×

The Cloud-First WAN

The Cloud-First WAN is a new approach to the enteprise WAN designed to meet the needs of the cloud-first enterprise. The new offerings cover areas of connectivity, application acceleration, cloud, security and analytics, all brought together seamlessly, and as-a-service.

Cloud-First WAN Philosophy

The cloud-first paradigm is a new approach to the enterprise WAN. It isn’t just about public clouds, but rather an overall experience predicated on business agility, operational simplicity, and consistent multi-cloud deployments, all while leveraging the cloud consumption model. Think about the way computing has evolved from the enterprise owning, operating, and maintaining its applications and infrastructure in an on-premises data center to a cloud consumption model. In the same way, the cloud-first WAN experience evolves the legacy networking model to a network consumption model in which the enterprise and the network provider share responsibility for the WAN applications and infrastructure.

At the same time, the consumption model simplifies service delivery, transforming it from a manual process requiring a great deal of training to an automated process that many term “intent-driven.” The cloud-first WAN experience delivers predictable end-to-end performance consumed “as-a-service” for an amazing user and application experience.

01.

The consumption model simplifies service delivery, transforming it from a manual process requiring a great deal of training to an automated process that many term “intent-driven.” The cloud-first WAN experience delivers predictable end-to-end performance consumed “as-a-service” for an amazing user and application experience. Consumption models with “as-a-service” subscription offerings drive agility and time to market allowing IT and infrastructure teams to rapidly adapt to the needs of the business.

02.

Operational simplicity comes from our best-of-breed managed services that allow our customers to radically simplify complexity and distribute simplicity.

03.

The multi-cloud ready architecture offers choice to bring any application to any cloud, connecting public cloud providers, SaaS providers, or partner clouds, delivering consistency of experience.


  • 01/03

    The consumption model simplifies service delivery, transforming it from a manual process requiring a great deal of training to an automated process that many term “intent-driven.” The cloud-first WAN experience delivers predictable end-to-end performance consumed “as-a-service” for an amazing user and application experience. Consumption models with “as-a-service” subscription offerings drive agility and time to market allowing IT and infrastructure teams to rapidly adapt to the needs of the business.

  • 02/03

    Operational simplicity comes from our best-of-breed managed services that allow our customers to radically simplify complexity and distribute simplicity.

  • 03/03

    The multi-cloud ready architecture offers choice to bring any application to any cloud, connecting public cloud providers, SaaS providers, or partner clouds, delivering consistency of experience.

Adopting a Platform Approach

While traditional SD-WAN vendors take a box-centric view with little accountability for the end-to-end global experience, traditional service providers stitch together technology offerings from multiple vendors and consequently must compromise on delivering a seamless experience. The path forward is to take a platform approach that leverages a unified services architecture that is extensible and reaches end-to-end. This platform must offer the service sophistication that enables the suite of connectivity, cloud, security, and optimization services — services that are deployed in a SaaS model to all customers and that are easily enhanced. As one might imagine, the sophistication of the service nodes that enable these services is an order of magnitude in capability beyond simple transport points of presence (PoPs). This platform approach, whether deployed regionally or globally, must also leverage a sophisticated orchestration engine that offers this with a visibility and control into the end-to-end deployment — the first-, middle-, and last-miles. All the hardware in the world will be ineffective if the SD-WAN offering results in a piecemeal operational model. End-to-end accountability requires this platform approach. A fully managed cloud-first WAN offers this with a private global Layer 2 core and numerous 'PoPs' across the globe.

Elements Of a Cloud-First WAN

CONNECTIVITY

Private direct connection is Aryaka’s recommended solution for connecting branch offices to applications hosted on Amazon Web Services (AWS), Microsoft Azure or Oracle Cloud.For enterprises operating in multiple regions with traffic traversing the WAN core, a global deployment provides the required connectivity. Some traffic may optionally leverage a Hybrid WAN capability for site-to-site direct internet access (DIA) connectivity. Enterprise connectivity requirements are driven by the needs of their applications. Some applications can be best served by increasing bandwidth. Others are latency and jitter sensitive and need more predictable traffic engineering and optimization. Bandwidth costs also vary from one region to another as does the type of connectivity, whether it’s the last mile or the core. Enterprises need options to address the different needs of their applications based on cost, application performance, and service-level agreement (SLA) considerations. For the best performance, enterprises require flexible connectivity based on application performance, cost, and accessibility without having significant management overhead. For example, can achieve regional or global connectivity over a guaranteed private core or a hybrid mix of internet and private links.

