Flexible Network-Based, Enterprise-Class Software-Defined Solutions for Hybrid Public/Private Network Connectivity

Similar documents
Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Text Messaging Helps Your Small Business Perform Big

Transform your network and your customer experience. Introducing SD-WAN Concierge

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Transform your network and your customer experience. Introducing SD-WAN Concierge

Y O UR BUS I N E SS IS ONL Y A S S TR ON G A S YO U R CONNEC T I O N T HE I M P ORTANCE OF R ELI ABLE CO NNECTIVITY W HAT S IN SIDE:

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

SD-WAN: Aligning the Network with Digital Transformation, Cloud, and Customer Engagement

Cisco Preparing Its Datacenters for the Next Generation of Virtualization and Hybrid Cloud with Its Application Centric Infrastructure

Why the Cloud is the Network

MPLS SOLUTION How to Make the Best Choice for Your Business

Analytics-as-a-Service Firm Chooses Cisco Hyperconverged Infrastructure as a More Cost-Effective Agile Development Platform Compared with Public Cloud

Hybrid Cloud for the Enterprise

The New Enterprise Network In The Era Of The Cloud. Rohit Mehra Director, Enterprise Communications Infrastructure IDC

Delivering the Wireless Software-Defined Branch

Thin Clients as Attractive Solutions for Cost Effective, Secure Endpoint Management

Our Virtual Intelligent Network Overlay (VINO) solutions bring next-generation performance and efficiency to business networks throughout North

Hybrid Cloud for Business Communications

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Cisco ACI Helps Integra Compete in Next-Generation Telecom Services Market

MPLS VPN: Business Ready Networks. The cost-effective, scalable and robust network solution

Reaping the Full Benefits of a Hybrid Network

IDC MarketScape: Worldwide Service Providers 2018 Vendor Assessment

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

Simplifying the Branch Network

Customizing SD-WAN for the Distributed Enterprise

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

SD-WAN Solution How to Make the Best Choice for Your Business

RingCentral White Paper UCaaS Connectivity Options in the New Age. White Paper. UCaaS Connectivity Options in the New Age: Best Practices

I D C T E C H N O L O G Y S P O T L I G H T. SD- W AN : M o m e n t u m B u i l d s as Early Ad o p t e r s

Worldwide Datacenter Automation Software 2013 Vendor Shares

Global Headquarters: 5 Speen Street Framingham, MA USA P F

What is SD WAN and should I know or care about it? Ken LaMere Ecessa

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

SD-WAN. What is it anyway?

Takes 3-6 Months to Deploy. MPLS connections take 3-6 months to be up and running in some remote locations. Incurs Significantly High Costs

Automated Infrastructure Management Powers Future-Ready Enterprise Clouds

IDC MarketScape: Worldwide Datacenter Transformation Consulting and Implementation Services 2016 Vendor Assessment

SD-WAN. Evolving Beyond MPLS in the Enterprise Network. 55 Water Street, 32nd Floor New York, NY (877)

I D C T E C H N O L O G Y S P O T L I G H T. SD- W AN : A C r i t i c al S t e p in Transforming the N e tw o r k for the Cloud Era

Astrium Accelerates Research and Design with IHS Goldfire

INNOVATIVE SD-WAN TECHNOLOGY

WHITE PAPER Ericsson Delivers on Carrier Ethernet Solution IDC OPINION. Sponsored by: Ericsson. January 2009

Atlantis Computing Adds the Ability to Address Classic Server Workloads

90 % of WAN decision makers cite their

I D C T E C H N O L O G Y S P O T L I G H T

IDC MarketScape: Worldwide Network Consulting Services 2017 Vendor Assessment

Global Headquarters: 5 Speen Street Framingham, MA USA P F

SD-WAN Transform Your Agency

Intent-Based Networking in the Limelight with Cisco's Launch of Catalyst 9000 Series Ethernet Switches

Global Headquarters: 5 Speen Street Framingham, MA USA P F

MASERGY S MANAGED SD-WAN

IP VPn COMMITTED TO QUALITY

Business Continuity & Disaster Recovery

SD-WAN: A Simplified Network for Distributed Enterprises

Taking Back Control of Your Network With SD-LAN

IDC MarketScape: Worldwide Cloud Professional Services 2014 Vendor Analysis

Utilizing SD-WAN to Optimize Application-Driven Policy Management

VOXOX. A Tell-All Guide EVERYTHING YOU NEED TO KNOW ABOUT HOSTED PBX. a VOXOX ebook VOXOX, Inc A Comprehensive Guide

