A wide area network (WAN) is a geographically distributed private telecommunications network that interconnects multiple local area networks (LANs). A LAN is a group of computers and network devices which are all connected to each other, typically from within a short relative geographical distance. In an enterprise or business, a WAN may consist of connections to a company's headquarters, branch offices, colocation facilities, cloud services and other facilities. Typically, a router or other multifunction device is used to connect a LAN to a WAN. Enterprise WANs allow users to share access to applications, services and other centrally located resources. This eliminates the need to install the same application server, firewall or other resources in multiple locations, for example.
WANs are not restricted to the same geographical location as a LAN would be. A LAN can be set up in any number of geographical areas and be connected to a WAN—meaning a WAN is not constrained to one specific location.
A virtual private network (VPN) facilitates connectivity and security between WAN sites. Different VPNs can be utilized for different use cases. An IPsec VPN is more commonly used in continuously open site-to-site connections, such as those between branch offices and headquarters locations. An SSL VPN is often the preferred choice for enabling remote access for individual users because the data transmitted from users across the WAN is encrypted. Direct fiber optic links are also used to connect sites on a WAN – and they almost always offer greater performance, reliability and security than VPNs, but they are cost-prohibitive for most enterprises to procure and operate.
Types of WAN connections
WAN connections can include wired and wireless technologies. Wired WAN services can consist of the following:
WANs over wired network connections remain the preferred medium for most enterprises, but wireless WAN technologies, based on the 4G LTE standard, are gaining traction.
How WAN connections work
WAN infrastructure may be privately owned or leased as a service from a third-party service provider, such as a telecommunications carrier, internet service provider, private IP network operator or cable company. The service itself may operate over a dedicated, private connection -- often backed by a service-level agreement -- or over a shared, public medium like the internet. Hybrid WANs employ a combination of private and public network services.
Software-defined WAN (SD-WAN) is designed to make hybrid WAN architectures easier for enterprises to deploy, operate and manage. Using a combination of virtualization, application-level policies and network overlays, on-site SD-WAN devices, software platforms or customer premises equipment (CPE) perform two functions:
- They aggregate multiple public and private WAN links.
- They automatically select the most optimal path for traffic, based on real-time conditions.
The latter function has historically required network managers to manually reconfigure their networks any time they wanted to shape the direction of traffic over multiple routes.
Latency and bandwidth constraints often cause enterprise WANs to suffer from performance issues. WAN optimization appliances use a variety of techniques to counteract them, including deduplication, compression, protocol optimization, traffic shaping and local caching. SD-WAN CPE or platforms provide another level of application performance control through the use of lower-cost bandwidth connections, usually in the form of commercial internet services, along with traffic shaping and quality of service tools -- to increase reliability.
The security if WAN should be expanded to wherever end users will be utilizing their devices from, including users that work from a device in their home. End users that utilize WAN should also use firewalls and antivirus software to prevent unauthorized access or compromises to their device.
The use of a VPN helps create connectivity in WAN, but also has the added benefit of encrypting data. Users should be required to connect to a WAN via a VPN, including network devices that are connected to a WAN from a remote site. Additionally, SD-WAN has a key-exchange function which is used to authenticate devices on different endpoints.
Even though a WAN can be as secure, a WAN service provider should not be assumed to give a certain amount of security. Even the use of a VPN does not ensure the total security of a WAN system. In the past, a hacker gained access to Microsoft through gaining access to a users home device, which was able to follow the VPN back to Microsoft.
Advantages and disadvantages of WAN
Advantages of WAN include:
- Can cover a large geographical area
- Centralized infrastructure
- Increased bandwidth with the use of leased lines as opposed to broadband connections
Disadvantages of WAN include:
- High set up cost
- Possibility for security gaps
- Needs antivirus software and firewalls
WAN vs. LAN vs. MAN
WAN stands apart as it is a global service, while LAN connections pertain to a small area, such as a home, office suite or building, and a metropolitan area network (MAN) operates within city limits. LAN environments utilize Ethernet and Ethernet switches, while MANs are composed of Metro Ethernet, MPLS and point-to-point or point-to-multipoint wireless technologies.