The digital transformation and the steady adoption of the Cloud are turning the enterprise branch to its head.
As distributed enterprises, telecoms, or MSPs adopt the SD-WAN to enable WAN at the branch, they are capable of bypassing the entire legacy MPLS infrastructure. They don’t have to rely on the expensive WAN equipment anymore, now they can include other connection types, such as the public Cloud, or LTE. But the branch is so critical for distributed networks— now, the SD-WAN approach is being addressed specifically to the requirements of branch offices. The SD-WAN and the Branch are evolving into SD-Branch — an IP services platform with a set of networking, security functions, and central management.
How Telecoms are building SD-Branches from vCPEs?
The Legacy Branch Infrastructure
Distributed organizations depend on their WAN communications from and to the branch locations to ensure excellent customer service and experience, and to run a variety of services and applications.
The WAN-Branch started as a simple solution to connect all the branch offices to the headquarters. Different routing techniques such as the MPLS were introduced to ensure faster traffic flows between the branch offices. A piece of hardware such as a multi-protocol router provided a solid way to communicate with the headquarters, using the Internet or the MPLS network as a primary private link.
But this approach can be limited for Enterprises or Service Providers with hundreds of branch offices or customers. And the problem is not only on the high number of branch offices, but the number of different single-function devices within the branch. Having tons of these devices may improve functionality at the office, but they hurt resources in terms of space, energy, and money.
The Branch WAN Infrastructure
A typical branch network consists of multiple point products, such as routers, firewalls, wireless APs, switches, IDS/IPS, Antiviruses, etc. These appliances have overlapping functionality and often come from different vendors. Having lots of equipment from different vendors creates a few challenges at the remote branch, such as:
WAN Branch Challenges?
- Operational Expenses and Capital Expenses.
- Space and Energy.
- Complex management and operation.
The branch network is an essential element of the IT infrastructure for most distributed organizations, such as telecoms, service providers, retail and chain stores, enterprises, etc. This network should be responsible for providing secure, reliable, and excellent communication back and forth to all the remote offices and the headquarters. On top of that, it should support the growing demand for different devices, services, and applications.
Software-Defining the Branch
To improve the WAN, engineers started to “software-define” the network (SDN) and add virtualization (NFV) to the WAN, which resulted in the new SD-WAN deployments.
The SD-WAN introduced a network overlay which optimized network uptime, bandwidth, provided application and services prioritization, improved the security, and provided a centralized management system. The SD-WAN also allowed efficient consumption of all the apps and services hosted at the Cloud.
The SD-WAN has become the most basic use case for NFVi. It can be deployed as an overlay network over an existing IT infrastructure, and all their end-points can be managed from the Cloud. SD-WAN can also be hybrid and deliver connectivity to the headquarters via different methods, such as through public Cloud, MPLS, or LTE.
Now, the SD-WAN architecture is being explicitly addressed according to the requirements of branch offices. The Telecoms and MSPs are beginning to transition from unique-function equipment into software applications running on a generic box at the customer’s branch, and are using hybrid SD-WANs to connect their customers.
What is SD-Branch?
SD-Branch is the next step in the evolution of branch technology. It is the approach that integrates the WAN and branch into a simplified network by combining several functions into a unique software-based platform. The SD-Branch can be defined as a single piece of hardware that can support SD-WAN, integrates security, provides an internal network (WiFi or Ethernet), and can be managed from a central place.
The SD-Branch virtualizes almost all known branch connectivity, including networking and security. To work properly, the SD-Branch platform requires a range of IP services that provides the branch and WAN architecture. All layers and services of the network will need to be integrated and virtualized.
The SD-Branch should be composed of the following parts:
- A set of VNFs to deliver networking and security services.
- An integrated and virtualized IP services platform.
- A centralized console for management.
What are the Benefits of SD-Branch?
- Operational Agility: The IT department at the headquarters can quickly spin-off and provision a new network branch for a new office location. The branch is deployed in a single piece of hardware in their premises and the headquarters is capable of managing it from a central location.
- Reduce OpEx and CapEx. The SD-Branch will reduce Operational Expenses (OpEx) because there will be no need to send trained personnel on-site, and everything is managed through a single and central console. The SD-branch will also reduce the Capital Expenses (CapEx), because all the specialized hardware will be reduced to one, saving money in appliances, energy, space, and installation.
- Customize Services and Applications. Thanks to software virtualization, each branch can receive unique and tailored services to match the requirements of the network. With the same box deployed on Branch A as with Branch B, services and capacity can be customized according to the office’s demand. An office might require a reduction or increase in size or services which can be done through the central management.
- Minimalistic and Flexible. Having a single device at the branch will help to declutter, have a smaller hardware footprint, and be more flexible. This approach is perfect for space-constrained offices or for branch offices that are re-located constantly.
Why Telecoms are Software-Defining The Branch?
Software-defining the branch enables Telecoms or Managed Services Providers (MSPs), go beyond the SD-WAN connectivity and introduce software to the full stack of services at the edge. With an SD-Branch, the providers can now offer a distributed services platform to solve sophisticated customer’s challenges.
The SD-Branch will be capable of deploying multi-tenant software on-premises through service definitions and different deployment processes.
The SD-Branch offers the following capabilities to the service providers:
- A cloud-native services platform.
- Consolidation to security and network access.
- Distributed and virtualized services.
- Centralized management.
- Deployment through whitebox appliances.
Using a vCPE to Deploy The SD-Branch
The goal of the SD-Branch is to provide a broad set of networking (SD-WAN, routing, switching, WiFi, Ethernet) and security (next-gen firewall, Antivirus, IDS, IPS, VPN, etc) functions with a central management dashboard and run on a low-cost appliance, such as a whitebox.
The vCPE is considered one of the most popular use cases for NFV. With the vCPE (virtual Customer Premises Equipment), you can run several functions (VNFs), such as routing, VPN, SD-WAN, IPS, vRAN, etc., on the same piece of hardware. You can also host countless third-party VNFs, that perform other non-traditional functions.
Using a vCPE for SD-Branch strengthens the ability to software-define the entire stack of applications and services used at the branch. Telecoms and MSPs can quickly deploy a vCPE on the customer’s premises, use it as SD-Branch and solve complex WAN challenges.
The services providers will be capable of provisioning new branches instantly by deploying vCPEs that come with pre-defined templates. They will also be able to manage all of the boxes through a central multi-tenant management console. If a customer’s need for service grows, the service provider can quickly provision larger or newer resources.
An example of vCPE, are the following Lanner appliances, the NCA-1611 and NCA-4010, which can be used as a vCPE appliance for SD-Branch, and more.
With the digital transformation and adoption of the Cloud, there has been an explosion at the edge network. The branch, located at the edge, does not only need connectivity to the headquarters, but it also needs to be fast, reliable, flexible, agile, and cost-efficient.
Today, there is no longer a hard-defined WAN edge, the access network is also an edge, and in many cases, each device can be an edge. All parts of this network needing security and high throughput. The increased number and variety of IoT devices connected to this branch network offers more opportunities for hackers to try to exploit and gain access to sensitive data.
The branch network, so vital in distributed networks like Telecoms and MSPs, should be responsible for providing reliable, secured, and high-quality communication to and from the remote offices that are sitting at the edge.
Thanks to SD-WAN technology, we were able to “software-define” the branch and consolidate services, networking, and security in one box, the SD-Branch. A vCPE is a crucial element on the design of SD-Branch architecture, as it allows third-party functions to be integrated, managed centrally, and allows services and applications to be pushed from the central location.