This article is part of a series. I would recommend reading the articles in order, starting with “Modern IT Ecosystem”, which provides the required framing.
As a brief reminder, this series aims to explore the “art of the possible” if an enterprise business could hypothetically rebuild IT from the ground up, creating a modern IT ecosystem.
Alongside many other critical decisions (e.g. ERP, HRP), I have prioritised the infrastructure foundations, covering the Network, Hosting and Identity Access Management (IAM). This article will aim to provide a high-level overview of my proposed Wide Area Network (WAN) architecture, which I believe presents an interesting opportunity to innovate.
Over the past decade, Multi-Protocol Label Switching (MPLS) has been the standard for enterprise businesses, providing scalable, protocol-independent, any-to-any connectivity. The “magic” behind MPLS is that packets are assigned labels, which are used to make packet-forwarding decisions, without needing to interrogate the packet itself. This approach is very versatile, allowing businesses to implement end-to-end connectivity, across multiple protocols.
MPLS is a service that must be purchased from a carrier (e.g. AT&T, CenturyLink, Verizon, etc.) Depending on the specific network requirements, MPLS services could be very expensive, especially when compared against commodity Internet connections.
With the previously defined business characteristics in mind, I have positioned 50+ physical sites across the globe, including 10+ critical sites that support highly sensitive business processes (e.g. R&D, Manufacturing, etc.) My vision of a modern IT ecosystem places a heavy emphasis on cloud services, covering SaaS (e.g. Workday) and Public Cloud (e.g. Microsoft Azure, etc.)
Although MPLS remains a viable option for the WAN, a new technology known as Software-Defined WAN (SD-WAN) has been gaining market momentum.
SD-WAN is not directly comparable to MPLS, as it is an overlay technology. However, it has the potential to indirectly impact MPLS adoption, due to its ability to aggregate several WAN connections into one software-defined network (SDN).
For example, SD-WAN enables businesses to select inexpensive commodity Internet connections, whilst still maintaining (and even improving) enterprise-grade performance, service delivery and availability. This approach could dramatically lower the total cost of ownership.
SD-WAN achieves this outcome by measuring network traffic metrics (application-aware), such as latency, packet loss, jitter and availability, proactively selecting the optimal path (dynamic link assessment) for each data packet in real-time.
This approach, alongside centralised management for enterprise-wide policy creation/maintenance, makes SD-WAN a natural fit for businesses looking to embrace a multi-cloud strategy. For example, it removes the need for Internet-based traffic to be back-hauled via a central location and/or a data centre.
I would position Viptela as my SD-WAN provider, who (in my opinion) have the most mature and reliable service offering, as well as the added benefit of being recently (AUG-2017) acquired by Cisco. I fully expect the SD-WAN market to evolve quickly over the coming years, therefore the Cisco acquisition should help provide stability, as well as complement a Cisco-based LAN/WLAN architecture.
Alongside Viptela, I would target commodity Internet connections as my primary transport for all global sites, positioning CenturyLink for centralised circuit provisioning, support and billing. Through their acquisition of Level 3 Communications, CenturyLink operate a tier-one network, with a strong presence across the Americas and EMA. APAC would likely present an additional challenge, but I am confident that any gaps could be filled through CenturyLink via local provider partnerships.
Alongside the benefits previously described, my decision to position SD-WAN can be summarised based on the following value proposition.
Flexibility: SD-WAN is incredibly flexible, for example, it is easy to increase, reduce and even combine bandwidth across multiple connection types, including fixed-line and cellular. Therefore, it is now perfectly viable to have cellular (4G/5G) as a core part of the WAN architecture, providing an additional level of on-demand resilience for critical sites. Thanks to the centralised management, SD-WAN is also very quick to deploy, without the need for local (on the ground) engagement. This improved flexibility is especially important for modern businesses, that may need to grow (mergers and acquisitions) and contract (divestitures) based on market conditions.
Performance: SD-WAN removes the need to backhaul traffic via a central location and/or data centre, ensuring that traffic routing is optimised across all scenarios, including cloud services (SaaS, Public Cloud, etc.)
Reliability: Thanks to the application-aware routing and dynamic link assessment, it is possible to deliver a highly reliable architecture at low cost, through the use of multiple commodity Internet connections. This approach could dramatically improve service availability, through automated “failover” in the event of a network outage.
Security: SD-WAN inherently includes advanced security capabilities, covering end-to-end traffic encryption and network segmentation. Supported by centralised management, any potential breach and/or vulnerability could be quickly identified and contained (supporting a Zero Trust security model).
Cost: A traditional MPLS architecture could be expensive, driven by a need to procure from a carrier, often resulting in fixed (multi-year) contracts and long provisioning times. It is also common for MPLS networks to have dedicated backup circuits, which only get utilised during an outage. SD-WAN supports multiple connection types (including MPLS), allowing businesses to prioritise inexpensive commodity Internet connections. SD-WAN also aims to optimise traffic across all connections simultaneously, improving efficiency and therefore ensuring a higher return on investment.
In conclusion, I believe the positioning of SD-WAN and the use of commodity Internet connections would unlock a wide range of operational and financial benefits, as well as add flexibility, improving business agility.