This blog is brought to you by VeloCloud, now part of VMware’s partner Matrix Networks. Original blog is posted here.
As technology continues to evolve, a relatively new development is the move back to massive centralized infrastructure for application delivery to enterprises large and small. The trend brings with it incredible value but also new complexity that many firms haven’t prepared for. The thought goes something like “if we move this to the cloud, all our technical needs are resolved!” Well now, someone is feeling a bit optimistic and definitely naive. Moving to the cloud requires a thoughtful approach for all aspects, from managing ever-increasing recurring costs, to how you plan to move data to and from cloud platforms. The first place to begin your preparation has to be the network, now and always.
The Network needs to Evolve
In the past IT could control the network connectivity to core infrastructure with legacy products like MPLS, EVPL and VPLS. These products were designed to create a private network from end to end with advantages like security, prioritization of packets, and dedicated speeds. Perfect for a network with very few or no tools outside the network. As we move applications like voice, email, and CRM to cloud environments, these paths or streets are going to the wrong address. We must forge a new path, but what’s readily available isn’t private; it certainly isn’t secure, and it respects headers about as well as my six-year-old. We need access to these new tools in the cloud, but we have a few keys to the network:
5 Keys to Building a Modern Cloud Network:
- We must control the flow of traffic to and from our locations
- The traffic must be secured, meeting compliance requirements or corporate guidelines
- It must be faster than ever
- It must be reliable
- It must continue to support the critical tools remaining on premise
1) Traffic Control
Let’s face it, the days of end to end control are probably going, going, gone. While this is troubling there is light at the end of the tunnel. The backbone of the Internet continues to grow in speed and strength as fiber network tentacles grow, and central offices upgrade thereby leading to increased speed, reduced latency, and minimization of packet loss across the wide area network. The issues we are faced with most often is actually what is termed as the “last mile”, the connection between your office and the CO. If we are in the right location, we can access fiber of a gb speeds or better for under $1,000 while if we are in a rural area we might pay the same price for a 10mb connection. These two circuits are not going to give the users the same experience online, but the needs could be the same.
How do we ensure that users on both ends of this equation take advantage of where we are headed with tech? Using software defined WAN. By deploying a local device that communicates with a cloud based controller you can analyze data, thus controlling ingress and egress of your Internet. The controller looks at each of your Internet connections, 10mb or 1000mb, and chooses the best performing path than sends packets in the order you choose. This allows you to put voice packets and other UDP applications ahead of TCP/IP traffic, giving you the best chance for controlling your traffic where you can’t control every route.
2) Secure Your Load
Whether you are concerned with malicious individuals stealing your sensitive data or violating HIPAA, security must be center in any IT pro’s mind. The days of asking the carrier to transport your sensitive data for you are quickly drawing to a close. Carriers aren’t prepared to secure traffic to your cloud applications, and the need to secure site to site traffic doesn’t justify the cost of private networks with other alternatives available. This is where a familiar technology comes in to play: Virtual Private Networks.With this tech we aren’t stuck using one service provider’s backbone, freeing us to use whatever high speed access we have available. We can carve out what we need for connecting our offices and staff, then leave the remaining for the cloud applications and web browsing. Speaking of cloud applications, don’t forget to look closely for security violations. It is best to work with a provider that has established compliance with standards like HIPAA and PCI. This indicates they have experience securing data in transport, at rest, and everywhere in the middle. Ask the hard questions about how your data will be secured and what financial/contractual backing they are willing to put behind their claim. Keep in mind no ones’ data is 100% secure in today’s world, but these established vendors have far more intricate and powerful security mechanisms than an enterprise can afford to deploy. Don’t let security be an afterthought when preparing your next network.
3) Speed
“What is of the greatest importance in war is extraordinary speed: One cannot afford to neglect opportunity.” – Sun Tzu
Our private networks have been designed for reliability. The carrier is always focused on reliability when building out their networks, however in the end you are dependent on a single carrier to provide your transport and secure your network. When everything is going well, this is fantastic; when outages occur, nothing is more frustrating. With SD-WAN tools we have an opportunity to turn this paradigm on its head. By offering your new network two or more connections, you allow your network to self-heal during outages, automatically selecting the strongest available path for your data. A key component is understanding the different types of connectivity and focusing on diverse paths for your Internet connections. If possible, you want to have each circuit provided by a different carrier, coming in on a different medium (copper, fiber, coax, wireless), with a unique path into the building. The more diverse paths you use, the more reliable your solution becomes.
4) Self-Healing Reliability
Our private networks have been designed for reliability. The carrier is always focused on reliability when building out their networks, however in the end you are dependent on a single carrier to provide your transport and secure your network. When everything is going well, this is fantastic; when outages occur, nothing is more frustrating. With SD-WAN tools we have an opportunity to turn this paradigm on its head. By offering your new network two or more connections, you allow your network to self-heal during outages, automatically selecting the strongest available path for your data. A key component is understanding the different types of connectivity and focusing on diverse paths for your Internet connections. If possible, you want to have each circuit provided by a different carrier, coming in on a different medium (copper, fiber, coax, wireless), with a unique path into the building. The more diverse paths you use, the more reliable your solution becomes.
5) Building for Tomorrow, Live Today
Sure, we’re all eager to move to the cloud… ok maybe not. Either way we are all preparing for the inevitability. Anyone who isn’t preparing is likely to be seeking employment in the not too distant future. The reality is very few companies with any history have or will migrate 100% of their tools to the cloud. With this in mind IT teams must still focus on connecting users to our internal applications securely and reliably. This can be accomplished by maintaining two networks, a private and a public one, or by consolidating with the combination of SD-WAN and VPN (Virtual Private Networks). These two tools allow IT leaders to choose one network to manage, build and control, simplifying life and ensuring optimal use of resources (money, bandwidth, staffing, etc.). A huge advantage is the fact that many of the SD-WAN products are Layer 7-aware allowing you to route the traffic optimally. VPN Technology is old, but if you are using modern ciphers and PFS, it is very secure.
Out with the Old, In with the New!
Private networks are on their way out. The value of the direct connectivity between branches is overhyped and declining rapidly. Cloud tools require us to think differently. It is time to deploy an automated artisanal networker, defining the network specifically for your organization and users. If this isn’t a skill you have in-house look for an expert who knows the various technologies. Experts capable of this should be versed in the following:
- Complex Routing and QoS
- Carrier Network Infrastructure, terms and services
- Security
- SD-WAN offerings and differences between products
If you are working with someone who isn’t an expert in these areas, make sure you seek that expertise or find it on staff. Despite the obvious advantages of the new network model, there is a limited amount of experience, and a failed rollout could be devastating. Take your time, work with trusted resources, and make sure to run a well thought out proof of concept for, at minimum, one week.