Assessing Your WAN Strategy: Resiliency and Security at Branch Locations

In part 1 of this 3-part series on how to conduct a wide-area network assessment and determine necessary updates, we looked at foundational issues including current challenges and objectives. Part 2 examined considerations around applications and bandwidth. In this third and final installment we’ll look at two issues that are critical for any organization: resiliency and security.
I spoke with Mike Lawson, Manager of SD-WAN/NFV Solutions Architecture for CenturyLink to determine which issues to examine. Lawson is in the trenches with network architects and customers every day; as such, he understands the issues that lead companies to upgrade their WAN services to newer technologies such as software-defined WAN (SD-WAN).
Assessing Your Branch Resiliency
To determine resiliency needs, you should start your assessment by examining the strategy in place at branch locations, Lawson recommends. “Do you have more than one connection to branch locations? Can you leverage them both an active state?” Many times companies buy an additional MPLS circuit, for example, but use it only when the primary fails. Otherwise, the extra capacity sits idle.
This is an instance where SD-WAN may make sense, as this kind of networking allows companies to leverage more than one connection in an active state at each site. An organization might have an MPLS link as their primary connection, for example, and use broadband Internet or 4G cellular as a backup—a much less expensive option than having multiple MPLS circuits.
The fact that the backups can also be used in an active state opens up multiple new options in an SD-WAN scenario.
Many customers employ packet replication for voice and video, Lawson says. “If voice is critical at a particular location, it may make sense to leverage more than one connection,” he advises. “Rather than losing the call if a service isn’t available, two or more connections are used to send duplicate packets of data, increasing [the] survivability of the application.”
Packet striping is another SD-WAN feature that helps deliver a single data flow across disparate network links, Lawson notes. This method lets a site utilize all available bandwidth for a large file transfer.
Security Issues: Network Segmentation and Firewalls
With respect to security, organizations need to look at how their security posture is evolving with the introduction of more Internet technology on the WAN. Lawson recommends that organizations consider how their solutions achieve compliance for things like PCI, as well as perform vulnerability scanning.
Guest networking is another consideration. Take the example of an auto dealership. “Customers often come in with the whole family. While mom and dad are talking to the salesman, the kids are on their iPhones,” Lawson says. “So, you need to provide a guest network while also protecting the corporate network.”
Doing so hinges on providing an effective hybrid network strategy. SD-WAN can be an effective solution because it lets users create multiple logical networks at the click of a button, depending on the provider.
SD-WAN solutions may also come with features such as an embedded firewall that enables customers to develop security policies to protect the network edge, whether it’s Internet traffic or trusted applications such as Office 365.
“With a solution that we sell, it’s technically possible to say I’m going to take centralized firewall functionality out of the data center and put them on the edge of the network,” Lawson says. This can be a tough sell for security teams, however, so companies often take a hybrid approach, using data center firewalls to control general Internet traffic and SD-WAN security capabilities for trusted applications.
“We’re seeing a kind of security journey develop with our customers,” Lawson says. “But security remains top of mind.”
Unleash your network potential with CenturyLink SD-WAN.
This article was previously published on NetworkWorld on July 25, 2019.
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. CenturyLink does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user.