With managed SD-WAN services hitting their stride, enterprises of all sizes have the need to connect both global and regional sites. Aryaka has built its reputation over the past decade on offering peerless connectivity for global enterprises, no matter the location, the application, or the time of the month. The end-to-end managed service combines connectivity, application optimization, security, direct multi-cloud connectivity, and visibility as part of a seamless offering. It avoids the many potential missteps of having to deploy a complex WAN on your own, or even working via a telco who may not have a great deal of expertise with the one or more SD-WAN vendors they carry.
Now, having solved the global performance hurdle, the same capabilities are now available for enterprises looking to connect regional facilities, either in conjunction with global sites or maybe not. They no longer must look to separate vendors for each deployment scenario, and in fact, some Aryaka customers have already made this jump. Note that the reverse, where an SD-WAN vendor with regional expertise attempts to move upstream to global deployment, is not that simple to implement due to architecture limitations that may span connectivity, orchestration, performance, and the ability to offer a seamless global service.
This paper describes how an enterprise may leverage Aryaka’s regional offer in conjunction with HybridWAN technology to optimize connectivity for different application profiles. The example enterprise is based in the EU, though the approach is valid for any region.
Aryaka’s SmartServices is an umbrella description for the company’s integrated set of managed SD-WAN offerings. These services include connectivity, security, multi-cloud access, network and application optimization, visibility, and a global foundation that includes service nodes, SD-WAN edge devices, dedicated transport, and orchestration. We look at these services in detail a bit later.
Tightly coupled with the SmartServices are two deployment options, global and regional. These are just as one would imagine, with a global offer crafted for the international connectivity needs of enterprises that span multiple regions. For example, a manufacturing company may have offices or plants in North America, the EU, and Asia. Alternatively, a more localized company may be best suited by the regional offer, confining traffic to a single region or country. Here, a company based out of the EU may have no need for traffic internal to the enterprise leaving the EU, or if they do, the number of sites may be limited. The regional offer also introduces some topology flexibility, detailed below.
Associated with both global and regional offers is HybridWAN, a technology that permits traffic from a branch to transit either the Aryaka private core, or alternatively, a broadband internet connection. As an example, more mission-critical traffic follows the SLA-driven core, while less critical traffic traverses the less QoS-assured internet path. It is up to enterprise IT to select which traffic, and when, follows either path. The HybridWAN architecture aligns well with what many are calling an ‘internet-first’ approach, and this of course depends upon the quality of the internet service in a given region. The technology also supports MPLS-only sites where required, and as described below, also supports more advanced services where a branch may connect directly to a cloud provider, application, or security gateway.
Introduced earlier, Aryaka SmartServices include an integrated set of service offers, optimized for either global or regional connectivity.
Both the global and regional offers leverage Aryaka SmartManage, the foundational orchestration and monitoring service. It includes Aryaka’s global network of service nodes (aka PoPs) that combined sophisticated compute, storage, routing, and switching, and very different from a simple overlay router PoP offered by some competitors. These are complemented at the edge by Aryaka Network Access Points (ANAPs), dedicated Layer 2 transport connecting the nodes, as well as Aryaka’s 24×7 NOCs and global orchestration.
Leveraging the global infrastructure is Aryaka SmartConnect, offering local, regional, and global connectivity. Under the global offer, any site may connect to any other site across the globe. In contrast, the regional offer limits connectivity to within a defined regional cluster or PoP, with an ability to define certain sites for inter-region connectivity. SmartConnect also includes bursting, high availability, supports HybridWAN as described earlier, and optionally includes Last Mile Management. Together, Aryaka SmartServices is the first true offering that bundles ISP contracting, monitoring, and troubleshooting.
Next is Aryaka SmartOptimize network and application optimization. Patented multi-segment and multi layer application optimization is by default enabled for global deployments, which we refer to as TurboNet and TurboApp respectively, while the regional offer includes network optimization and optional application optimization. In a HybridWAN environment, where some traffic traverses the private Aryaka core with guaranteed SLAs, and other traffic follows the less QoS-assured internet path, the IT manager may adjust what traffic follows either path based on real-time performance monitoring.
Aryaka SmartCloud capabilities are much the same across both deployment options, with the exception that sites connected to the Aryaka private core are more likely to use direct connectivity co-located with Aryaka PoPs, vs IPsec tunnels directly from the branches.
