What is SD-Branch? Why do you need it?

[51CTO.com Quick Translation] The deployed SD-WAN shows the power of software-defined networking and virtualization: improving bandwidth efficiency, ensuring application performance, and this software-centric approach is being used to meet the unique needs of branch offices.

This step in the evolution of enterprise branch technology is called SD-Branch, and by definition, a single hardware platform supports SD-WAN, routing, integrated security, and LAN/Wi-Fi functionality that can all be centrally managed.

The most compelling benefit of SD-Branch is improved operational agility. IT departments can quickly deploy and configure an integrated branch network solution for new sites. Through a centralized management console, they can control and adjust all branch network and security functions.

Minimizing or eliminating the need for trained IT staff to visit remote branch offices can significantly save costs and time. SD-Branch also has the potential to reduce hardware costs by deploying software on consolidated hardware rather than many separate devices.

Other benefits of SD-Branch include:

• Reduced support and maintenance contract costs because fewer vendors are involved.
• Thanks to software virtualization, the hardware requirements of each branch office can be exactly met.
• Small hardware footprint, ideal for branch offices with limited space.
• Network performance scalability. As network demands change, the performance of any function can be adjusted up or down by changing processor allocation or adding hardware resources.
• Power consumption is reduced as a number of devices are replaced with an energy-efficient platform.

Over time, SD-Branch will be easier to deploy, less complex to manage, and more responsive to the changing needs of branch offices. As the technology matures, the cost benefits in terms of CAPEX and OPEX may be significant.

Before discussing how to plan and migrate to SD-Branch, it is helpful to look at how branch offices were originally filled with so many single-function devices.

[[218368]]

History of branch spreading

Distributed enterprises rely on communications between branch offices to ensure user productivity, provide responsive customer service, and run a variety of targeted applications. The emergence of modern (client/server) branch networks began in the late 1980s with PC LANs connected to centralized servers via low-speed links (usually modems). The founding of Cisco introduced the concept of multiprotocol routers, which continue to connect most branch offices to centralized data centers.

The increasing popularity of the Internet as a WAN connection has increased the security requirements of branch offices. In the late 1990s, a large number of firewalls and other network security devices were deployed in branch offices to control/monitor inbound and outbound network traffic.

Wi-Fi became popular in the early 2000s as a way for PCs and other devices to access branch networks. During this time, Wi-Fi has become the preferred method for accessing corporate networks (compared to Ethernet) and is commonly used in branch offices to provide Wi-Fi access to customers, guests, and partners visiting the branch office.

WAN optimization appliances were introduced by Riverbed in 2004 and are widely used in branch offices to improve the efficiency of transferring data files over the WAN. They use a variety of technologies, including deduplication, compression, and traffic prioritization.

The advent of SD-WAN

Many startup vendors launched SD-WANs in the 2014-2015 period, and now numerous vendors support SD-WANs to improve wide area network communications. SD-WANs provide a network overlay to improve network uptime, prioritize applications through quality of service policies, and provide Internet security and centralized management. SD-WANs need to be supported at the branch office.

The introduction of multiple new product types has naturally led to a proliferation of technologies in the branch office. Each technology typically has its own integrated hardware/software appliance to handle rapidly increasing performance requirements and advanced features. As a result, most enterprises have four to six different network devices in their branch offices, mostly deployed from multiple vendors, each with a unique management interface.

Securing branch networks

The increasing number and variety of devices (IoT, mobile phones and tablets) connected to branch networks increases the opportunities for hackers to access sensitive data. Gartner estimates that a full one-third of all attacks occur at branch offices. Over the past 10 years, IT departments have deployed a wide range of security devices at branch offices, including IP VPNs, security gateways, intrusion detection and prevention systems, and next-generation firewalls. These devices have overlapping functions, often from different vendors, adding operational complexity to branch offices.

IT departments need to carefully coordinate network security and security teams. Branch network security needs to combine device security, campus network security, and data center security. It is best to check branch traffic for anomalies and send suspicious traffic to centralized resources or the cloud for further processing. Branch security operations are best performed when fully automated and fully leverage centralized data centers and cloud-based intelligence.

The promise of SDN and virtualization

Over the past four or five years, the concepts of SDN and network virtualization have been widely used in data centers. Improvements in server processing technology (Moore's Law) and better network software now allow many network applications to run on common server platforms. The industry is now ready to move from special-purpose appliances to applications running on one or more servers.

SD-Branch Planning: Tips for IT Professionals

For most distributed enterprises, the branch network is an important part of the IT infrastructure. The branch network is responsible for providing reliable, high-quality communications to remote locations. It must be secure, easy to deploy, centrally managed, and cost-effective. Enterprise requirements for branch networks are constantly changing due to the need for higher bandwidth, quality of service, security, and support for the Internet of Things.

SDN and network virtualization technologies are mature and can bring significant benefits to branch networks. For example, SD-WAN technology is being rapidly deployed to improve application delivery quality and reduce operational complexity. SD-WAN vendors are rapidly consolidating branch network functions, requiring little or no branch routers and WAN optimization.

The broader SD-Branch concept is still in its early stages. In 2018, we will see many vendors launch their own SD-Branch solutions. These early SD-Branches are mainly single-vendor products and may lack the most advanced technology in some application environments.

IT leaders should carefully evaluate the benefits of an SD-Branch architecture. Migrating to SD-Branch may require significant changes to the existing branch network, possibly requiring a forklift upgrade. SD-Branch vendors should be evaluated based on current and future technology, technology partnerships (such as security), and deployment options (do-it-yourself, channel partners, and managed solutions).

SD-Branch deployments make the most sense in greenfield environments, where end-of-life equipment, such as routers and WAN optimization devices, need to be deployed for new branch networks and branch offices. IT leaders should continue to deploy SD-WAN solutions where the benefits are clear, and plan to deploy SD-Branch in phases over the next few years.

Many SD-WAN, Wi-Fi, and router vendors have recently launched or are planning to announce enhancements to existing products that support SD-Branch capabilities. Early SD-Branch solutions are largely proprietary and may have limited functionality for some network/security applications. SD-Branch is currently best suited for rapid deployment in new or temporary branch offices. It may gradually become the preferred architecture for branch networks.

Migrate to SD-Branch

Migrating away from the current branch network architecture is a challenge for most IT departments. The first generation of SD-Branch technology currently on the market offers state-of-the-art technology in some features, but is weak in other features. In 2018, SD-Branch solutions will focus on single-vendor solutions, and some solutions will be supported by partners (such as security vendors) for applications.

SD-WAN vendors are perhaps the most aggressive on the SD-Branch front, and are rapidly expanding the capabilities of their solutions, which already include WAN optimization, routing, and security capabilities, as well as support for LAN functions (Ethernet switching and Wi-Fi). Wi-Fi and router vendors are also expanding capabilities to include SD-WAN capabilities. IT departments can choose to deploy SD-Branch as an appliance, software on standardized servers, or as a managed service where a managed service provider manages the on-premises hardware and software.

Original title: SD-Branch: What it is and why you'll need it, author: Lee Doyle

[Translated by 51CTO. Please indicate the original translator and source as 51CTO.com when reprinting on partner sites]