BRANCH OR DATA CENTER TO CLOUD

For enterprises operating primarily in a single region — defined as a regional cluster or point of presence (PoP) — with some traffic optionally carried over the network core to another region, a regional deployment is the right option. Here, most traffic will leverage a hybrid WAN capability offering site-to-site DIA connectivity. Connectivity also extends to the last mile, a part of the network sometimes glossed over or left as an afterthought. But the last mile — procurement, provisioning, monitoring, and troubleshooting— can make or break the utility of an SD-WAN service because it is across these broadband internet links that the SD-WAN provider has less control.

SECURITY

The cloud-first WAN delivers integrated security capabilities in a platform architecture that includes features such as cloud security, micro-segmentation, secure remote access, and edge firewalls. In a typical enterprise’s hybrid architecture, security may consist of various point security solutions in different physical and virtual form factors at the headquarters, the data center, the branch, and in the cloud — as well as security solutions to protect remote workers. The enterprise should have the flexibility to set their security parameters, as well as the option to use their existing security vendor as part of their SD-WAN deployment. For example, an enterprise may have a combination of physical and virtual appliances at larger sites and select smaller sites. In other locations, the enterprise may hand off traffic to a cloud security gateway. The key is flexibility, and the understanding that the overall security posture of the enterprise is dependent on its weakest link. The addition of multiple or less capable security vendors may compromise the enterprise’s overall security posture. Lastly, remote employees must have secure access to enterprise resources, as well as access to cloud-based applications, without compromising security. This is the “SD-WAN branch of one,” and the same policies and rigor implemented across the core must extend to your remote workers. Cloud-native security gateways address this requirement. Figure below illustrates the security requirements for the enterprise WAN.

BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

APPLICATION-ACCELERATION

application performance requires a holistic, cloud-first WAN approach that accounts for foundational aspects of technology such as:

Capacity: Optimal capacity must be provided for agility and scalability.

Availability: Superior availability is achieved through a combination of SLAs, built-in redundancy, and other redundancy options.

Security: Security, including third-party integrations, must be part-and-parcel of the solution.


Though important, these foundational aspects alone are not enough. Building on this foundation, an effective cloud-first WAN solution must also address the following:

»» Quality of service (QoS): Customers should be able to easily flag and prioritize their applications and traffic on the network with intuitive classifications like transactional, real-time, productivity, critical, and best effort.

»» Topology: Users should connect to SaaS applications in a full mesh architecture regardless of where the applications reside, rather than backhauling traffic through multiprotocol label switching MPLS headend locations and data centers, which further increases latency and unpredictability.

»» Application routing: Connectivity to SaaS applications like Microsoft 365, Salesforce, or WebEx is a challenge. Traditional connectivity solutions to access SaaS applications depend on the public Internet, which can be slow and unreliable in places.

»» Application acceleration and optimization: Data de-duplication, compression, bandwidth management (QoS, prioritization), Secure Sockets Layer (SSL) acceleration, and other innovations accelerate and optimize application performance in the cloud-first WAN.

MANAGEMENT & ORCHESTRATION

The essence of a “software-defined” SD-WAN is centralized orchestration. Not every forwarding and policy decision must be made centrally. On the contrary, orchestration maintains visibility over the end-to-end deployment, from the first- and last-mile to the service nodes and the SD-WAN edge appliances. Changes to an enterprise’s topology, including the addition of new sites, are seemingly instantaneous, requiring hours or days instead of weeks and months. Besides provisioning, any anomalies across the enterprise’s SD-WAN may be immediately identified and corrected. Looking to the platform concept (dummies), to be truly effective, the orchestration must have visibility into not only the WAN infrastructure itself, but also the additional security, multi-cloud, and optimization services consumed by the enterprise as part of the managed SD-WAN.

VISIBILITY

End-to-end visibility of the entire WAN is a critical component of the cloud-first WAN. Traditional MPLS WAN architectures augmented with piecemeal DIA connections from a multitude of local Internet service providers (ISPs) and telco carriers, as well as various service bolt-on components, are unable to provide this “single pane of glass” visibility. This may result in individual visibility silos and blind spots. Without complete visibility, network teams cannot effectively manage performance and bandwidth utilization, troubleshoot into the network issues, and secure the network. It’s like trying to run a network with one arm tied behind your back and one eye closed!

A fully managed cloud-first WAN enables end-to-end visibility through an intuitive web-based portal that provides real-time contextual insight into your network (the “state of the WAN”) and applications and a wide range of functions to speed up service delivery.

Elements Of a Cloud-First WAN

CONNECTIVITY

For enterprises operating in multiple regions with traffic traversing the WAN core, a global deployment provides the required connectivity. Some traffic may optionally leverage

SECURITY

The cloud-first WAN delivers integrated security capabilities in a platform architecture that includes features such as cloud security, micro-segmentation, secure remote access, and edge

×

CONNECTIVITY

For enterprises operating in multiple regions with traffic traversing the WAN core, a global deployment provides the required connectivity. Some traffic may optionally leverage a Hybrid WAN capability for site-to-site direct internet access (DIA) connectivity. Enterprise connectivity requirements are driven by the needs of their applications. Some applications can be best served by increasing bandwidth. Others are latency and jitter sensitive and need more predictable traffic engineering and optimization. Bandwidth costs also vary from one region to another as does the type of connectivity, whether it’s the last mile or the core. Enterprises need options to address the different needs of their applications based on cost, application performance, and service-level agreement (SLA) considerations. For the best performance, enterprises require flexible connectivity based on application performance, cost, and accessibility without having significant management overhead. For example, can achieve regional or global connectivity over a guaranteed private core or a hybrid mix of internet and private links.

BRANCH OR DATA CENTER TO CLOUD

For enterprises operating primarily in a single region — defined as a regional cluster or point of presence (PoP) — with some traffic optionally carried over the network core to another region, a regional deployment is the right option. Here, most traffic will leverage a hybrid WAN capability offering site-to-site DIA connectivity. Connectivity also extends to the last mile, a part of the network sometimes glossed over or left as an afterthought. But the last mile — procurement, provisioning, monitoring, and troubleshooting— can make or break the utility of an SD-WAN service because it is across these broadband internet links that the SD-WAN provider has less control.

×

SECURITY

The cloud-first WAN delivers integrated security capabilities in a platform architecture that includes features such as cloud security, micro-segmentation, secure remote access, and edge firewalls. In a typical enterprise’s hybrid architecture, security may consist of various point security solutions in different physical and virtual form factors at the headquarters, the data center, the branch, and in the cloud — as well as security solutions to protect remote workers. The enterprise should have the flexibility to set their security parameters, as well as the option to use their existing security vendor as part of their SD-WAN deployment. For example, an enterprise may have a combination of physical and virtual appliances at larger sites and select smaller sites. In other locations, the enterprise may hand off traffic to a cloud security gateway. The key is flexibility, and the understanding that the overall security posture of the enterprise is dependent on its weakest link. The addition of multiple or less capable security vendors may compromise the enterprise’s overall security posture. Lastly, remote employees must have secure access to enterprise resources, as well as access to cloud-based applications, without compromising security. This is the “SD-WAN branch of one,” and the same policies and rigor implemented across the core must extend to your remote workers. Cloud-native security gateways address this requirement. Figure below illustrates the security requirements for the enterprise WAN.

BRANCH OR DATA CENTER TO CLOUD OVER IPSEC

APPLICATION-ACCELERATION

Software-as-a-Service (SaaS) application performance is not just a matter of adding software-defined wide-area networking (SD-WAN) equipment into the existing network. Ensuring good

MANAGEMENT & ORCHESTRATION

The essence of a “software-defined” WAN is centralized orchestration. Not every forwarding and policy decision must be made centrally. On the contrary, orchestration maintains

×

APPLICATION-ACCELERATION

Software-as-a-Service (SaaS) application performance is not just a matter of adding software-defined wide-area networking (SD-WAN) equipment into the existing network. Ensuring good application performance requires a holistic, cloud-first WAN approach that accounts for foundational aspects of technology such as:

Capacity: Optimal capacity must be provided for agility and scalability.

