Beyond SD-WAN

The Future of the Enterprise Wide-Area Network

Wide-area networks (WANs) have been around since the 1960s, the earliest days of computer-tocomputer communication. They continue to be developed and enhanced as technology evolves and as traffic demands rise. For today’s enterprises, WANs are the infrastructure that allow a unified network across locations.

But this critical understructure is not without its constraints. WANs often deliver low or insufficient bandwidth, cause problems with specific applications’ performance, have fluctuating reliability, and may pose a security risk to your business. Furthermore, WANs are frequently built on leased lines, or are leased from service providers whose infrastructure uses circuit switching or packet switching methods such as asynchronous transfer mode (ATM) and multiprotocol label switching (MPLS), in addition to the public Internet. While the latter is a somewhat less costly option, it is still a very expensive status quo — and does not lend itself to scalability.

The Corporate Network Is Transforming

In response to these performance, security, and monetary challenges, enterprises are adopting software-defined WANs (SD-WANs), at once reducing costs and enabling agility.

Emerging from the innovation of software-defined networking (SDN) and network function virtualization (NFV) that were originally used in data centers, IT departments quickly adopted the technology for the networks that connected organizations.

Simply put, SD-WAN separates the data and control planes of the wide-area network. SD-WAN monitors the performance of the mix of WAN data connections — MPLS, ATM, and the Internet — and selects the most appropriate connection for each traffic type based on current link performance, the cost of the connection, and the needs of the application or service.

Could the Internet Become the New Corporate WAN?

SD-WANs can certainly be flexible, efficient, and cost-effective if they employ multiple transport services, including the public Internet. But since there’s no performance guarantee or SLA for such transport options, SD-WANs use the Internet solely for those applications whose performance is not critical.

To increase the use of the Internet to deliver more corporate WAN traffic efficiently, cost-effectively, and securely — and in a manner that can co-exist with current SD-WAN deployments — you must adopt an approach that eliminates the underlying limitations of the Internet. One way to do this is to use an edge platform to deliver secure, fast, and reliable business applications over the Internet — without publicly exposing them on the Internet. This allows you to maximize your current investment in SD-WAN while further reducing costs as you transition more traffic to the Internet.

Routing a larger slice of enterprise traffic to the Internet simply makes sense given the trajectory of modern corporate networks. Increasing cloud workloads, coupled with diversified and mobile users and devices, means that workflows already rely heavily on the Internet. And this trend continues to propagate.

What if you could take this one step further, establishing a secure, scalable, and efficient corporate WAN over the Internet?

In this paper, we’ll discuss the processes of transforming your network with SD-WAN and Zero Trust security, and positioning your organization to evolve beyond SD-WAN, adopting a fully Internet-based corporate network.

Dozens of vendors provide different SD-WAN capabilities, but they can be broadly generalized into three categories:

1. Flexible link control

2. Manageability

3. Service insertion

Flexible Link Control

The first capability, flexible link control, is the primary charter of SD-WAN. As the cloud is a principal destination for many organizations, backhauling traffic over a private network to a data center — serving as a de facto centralized control point — is not practical. SD-WAN solves this challenge by using intelligent traffic control, including dynamic route selection. Additionally, SD-WAN establishes local or branch Internet breakouts, also known as direct Internet access (DIA), that routes traffic to the cloud instead of through a data center. As such, all legacy applications, including voice and video, are designated for MPLS links, while cloud applications and Internet traffic go straight to the Internet.


SD-WAN vendors can also provide manageability, simplifying the operation and administration of network devices. Since the 1990s, enterprise WANs have been composed of network devices such as multilayer switches and routers. These devices have been largely managed on a per-appliance basis. In other words, administrators have to configure and maintain several hundred to several thousand devices individually, monitoring each device’s software stack, across the entire organization. Even if devices dynamically exchange routing information or establish high availability using routing protocols, the effort is enormous. With SD-WAN, all device management can be accomplished in a single, centralized console.

Service Insertion

Finally, some SD-WAN providers specialize in service insertion. The minimum requirement for WAN is IP reachability, namely Layer 3 network connectivity, across the organization. However, as networking has evolved, so too have security functions: firewalls, intrusion protection systems (IPS), and application delivery controllers, to name a few. In the past, you needed a complicated routing design to add these capabilities to the network because the devices that provide such services are typically unable to speak to dynamic routing protocols (open shortest path first [OSPF], border gateway protocol [BGP]), resulting in a complex combination of static routing and redistribution. SD-WAN makes these technologies, often delivered via third parties, easy to configure and simple to manage through a unified portal.

To read full download the whitepaper:
Beyond SD-WAN: Zero Trust Security and the Internet as Corporate WAN


Previous articleMinding the IT Gaps
Next articleOkta Brings Zero Trust Identity and Access to Defense Department Networks