olly - Fotolia
When procuring a wide-area network (WAN), IT managers must understand which capabilities they will need from their service providers to meet their specific requirements, and thus determine WAN topology.
Lacking a clear understanding of the products and services marketplace can result in the wrong purchasing decision, causing underperforming applications or even a loss of connectivity.
Let's use the example of a financial services company with three distinct requirements, as follows:
- Robust connectivity to place trading business (market trades)
- Robust connectivity between data centers
- Ability to connect various regional office locations
Requirement 1: Low latency. The faster a trading application responds to market data, analysis, decision-making and ultimately, the production of market orders, the more likely a successful order will be filed. In fact, trading organizations closely plot the actual percentage of orders that are filed versus ones that fail; the internal target is approximately 100 microseconds, which means the best possible OS, switching, application performance and network infrastructure is required.
In this case, our company needs dedicated fiber. It removes shared infrastructure (i.e. a multiprotocol label switching (MPLS) core network) and serves as the best way to move data from point A to point B. When considering WAN topology, the capability of dedicated fiber is defined as point-to-point or point-to-multipoint. In any case, dedicated circuits provide the best possible security, and thus are ideally suited to financial and government institutions.
Requirement 2: Cloud-based applications with expansion and resiliency. The impact of cloud computing continues to grow, and today's cloud computing infrastructure offers a myriad of feature-rich applications and services.
In our example, the financial services firm has implemented a set of private cloud services in a single data center. The company is growing and therefore the decision has been made to add three data centers at various locations. The overall set of specifications, however, has resulted in a requirement to maintain the same LAN addressing between locations. Fiber is not possible due to the distance between each data center and the need for any-to-any connectivity: A full mesh of dedicated fiber circuits would be expensive. In this scenario, virtual private LAN service (VPLS) makes sense to provide the best possible WAN topology.
There are multiple reasons why organizations deploy VPLS WAN services, but perhaps one of the most common is the ability to connect multiple cloud based data centers. In our situation, one data center already exists and is providing cloud services today. In order to meet the organization's needs, Layer 2 connectivity between sites will allow servers to be added within any of the locations with any-to-any connectivity and on the same LAN. If one site is lost, servers at the sites that are still up assume primary services, and in the process, provide seamless resiliency and diversity.
Where only two data centers are required, a virtual leased line (VLL) may suffice. A VLL is a point-to-point pseudo circuit over MPLS. Just as VPLS provides a full mesh of any-to-any connectivity, a VLL provides a WAN topology option of point-to-point or multipoint. With this said, full VPLS provisioning also allows organizations to connect branch sites in an any-to-any topology together with the main application sources.
Requirement 3: Branch offices. Our financial services company owns 15 branch offices that also need to communicate with the three data centers. In many ways, Layer 3 WAN services make perfect sense because there is no requirement to extend Layer 2 at the branch office level. We have seen this scenario play out with several clients in 2014. The overall WAN topology has become VPLS (as a base capability) with the service provider adding routers as managed devices to create Layer 3 at sites where required. This typically means Layer 2 and Layer 3 capability -- all based on an underlying VPLS product.
Requirement 4: Remote access, a hybrid VPN. Finally, our company must provide remote access for home workers and extranet clients securely and from anywhere those users may be. When creating a WAN topology, access for those connecting over the Internet represents somewhat of a headache -- primarily due to application performance and security. On the security side, organizations need to define a set of parameters that include device type, security and application performance expectations.
The IT and technology world has changed enormously over the past decade and continues to evolve at an ever-increasing pace. Users expect to have access to cloud-based resources from wherever they are located. In order to provide this kind of access, companies are engineering their applications to become more aware of their available connectivity. In other words, even if mobile users are accessing applications via a 4G network, latency can remain high. That could frustrate workers trying to join in on a video call. The solution? Applications that can deny connectivity based on their evaluation of network bandwidth. If latency is too high, then the application won't allow users to connect.
Few enterprises today end up with a WAN topology anchored by a single product or capability that meets all requirements. More often than not, WANs are cobbled together from a wide variety of products tailored to suit an organization's goals. As globalization becomes more important and device types continue to proliferate, organizations must align their business strategies with the correct topology. Without careful planning, WAN links can clog up, and productivity will suffer.
(Editor's note: For general WAN procurement, the TechTarget step-by-step WAN procurement Mindmap is available upon request.)
Designing your network with cloud-managed VPNs
Building a resilient WAN