BY USE CASE
Secure Distributed Work
A software-defined wide area network (SD-WAN) is a virtual WAN architecture, in which any blend of network transport types—not only multiprotocol label switching (MPLS) but also broadband internet, cellular, and satellite—can be virtualized and bonded then centrally managed in software, to securely connect users to applications and desktops in accordance with policy.
Essentially, SD-WAN is software-defined networking (SDN) for the WAN. Like SDN, SD-WAN separates the control and forwarding planes, enabling administration independent of underlying hardware. In this way, SD-WAN offers an alternative to infrastructure like legacy edge routers and point security solutions, simplifying the setup of branch offices through zero-touch provisioning and integrated network and security management.
Network management is highly streamlined in SD-WAN solutions. Application traffic can be dynamically routed based on current network conditions, policies, prioritization hierarchies and/or cost considerations, while bandwidth from links is aggregated to ensure cost-effective utilization plus policy-driven performance.
Explore additional SD-WAN topics:
Through network virtualization, an SD-WAN creates one or more virtual network overlays connecting branch offices, datacenters and possibly other sites such as colocation facilities. Each overlay may have its own network policies and security rules, which are applied in real-time by an application-aware software solution to traffic passing over one or more types of network transport.
SD-WANs are both programmable and scalable. They may leverage physical, virtual, and cloud appliances, with flexible deployment options for consistent, centralized management of policies and application flows across all WAN branches. Quality of service (QoS), load balancing, and security measures are continuously enforced for specific applications, based on how the SD-WAN platform classifies them and reconciles their individual requirements with the overall state of the network.
On a more technical level, SD-WAN delivers an optimized user experience when connecting to virtual, public cloud, and SaaS applications through features such as:
Diverse network link bonding: Data can be stored as a file hierarchy within a storage service. This file storage system may allow for easy file sharing, for instance to support cross-company collaboration.
Object storage: SD-WAN technology can incorporate multiple MPLS, broadband internet, cellular, and satellite connections and then send application traffic over whichever link type is currently optimal. Bandwidth-hungry applications, such as audio and video, streaming, and file sharing, benefit from the increased bandwidth for assured performance.
Advanced application control: SD-WAN can automatically detect and accelerate thousands of distinct private and public cloud applications, plus virtual and SaaS apps. In turn, it knows what level of QoS to apply, along with which paths through the WAN to select.
Real-time routing decisions: An SD-WAN solution can use inline and edge routing modes to dynamically insert services, as part of its packet-based approach to traffic handling and shaping. As a result, it can curb jitter, latency, congestion, and packet loss and send traffic over diverse, bonded links for superior performance.
Automated, comprehensive security: Instead of the performance-degrading backhaul required for security enforcement in traditional WANs, SD-WAN includes built-in edge security mechanisms such as next-generation firewalls, anti-malware protection, SSL inspection, and intrusion detection/prevention (IDS/IPS) systems, along with integration with secure web gateway (SWG) vendors.
Failover and network resiliency: Sub-second failover, available from some vendors under the right conditions, keeps the WAN resilient. Similarly, SD-WAN can enable enterprise-grade SaaS and cloud access through a managed service with specialized failover that preserves app performance even during circuit outages or brownout conditions.
Automated cloud on-ramps: A cloud on-ramp via an SD-WAN provides a direct, secure and highly-available connections between branch offices and IaaS/PaaS clouds or between different geographic locations. With a virtual SD-WAN appliance in the cloud and an SD-WAN appliance in the branch, an SD-WAN overlay tunnel can be created. Connections can be configured for leading cloud vendors.
Direct SaaS connectivity: SaaS, and especially business-critical voice and video apps, require better performance than the traditional data center backhaul model can deliver. SD-WAN can shore up performance via a private network that adds link bonding, QoS and failover when connecting to nearby points of presence (PoPs) that are co-located and peered with popular SaaS and cloud platforms.
WAN optimization (WAN Op): SD-WANs may incorporate WAN optimization to further improve application performance—for instance through compression and data deduplication and TCP optimization—and simultaneously reduce related bandwidth expenses.
A properly implemented SD-WAN provides a high-performance, scalable, and cost-effective WAN that meets the needs of increasingly remote end users in the cloud era, in turn driving digital transformation.
Learn how to choose secure and easy-to-use WAN Edge solutions.
Compared to traditional hub-and-spoke WANs connected by MPLS links, SD-WANs offer much greater operational flexibility and assured performance, making them preferable for handling bandwidth-intensive and internet-bound application traffic. In the age of ubiquitous cloud connectivity, an SD-WAN is a crucial upgrade over the MPLS WANs of the past, due to several overarching issues with the latter:
For years, MPLS offered the best low-latency technique for transmitting WAN traffic, as MPLS routers could see the label in a packet’s header and forward it over a predetermined route without time-consuming routing table lookups. But MPLS networks have become far less efficient and economical as organizations have undergone digital transformation and seen their network traffic loads become much larger and more complex.