Availability: Superior availability is achieved through a combination of SLAs, built-in redundancy, and other redundancy options.

Security: Security, including third-party integrations, must be part-and-parcel.


Though important, these foundational aspects alone are not enough. Building on this foundation, an effective cloud-first WAN solution must also address the following:

    »» Quality of service (QoS): Customers should be able to easily flag and prioritize their applications and traffic on the network with intuitive classifications like transactional, real-time, productivity, critical, and best effort.

    »» Topology: Users should connect to SaaS applications in a full mesh architecture regardless of where the applications reside, rather than backhauling traffic through multiprotocol label switching MPLS headend locations and data centers, which further increases latency and unpredictability.

    »» Application routing: Connectivity to SaaS applications like Microsoft 365, Salesforce, or WebEx is a challenge. Traditional connectivity solutions to access SaaS applications depend on the public Internet, which can be slow and unreliable in places.

    »» Application acceleration and optimization: Data de-duplication, compression, bandwidth management (QoS, prioritization), Secure Sockets Layer (SSL) acceleration, and other innovations accelerate and optimize application performance in the cloud-first WAN.

×

MANAGEMENT & ORCHESTRATION

The essence of a “software-defined” SD-WAN is centralized orchestration. Not every forwarding and policy decision must be made centrally. On the contrary, orchestration maintains visibility over the end-to-end deployment, from the first- and last-mile to the service nodes and the SD-WAN edge appliances. Changes to an enterprise’s topology, including the addition of new sites, are seemingly instantaneous, requiring hours or days instead of weeks and months. Besides provisioning, any anomalies across the enterprise’s SDWAN may be immediately identified and corrected. Looking to the platform concept (dummies), to be truly effective, the orchestration must have visibility into not only the WAN infrastructure itself, but also the additional security, multi-cloud, and optimization services consumed by the enterprise as part of the managed SD-WAN.

VISIBILITY

End-to-end visibility of the entire WAN is a critical component of the cloud-first WAN. Traditional MPLS WAN architectures augmented with piecemeal DIA connections from a multitude of

×

USE CASE 5
VISIBILITY

End-to-end visibility of the entire WAN is a critical component of the cloud-first WAN. Traditional MPLS WAN architectures augmented with piecemeal DIA connections from a multitude of local Internet service providers (ISPs) and telco carriers, as well as various service bolt-on components, are unable to provide this “single pane of glass” visibility. This may result in individual visibility silos and blind spots. Without complete visibility, network teams cannot effectively manage performance and bandwidth utilization, troubleshoot into the network issues, and secure the network. It’s like trying to run a network with one arm tied behind your back and one eye closed!

VPC TO VPC INTER REGION

A fully managed cloud-first WAN enables end-to-end visibility through an intuitive web-based portal that provides real-time contextual insight into your network (the “state of the WAN”) and applications and a wide range of functions to speed up service delivery

Additional Resources

2021 SD-WAN Managed Services Survey

In this in-depth 2021 analyst report, Futuriom surveys IT professionals and identifies seven key trends in the SD-WAN Managed Services market.

What IT Leaders Should Know About the SD-WAN Market

Read this white paper to understand industry analysts’ predictions about the growth of the SD-WAN market and why they matter to IT leaders preparing for digital transformation initiatives.

Aryaka Global SD-WAN:
Company Brief

Aryaka’s global SD-WAN provides fast, reliable, secure, and scalable connectivity, and application acceleration to globally distributed enterprises.

Additional Resources

  • 2021 SD-WAN Managed Services Survey

    In this in-depth 2021 analyst report, Futuriom surveys IT professionals and identifies seven key trends in the SD-WAN Managed Services market.

  • What IT Leaders Should Know About the SD-WAN Market

    Read this white paper to understand industry analysts’ predictions about the growth of the SD-WAN market and why they matter to IT leaders preparing for digital transformation initiatives.

  • Aryaka Global SD-WAN:
    Company Brief

    Aryaka’s global SD-WAN provides fast, reliable, secure, and scalable connectivity, and application acceleration to globally distributed enterprises.