dn5865 achieving agility with cloud uc - success depends on … · achieving agility with cloud uc...
TRANSCRIPT
N e m e r t e s R e s e a r c h G r o u p I n c . w w w . n e m e r t e s . c o m 1 - 8 8 8 - 2 4 1 - 2 6 8 5
AchievingAgilitywithCloudUCSuccessDependsonEvolvingtheNetworkFormorethan15yearstheenterpriseWANhasremainedlargelyunchanged:MPLSastheprimarymeansofbranchconnectivity,higherspeedservicesatthecore,andInternetaccessonlythroughalimitednumberofcentralizedaccesspoints.Asapplicationsandcommunicationsshiftstothecloud,networksmustchange.Asaresult,SD-WANanddirectcloudconnectservicesareemergingtoenableorganizationstoreducecosts,bettersupportcloud-basedapplicationsincludingUnifiedCommunicationsasaService(UCaaS)andimprovesecurityandagility.
Winter17
08
IrwinLazarVicePresident&ServiceDirectorJohnBurkeCIOandPrincipalResearchAnalystNemertesResearch
CompassDirectionPoints:± Applicationsarerapidlyshiftingtothecloud:Enterprise
demandforgreateragilityandtheviewthatcloudismoresecurethanon-premisesaredrivingincreasingcloudapplicationandplatformadoption.
± RevisittheWAN:Networksoptimizedforinternaldatacenterconnectivitydon’tcutitinanincreasinglyPaaS/IaaS/SaaSworld.
± EvaluateemergingSD-WANoptions:OrganizationsareleveragingSD-WANtoreducecosts,increaseresiliencyandimprovecloudapplicationperformance.
± DirectcloudconnectoptimizesperformanceofUCaaS:EspeciallyforsiteswheredirectInternetaccessisn’tfeasible.
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN5865
2
TableofContents
TABLEOFFIGURES 3
EXECUTIVESUMMARY 4
THEISSUE:BUSINESSNEEDSUCAAS,UCAASNEEDSMORE 5
THESHIFTTOTHEUCAAS 5
IT’STIMEFORANEWWAN 5THECLOUDREQUIRESANEWWANBASEDONSIMPLICITYANDINTELLIGENCE 7DIRECTINTERNETACCESS 7ENTERSD-WAN 8
TYPESOFSD-WAN 9OVERLAYSD-WAN 9IN-NETSD-WAN 10DIRECTCLOUDCONNECT(DCC) 10WAN-CLOUDEXCHANGES(WAN-CX) 11
MAKINGTHEBUSINESSCASEFORSD-WAN 11BOTTOMLINEBENEFITS:COSTSAVINGS 11TOP-LINEBENEFITS:BUSINESSAGILITY 12TOOMUCHRISK,ORRISKREDUCED? 13GLOBALWAN,REGIONALSERVICES,ANDSD-WAN 13
CONCLUSIONSANDRECOMMENDATIONS 13
©NemertesResearch2017!www.nemertes.com!888-241-2685!DN3661 3
TableofFiguresFIGURE1:ISCLOUDMOREORLESSSECURETHANON-PREMISES?...................................................................6FIGURE2:THECURRENTDOMINANT3-TIERWANMODEL...................................................................................6FIGURE3:FROMTRADITIONALWANANDBACKHAULTOINTERNET-ENABLEDBRANCHES..............7FIGURE5:OVERLAYSD-WANARCHITECTURE.............................................................................................................9FIGURE6:IN-NETSD-WANARCHITECTURE................................................................................................................10FIGURE7:SD-WANCOSTSAVINGSEXAMPLE..............................................................................................................12
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN5865
4
