Is broadband the best new WAN architecture?
"The next evolution of the WAN is the Internet. … The best way to re-architect [it] is to take the applications off the WAN," said Akamai's vice president of product marketing, Neil Cohen.
Yet enterprises still see many caveats to using the Internet for WAN connectivity, including poor security, reliability, manageability and performance issues. Yet, the ubiquity and price of the Internet make it ever more enticing for enterprises, and the technology that vendors offer is eliminating these concerns one by one.
For example, to make the Internet run faster for your corporate environment, Cohen recommended Akamai's Web application acceleration techniques as well as its cloud WAN optimization solution with Riverbed.
For resiliency and reliability, Talari developed the Mercury Adaptive Private Networking (APN) appliance, a WAN aggregation technology that can make multiple broadband and private circuits look like one pipe to the network, said John Dickey, vice president of engineering at Talari Networks. Using such technology can help enterprises make the most of multiple WAN links, whether they consist of broadband, T1 or MPLS circuits.
More on how to redesign WAN architecture
Social media traffic requires new WAN architecture
WAN video conferencing network design requirements
Best practices for WAN design and capacity planning
WAN design: What to consider
Designing a WAN infrastructure
Enterprises should not only consider WAN aggregation technology, but also WAN virtualization technology to make broadband and cloud environments more reliable, said David White, Ipanema's vice president of business development. Ipanema's Autonomic Networking System (ANS), for example, can give IT professionals "the ability to dynamically optimize applications across hybrid, public and private networks," he said -- no matter the WAN architecture.
"The real challenge is not necessarily the redesigning of your WAN; the challenge is taking advantage of the wide area -- which could be redesigning pieces of how you access the network," White said.
Session border controllers in new WAN architectures
Avaya's product line manager, Jack Rynes, made a case for session border controllers (SBCs) -- the network infrastructure devices that provide security, network defense, Quality of Service (QoS) and network connectivity, like NAT, SIP normalization, IPv4 to IPv6 translations and IP communication (including SIP) transcoding. Unlike traditional WAN optimization appliances, which have just begun handling real-time applications, session border controllers have handled them all along.
Application security must not be taken lightly, Rynes added, especially in an age where we've adopted applications with no thought for security, particularly real-time applications like VoIP. Because SBCs sit at the border of your network, they are at a prime location to detect, prevent and slow down hackers, he said.
SBCs are evolved load balancers with firewall capabilities for unified communications infrastructure, according to Frost & Sullivan analyst Michael Brandenburg. IP-based unified communications platforms, VoIP access and SIP trunking services are being broadly adopted, overtaking even TDM-based lines, and "enterprise session border controllers are the first line of defense for the unified communications architecture," he said.
In a show of hands at the session, almost every attendee indicated they were using some form of VoIP over their WAN. Rynes said that securing VoIP is unlike securing other applications: "Hackers can use your PBX to use your premium numbers -- which is why it is so important to have that SIP layer of protection."
SBCs are even more important where mobile workers access headquarters through a VPN and or mobile device, because they granularly detect SIP-based VoIP attacks. The SBC is also only one piece of a multi-pronged security plan in bring-your-own-device (BYOD) environments, Rynes said; other security measures must involve identity engines to protect the network layers and mobile device management (MDM) to remote wipe devices that get into dangerous hands.