This Industry Viewpoint was authored by Gayle Levin, director of solutions marketing at Riverbed Technologies
Network configuration errors and the resulting service outages are a nightmare scenario for many network operations teams. These all-too-realistic nightmares are often the result of manual and error-prone command line interfaces (CLIs) that are still common among traditional, hardware-based networking equipment.
Whether the cause is a typo in a command, an incorrect network mask or default gateway, an accidental duplicate IP address, or the more nefarious “while I’m updating this I’ll clean up those other things”, misconfigurations can be very time consuming to troubleshoot. It takes time to determine which devices are at fault, what was recently changed, and what the previous settings were. The development of network configuration management systems is a small step to help address this problem, but still leaves a significant amount of configuration complexity and rigidity in the network configuration process that can be addressed through software-defined WAN (SD-WAN) solutions.
Network virtualization is the evolution of configuration management
Abstracting network configurations from hardware and circuits is the natural evolution of traditional networking. Like virtual server and storage, separating the logical from the physical layers enables IT to optimize provisioning, orchestration, and management of networks based on business intent, not physical location. Centralized management of distributed resources, using a cloud-based graphical interface, automatic provisioning, and policy-based orchestration results in an agile network topology best suited to today’s dynamic workflows.
#1 Cloud-based GUI
The first step to eliminating user misconfigurations of network systems is a cloud-based graphical user interface (GUI) that offers an intuitive and intent-based approach to managing networks. Instead of coding individual configurations in a vendor’s CLI, network operators start with a dashboard that provides a single unified view of the network. Like existing network configuration management tools, a full SD-WAN solution keeps track of changes, giving you the ability to instantly roll back changes if needed. Unlike many of those tools, you can plan the network and visualize the effects before activating any changes.
An SD-WAN is a collection of physical sites and cloud services, each using one or more network uplinks, and an overlay of VPN connections that provide the desired connectivity and security between them. The GUI abstracts all of this to discrete layers that can be independently viewed and managed. Physical sites can be examined on a geographic map or a sortable table, according to the needs of the operator. Each site has one or more uplinks connecting it to a carrier network or the Internet, which can be aggregated, prioritized for specific needs, or used in a primary/backup relationship. Within each site are the various LAN and Wi-Fi zones, including important segments such as guest Wi-Fi, point-of-sale systems, and other IoT devices. All of this information is centrally configured, stored, and deployed with zero-touch provisioning.
#2 Automatic provisioning
Automation is an essential part of reducing the human errors that make up a large part of network configuration issues. Manually deploying and configuring routers is an arcane and labor-intensive task with complicated CLI commands. Instead, with SD-WAN tools the network team simply drop virtual shadow appliances onto the various designated sites to represent the intended plan. When the network design is ready to be activated, the configuration of each remote device is applied automatically using its Internet link. For new hardware, someone in the remote office just needs to plug in the appropriate cables and turn it on, reducing or eliminating the need for travel or remote on-site IT.
Manually adding multiple overlay VPNs on top of Internet uplinks multiplies the risks. Advanced SD-WAN tools automatically create a full mesh VPN topology between all sites, which the network team can then customize as needed. Every aspect of the virtual network can be designed and evaluated before deploying or configuring the hardware. This includes one-click provisioning to virtual private clouds, such as Amazon AWS or Microsoft Azure, chaining in cloud-based security services, such as zScaler, and rules aligned with business policies. Network updates are quickly and universally applied with automated and cohesive change management tools.
#3 Policy-based orchestration
The ultimate goal of a network is to support and enhance the digital experience for customers, employees, and other stakeholders. To this end, advanced SD-WANs include sophisticated rule definitions that align traffic with business priorities. The centralized system has visibility into everything connected to every port on every site and can identify and report on traffic by multiple criteria, including site, host, device, application, and user.
Instead of making routing decisions based on IP address or basic traffic characteristics, SD-WANs enforce policies based on user and application identity, to deliver consistency across all locations and devices. User information is imported directly from corporate systems, such as Active Directory, and easily linked to pre-defined or customized applications. Intelligent and granular traffic steering means that SaaS and Web traffic is sent to the Internet over the closest available path, making it easier to monitor and troubleshoot performance issues. QoS prioritization can be applied to applications or traffic types, such as voice or Office 365, and also by site, host, user, or subnet. Rules are defined in business language, not network terminology, and detailed reporting makes it easy to verify service level agreements, security requirements, and regulatory compliance.
Manage centrally, orchestrate globally, deploy remotely
Digital transformation is affecting all aspects of the business, with the network playing a crucial role. Network problems can quickly translate to lost business, as customers route around outages and unavailable services to solve their needs now. Reducing or eliminating outages caused by network misconfigurations, most of which are the result of human error, is an important but less known characteristic of SD-WANs. Digital transformation of the network comes from the ability to manage centrally with a complete view of the network fabric, orchestrate globally with business polices that are automatically enforced, and deploy remotely with zero-touch activation of hardware components and one-click integration into cloud services. The result is seamless access and optimal digital experiences for all users.
About the author
Gayle Levin is director of solutions marketing at Riverbed Technologies. Previously, she held product marketing and campaign roles at VMware, Oracle, and Splunk as well as several startups. Her interests lie in the impact of technology on the way we think and work today.