ExecutiveSummaryBusinessesarerapidlymovingtothecloudfortheircommunicationsandcollaborationneeds,especiallywhentheywanttodeliveraconsistentsetofservicestostaffanywhereintheworldwithoutthehasslesofmaintainingaPBXoftheirown.UnifiedCommunicationsasaService(UCaaS)strivestomeetbusinessneedsforfeaturesandperformance,butachievingasuccessfulrolloutmeansprovidinganetworkthatdelivershighavailability,highperformance,andtheabilitytoproactivelyaddressconditionsthatcanhurtcloudcommunicationsandcollaboration.Threeoptionsarekeytore-architectingtheWANintheageofcloud:Software-DefinedWAN(SD-WAN),directcloudconnect,andWAN-CloudExchanges(WAN-CX).SD-WANpoolsbranchconnectivityandintelligentlymanagestrafficacrossallavailablelinks,increasingresilienceandimprovingperformancewhilereducingmanagementcosts.DirectcloudconnectbypassestheInternetforcommunicationswithaspecificcloudserviceproviderbylinkingtheenterpriseWANedgetothecloudprovider’sedgedirectly.WAN-CXusesanexchangeapproachtodirectconnection:enterprisesconnecttoanexchange,thenspinupvirtuallinksthroughthatconnectiontoanycloudserviceproviderontheexchange.Connectingenterprisenetworkstocloudserviceprovidersthroughdirectconnect,SD-WAN,orWANexchangeservicesofferstheopportunitytoguaranteehighqualityapplicationservicedeliveryaswellastoreducecostsbyleveraginglower-costconnectivityoptions,globally.ITleadersshould:
! Reevaluatetheirwideareanetworkstrategyinconjunctionwiththeirplanstoadoptcloudapplicationandplatformservices
! ConsidertheabilityofSD-WANtoreduceoperatingcosts,enablegreaterflexibility,andoptimizecloud-basedtrafficflows
! Evaluatedirectcloudconnectofferingstojoinenterprisedatanetworkswithcloud-basedservicestoprovidepredictableperformance,resiliency,andend-to-endperformancemanagementforcloud-basedapplications,especiallyUCaaS
! EnableflexibilitytoleveragevariousSD-WANapproacheswhereitmakessense;avoidbeinglockedintoasingle,globalapproach.
©NemertesResearch2017!www.nemertes.com!888-241-2685!DN3661 5
TheIssue:BusinessNeedsUCaaS,UCaaSNeedsMoreBusinessesarerapidlymovingtothecloudfortheirUnifiedCommunications(UC)andcollaborationneeds,especiallywhentheywanttodeliveraconsistentsetofservicestostaffanywhereintheworldwithoutthehasslesofmaintainingaUCplatformoftheirown.LeveragingUnifiedCommunications-as-a-Service(UCaaS)enablesorganizationstorapidlydeploynewfeaturesandcapabilities,andtooffloadresponsibilityforsecuritytoasoftwareserviceprovider.UCaaSprovidersstrivetomeetbusinessneedsforfeatures,reliability,andperformance,butachievingasuccessfulrolloutmeansprovidinganetworkthatisoptimizedforSaaS,thatdelivershighavailability,highperformance,andtheabilitytoproactivelyaddressconditionsthathurtcloud-basedUCandcollaboration.
TheShifttotheUCaaSThemarchtothecloudismovingahead—andaccelerating.Nemertes’2016-17Cloud,DataCenterandSD-WANbenchmarkandpreviousstudiesfoundthat:
• 75%ofcompaniesarenowusingpublicInfrastructureasaService• NearlyhalfareusingPlatform-as-a-Service• SaaScomprisesapproximatelyaquarterofthetypicalenterprisesetof
applications.Atthesametime,nearly40%oforganizationsareusingorplanningtouseUnifiedCommunicationsasaServicetoshifttheirtelephony,messaging,andconferencingapplicationstothecloud.ITleaderscitetheagilitythatcloudofferstosupportrapidlychangingbusinessconditions,andtotakeadvantageofnewcapabilitiesastheirprimaryjustificationforshiftingtocloud.Perhapsmoreimportantly,nearly45%saythattheyseecloudservicesasmoresecurethanon-premisesplatformsthankstotheabilityofcloudproviderstofocusresourcesonsecurity.(PleaseseeFigure1.)Greaterreliancetheclouddrivestheincreasinglycommonneednotjustforrock-solidreliabilityandhighthroughput,butalsoforapplicationintelligenceinthenetwork.Anintelligentnetworkpreserves—andimproves—performanceforbusiness-criticalapplications.