Software-Defined WAN Does Not Grow on WAN Alone

Choosing the Right. Ethernet Solution. How to Make the Best Choice for Your Business

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

The Future of Network Infrastructure & Management

Network Services. Product Catalog

ENTERPRISE CONNECTIVITY

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Never Drop a Call With TecInfo SIP Proxy White Paper

NETWORKING GLOBAL ACCESS ONE SOURCE SERENUS NETWORK SERVICES NEXT GENERATION CLOUD

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

IPsec VPN. Quick Guide 3/19/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

IDC MarketScape: Worldwide Cloud Professional Services 2018 Vendor Assessment

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

From Zero Touch Provisioning to Secure Business Intent

COMPLEMENT YOUR BUSINESS SERVICES PORTFOLIO WITH VIRTUALIZED NETWORK SERVICES. Solution Primer

ANIRA Customer Presentation

Data center interconnect for the enterprise hybrid cloud

SD-WAN AND BEYOND: DELIVERING VIRTUAL NETWORK SERVICES

Building Infrastructure for Private Clouds Cloud InterOp 2014"

A Software-Defined WAN is a Business Imperative

Transforming your network for the digital economy

EXPAND YOUR BUSINESS SERVICES REACH WITH VIRTUALIZED NETWORK SERVICES. Solution Primer

Benefits of SD-WAN to the Distributed Enterprise

Title of Presentation

EVERYTHING YOU NEED TO KNOW ABOUT NETWORK FAILOVER

Assessing the Business Value of the Secured Datacenter

EdgeConnectSP The Premier SD-WAN Solution

The Windstream Enterprise Advantage for Healthcare

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Unity EdgeConnect SP SD-WAN Solution

Delivering Transformative Business Solutions

Global Headquarters: 5 Speen Street Framingham, MA USA P F

SD-WAN. Bringing Scale, Agility and Robustness to Enterprise Networks

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Introduction to Cisco ASR 9000 Series Network Virtualization Technology

Cloud Services. Infrastructure-as-a-Service

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

Voice of the Customer First American Title SD-WAN Transformation

National Bank Minimizes Security Risk and Supports New Business with McAfee Security Solutions

Virtualizing Networks:

Transcription:

White Paper Flexible Network-Based, Enterprise-Class Software-Defined Solutions for Hybrid Public/Private Network Connectivity Sponsored by: Courtney Munroe June 2018 EXECUTIVE SUMMARY Today's enterprise WAN networking environment is characterized by global coverage; an end-to-end software-defined, application-aware environment; and increasing use of on-demand applications. This environment is flexible enough to support an almost limitless combination of on-premise equipment, centralized configuration and management via SDN tooling, and underlying carrier-agnostic networking. Enterprise adoption of hybrid software-defined platforms that leverage diverse protocols such as MPLS-enabled VPNs for larger sites and IPSec network-based VPNs and SD-WAN for smaller locations is on the rise. Enterprises of all sizes expect flexible, secure, and robust hybrid WAN connectivity for business applications from anywhere at anytime. IN THIS WHITE PAPER This IDC white paper discusses the following: The impact of software-defined networking/network functions virtualization, including SD- WAN, facilitates application-based management and network-agnostic, dynamic policy-based routing. Augmenting MPLS VPN with IPSec VPN both for "same site" connectivity and as a hybrid VPN offers a unique opportunity for enterprises to connect all of their existing high-speed data, voice, and video enterprise applications over this hybrid private/public network platform with the inherent qualities of MPLS predictable performance, security, quality of service (QoS), and low latency along with the cost-effectiveness and ubiquity of both wired and cellular broadband internet. IDC believes that enterprises are most likely to select an SD-WAN/VPN communication service provider that offers a platform for managed customer premises equipment (CPE) services and managed or comanaged applications such as security and dynamic policy-based routing along with a managed MPLS VPN service that can integrate with an internet-based IPSec VPN service. This provides access to business applications regardless of location, access technology, or cost constraints. 's MPLS-enabled VPN and IP VPN platforms combine to provide secure private IP and public internet VPN access to create ultra-flexible hybrid networks, including remote access users, that allow enterprises to connect their applications between offices, home workers, remote users, or locations, including access to public and private cloud services. This IDC white paper also examines how enterprises can leverage SDN/NFV with VPN network June 2018, IDC #US43887718