To properly handle cloud and internet traffic, MPLS-based WANs typically must backhaul it through a headend such as a datacenter in order to apply polices—a process that introduces noticeable delay. This backhaul bottleneck sharply diminishes employee productivity by making their virtual and cloud applications far less reliable.
The common workaround of adding dedicated internet access lines to offload some traffic from MPLS onto more bandwidth-rich network transport can help, but it also introduces its own set of issues. Bandwidth may be underutilized, even as costs mount from managing multiple disparate plans and navigating the expensive and time-consuming MPLS provisioning process.
What is SD-WAN’s benefit? SD-WAN technology can bond links of multiple types within a network overlay, allowing for the utilization of high-bandwidth broadband internet in addition to or as a replacement for thinner MPLS connectivity. QoS and WAN Op may also be applied, along with automated cloud on-ramps for a better SaaS, PaaS and IaaS experience. Moreover, the integrated edge security capabilities of SD-WAN are far less compromising to the user experience than the MPLS backhaul paradigm and provide multilayered threat protection optimized for cloud-connected environments.
Traditional WANs were built for the pre-cloud era, when most application traffic passed through company data centers, not through IaaS and SaaS services owned and operated by external providers. Accordingly, they have limited functionality for visualizing the status of the network at any given moment and for controlling any relevant threats to network performance and data.
Such shortcomings are perhaps most obvious on the security front. MPLS WANs lack firewall functionality and only are secure because traffic is kept off of the public internet. Additional point solutions, including firewalls, must be separately managed. Dealing with the lack of integration and AI mean a deluge of alerts that can quickly become impractical, thereby increasing risk.
Meanwhile, the larger lack of visibility creates application performance issues. In instances of profound network congestion, perhaps due to sudden increases in usage of VoIP and video conferencing by remote employees, it is difficult to respond within the limitations of a traditional WAN, which doesn’t have the requisite application awareness and real-time intelligence.
What is SD-WAN’s benefit? SD-WANs centralize network and security management in software, for comprehensive visibility and control. They identify and route traffic over WAN links in accordance with programmable and scalable policies, while using multiple integrated security implementations—from firewall to IDS/IPS platforms—to secure applications flows without compromising performance. SD-WAN is also starting to be incorporated into a larger security access service edge, or SASE, architecture for broader protection.
MPLS connectivity is much more expensive than comparable broadband internet, cellular, or satellite plans. Not only does it require pricey, bespoke router infrastructure, but the amount of bandwidth available for the high cost is still not nearly sufficient to reliably run real-time applications and chatty cloud services.
Costs emerge in other ways, too. The complexity of legacy WAN infrastructure and security architectures, the management of different connectivity plans and the ordeal of performing moves, adds, and changes at branch offices all create significant overhead.
Outdated security models also mean that the prospect of a data breach may rise over time. End users frustrated with the constant backhaul of WAN traffic may resort to unsafe shadow IT applications.
What is SD-WAN’s benefit? SD-WAN bonds multiple modes of network transport for carrying real-time and TCP apps. Although MPLS can still play a role within an SD-WAN architecture, the WAN as a whole no longer has to operate within its distinct limitations, due to the presence of other more economical sources of bandwidth. SD-WAN technology brings all of these types of connectivity under the same umbrella and aggregates their bandwidth.
Moves, adds, and changes are complicated ordeals in a conventional WAN, due to the fundamental reliance on a hardware-defined architecture as well as security considerations. Additionally, provisioning carrier-based MPLS can take months. Connecting even one new branch office to the company WAN can become a major project.
For example, the location will probably need an assortment of specialized hardware, along with an on-site team to configure it and subsequently manage it. These demands are often unrealistic.
That’s because any organizations have limited technical personnel on staff and rigid IT budgets. As a result, they cannot scale their WANs in response to the evolving network and security challenges they face.
What is SD-WAN’s benefit? Zero-touch provisioning in SD-WAN lets organizations get WAN connections up and running at branches in minutes, rather than days. Secure internet breakouts at these sites also mean that application access there is both safe and high-performance, creating a future-proof WAN architecture that can accommodate a wide variety of on-prem, web, virtual, cloud, and SaaS apps and desktops. Finally, SD-WAN policies can be seamlessly updated as circumstances change.
As more employees go remote and cloud applications become fixtures of their workflows, Citrix SD-WAN technology is essential to ensuring they are reliably and securely connected. Citrix SD-WAN delivers an optimized user experience regardless of application, location, device, or network transport. The following 10 benefits encapsulate its overall value: