How SD-WAN enables secure site networking

When companies plan to network multiple sites, it doesn’t take long before they talk about SD-WAN. But what exactly does software-defined wide-area network mean, what other technologies are out there and how do companies guarantee the security of their site-to-site networks?

Many companies today operate across several locations. However, connecting multiple sites is a demanding task for IT departments. Small and medium-sized enterprises in particular often cannot or do not want to do this on their own. Most of them turn to specialized service providers for outsourcing secure site-to-site networking.

Unrestricted communication in a WAN

Wide area networks (WANs) are networks that reach beyond local connections. Managed WAN is where a service provider is responsible for managing the network. Customers and service providers usually sign a network management outsourcing agreement for this, which also includes a service level agreement (SLA) to ensure a defined level of network performance.

Service agreements establish, among other things, the required availability. For example, this might set out that the service provider must ensure that the WAN service provided is 99.9 percent available. The maximum downtime during the contract period may not exceed 0.1 percent. Technicians must continuously monitor and document service quality and network performance. Ideally, the individual user should not even notice that they using the WAN rather than the LAN.

How MPLS defines the transport routes through the network of networks

At the end of the 1990s, the IETF (Internet Engineering Task Force) developed a new routing method called MPLS, which is still used in companies today for site-to-site networking. MPLS stands for Multiprotocol Label Switching. It is designed to enable connection-oriented transmission of data packets in a connectionless network such as the Internet.

MPLS uses labels to define paths through the global network and data packets are no longer simply transferred from router to router. If this was the case, the router would have to make a decision on the optimal path for communication each time. Only the MPLS approach can relieve the burden on the routers. Traditional routing protocols such as the Open Shortest Path First (OSPF), which was also developed by the IETF would not work in this scenario. MPLS ensures a better utilization of network connections.

However, there are many other benefits of using this method: MPLS also supports Quality of Service (QoS) and can securely route the data of different customers via VPN connection (Virtual Private Network) via one and the same infrastructure. However, MPLS connections cost a lot of money. For use cases such as simple searches on the Internet or access to social networks, the effort and costs are usually not worthwhile. In addition, the importance of MPLS has declined due to the current increase in distributed structures such as remote working and cloud computing. Many companies therefore rely on centrally managed VPN connections. These also offer high performance and reliability, but cost much less than MPLS connections.

Why the cloud and remote working represent challenges

In recent years, the cloud has posed numerous challenges to IT infrastructure. Potential attack vectors have also increased due to advances in networking technology. But cloud solutions still need to be as secure as local on-premise infrastructure.

Many manufacturers and providers rely on SD-WAN (Software Defined Wide Area Network) to address this gap. Like classic SDN (Software Defined Networking), SD-WAN can virtualize and centralize network functions. This not only makes the network more flexible, it also simplifies network management. Hardware-based networks such as the Internet, mobile radio networks or MPLS still form the basis on which a software-based network is set up. This overlay network is managed centrally by a controller. The controller also determines which applications should use which services. This allows real-time services to be implemented in heterogeneous environments.

Why an SD-WAN is extremely flexible without compromising on security

Even a modern SD-WAN requires protection. That's why there are now software-based VPN solutions that ensure secure remote connections. The NCP solution combines NCP Virtual Secure Enterprise VPN Server (vSES) as a gateway with the NCP Secure Enterprise Management Server (SEM) as a management system. In this case, the gateway is not located directly in the cloud, but forms a secure environment directly on the server behind the firewall.

An SD-WAN offers maximum flexibility, whether in the private cloud, on the public Internet, between central and site offices or for remote workers (Image: Aryaka Networks).

Aryaka Networks has developed an extremely secure VPN from the cloud for international companies of all sizes based on SD-WAN. Two years ago, the company announced SmartSecure Private Access. Using SD-WAN and Secure Access Service Edge (SASE), flexible VPN connections can be set up for remote employees. Companies can also test this service as a live demo.

In a nutshell:

Many experts consider SD-WAN to be the successor to MPLS. That's not quite right. SD-WAN is rather an addition to MPLS, which develops the idea of predefined transport routes. Both technologies and concepts have their own advantages. Often it makes sense to take a hybrid approach and use the best of both worlds. In conjunction with modern VPN technology, it is also possible to securely and reliably network several locations at comparatively low cost.

Learn more about the NCP Virtual Secure Enterprise VPN Server (vSES) now