The overall landscape for business is changing fast. Users today are connecting to the corporate network with new, feature-rich applications via a myriad of devices from various global locations. This evolution creates a network architecture that must meet needs across a wide set of requirements. The truth is, there is not one single wide area network (WAN) platform that exists to meet every requirement across users and offices.
In almost every design we create, the outcome revolves around hybrid WAN connectivity -- an approach that leverages the public Internet VPN with traditional WAN services. For example, our designs would normally include the following:
- A core network created using Layer 3 virtual private routed networks, or VPRns
- A metropolitan area network connected via dedicated fiber
- Data center connectivity within different geographic regions connected via a virtual private LAN Service (VPLS)
- Remote users secured via clients anchored by IPsec over the Internet
- Remote offices and difficult-to-connect sites connected via IPsec over the Internet using a dedicated VPN device
- Fast-start 3G and 4G connectivity
When you're considering hybrid WAN connectivity, one of the areas it's important to understand is how to engineer the way users will be supported versus how to engineer the method used to transport traffic back into the network. With a multiprotocol label switching network playbook and a VPLS, predictable performance of traffic is realized by using service-level indicators together with features such as quality of service, or QoS, to prioritize applications. When IT teams deploy hybrid WAN connectivity, which features IPsec and Secure Sockets Layer, or SSL, over the Internet, the user experience is sometimes hit or miss.
With this in mind, teams must carefully consider the performance of the applications users will expect to access across each connectivity type. For example, a user expecting to videoconference from a hotel room in a far-flung exotic location would most probably be disappointed with the overall quality. With this said, applications are becoming more aware of the underlying network bandwidth. In scenarios where conditions are less than optimal, the application will notify the user that a particular feature may not be available.
In addition to user performance, security is a concern when you're considering the prospect of connecting a global user base back into the network across the Internet. The address boundaries of the secure VPN within the overall hybrid WAN must be extremely clear. There are multiple ways to secure user connectivity back into the network, but in order to understand which features are required for your organization, a thorough capability statement must be created.
Within this statement, decide which resources are key to users and define the type, location and profile within each subset. A smaller organization will find this task much easier than will a global enterprise with thousands of employees, but by aligning requirements to profiles, the task is less onerous. If robust policies exist to restrict access where required, using the Internet as leverage to complete the overall connectivity requirement is a must in today's highly connected business.