applications and offers recommendations for hybrid network SDN/NFV VPN platforms. It also discusses the benefits of 's FlexWare platform and MPLS and IPSec VPN platforms for secure internet VPN, remote access, and hybrid VPN network solutions. ENTERPRISE TRENDS AND NETWORK VPN MARKET OVERVIEW Market Overview SD-WAN and hybrid VPNs have emerged as important components of a managed network service because enterprises increasingly depend on distributed intelligent networking and VPNs to support access to VoIP, enterprise data, storage, and security applications between all of their business sites and remote workers. According to IDC, the North American managed SD-WAN market was $145 million in 2017 and will grow to $1.8 billion in 2022. The U.S. IP VPN market was $8.5 billion for networkbased services and $1.7 billion for IPSec VPN services. This represents revenue associated with communication SPs, not vendor direct sales of CPE. MPLS network-based VPNs provide enterprises with the best choice for predictable, managed, and secure private WAN IP network connectivity from any on-net enterprise location to any other on-net location for a whole range of business applications, including large data transfers, security, VoIP, telepresence, storage, and image and video transfers. According to IDC, the North American managed SD-WAN market was $145 million in 2017 and will grow to $1.8 billion in 2022. The U.S. IP VPN market was $8.5 billion for networkbased services and $1.7 billion for IPSec VPN services. MPLS VPN customers can continue to maintain their own IP addressing plans and also take advantage of a communications service provider's class of service (CoS) per application to enable the appropriate quality of service. Enterprise application specific traffic requirements such as performance, latency, and QoS map to the contracted service provider's SLA for a managed MPLS VPN service. SD-WAN with both dynamic routing and static routing is becoming more and more critical for enterprises that need secure, distributed branch networking. As business organizations decentralize their workforces to be closer to customers or to encourage more flexible home-work environments, they are creating different VPN site types and find themselves looking for a solution that combines the best of all worlds. Datacenters need large private WAN connectivity, large locations may want MPLS with internet and dynamic policy-based routing from SD-WAN, and medium-sized locations may be dual internet with static policy-based WAN, while temporary sites or semimobile sites may be connected only via LTE. The mobile remote worker is likely to have access to any combination of broadband, wireless 3G/4G, and/or WiFi networks and needs to securely connect to the VPN with a variety of wireless devices such as laptops, smartphones, or tablets. The integration of devices, applications, and services for onsite workers and remote workers within the same VPN network is critical, and user experience and network performance are equally important in both environments. For remote mobile workers, a hybrid solution that includes SD-WAN and remote access network VPN services employing IPSec enables ubiquitous IP access, which is probably the single most important characteristic of a VPN (secure access over the internet or any IP connection for maximum reach for 2018 IDC #US43887718 2

single users or small sites). Other important attributes are centralized application management and faster and more efficient deployment of applications. SD-WAN leveraging IPSec can be used to create secure VPNs over the internet. When used over the internet, IPSec provides point-to-point connections. IPSec secures data through encryption and authentication and allows the enterprise to maintain its own IP addressing plan through tunnels between sites. IPSec is ideal for connecting isolated company sites and mobile remote workers as well as enabling temporary connections to a VPN (events, pop-up stores, and exhibitions). It also serves as a temporary backup for an MPLS VPN network recovery. Today, many enterprises employ more than one type of VPN service: a managed MPLS VPN for some locations, a separate IPSec VPN for remote access, and possibly even an SSL-based VPN solution for some employees. Integrating application performance requirements across an enterprise is extremely complex. Consider, for example, point-to-point IPSec tunnels when a new tunnel is added, customer premises equipment will often need to be reconfigured in accordance with the changed logical network topology. In addition, packet characteristics may be hidden inside an IP tunnel, preventing the recognition of high-priority flows and making CoS usage difficult and limited to the edge of the network. Enterprises continue to use one or both, and sometimes, new applications such as telepresence or business continuity can be extended to a larger number of sites and users by employing a hybrid network IP VPN solution. ENTERPRISE APPLICATIONS FOR NETWORK SDN, SD-WAN, MPLS VPN, REMOTE ACCESS IPSEC VPN, AND HYBRID VPN Today, enterprises have a wide array of choices regarding distributed intelligent edge network software-defined offerings, including dynamic or static SD-WAN, managed or unmanaged MPLS or IPSec VPN, hybrid VPN, or remote access options. In addition, applications for security, WAN acceleration, VoIP, and so forth can now be presented as virtualized functions with centralized SDN configuration and management. In fact, according to an IDC survey, more than 50% of respondents use MPLS IP VPN to support VoIP over their own networks (see Figure 1). 2018 IDC #US43887718 3

