Rewiring the Enterprise for the Internet of Clouds: An Enterprise WAN Journey
Jan 16, 2019
The journey to secure and automated multicloud leads to the epitome of enterprise IT; we’ve previously examined the ascent from the perspective of the data center, the campus, the branch, and automated network operations. Today we’re looking at it from the angle of the enterprise WAN.
In the diagram above is the 5-step journey. Before we dive into the 5-step, let’s look at some of the major changes because the enterprise WAN isn’t what it used to be: the connected WAN edges and their importance are radically changing.
Shifting from Sites to Clouds
Digital technology is now a primary business growth engine fueled by user experiences and IoT data volumes flowing into applications in multicloud and edge clouds. With this, the Internet of Clouds is getting newly constructed for the distributed reach to the metro edges, and in turn the enterprise WAN backbone is morphing under the gravitational force of public clouds and the multicloud superhighway that connects them.
The physics of multicloud performance necessitate that enterprises strategically rethink their WAN architectures around clouds instead of sites of business because of data gravity, compute centers and network bandwidth degeneration due to latency. Furthermore, seeking always-on reliability and cost optimization, multicloud-ready enterprises are rewiring scale-out routing into multiple key cloud regions instead of scale-up boxes and single providers.
Co-los Are Dominating the Multicloud Intersection
Many multicloud hubs of multiple cloud vendors are well connected by large global communications service providers, but today they’re rivaled by co-location providers (co-los) like Equinix and Digital Realty. Co-los combine singular interconnection platforms to most public cloud direct connections with their roots as co-located private data center providers to enterprises and hyperscalers. Together these ingredients have made the recipe for an ecosystem virtuous cycle to capture more and more cloud-adjacent data centers and felicitous hybrid-cloud networks.
The co-lo owned networks and their exchange points are the most convincing multicloud superhighways today, encircling all the largest players like a highway ring around a downtown core. Communication service providers, on the other hand, are best positioned to continue to control the mobile-fixed access networks for IoT, soon to be complemented by hyper-local edge computing real estate. How and where the co-lo and service provider giants meet in the middle will be interesting to watch as they vie for control of traffic while still heavily swayed by the public cloud titans.
Enterprise Routing Must Solve Top to Bottom
As discussed by VP of Enterprise Marketing, Mike Bushong’s blog “Top to Bottom Success in the Enterprise WAN”, enterprise WAN routing and security must address the WAN top to bottom— overlay and underlay—yet in the hype of SD-WAN, this is often missed.
The migration to SD-WAN technology has enabled enterprises to use and locally optimize across hybrid WANs, often doing a lot of internet offload. Surprisingly, sometimes the enterprise branch’s internet breakout serves traffic better than the dedicated connections, and not just for Facebook traffic. It’s dynamic and unpredictable, but because broadband ISPs increasingly build big on-ramps to the multicloud superhighway, it’s sometimes the case that internet links with fewer hops and less latency will outperform dedicated longer-haul links, especially for SaaS and public cloud-bound traffic.
Mastering SD-WAN overlays is necessary, but not sufficient to optimize multicloud routing. As traffic volumes shift to SaaS and cloud destinations, so too must enterprises adjust their legacy transport paths and private WAN underlay routing strategy.
Just like data center solutions must be considered top to bottom with overlays and underlays, the same is true in the WAN, but because underlay transport is sparser and more expensive to build out in the WAN than in the data center, it’s critical to get right.
The new multicloud-ready enterprise backbone will align with the backbone for the Internet of Clouds. For enterprises with data centers in the co-los, this happens naturally to some extent with data center interconnect (DCI) routing. But even without co-located data center infrastructure in a given region, strategically co-located WAN routing regions enable fast on-ramps to surrounding clouds and express routing to clouds in other geographies via the superhighway. There’s a stark contrast here to the previous strategy of choosing points of routing at enterprise sites. Supporting this transition and future state, Juniper Networks offers a robust routing portfolio with dynamic optimization for large WANs using SDN orchestration from NorthStar.
For smaller enterprises that don’t own or manage a backbone, the underlay path is still possible to manage using SD-WAN policies. Contrail SD-WAN provides the flexibility of internet breakouts at both the branch and hub sites. Hub sites can be placed anywhere, but are optimal in co-los and carriers with fat on ramps to many SaaS and public clouds. Contrail SD-WAN helps operators monitor and optionally dynamically adapt application traffic to the best application quality of experience. Changing the branch WAN link used per application flow doesn’t fully control the path to the destination, but it’s the next best thing. If you’re interested in our 5-step framework that focuses more on SD-WAN, then look to the enterprise branch-to-multicloud journey.
Enterprise WAN 5-Step Migration Framework
As discussed above, the legacy WAN model was anchored in the sites of business instead of the cloud. Step 1, called Site-based, starts here with familiar manual routing and operations, as well as an architecture of scale-up instead of scale-out routing. It focused on WAN egress through one or few internet peers.
Moving to step 2, called Cloud-based, the main change is in rewiring the enterprise for the Internet of Clouds—indeed for multicloud. This involves direct connections into public cloud providers, and for multicloud, anchoring the WAN in the co-lo providers is increasingly commonplace. The cloud side of the WAN is where traffic is densest, but there are also multiple and hybrid links on the WAN edge in the campus and branch. Here, SD-WAN manages these multiple links with simplicity, particularly in the humble branch where IT staff, let alone network engineers, are uncommon.
At the operations-driven step 3, we see enterprises employing SDN capabilities beyond SD-WAN: in the WAN underlay and for DCI too, as we just announced today. While SD-WAN at step 2 provides partial visibility, especially into application traffic at SD-WAN edges, step-3 visibility is about observability and control end to end and top to bottom in the WAN.
Even for advanced large enterprise IT organizations, step 3 is uncommon today, but within reach. At step 4, we believe that the WAN orchestration will be driven and aligned, not only with networking and IT operations, but also with the business, controlling aggregate traffic flows with peering orchestration and dynamically optimizing WAN QoS and bandwidth for applications and business patterns.
As with every 5-step framework for a place in network, the journey ascends to secure and automated multicloud at step 5 where NetOps and SecOps workflows and policies are well aligned and automated to the business and between all the other places in network.