What is WAN Edge?

Wide area network (WAN) edge refers to all of the networking and security infrastructure that connects distributed enterprise locations — such as branch offices, retail stores, and school buildings — to other sites, as well as to applications, data, and services delivered from data centers and clouds.

Traditionally, WAN edge technology consisted largely of dedicated hardware like edge routers, WAN optimization solutions, and security appliances. Each one handled its own functions for processing and securing enterprise network traffic within a router-centric model.

But the emergence of software-defined WANs (SD-WANs) has revolutionized the WAN edge. SD-WAN solutions enable superior management of cloud application traffic, while also performing the security and routing functions once done by standalone WAN edge products. Overall, SD-WAN supports true cloud connectivity and allows for consolidation of WAN edge infrastructure.

What Is the Difference Between SD-WANs and WANs?

The modern WAN edge is increasingly shaped by SD-WAN technologies, which identity specific application types (like those destined for SaaS clouds) and then direct them over the best possible paths on the WAN, in accordance with current policy.

In this way, SD-WAN technology represents a clear break from the hub-and-spoke WAN architectures of the past, by improving application performance, integrating security, providing direct connectivity options, and unified management and visibility.

Application Performance

Hub-and-spoke WAN architectures backhaul all traffic from the WAN edge through data centers before sending it elsewhere. This process degrades cloud app performance in particular. By using intelligence to identify where each apps’ traffic should route to and even connect it to nearby cloud-based inspection services, an SD-WAN edge enables a much-improved user experience for SaaS, cloud, web and mobile applications.

Security Model

A WAN edge with SD-WAN lets users directly access cloud applications over the internet for improved routing and performance. However, this setup creates new security imperatives. Accordingly, SD-WANs may integrate a variety of security mechanisms, such as web filtering and built-in intrusion detection systems, to defend against threats coming in and propagating across branch sites. SD-WAN may also be integrated into a secure access service edge (SASE) model.

Connectivity Options

The traditional on-premises WAN edge predominantly transported traffic over MPLS between branch sites and data centers. With the implementation of SD-WAN, connectivity options are broader, better optimized for the cloud and more cost-effective, too. In addition to MPLS, SD-WANs can use broadband, cellular and satellite internet services, supplying additional bandwidth faster at a fraction of the cost of MPLS. This flexibility makes it more practical to scale beyond the on-prem data center and traditional network perimeter, readies the network for hybrid cloud and makes onboarding new branches quick and efficient.

Unified Management and Visibility

SD-WANs may offer a single pane of glass for both WAN edge security and the SD-WAN. This setup eliminates the need to jump between multiple dashboards and deal with excessive licenses spread across multiple vendors. Unified management allows for centralized policy creation and provisioning across all users. Moreover, comprehensive visibility simplifies the process of monitoring WAN performance and security.

What Are the Advantages of Having a Modern WAN Edge?

Transforming the WAN edge via secure SD-WAN and additional models like SASE has multiple benefits. Such transformations can boost end-user productivity, make the WAN easier and more economical to operate, and generally support digital transformation initiatives that hinge on reliable cloud connectivity.

Ideally, an SD-WAN solution will provide advanced WAN edge transformation capabilities including but not limited to:

  • Secure automated on-ramps to cloud computing platforms, for safe and easy connections to cloud-hosted applications and simple branch connectivity from the WAN edge.
  • Application-specific optimization, for instance for Microsoft Office 365, via deep support API support.
  • Utilization of BGP and OSPF route learning protocol, plus DNS forwarding, within the SD-WAN solution, to replace work previously performed by WAN edge routers.
  • Granular reporting, showing how the SD-WAN’s virtual tunnels and underlying links are performing revealing actionable insights about specific devices, users, apps, sites and networks.

Citrix Solutions for a Better WAN Edge

Citrix SD-WAN offers a straightforward path toward a higher-performing, more secure WAN edge for your hybrid workforce. This SD-WAN solution is ideal for WAN edge infrastructure consolidation, due to its integration of numerous critical functions for routing, security, and management into one platform. Compared to the WAN edge infrastructure of the past, Citrix SD-WAN delivers a more consistent user experience for all types of applications including SaaS, cloud and virtual (as part of Citrix Workspace) across a hybrid workforce.

Additional resources