Both offers also permit selection of the most appropriate security architecture. Aryaka SmartSecure offers flexibility between edge and cloud-based security and includes NFV-based branch security where required. This includes the branch forwarding all traffic leaving the enterprise WAN to a cloud-based security gateway, or alternatively, the deployment of a VNF-based virtual firewall.
The final Aryaka service is SmartInsights, offering self-service configuration and visibility for all SmartServices. Anchored by the MyAryaka cloud portal, the IT manager may quickly check the status and performance of applications, may configure the different security and cloud services, and may verify SLAs. The portal delivers a true converged view of the enterprise’s services, a capability that overlay + underlay networks can’t match and offering ease of SLA validation and troubleshooting.
In the scenario below, an enterprise has a number of branches scattered across West and Central Europe, with the majority of in-country traffic remaining local. Their HQ is in Frankfurt, and all traffic remains in the EU (+ the UK). They create clusters of in-country branches, homed to hub sites which are ANAPs used for aggregation. As an example, traffic from a branch in Seville and destined to Barcelona will traverse only the Madrid hub vs having to backhaul to the Amsterdam Aryaka PoP (green arrows, below). Typically, customers will form clusters based on the most appropriate hub and spoke topology, with the hub selected automatically via the MyAryaka configuration wizard. Customers may of course override this default. In addition, the customer may select sites to communicate directly with one another – spoke-to-spoke – even across clusters (yellow arrows, below).
Looking at the topology in more detail, both Amsterdam and Frankfurt support aggregation hubs, while all branches in the UK are homed directly to the London PoP. For IaaS/PaaS as well as SaaS applications, a given branch may forward traffic directly to the public cloud, though a better architecture is to rely on Aryaka’s pre-wired cloud connectivity from the PoP (brown arrows, below). This selection, along with which applications traverse the Aryaka backbone and which follow the internet path, is totally under the control of the enterprise.
Lastly, security also follows flexible paths, depicted by red arrows, below. A branch may forward traffic directly to a cloud security gateway, or alternatively, to the hub, which could also forward in the same way, or may also support a virtual firewall. In this case, we don’t expect the smaller branches to implement this VFW capability, but it is of course possible.
The Aryaka architecture enables very robust failover scenarios. Data connections are depicted as ‘D,’ while control connections are ‘C.’ Consider the figure below, with two branches connected via the internet to the hub site. Control connections from the PoP exist to the hub and the branches. Now, if the data connection fails from a branch to the hub, traffic may piggyback on the existing control connection between the branch and the PoP. Alternatively, if for some reason the data connection from the hub to the PoP fails, traffic may now follow the path from the hub to one of the branches, and then to the PoP. The objective is to never be in a scenario where any edge loses connectivity.
Consider this real-life example of an Aryaka customer, with offices and data transfers confined to North America. Their 60+ U.S. sites are connected to one of seven North American Aryaka PoPs and they rely heavily on the public cloud. As the company has grown, so has their application use and, in turn, their bandwidth requirements by 2-3X.
The company considered their options. One potential path forward was to move to a DIY model in which they would need to manage their WAN. But the company did not have the headcount or spend to support the hiring of the additional IT staff hiring needed. Another vendor had proposed an overlay managed service that relied on Layer 3 interconnects, but the service SLAs and visibility offered were not on-par with the Aryaka managed service.
Ultimately, the company recognized that Aryaka SmartServices offered the best solution: a managed service for ease of use with guaranteed SLAs for optimal application performance. As an enterprise with a history of multiple acquisitions and plans for continued growth through acquisitions, this is especially key in that Aryaka can offer the quick integration of new locations, ensuring immediate productivity.
Additionally, the customer plans to migrate all data and applications to the cloud and Aryaka’s ability to provide distributed cloud connectivity enables them to access cloud-based applications and data such as Office 365 with minimum latency.
Other capabilities offered by Aryaka include the ability to burst across the connections based on dynamic applications requirements, as well as application acceleration for the customer’s CIFS traffic. Over time, we expect the customer to shift additional traffic to the broadband internet connections, taking into account both application criticality as well as based on expected growth.
Aryaka, the Cloud-First WAN and SASE company, and a Gartner “Voice of the Customer” leader, makes it easy for enterprises to consume network and network security solutions delivered as-a-service for a variety of modern deployments. Aryaka uniquely combines innovative SD-WAN and security technology with a global network and a managed service approach to offer the industry’s best customer and application experience. The company’s customers include hundreds of global enterprises including several in the Fortune 100.