FIGURE 1 Enterprise IP VPN Usage Trends Q. Currently, what features/use cases have you implemented on your network-based MPLS IP VPN and which do you plan to implement within one year? n = 401 Base = respondents who use network-based MPLS IP VPN Notes: This survey is managed by IDC's Quantitative Research Group. Data is not weighted. Multiple responses were allowed. Remote access Security applications Voice over IP (VoIP) On-demand/dynamic bandwidth via selfservice customer portal Application-aware performance management None of the above Use caution when interpreting small sample sizes. Site to site Multiple VPNs on same access circuit Proactive monitoring and reporting Class of service (CoS) Route management Multicasting Managed CPE Source: IDC's U.S. Enterprise Communications Survey, March 2017 0 10 20 30 40 50 60 70 (% of respondents) 2018 IDC #US43887718 4

This section reviews some enterprise use cases and applications for each of the following types of VPN deployments: SD-WAN service Managed and unmanaged MPLS VPN service Managed and unmanaged IPSec IP VPN service Hybrid managed MPLS and IPSec network VPN service SD-WAN complements VPNs with zero-touch deployments and centralized management of applications and in a hybrid multinetwork environment. SD-WAN facilitates both capex and opex savings with faster, more efficient implementation of branch site connectivity. It also offers increased flexibility because remote locations can be managed in a network-agnostic manner, and applications can be optimized for QoS based on specific business requirements. Users also gain additional flexibility from centralized path control and route management, along with additional security options. In the case of an unmanaged VPN service, the enterprise is responsible for providing the CPE device; configuring the CoS, multiple VPNs, and security attributes; and managing the impact on the VPN network when a new business application is introduced or a change to an application is instantiated. The enterprise has to self-monitor network performance. In a managed MPLS VPN, enterprises can securely access network reports and monitor the performance, latency, and bandwidth usage of their private data, voice, and video traffic via a unique customer portal that is part of the service offering and sometimes included as part of an SLA. The ability to leverage communication SP expertise to adhere to data governance, industry compliance, regulatory, and privacy requirements is another important factor in considering a managed MPLS VPN versus an unmanaged MPLS VPN because of the cost and complexity involved with developing and administering VPN policies in-house. IPSec-based network IP VPNs are increasingly a popular choice for enterprises trying to connect small offices/home offices (SOHOs), retail locations (restaurants, stores, and kiosks), and remote workers to their corporate VPN. Customers use a VPN appliance/firewall to provide an encrypted IPSec connection to access the internet via a broadband or wireless network or even another service provider's fixed network for these smaller sites. For remote workers, thin VPN client software can be installed on smartphones, tablets, and laptops that enables simple plug-and-play VPN connectivity choices with built-in security policies to allow VPN access via any available internet connection. The third use case involves combining both managed MPLS and IPSec network-based IP VPNs into a hybrid solution to handle an enterprise's on-net and off-net locations and workers. Today, many enterprises have a mix of sites including mobile workers, SOHOs, branches, and large datacenter and campus environments that all need to connect to the same corporate network with secure, predictable network performance. A communication service provider that supports a hybrid network-based VPN, as shown in Figure 2, enables enterprises to maintain consistent service policies, application performance, and secure connectivity to corporate applications for workers from any location. However, hybrid network-based VPNs can also carry greater management challenges, making it crucial to develop a comprehensive network strategy and select the right service provider. One of the more popular applications for employing a hybrid IP VPN solution is an enterprise telepresence service that extends telepresence sessions from corporate office locations that are part of the MPLS VPN network to remote access IP VPN sites or even individual workers accessing the 2018 IDC #US43887718 5