It’sTimeForaNewWANFormostofthelastdecadeIThasreliedonathree-tierWANarchitectureforconnectingofficelocationswithapplicationshousedincorporatedatacenters.(PleaseseeFigure2.)
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN5865
6
Figure1:IsCloudMoreorLessSecurethanOn-Premises?
Thisarchitectureisillsuitedtothetransitiontocloud.Whereasinthepastmosttrafficstayedontheenterprisenetwork,today,thankstogrowingadoptionofcloud-basedapplications,mosttrafficflowsarebetweenend-userdevicesandapplicationseitherrunningoninfrastructure/platform-as-a-servicehostedinthird-partydatacenters,ordeliveredasasoftware-as-a-service.
Figure2:TheCurrentDominant3-TierWANModel
Why More Secure? • “Can’t keep up with
changing regulatory / compliance / threat environment”
• “Major providers invest more than we can”
Data Center
Optical, Carrier Ethernet
Internet, Satellite, broadband wireless
MPLS, Carrier Ethernet, Leased Lines
Data Center
Offices
Offices
Offices
Offices
Remote Site Remote Site
©NemertesResearch2017!www.nemertes.com!888-241-2685!DN3661 7
TheCloudRequiresaNewWANBasedonSimplicityandIntelligenceOrganizationscontinuetoincreasetheirnumberofphysicallocations,oftenbybreakinguplargeonesintomultiplesmallerones,orbyextendingapplicationsintothehomeviatelework.Emerging,cloud-optimizedWANapproachesincludeDirectInternetAccess,andSD-WAN.
DirectInternetAccessReplacingMPLSwithdirectInternet-connectedofficeshasemergedasawayforITtodecreasenetworkspendwhileincreasingbandwidthandavoidingbackhauloftrafficdestinedfortheInternet.WhenusingUCaaS,Internet-connectedbranchescanimproveperformancebyreducinglatencyassociatedwithbackhaulingInternet-boundtrafficacrosstheWAN,andcanfurtherreducecostsbyeliminatinglocalloopsorSIPtrunksforPSTNaccess.Offloadingsomeorallsuchtraffictolower-costbranchInternetaccessreducesoravoidsloadsonhigh-costWANlinks(andtherebyreducesWANperformancechallenges,aswell),reducesloadsonfirewallsandothersecuritysystemsinthedatacenter,freesupdatacenterInternetbandwidth,andcanevenreduceoverallvulnerabilitytodenial-of-serviceattacksagainstthedatacenters(andotherincidents)bymakingitpossibleformorepeopletogetmoredonewithoutusingdatacenterservices.Internet-enabledbranchescomeintwoflavors—brancheswithdirectInternetaccesssupplementingdedicatedWANlinks,andbrancheswithInternetlinksonly—withvariationsoneach.(PleaseseeFigure3.)
Figure3:FromTraditionalWANandBackhaultoInternet-EnabledBranches
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN5865
8
Internet-onlybranchessubstitutecheaperbandwidthforMPLSforallbranchcommunications.Inthisscenario,connectivitycomesinthreeflavors:VPN-only,splitpipe,andInternetonly.
• VPN-onlyconnectionsusethewholeInternetlinkasanencryptedpipebacktoacompanydatacenter.
• Internet-onlyconnectionsusethewholelinktosendtrafficouttotheInternet.Tothem,thecompanydatacenterlookslikeanyotherInternetsite,andstaffinsuchsitesapproachallinternalsystemsjustastheywouldiftheywerenotonacompanynetwork:throughpublicinterfacesorviaadevice-specificVPNratherthanafull-siteVPN.
• Split-pipeinstallationsdevotesomebandwidthtoasite-to-siteVPNandtheresttodirectInternetaccess.
Asnoted,allInternet-connectedbranchapproachesofferthepotentialtoreducecostsandalignnetworkdesignmorecloselywithdatatrafficflows.ButpurelyInternet-connectedbranchesofferlittleopportunityfornetworkarchitectstooptimizeconnectionsforspecificapplications,enableinsightintoperformancebetweenbranchofficesandSaaSproviders,orenableoptimizedutilizationofmultipleInternetconnectionsormixedInternetandMPLSscenarios.
EnterSD-WANSoftware-DefinedWAN,orSD-WANoptimizesbranchconnectivitybyincorporatingseveralkeyconcepts:
• Abstractionofedgeconnectivity:Virtuallycombiningalltheconnections(InternetandMPLS)intoalocationtoappearasasinglepoolofcapacityavailabletoallservices.
• VirtualizationoftheWAN:OverlayingoneormorelogicalWANsonthepoolofconnectivity,withbehaviorandtopologyforeachoverlayWANdefinedtosuittheneedsofspecifictypesofnetworkservices,locations,orusers.
• Policy-driven,centralizedmanagement:KeytoanSD-WANistheabilitytodefinebehaviorsforanoverlayWANandhavethemimplementedacrosstheentireinfrastructurewithoutrequiring
Using Now18.2%
Planning 20169.1%
Evaluating36.4%
No Plans36.4%
SD-WAN State of Deployment
Figure4:SD-WANStateofDeployment
©NemertesResearch2017!www.nemertes.com!888-241-2685!DN3661 9
device-by-deviceconfiguration.• Flexibletrafficmmanagementforperformanceandsecurity:SD-WANscan
optimizetrafficinmanyways;foremost,theycanselectivelyroutetrafficacrosslinksbasedoncriteriasuchaslinkperformance,availability,orend-to-endperformancebetweenthebranchandtheSaaSapplicationbeingused.
InterestinSD-WANisexploding,with27%ofcompaniesusingitorplanningtohavedeployeditbytheendof2016,andanother36%evaluatingpotentialfuturedeployments.Earlyadoptersreporta95%reductionintroubleshootingtimeandanearlyequalreductioninoutages.NearlyaquarterplantouseSD-WANtoreducespendonMPLS.
TypesofSD-WANTherearetwokeywaystoprovideSD-WANservices.Nemertescallstheseoverlayandin-netSD-WAN.
OverlaySD-WANInanoverlaySD-WAN,appliancesaredeployedonanexistingroutednetwork,eitherbehindtheroutersorreplacingthemasthebranchconnectiontotheWAN.SD-WANappliancescanalsocollapsethetypicalbranchstackbyreplacingotherbranchWANappliancessuchasoptimizersandfirewalls.
Figure5:OverlaySD-WANArchitecture
MPLS Carrier Core
Branch
DC
Branch
Inte
rnet
SD-WAN
Encrypted tunnels Optionally encrypted tunnels
SD-WAN
SD-WAN
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN5865
10
Figure6:In-NetSD-WANArchitecture
In-NetSD-WANIncontrast,in-netSD-WANtiestheSD-WANfunctionalitytotheconnectivityservices.Thesefunctionsmayallbeprovidedintheserviceprovider’sedgeandcoreinfrastructure,withthebranchusingatraditionalroutertoconnecttotheprovider’snearestpointofpresence.Or,someorallfunctionsmaybeprovidedon-premisesviaappliancesunderserviceprovidermanagement;thispushesworkoutoftheserviceprovider’sinfrastructureandalsoallowsoptimizationoflast-mileconnectivityviacompression.In-netSD-WANcanbetiedtoNetworkFunctionsVirtualization(NFV),withthevariousfunctionsprovidedbyseparate,cooperatingVirtualNetworkFunctions(VNFs)dynamicallydownloadedtotheon-premisesdevice(wherethereisone)orchainedintothetrafficpathinthecarrierinfrastructure.Thisopensthepossibilityoftheon-premisesdevicebeingwhite-box/genericratherthanbespokefortheservice,decreasingvendorlock-insomewhat.
DirectCloudConnect(DCC)Ofcoursesometimes,routingtrafficovertheInternetisn’ttheidealoption.ExamplesincludewhenanorganizationwantstoadoptUCaaSbeforeithastheopportunitytotransitiontoSD-WAN,orwhereanSD-WANtransitionisn’tcost-effective.Insuchcases,thevariabilityinperformanceofanInternet-onlylink,or
SD-WAN Service Cloud
Branch Branch
DCSD-WAN
Internet
Encrypted tunnels
SD-WAN SD-WAN
PoP
©NemertesResearch2017!www.nemertes.com!888-241-2685!DN3661 11
back-haulingInternet-boundtrafficacrosstheWANcanleadtounacceptableperformancevariationfortheservices.Inresponse,majorcloudvendorssuchasAmazonandMicrosoftintroducedtheabilitytoconnectdirectlytotheirnetworkedges,withservicessuchasAmazon’sDirectConnectandMicrosoft’sExpressRoute.UCaaSprovidersaregettingintothegameaswell,forexampleRingCentralCloudConnect.Inalltheseexamples,anenterpriseextendsalinkfromanedgerouterinitsinfrastructuretoanedgerouterintheprovider’s.Thiscanbeachieveddirectlyviaacablepull,incaseswherethebusinesshassomeinfrastructureinthesamedatacenterasthecloudprovider(the“meetme”space).Oritcanbeachievedindirectly,bytheenterpriseleasingarouterportinsuchafacilityfromitsconnectivityprovider—extendingitsWANtothatrouter—andhavingtheconnectionpulledfromthere.Thirty-fourpercentofcompaniescurrentlyusedirectcloudconnect,withanother43%evaluatingpotentialfuturedeployments.DirectcloudconnectusepositivelycorrelateswithhowNemertesbenchmarkparticipantsratetheoverallsuccessoftheircloudstrategy.
WAN-CloudExchanges(WAN-CX)WAN-CXsolutionsprovideanalternativetoDCCbylettingWANserviceprovidersinterconnectanenterprisedatanetworkwithSaaSproviders.ExchangestaketheideaofDCCandintroducealayerofmediationandabstraction:businessesconnecttothe“outside”oftheexchange,andCSPsconnecttothe“inside”ofit.Throughasingleconnectiontotheexchange,customerscanspinupmultiplevirtualDCCstoanyproviderconnectedtotheexchange.WAN-CXproviderscanbetraditionalcarriersornetwork-as-a-serviceproviders;orconnectivityexchangesoperatinginsidecarrierhotelsandbigcolocation/hostingfacilitiesthatserveasathird-partyjunctionpointbetweentheWANandtheCSPs.ExamplesincludeAT&TNetBond,EquinixCloudExchange,Level3CloudConnect,andVerizonSecureCloudInterconnect.Just17%ofcompaniesareusingWAN-CXbutanother35%areevaluatingitforpotentialfutureuse.Likedirectcloudconnect,WAN-CXusealsopositivelycorrelateswithhowNemertesbenchmarkparticipantsratetheoverallsuccessoftheircloudstrategy.
MakingtheBusinessCaseforSD-WAN
BottomLineBenefits:CostSavingsFirstandforemostthebusinesscaseformostSD-WANadoptersiscostsavings,andthemainsourceofhard-dollarcostsavingsinSD-WANisthesubstitutionoflower-costInternetconnectivityinplaceofmoreexpensiveserviceslikeMPLS.SavingsareentirelydependentonthecostandavailabilityofInternetaccess,currentMPLS
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN5865
12
rates,andthescopeofthetransition.OneNemertesclientoperatinga200siteMPLSnetworkreducedexpectedWANspendby$4.9millionoverthreeyearsbyshiftingMPLStoSD-WANoverInternetservices.(PleaseseeFigure6.)
Figure7:SD-WANCostSavingsExample
Top-LineBenefits:BusinessAgilitySpeedhasvalueinbusiness.Forthegrowingnumberofbusinessesadoptinga“getclosertothecustomer”approachtotheirphysicalstorefronts,thatspeedcanbemeasuredinpartbyhowmanydaysittakestoturnupanewbranch.SD-WANcanradicallyalterthatnumber.Mostsolutionsallowfreemixtureofdifferentkindsofconnectivity.Consequently,anewlocationcanbebroughtupwithwhateverformofconnectivityismostreadilyavailable,beitcableorDSLoreven4G/LTE,andcanbecomeonlineinunderaweek,evenwithinadayofreceivingitsendpointequipment.Contrastthatwiththemoreusual30tomorethan90daystoconnectupanewbranchusingtraditionalapproaches.SD-WANalsoenablesrapiddeploymentofSaaSapplicationswithahighlikelihoodofacceptableremotesiteperformance.Forexistingbranchoffices,directcloudconnectcanofferacceptableSaaSperformancewithouttheneedtofirstprovisionInternetouttoremotebranches.
$-
$1,000,000.00
$2,000,000.00
$3,000,000.00
$4,000,000.00
$5,000,000.00
$6,000,000.00
JAN2016
FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC JAN2017
FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC JAN2018
FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
Current
ExpandwithCarrierEthernet
ExpandwithCable
©NemertesResearch2017!www.nemertes.com!888-241-2685!DN3661 13
TooMuchRisk,orRiskReduced?SD-WANsolutionscanalsocontributetothesecurityofanorganization.BecausetheymakeitpossibletomoreeasilysendtrafficdirectlytotheInternetfromthebranch,avoidingbackhaulsthroughthedatacenter,mostbuildfirewallfunctionalityaroundthat,andallallowforcarefulselectionofwhichtrafficisallowedtoflowdirect.Forexample,policycanallowtraffictoandfromOffice365orSalesforcetogodirect,whileotherweb-boundtrafficisnot.
GlobalWAN,RegionalServices,andSD-WANLastly,SD-WANcanmakeiteasierfortheorganizationtospinupnewbranchesanywheretheyneedto,globally,bydeliveringaconsistentsetofserviceswhiletakingadvantageofwhateverlocalconnectivityoptionsareavailable.In-netSD-WANcanenjoyaparticularadvantageinthisscenariobyusinganoptimizedbackbonetodeliver“middle-mile”optimizationsindependentoflocale,avoidingtheunpredictabilityofmulti-continentalInternetperformance.Bringinggreaterconsistencyaswellasbetterperformancetobothin-houseandSaaSapplicationscanboostproductivityglobally.
ConclusionsandRecommendationsEnterpriseadoptionofcloud-basedapplicationsisontherise.Asaresult,traditionalnetworkarchitecturesmustevolvetosupportchangingtrafficflowsandperformancerequirementsassociatedwithcloud-basedapplications,especiallyUnifiedCommunicationsasaService.ITleadersshould:
! Reevaluatetheirwideareanetworkstrategiesinconjunctionwiththeirplanstoadoptcloudapplicationandplatformservices.
! ConsidertheabilityofSD-WANtoreduceoperatingcosts,enablegreaterflexibility,andoptimizecloud-basedtrafficflows.
! Evaluatedirectcloudconnectofferingstojoinenterprisedatanetworkswithcloud-basedservicestoprovidepredictableperformance,resiliency,andend-to-endperformancemanagementforcloud-basedapplications,especiallyUCaaS.
! EnableflexibilitytoleveragevariousSD-WANapproacheswhereitmakessense,avoidbeinglockedintoasingleglobalapproach.
AboutNemertesResearch:NemertesResearchisaresearch-advisoryandconsultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].