How does SD WAN access AWS, Azure and Google?

How Does SD-WAN Access Cloud Services (Azure, AWS and Google Cloud)
How Does SD-WAN Access Cloud Services (Azure, AWS and Google Cloud)

The deployment of public cloud is one of the key drivers behind SD WAN adoption, the ability to access resources with agility and next-generation Firewall security is one of the top consideration areas when entering into Software WAN comparison.

Table of Contents

 

With this said, the SD WAN vendor market place offers varying approaches to their support of cloud environments which typically encompasses access to AWS (Amazon Web Services), Microsoft Azure and Google. While SD WAN solutions are adopting cloud path selection as one of their top features, the capability across all products is variable and should be carefully considered.

We are approaching an interesting time in the evolution of networking as we become ever more reliant on the cloud. In many ways, this last statement may sound like old news. But, as the capability of cloud becomes ever more virtualised, you may be forgiven for asking why the major cloud solution providers do not offer their own variant of SD WAN?

AWS Transit gateway is a relatively new product which is focused on  optimization between users and their cloud applications. In fact, AWS is capable of not only connecting users to their resources but also to your branch-sites. The theory is that any branch-office connects to AWS at the nearest node and then transits the AWS infrastructure toward the destination, whether this is another branch-office or application data resource. If the Enterprise exists in a cloud-first world, why not make offerings from AWS the very basis of your WAN? Do we even need a WAN edge vendor?

The objective of any businesses, which has adopted a cloud service architecture, is to get their users connecting as efficiently as possible. Once connected to the nearest cloud node, some form of high speed backbone best serves the traffic on a global basis. And this is how companies such as Amazon are evolving; they are expanding delivery of their own backbone network between their global data centers. Which is why we all start wondering what will happen if Amazon gains traction with their transit gateway capability? Will your business buy your WAN link from the local ISP or single backbone provider and let the cloud service provider connect your office to their resources.

The reality is that the overall Amazon as a WAN service proposition is still not as robust or comprehensive as leading SD WAN vendors. With this said, the next few years will see their product mature.

How does MPLS WAN transport fit in with Enterprise network cloud access?

We witnessed (or rather, are witnessing) the demise of MPLS because of the restrictive nature of the topology. In the pre-SD WAN age, when the Enterprise connected their HQ and branch office to regional data center locations, MPLS represented a good traditional WAN option to deliver predictable connectivity.

Alongside MPLS, many believed that cloud architecture was nothing more than removing on-site resources to the nearest data center location. Once out of the branch-office or HQ environment, the applications and data were essentially migrated to an early version of cloud-based WAN architecture.

As customer networks expanded, the issues relating to early cloud access were further compounded by in-efficient access to the data center resources which impacted network performance. There’s a lack of agility as users began to work away from the office or within locations which were not ideally located for the regional data center. In short, network intelligence did not exist to optimize cloud access.

And while SD WAN services build on the cloud model by leveraging the public Internet – where most of our applications reside – the architecture can sometimes look similar to hub and spoke MPLS service provider deployments depending on capability. 

I don’t believe MPLS is well placed to offer branch-office connectivity even with end to end QoS and robust Service Level Agreements. The technology is simply too restrictive.

What are the latest cloud-based SD WAN solutions?

If we are removing MPLS and accept all of our data and applications reside in the cloud, we begin to remove the concept of any physical location. After all, you don’t really consider where your data is stored across iCloud, OneDrive or Dropbox. As with all business requirements, this does not preclude an organization from building their own private cloud solution where required or even connecting sites into an MPLS provider.

To ensure our users are efficiently accessing their resources via distributed network access, there are several SD WAN features to compare. The first and perhaps foremost feature is cloud path selection which works by ensuring the users access to cloud resources is sent across an optimized network route.

While there are many SD WAN vendors offering path selection, there is a need to understand how their solution is building on the Software capability to sense network conditions on an end to end basis. The importance of ensuring your WAN connections are designed to optimize traffic is critical to making the most of your next-generation WAN, i.e. reacting to network traffic packet loss, low bandwidth or high latency and jitter.

With the ability to sense optimal routes, traffic issues and so on, connecting to the cloud resource becomes a decision which occurs at a user level before making the connection. In the days of MPLS, the connection to your data center provider was enough to meet the demands of user application traffic. Whereas SD WAN, and the evolution of working practices, means the cloud resource must be available and close to the user wherever they are connecting across the world.

Alongside path optimization, multiple connections can be leveraged using WAN links for added diversity. In some instances, the failover path quality could be based on lower-quality circuits to meet budget demands.

How is global cloud based resource access visualised?

Software WAN network consoles display data on the transit gateways across their supported cloud providers. With this data, clients and devices are positioned to connect users to the nearest node automatically. Once connected, the SD WAN backbone begins to optimize the route to wherever the resource or data is located. As with branch-offices, HQ and data centre locations, the cloud also needs to be viewed from a single pane of glass perspective. When cloud application performance is degraded, monitoring should flag the issue with SD WAN selecting an alternative path. With the right data, cloud access can be controlled easily via management.