Blog Cloud

7 Must-Know Terms When Considering SD-WAN

From the early 2000s to 2014, SD-WAN was a nascent technology, but since then, it’s become an evolving and complex technology. The evolution has been accelerated both by cloudification of applications and services and by workers moving into the ‘Extended Edge,’ especially because of the pandemic. So, while you may know the basics of SD-WAN, here’s a primer with 7 must-know terms you may or may not be familiar with when considering this innovative technology.

1. Multi-Cloud

An environment in which cloud services from multiple vendors co-exist

A multi-cloud environment is a network infrastructure that combines multiple cloud services from more than one cloud vendor, whether public or private. Multi-cloud environments present WAN management challenges in terms of guaranteeing application performance and security. New SD-WAN technologies like cloud mesh can address these challenges by enabling secure, direct access to cloud environments via software-defined interconnect (SDI).

As distinct simply from multiple clouds, multi-clouds are interconnected between each other and back to the enterprise WAN. There’s a clear usage, growth, and procurement strategy for the selected set of public cloud vendors. And management, maintenance, and security policies encompass all vendors in a similar fashion, with the multi-cloud becoming a full-time part of an enterprise’s ecosystem.

2. Cloud Mesh

A way to deliver mesh connectivity in the cloud

Cloud-based mesh is a network architecture that leverages software-defined interconnect (SDI) to deliver full-mesh connectivity. Full mesh is a network architecture that allows any site on the corporate network to connect directly to any other site on the network. Physical full mesh architectures typically have negative impacts on application performance, since traffic may have to traverse several “jumps” to reach geographically distant sites, resulting in latency and packet loss.

Conversely, cloud-delivered full mesh takes advantage of the geographically closest Point of Presence (PoP) for the applications, resulting in superior quality of experience (QoE) for SaaS workloads compared to standard full mesh. Cloud mesh enables businesses to take advantage of SaaS and IaaS without compromising on security or performance.

3. Orchestration and Orchestrators

The “brains” that deliver WAN control and management

SD-WAN orchestration is a centralized administrative service model that provides secure, (ideally) cloud-delivered WAN control and management. It automates network admin functions to streamline and simplify the management of distributed network operations.

SD-WAN delivered “as a service” enables managed service providers and enterprises to access an orchestrator from a protected web service portal, in order to centrally manage and monitor SD-WAN branch (edge) deployments based on business policies.

4. SASE

Secure Access Service Edge, which combines a suite of cloud-based WAN technologies

Secure Access Service Edge (SASE) is an acronym coined by Gartner in 2019 and describes a new paradigm in wide-area networking. Pronounced ‘sassy’, SASE combines a suite of WAN technologies with cloud-native security functions such as secure web gateways, cloud access security broker, zero-trust network access, and firewall-as-a-service as core abilities, with the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels. Since SASE, in many cases, utilizes SD-WAN, it is important to make the distinction between the two clear.

SD-WAN’s primary responsibility is to connect geographically distant offices, headquarters, data centers, and clouds to each other. Security tools are usually located at offices in customer on-premises equipment. SASE, on the other hand, focuses on connecting individual endpoints efficiently and securely — with an emphasis on the cloud. Currently, there is no industry standard for SASE.

(Edited definition courtesy of sdxcentral.)

5. Extended Edge

A label used to describe the phenomenon of enterprises adopting technologies, and placing and using network resources from outside the traditional physical boundaries of the corporate perimeter

Historically, the corporate network was a physical entity, interconnecting various types of physical sites on the WAN such as headquarters, remote offices, and the data center. However, in recent years, as businesses have increasingly decentralized operations and shifted their critical applications out of the data center and into cloud environments, the network edge has now expanded outside the physical corporate perimeter.

In addition, as the global workforce is increasingly shifting to “work from home” scenarios, the Extended Edge refers to how employees and customers alike are now accessing applications from remote networks outside the direct control of corporate IT.

6. FWaaS

Firewall as a Service, a firewall set-up that sits in the cloud

Firewall as a Service (FWaaS) takes the functionality of firewalls into the cloud, away from the traditional network perimeter. As a cloud-delivered capability, it provides a number of benefits:

  • Businesses will always have the most up-to-date version;
  • Cloud delivery does not impact network performance the way on-prem solutions do;
  • And by leveraging security as a cloud service, businesses can better control costs and CapEx.

The guide also covers firewalls more generally, next-generation firewalls (NGFW), web-secure gateways (WSG), and zone-based firewalls (ZBF), which is our last term in this blog post.

7. ZBF

Zone-Based Firewall, a firewall that operates at a more granular level

A Zone-Based Firewall is one that centralizes and automates security. Specifically, it applies security policies at a highly granular and regimented level, is application-aware, and can integrate with your WSG. A good ZBF can do all this at the session level, letting you apply permissions based on topology and application-driven zones and offering the unique capability to backhaul traffic over the data center if the network team determines some traffic requires filtering using the main internet edge firewalls.

Another advantage of ZBF is it delivers policy-based topology isolation without the burden of network segmentation. This happens when an enterprise wants to separate the network between different parts of the business. For instance, if you don’t want traffic from marketing to cross paths with accounting.

Oh yeah, and SD-WAN…

Of course, we shouldn’t forget to define SD-WAN itself, a technology that facilitates the management of networks and network functions through a centralized software-based capability.  If you want more information about what SD-WAN is and how it delivers the experience your employees expect check out our dedicated SD-WAN blog.

Now you know your FWaaS from your ZBF and cloud mesh from the multi-cloud.  Learn more on our SD-WAN solution page.

Get the latest stories sent straight to your inbox!

Related Stories