Brian Jackson - Fotolia
The pros and cons of SD-WAN and remote access
SD-WAN could be a compelling option for enterprises that require remote access for mission-critical jobs. But IT teams should be aware of cost, training and implementation barriers.
Software-defined WAN has become a viable platform for delivering reliable, secure quality of experience for remote branch users and devices. The increased importance of a secure, high-quality experience for users working at home is driving consideration of SD-WAN technology at the home office.
The tasks and productivity required for mobile and at-home work are no longer distinct from those for office work. IT organizations need to upgrade remote access and VPN designs to handle near-term demand. They also should look beyond 2020 to evaluate remote access options that are secure, flexible and easy to manage. Over time, remote access capabilities are likely to converge with overall network and security architectures, such as Secure Access Service Edge.
Remote access before 2020
Remote access has historically been relatively low on the priority list for most IT organizations. Census data indicates that approximately 5% of the U.S. workforce worked from home all the time with another 40% working from home occasionally, so IT focused its efforts in other areas. The market for remote access or VPN technology is highly fractured with offerings that run the gamut of VPN concentrators, firewalls, VPN software clients, VPN as a service and virtual desktop infrastructure (VDI), among others.
Remote access in 2020 and beyond
The rapid shift to the current pandemic situation, where the vast majority of employees work at home, caught most IT organizations off guard. With up to 100% of employees working from home, IT organizations are finding that their remote access and VPN services are difficult to use, hard to troubleshoot, slow and not necessarily secure.
Home users will need streamlined access to popular IaaS and SaaS applications, especially as more and more applications migrate to the cloud. Remote users at home require ease of provisioning, application prioritization and centralized management. The services must be simple, scalable, flexible and cost-effective.
Remote access technology needs to migrate from a location-based or termination point methodology to identity-based methodology. Remote access users need to access all key applications and data from any location or device via any network. Network security needs to be focused on who the user is, what application is being used and where sensitive data is migrating.
A branch of one: The home office
In many respects, the home office is similar to a small branch. Multiple users -- family members and roommates, for example -- typically share an internet circuit. A home office needs to support a range of applications with differing latency and performance requirements, such as VoIP, video conferencing, VDI and Microsoft 365. It also needs to protect against external threats, such as malware and phishing attacks, and prevent sensitive data loss. For mission-critical work and workers, the home office may require wireless backup -- e.g., 4G LTE -- for reliable, continuous operations.
Benefits of SD-WAN for the home office
SD-WAN technology offers a number of key benefits a home office can employ, including the following:
- prioritization for mission-critical and latency-sensitive applications;
- accelerated access to cloud-based services;
- enhanced security via encryption, VPNs, firewalls and integration with cloud-based security; and
- centralized management tools for IT administrators.
Scaled-down SD-WAN technology can address many of the performance and security challenges present in work-at-home situations. Combined with a 4G LTE modem, SD-WAN can provide high-reliability networking and steer traffic to the most appropriate link based on application prioritization settings.
Challenges of SD-WAN for the home office
SD-WAN is just one of many potential options for secure work at home networks. While SD-WAN technology is relatively easy to deploy, some IT organizations will be challenged to rapidly scale out hundreds of new sites. Each SD-WAN provider has its own unique method for application prioritization, security and management, and coming up to speed on a new SD-WAN technology can take time.
SD-WAN technology is designed for branch offices and priced accordingly. SD-WAN options that deliver remote access to an organization's entire workforce are probably cost-prohibitive, especially for 4G LTE options and associated data plans. Practically, SD-WAN is best positioned for power users -- IT and operations staff, C-level executives and highly paid professionals -- where the cost benefit of SD-WAN is clear-cut.
SD-WAN remote access vendor options
A number of technology providers offer SD-WAN remote access options for the home office. These offerings may include client software to access centralized SD-WAN intelligence, remote access as a service and hardware appliances designed for power home users.
Apcela. Apcela's Arcus Secure platform enables enterprises to scale their current VPN environment. It enables secure split tunneling by service chaining other enterprise security tools, such as secure web gateways and data loss prevention platforms, with the VPN service.
Aryaka. Aryaka delivers WAN as a service across its global network. Aryaka Secure Remote Access accelerates application performance for remote and mobile employees via its clientless SD-WAN.
Aruba Networks, a Hewlett Packard Enterprise company. Aruba offers its 303H Access Point -- combined with Aruba Central, a cloud-based management portal -- to provide home professionals with high-performance Wi-Fi, encryption, a built-in firewall and traffic awareness.
CloudGenix/Palo Alto Networks. CloudGenix Instant-On Network devices provide SD-WAN services, including VPN, application prioritization and centralized management. Palo Alto offers VPN clients with connectivity to its Prisma cloud-based security service. After its CloudGenix acquisition announcement, Palo Alto intends to integrate CloudGenix SD-WAN into its Prisma security suite.
Fortinet. Fortinet offers its FortiGate appliance for power users at home. It offers a full SD-WAN and firewall feature set with or without a 4G LTE modem.
VMware VeloCloud. VMware offers its SD-WAN Work @Home platform. This is a small appliance offered with or without a 4G LTE modem that provides the full SD-WAN feature set to the home office.
SD-WAN remote access recommendations for IT executives
Working from home is now the new normal for many organizations. IT teams will need to plan near-term, medium-term and long-term strategies to deliver scalable, secure work-at-home options for their employees.
Highly productive remote access strategies require the following:
- access to all applications in the cloud and in the internal data center;
- high-quality UX with speed and low latency;
- security threat protection, regardless of device, location and network; and
- simple deployment and ease of centralized management.
In addition, these strategies require the ability to scale up and down to meet changing business conditions.
SD-WAN is a high-end technology for work-at-home networking and security challenges. It offers significant benefits in terms of application prioritization, traffic steering, cloud acceleration and security. When combined with 4G LTE or 5G connectivity, it will provide a highly reliable option. Due to its cost, SD-WAN remote access technology is best suited for select, high-value work-at-home professionals.