customers that have embarked on moving to a hybrid cloud model must establish secure connectivity to public cloud providers through their data center. Take the case of a retail bank streaming video to a data-lake hosted in the public cloud. This data will be used to enhance customer experience and improve business efficiency through machine learning. Sending video for analytics through the data center would create unnecessary bottlenecks.
A better approach is direct branch to cloud connectivity allowing the retail bank to utilize high bandwidth Internet links to send this content to the cloud without having to burden the data center or utilize high value private MPLS circuits. Building a scalable encrypted IP fabric between any branch and any cloud provider across any region is an extension of the SD WAN value proposition, and one a lot of our customers are starting to make use of to solve their Enterprise network problems related to public cloud connectivity
Software as a Service (SaaS) Onboarding
Consuming SaaS applications relieves Enterprises of hosting popular productivity applications such as Office 365. Most SaaS providers recommend offloading traffic via the Internet because they are able to onboard it to their private networks at different public Internet exchange points using DNS geolocation.
Adoption of SaaS changes traffic patterns within Enterprise networks. For example, Internet exit points within Enterprise networks are no longer limited to the data center. Branch routers must now be able to choose between all available Internet exit points within the Enterprise network and determine the best option to get to a SaaS provider. These can be local (at the branch) or remote (at the data center or perhaps at a colocation facility). Choosing the best connectivity option to a SaaS provider will improve the user experience and provide resiliency in the event of network failure.
Security Through Isolation
Industrial IoT has applications in manufacturing, healthcare and many other verticals. In manufacturing, IoT devices help drive automation, efficiency and better supply chains. In healthcare, IoT devices may carry critical patient information and perhaps control medical devices remotely. Two common questions customers ask us are: “How can I segment my IoT elements within the Enterprise network because there are third-party tools and companies that may need access to these elements?” “How can I prevent an attacker who has a compromised an IoT element from gaining access to other parts of my network?”
Topology-driven micro-segmentation within the Enterprise network utilizing overlay-based VPNs is helping our customers isolate portions of their network in a scalable and cost-efficient manner. This flexible isolation mechanism helps maintain compliance and security, while reducing an Enterprise’s reliance on firewalls at the branch. In the past, creating VPN segments in Enterprise networks would require ordering additional VRFs on the MPLS PE from the service provider. With an overlay-based VPN, the number of VPNs and topology of these VPNs is completely driven by the customer’s needs.