VPN. This can be a cost-effective form of secure internal company communication, and it is gaining popularity as corporations reduce travel budgets and increase real-time collaboration. One of the more interesting applications for this type of hybrid IP VPN solution is employing an IPSecbased VPN that provides temporary access to corporate MPLS network-based VPN resources. Disaster recovery and failover are two applications that can utilize 3G/4G cellular networks to provide alternative VPN connectivity for MPLS-based network sites that experience an outage. This application becomes very important if a location's network VPN service is temporarily disrupted because of a cut fiber or copper cable or for wider-scale disaster recovery if a major natural disaster occurs and employees cannot travel to their business establishments. FIGURE 2 One Integrated Hybrid Network Medium MPLS Site (MPLS + LTE) Large/Medium SD-WAN Site (MPLS + Internet) Small SD-WAN Site (Dual Internet) FlexWare FlexWare FlexWare Internet SD-WAN Gateway IPSec Gateway MPLS VoIP, Video, UC, Security Dual VPN NetBond for Cloud FlexWare Hub Site Remote IPSec Site (Dual Internet) U110 U110 Remote IPSec Site (Single Internet) Cloud Providers Source:, 2018 VPN PLATFORM REQUIREMENTS TO SUPPORT HYBRID NETWORK VPN APPLICATIONS Today's communication service provider has to be able to offer a VPN platform solution that has the flexibility to support the use of hybrid network-based MPLS and IPSec VPN networks for diverse enterprise environments. These hybrid platforms increasingly have to provide 99.99% or 99.999% network availability and SLAs that enterprises are accustomed to with a managed MPLS VPN network. SD-WAN network-based static solutions are designed to provide highly secure access to critical business applications regardless of location, access type, or device across a unified global platform the Global Network. Dynamic routing to MPLS VPN services via high-speed backbone infrastructure is based on MPLS network technology, offering enterprises consistent application 2018 IDC #US43887718 6

performance on a global basis. The MPLS VPN solution supports service differentiation by employing CoS for latency-sensitive applications. IDC recommends that enterprises consider a hybrid VPN solution based on the following six attributes that supports in an MPLS VPN platform and the SD-WAN network-based static IPSec platform: Breadth of access and extended global reach. 's VPN solution enables consistent application capabilities for small office locations as if they were at headquarters with backup options for business continuity. Flexibility. 's network flexibility provides remote access to an enterprise's intranet via the MPLS VPN, including simultaneous access to the internet via IPSec when connecting to public internet sites, WiFi hotspots, or cloud services. Resiliency. SD-WAN network-based static is easy to configure, and the on-premise VPN gateway can be combined with wireless technology as a redundant connection, restoring VPN service very quickly. The network gateways are mirrored, geographically separated, and load balanced to ensure network uptime. Security. 's SD-WAN over-the-top static uses IPSec to create paths that carry encrypted enterprise data over public networks, creating a highly secure pathway. This enables integration of applications with enterprise core infrastructure from multiple types of connections, such as broadband, wireless, WiFi, or dial-up. Proactive management and reporting. provides VPN network management services, application performance reporting, and network monitoring of both MPLS- and IPSec-based VPN enterprise sites via a customer web portal. Service agility. SD-WAN network-based static is for telecommuters, mobile workers, and remote staff in an office setting. The VPN Gateway along with SD-WAN network-based static provides a complete solution for these settings. Mobility options include 3G/4G wireless or WiFi access to SD-WAN network-based static, providing fast connections and extending the reach of the enterprise VPN. OUTLOOK FOR HYBRID SD-WAN, MPLS, AND IPSEC NETWORK VPNS Enterprise edge networking including both LAN and WAN environments can reap tremendous benefits and flexibility with the implementation of a hybrid network and cloud-based solution that includes the options discussed in this study. SD-WAN networks combined with mesh VPNs based on MPLS or IPSec depending on the attributes of the sites can be centrally managed and optimized over any underlying network. Enterprises expect their own IP VPN network expansion requirements will include a mix of alwaysconnected on-net sites, remote small offices, remote workers, mobile workers, and external partner sites. A hybrid VPN platform solution that incorporates and leverages software-defined routing and management as well as MPLS and IPSec VPN solutions will be more appealing and more costeffective for enterprises that have off-net users who infrequently access the VPN. The hybrid VPN will become important as IDC predicts that enterprise IT applications and hosting of applications will shift over time to cloud or mobile environments. 2018 IDC #US43887718 7

Best-in-class network IP VPN platforms can address the growing need to securely connect these business applications from any combination of wireless networks, the internet, public cloud providers, and private IP/MPLS networks. Communication SPs such as also refine edge solutions with software-defined functionality that improves flexibility in a cost-efficient manner while providing network-agnostic options and applicationcentric management capabilities. 2018 IDC #US43887718 8

About IDC International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make factbased decisions on technology purchases and business strategy. More than 1,100 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. Global Headquarters 5 Speen Street Framingham, MA 01701 USA 508.872.8200 Twitter: @IDC idc-community.com www.idc.com Copyright Notice External Publication of IDC Information and Data Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2018 IDC. Reproduction without written permission is completely forbidden.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback