Let’s face it. IT managers for higher education have a tough job. While their fellow IT pros in the private sector typically know more about computing than their users and can exert some control over the applications and devices running in their networks not so with higher education. Professors and engineers “know better” than IT. Students bring a extensive range of devices and applications with them onto campus. Users in general work everywhere and anywhere. How does one build a backbone that is at once affordable, secure, agile enough to address all users populations and resources, regardless of location?
What is SD-WAN?
Software-defined Wide Area Networks (SD-WAN) would seem to be the perfect solution for connecting off-site buildings to a campus or campuses together. They’re more predictable and secure than an Internet, easier to deploy, manage and troubleshoot than a multipoint VPN, and more affordable than a private data service, such as MPLS service.
With SD-WAN, appliances connect locations to one more Internet services (xDSL, cable, or 4G/LTE). The appliances aggregate the connections together to create a single virtual link that has more capacity and better uptime than any one link. They do this by establishing a mesh of encrypted tunnels across between all locations.
Policy-based algorithms balance traffic across the links to maximize their utilization and direct traffic to alternate links in the event of a failure or slow-down. Performance is improved for all applications by routing them along the optimum path. Routing decisions are made based on real-time traffic conditions, and thresholds defined in application policies.
However, SD-WAN appliances suffer from several problems. They require additional dedicated security appliances or third party cloud-based security services to secure access to the Internet securely. This presents increases deployment complexity and costs. Security appliances, in particular, are known for forcing sudden upgrades as traffic spikes or when enabling compute-intensive features.
Performance also remains subject to the erraticness of the unmanaged public Internet. The lack of a global, SLA-backed backbone leaves SD-WAN unable to provide the consistent, predictable transport needed by real-time service and business-critical applications. This is particularly true between Internet regions where latencies are high, and there are a fewer routes to choose from to avoid packet loss problems. As a result, SD-WAN adopters have remained chained to their MPLS services, paying exorbitant bandwidth fees just to deliver core applications
And finally, SD-WAN appliances fails to seamlessly integrate cloud resources and mobile users into the WAN. Since SD-WAN appliances were designed to better connect branch offices, the SD-WAN edge had to be stretched to the cloud as an afterthought. Mobile users do not benefit at all from SD-WAN capabilities.
Cloud-based SD-WAN Addresses Traditional SD-WAN Problems
Cloud-based SD-WAN converge the SD-WAN fabrice, network optimization and advanced security services, such as NGFW, SWG and IPS, into a cloud running across a global backbone. Locations runs simple appliances that establish secure tunnels to the SD-WAN’s nearest point-of-presence (PoP). These PoPs are often colocated in the same physical datacenters as those housing the AWS or Azure edge, facilitating cloud integration.
“SD-WAN is the most significant infrastructure transformation since the introduction of virtualization,” says Shlomo Kramer, co-founder and CEO of Cato Networks, a provider of cloud-based and secure global SD-WAN. “It transforms how we think about site-to-site communications, Internet access, the cloud, our security architecture, and mobility. When else have we seen a technology with such profound impact?”
With cloud-based SD-WAN, higher education can radically redefine how they deliver networking and security services. As professors and students need to access new resources or run experiments involving multiple locations, IT can spin up new virtual overlays to isolate the traffic.
With less technology in the edge, any resource can be easily connected to the SD-WAN. Cloud resources are one example, but even individual users become part of the SD-WAN. Students and remote staff just run a mobile client to connect to the SD-WAN. It’s a win-win. They get superior performance of a managed backbone and advanced security, while IT receives better control and management.
And with the cloud’s capacity, advanced security services can be enabled without scalability concerns. Deploying IPS, NGFW and more can be done for all traffic without having to plan for a forced upgrade.
It takes vision and fair amount of guts to rethink how we connect our locations and resources. But for those willing to take that leap, SD-WAN and in particular cloud-based SD-WAN offer significant cost savings and agility gains to boot.