Pushing the Envelope of Application Quality of Experience with SD-WANs
Anand Oswal, Enterprise Networking Business, Cisco
IEEE Softwarization, November 2018
Pushing the Envelope of Application Quality of Experience with SD-WANs
The growing dependence on SaaS (Software as a Service) and cloud applications, video, and Voice Over IP can stress the capabilities of branch networks using traditional WAN technology. Retail stores, for example, depend on secure and fast communication with corporate back-office applications to keep sales humming. Wireless sensors for monitoring IoT implementations are becoming more commonplace and adding rivers of data to the network. The coming wave of VR and AR applications to stores, industrial shop floors, and entertainment venues will demand even more bandwidth at locations outside the domains of corporate and campus networks.
With traditional WAN implementations, workers at branch locations are often frustrated by lower application Quality of Experience (QoE) than their corporate or campus co-workers. You’ve probably had personal experience of this problem when you are on the phone with customer support only to have the frustrated agent excuse the long delay to your issue because “my application is not responding.” The traditional method of improving QoE at branches involves throwing more expensive bandwidth at the problem. However, there is a better, software-defined way to improve QoE while lowering communication costs at the same time.
Implementing a Software Defined-WAN (SD-WAN) for branch offices and distributed locations solves multiple challenges in optimizing network QoE in a distributed enterprise by:
- Unifying connectivity across MPLS, Ethernet, internet, leased lines, DSL, and LTE networks to provide the ability to balance traffic among the channels.
- Maintaining performance with a consistent QoE for SaaS, cloud, and data center applications accessed by remote branch workers.
- Providing secure device and application access to sensitive enterprise data resources.
- Reducing transmission costs while increasing bandwidth for interactive applications, video, and conferencing.
- Using multilayer security to encrypt all data from the WAN edge to the cloud by applying segmentation to keep sensitive data from co-mingling with non-essential traffic.
- Isolating malware-infected endpoints from the network to stop infections from spreading.
Maintaining QoE with Machine Learning
SD-WAN on edge routers builds a secure virtual IP fabric by combining routing, segmentation, security, policy, and orchestration. It reduces excessive backhauling from branches to headquarters to access SaaS applications in the multicloud, using direct internet connection instead of an MPLS link to the corporate data center and then out to the SaaS applications. For example, IT can deploy a Cloud-Onramp SaaS to provide better performance for the workers at a remote branch office that need to access cloud-SaaS applications, such as Office 365 or Salesforce. The SD-WAN fabric continuously measures the performance of SaaS applications across all the paths that are in use—MPLS, Ethernet, internet, leased lines, DSL, or LTE—and calculates a score based on a machine learning algorithm. This score gives network administrators visibility into application performance enabling them to make the most effective use of available links. Most importantly, the fabric automatically uses the score to choose the best-performing path between the end users at a remote branch and the cloud SaaS application in real time, adjusting as conditions and traffic change.
Application-Aware Security is Key to Quality of Experience
The ability of a software-defined WAN to continuously monitor, analyze, and react to changes in cloud and SaaS application traffic and security is crucial to providing remote workers with the QoE they need to work efficiently. With older WAN technology, many security network services such as application firewall and intrusion detection/prevention systems require that the traffic entering the branch has to be backhauled to corporate data center DMZs, adding latency and bandwidth usage. With an SD-WAN implementation, security services are built-in to the router for analyzing, filtering, and detecting intrusions in traffic flowing through the branch network.
In addition to securing network traffic from branch to cloud, an SD-WAN implementation incorporates security capabilities that include Application-Aware Firewall, Intrusion Prevention System, URL Filtering and DNS Web-layer security. These security capabilities help organizations achieve PCI compliance, segmentation, threat protection, content filtering, and much more. With Application-Aware Firewall policies can be implemented to allow trusted applications which are critical and block un-trusted applications.
Another consideration for maintaining application QoE for branches involves defining the type of connections required for specific levels of security. An SD-WAN implementation can segment traffic according to policies that manage sensitive compliance traffic like Payment Card Information (PCI), applications that connect directly to cloud resources, and guest access that keeps traffic from visitors’ devices completely separate from sensitive business data. Each of these, along with direct internet access, requires that the router understand the types of data traffic and apply the correct security measures. For example, PCI traffic is always directed to a secure VPN tunnel while guest traffic streams to the direct internet port, ensuring high priority to the financial applications and lower cost connectivity for guest traffic.
SD-WAN Unites People, Devices, and Distributed Offices
SD-WAN implementations are relatively new but are quickly gaining traction in distributed enterprises. By improving application QoE for a remote and mobile workforce while enhancing security and lowering costs of connectivity, SD-WAN has an important role to play in uniting people, devices, and distributed offices. Is an SD-WAN implementation in your organization’s future? I’d like to hear from you about your plans.
Anand Oswal (Twitter @aoswal1234) serves as Senior Vice President, Enterprise Networking Business. He is responsible for building the complete set of platforms and solutions for the Cisco enterprise networking portfolio. The portfolio spans enterprise products across routing, access switching, IoT connectivity, wireless, and network/cloud services deployed at customers worldwide. He holds more than 60 U.S. patents and focuses on innovation and inspiring his team to build awesome products and solutions.
Anand joined Cisco via the acquisition of Starent Networks, a leader in mobile packet core gateways. At Starent he was responsible for building revolutionary, industry-leading telecom products that were also maximized for profitable growth. Earlier still, he held leadership roles at Siara Systems, acquired by Redback Networks, Sun Microsystems, and Ericsson. Anand holds a bachelor's degree in telecommunications from the College of Engineering, Pune, India and a master's degree in computer networking from the University of Southern California, Los Angeles.
Francesco Benedetto was born in Rome, Italy, in 1977. He received the Dr.Eng. degree in electronic engineering and the Ph.D. degree in telecommunication engineering from the Roma Tre University, Rome, Italy, in 2002 and 2007, respectively. In 2007, he was a Research Fellow with the Department of Applied Electronics, Rome Tre University, where he has been an Assistant Professor of Telecommunications since 2008. His research interests include ground penetrating radar, software and cognitive radio, digital signal and image processing for telecommunications and economics, code acquisition, and synchronization for the 3G mobile communication systems and multimedia communication. Dr. Benedetto has been the Chair of the IEEE 1900.1 Working Group on “Deﬁnitions and Concepts for Dynamic Spectrum Access: Terminology Relating to Emerging Wireless Networks, System Functionality, and Spectrum Management,” since 2016. He is the Leader of the WP 3.5 on “Development of Advanced GPR Data Processing Technique” of the European COST Action TU1208—Civil Engineering Applications of Ground Penetrating Radar. He is an Editor of the IEEE SDN Newsletter, the General Chair of the Series of International Workshops on Signal Processing for Secure Communications (SP4SC 2014, 2015, and 2016), and the Lead Guest Editor of the Special Issue on “Advanced Ground Penetrating Radar Signal Processing Techniques” for the Signal Processing Journal (Elsevier). He also served as a reviewer for several IEEE Transactions, IET Proceedings, EURASIP, and Elsevier journals, and a TPC Member for several IEEE international conferences and symposia in the same ﬁelds.
Subscribe to IEEE Softwarization
Join our free SDN Technical Community and receive IEEE Softwarization.
Article Contributions Welcomed
If you wish to have an article considered for publication, please contact the Managing Editor at firstname.lastname@example.org.
IEEE Softwarization Editorial Board
Laurent Ciavaglia, Editor-in-Chief
Mohamed Faten Zhani, Managing Editor
TBD, Deputy Managing Editor
Syed Hassan Ahmed
Dr. J. Amudhavel
Atta ur Rehman Khan
Muhammad Maaz Rehan