Software-Defined Branch as a Key Part of Multicloud
Feb 22, 2018
Multicloud will blur the lines between typical places-in-network (PINs) in a way that no other technology has done before. Indeed, for the promise of portable workloads, end-to-end security and automation to be true, the boundaries that typically create walled gardens between PINs need to come down, or at the very least, become permeable to tools and process.
As this happens, it pulls branch squarely into a multicloud enabler role. Without changes in how branches are designed, secured and operated, multicloud can be only a partial strategy with unnecessarily limited value.
Software-defined as a defining characteristic
Certainly, the branch is being changed by the rise of things like software-defined WAN (SD-WAN). The ability to manage policy centrally across a geographical distribution of branch offices is transformative.
But it’s not just software-defined management that is important. The primary thing being managed is security, as well as application policy designed to make the on-ramp to the cloud simpler, more secure and more cost-effective. The key here is that security and experience cannot be toggled on and off by flipping a switch in the branch. It requires end-to-end control with elements residing outside of the branch.
Interestingly, while SD-WAN is decidedly positioned as a branch play, the same control has to extend to the campus. Certainly, things like security and automation should be uniformly applied regardless of where the users are: be it in the branch or in the campus. In some ways, this means that the software-defined branch (SD-Branch) movement should naturally expand beyond the branch.
Of course, most of the vendors trying to capitalize on the SD-WAN buzz have limited form factors, so they lack the portfolio breadth to carry their functionality beyond the branch. For companies looking at multicloud, it’s at least worth understanding how to drive common policy and operations across sites of all sizes, as some solutions will create hard inhibitors to a multicloud migration.
Security and policy are a two-way street
The other topic that gets lost in some of the superficial market noise is that managing security and application experience is more than just controlling the on-ramp to the cloud. Obviously, what goes up must come down, and that means the same security and policy controls must be in place for traffic coming from the cloud to the branch.
While there are feature implications in this statement, the broader point to make is that SD-WAN (or SD-Branch as it will likely become) will benefit from collapsed control between the data center, public cloud and branch. Again, the boundaries between these PINs are artifacts of organizational design more than network design, and the multicloud is unforgiving when it comes to these types of architectural limitations.
When change is rapid, the future is less certain
It’s probably uncontroversial to say that the faster the pace of change, the less certain the ultimate outcome will be. Innovation is happening in the branch at a rate not seen for decades. For a market that has traditionally been unserved except by a small number of players, it is suddenly seen as ripe for disruption. And that means that there are ideas flying in from all over the industry.
When this happens, it raises an interesting question: how do enterprises take advantage of short-term value without unintentionally closing doors to potential long-term sources of innovation?
The answer here is actually quite straightforward. The branch simply must be built around an extensible platform capable of supporting today’s SD-WAN push, but also tomorrow’s technology du jour. It should leverage common underlying components (much like a white-box server) and be capable of supporting software innovation that can be sourced from any number of suppliers.
In a world where open and extensible are the coins of the realm, betting on anything but a platform could leave enterprises penniless and searching for change in just a few short years.
Delivering a multicloud-ready branch
At the center of multicloud enablement is end-to-end security and automation, which means the branch plays a key role in any enterprise’s multicloud strategy. Juniper is focused on enabling the security and operational requirements to support a full multicloud future. Juniper’s branch solution now includes:
NFX150—This virtual services platform is built on an x86-based white-box server design to allow for simple extensibility to other virtual network functions. It includes key capabilities like native branch security and hybrid WAN with LTE, along with integrations for third-party functions like WLAN control.
Contrail SD-WAN—This solution extends from managing secure and universal CPEs—SRX and NFX Series—at the branches up to your multicloud, handling the vSRX virtual firewall lifecycle and provisioning on AWS and Azure as a cloud-based WAN edge. It allows enterprises to collapse operations across routers and firewalls into a single orchestration platform with end-to-end visibility and reach.
Subscription pricing—Not all branches are the same, and so Juniper is enabling subscription pricing that allows enterprises to pay for what they want under terms they desire. With options for both hardware and software offerings, and differentiated bandwidth tiers (50Mbps, 100Mbps, 200Mbps, 500Mbps, 1Gbps, 10Gbps), customers can choose between perpetual or subscription (with variable terms: 1-year, 3-year, and perpetual) procurement models.
The branch connectivity solutions run the very same Junos software features in both the data center and the campus. This means that customers can leverage the real-time telemetry, programmatic interfaces and common tools integrations that make Junos software the industry leader in automation. This consistency of functionality is critical for uniform multi-site, multicloud operations to extend through to all the PINs that are part of a multicloud architecture.
Migrating to multicloud
Multicloud is a journey for every enterprise. It will be made up of many steps, both large and small. The key to making sustained progress is taking every opportunity to make sure that the next step moves companies closer to multicloud.
In the branch, this means that every refresh or expansion should be evaluated against a simple criterion: does this make the enterprise more multicloud-ready? If it is built on an extensible platform, integrates security and automation and allows for cross-PIN visibility and management, then the answer is yes.
The days where individual pools of resources could be treated as islands with only a WAN link to connect them are over. For the promise of cloud to fully transform the enterprise, these silos must be architected out of existence. And Juniper Networks is helping by delivering branch solutions that make enterprises multicloud-ready.