The challenge for network managers is how to provision internet services in a way that’s secure, manageable and provides the most productive user experience possible, says Nick Applegarth, from Silver Peak. He then outlines several architectural options that are available.Branch offices have long posed a challenge for geographically distributed organisations, not least because it is not efficient or cost effective to provide internet access to these locations by backhauling applications traffic to and from a regional hub or corporate data centre. Indeed, legacy networks provided internet access to users through a hub-and-spoke architecture, where internet connectivity came into the hub and distributed out to the branches via the spokes. However, this has not proven to be an ideal method of delivering internet services since the traffic effectively traversed the wide area network (WAN) twice – from the branch to the hub and back to the branch – and most companies lived with it, as internet access was not considered business critical in the mid-90s.

Fast forward a couple of decades and businesses have become heavily reliant on the internet as it connects the business to applications in the cloud. It’s possible for a worker in a branch office to connect to cloud-based applications for almost all of their daily activities, such as email and expense reporting. However, when the internet performs poorly, this impairs the user experience and worker productivity. The challenge for network managers is how to provision internet services in a way that’s secure, manageable and provides the most productive user experience possible. There are several architectural options available, including:

  • Hub and spoke. Business may choose to backhaul all internet traffic from remote users and small branch locations
  • Regional hubs. Running all internet traffic through a hub location can be beneficial for applying security or application services to the traffic. However, sending all the traffic back to a single location introduces high application latency and saturates WAN links
  • Direct internet access. In this case, all of the security and optimisation tools reside in the branch. Users access network services via a ‘split tunnel’ where internet-bound traffic is routed directly to the internet without passing through a hub first
In actuality, there is no single architecture that is better than the other, and businesses should not have to choose one and then force their network into alignment. A global enterprise should have the ability to combine architectures to optimise cost, security, and performance. The problem for most companies is that legacy networks do not have the necessary levels of agility to support multiple access methods, nor can they support rapid changes from one architecture to the other.

With a virtual overlay, however, companies can leverage multiple internet access architectures. A software-defined WAN (SD-WAN) allows network engineers to enable internet access to any branch location using any form of connectivity. It can be easily configured to connect offices using a hub-and-spoke model, for guest wi-fi, or as a full mesh to support voice traffic. Additionally, the architecture can be changed as easily as it was initially set up.

Ultimately, high quality internet access is increasingly critical to the success of the business, and a SD-WAN will enable businesses to provision any way they want and not be locked into a rigid architecture for years. Finally, the internet access conundrum can be solved.

Artice by Nick Applegarth, VP of EMEA at Silver Peak