13th July 2021

Network Design – Where the destination is more important than the journey

Our SD-WAN and Security Product Manager, Andrew Napier shares his thoughts on network design, and how SD-WAN is helping to finally put end user experience front and centre in solution design.

End user experience of business-critical applications is vitally important to the effectiveness of each and every organisation. Experience touches all areas and departments whether that is the customer experience through an order lifecycle or the productivity and engagement of staff supporting business processes. The move of many of these applications from an organisation’s own servers to the cloud has complicated the delivery and support of these from a networking perspective.

Software Defined-Wide Area Network (SD-WAN) technology allows organisations to build public and private elements into their WAN and gives them the ability to intelligently steer application traffic over the best performing network path. Such steering is self-learning and automatic, meaning performance is kept at its peak without human intervention. This is as equally applicable for a single site business provided with multiple logical or physical connections as it is across a multi-site wide area network.

Private (MPLS) and Public (Internet) network paths have inherent advantages over each other depending on where an application is hosted. SD-WAN enabled appliances do not care what the transport methodology is, they concentrate on application performance over the various logical and physical transport mechanisms against the SLAs it has been configured with. A customer with a private connection to their cloud platform may have a better experience due to lower latency than over an internet access circuit of the same bandwidth. Therefore SD-WAN is not a default replacement for private networking but allows the most to be made of either public or private links with the sole aim of improving the end user experience.

However, more important than design philosophy, SD-WAN’s ability to use public facing internet connections has the result of greatly complicating security considerations, due to the potential increase in attack surfaces. From one or two points in a more traditional private MPLS network, to multiple points, all with their own internet facing connections.

The addition of network meshing, application steering and the effective use of bespoke application paths means that in looking at a provider for your SD-WAN network (or IaaS platform), it is important to consider whether they own their own public and private transport network, as well as having the people and processes to securely configure the site to site and security components.

Lastly, the combination of public facing SD-WAN solutions and the huge increase in internet based threats and attacks over the last few year means next generation firewall features and performance are critical to an organisation’s ability to safeguard critical applications and data. From a configuration standpoint, SD-WAN also concentrates an organisation’s networking and security requirements onto the same stack of components, rather than being separated onto routers and firewalls as per a traditional MPLS network meaning the information gathering and configuration stages are absolutely crucial. Also key to the security conversation are Virtual Private Network (VPN) and Multi Factor Authentication solutions to bring traffic in from remote users safely, given the recent explosion and legitimisation of remote working.

SD-WAN enabled security appliances are only as effective as their most recent update, and only as secure as the processes used to manage them are robust. With this in mind we have developed Virtual1 Managed and Professional Services to support our partners and their customers to focus on the user experience that they need to deliver, whilst leaning on us to map out and deliver on the details that make it happen day in day out.

Whilst there are clearly lots of points to consider, we feel that the overarching design priority should always come back to the end user experience that underlying infrastructure needs to deliver, and that it can do so whilst maintaining high security standards.

The destination that all networking conversations should be heading towards is – how can we help you improve the way working for you feels?

Tune in to hear Andrew run through an overview of our SD-WAN proposition on Tuesday July 20th. You can register here