Author: Adrian Brookes, Solutions Strategy and Pre-Sales Director Infovista.
Adrian has been in the communications industry for over 25 years gaining experience in multiple vendors and service providers environments. He currently leads the Solution Strategy and Solution Engineering activity at Infovista focussed on delivering SD-WAN solutions. Adrian has held Senior Executive positions at Newbridge, Cisco, Siemens, and Avaya where he has successfully steered companies on several technology changes including TDM to VOIP, Frame Relay, ATM, MPLS, SDN, and now SD-WAN.
Corporate WAN at home
With the rapid switch to remote working, many IT departments are struggling to support staff that are now seeing their home networks become an extension of the corporate intranet. Home broadband and WI-FI is no longer just for Netflix, gaming, and social media but now an essential work resource that is competing for bandwidth against other activities in the locked-down home. Although SaaS and cloud-based technologies can help, each displaced user needs a uniformed and managed method that allows secure and reliable remote access – while organisations need to ensure that remote working doesn’t become a security gap for exploitation by cyber criminals.
Capacity without intelligence
The immediate response from IT departments to a massive surge in remote working was to deploy additional VPN capacity. Both through additional licences for on-site appliances and, in some cases, new or additional capacity through VPN as a service product. Although this provides a more secure tunnel from homeworkers across the internet to corporate resources; VPN does not solve any performance issues.
A home router / WIFI access point will typically treat each connected device equally. So, a household where multiple users are streaming Netflix or YouTube videos each at several MBps, ends up quickly consuming all the available bandwidth. Considering that according to data from Akamai, a content distribution service, the average UK household only has a 17MBps connection.
However, raw bandwidth is not the only issue. Not only are devices treated equally but so is all the application traffic. This means a critical Zoom-based conference call with an important client will have the same delivery priority as another user sending data packets for an online gaming session or streaming cat videos from Facebook. A few of the more advanced home broadband gateway devices may have the ability to block out certain types of traffic but it is unfeasible for an IT department to login and remotely optimise each remote worker’s home broadband connectivity, and then put it all back to normal at the end of the day.
The unfortunate reality is that a large segment of the workforce is currently struggling with home working purely from a connectivity standpoint. In terms of remedy, installing a dedicated work-only internet connection is an option but at present the major UK telecoms providers have largely suspended new installs due to rightly focusing on fixing faults. A more draconian option is to ban other household members from using the internet during certain times. A situation that is almost impossible with teenagers or in a multi-tenant shared housing situation.
A smarter WAN Edge
An emerging alternative that was used successfully prior to the current health emergency is WAN edge optimisation technologies. In simple terms, these are small appliances that are shipped to each remote worker that plug into router/access point that effectively take over the decision-making process of what types of traffic should be prioritised for sending over the internet. The device is typically remotely configured using an automated process and includes security capabilities that can help organisations to remotely enforce secure access process.
WAN edge optimisation appliances can also include 3G/4G connectivity which can be used if the main internet connection has low bandwidth, excessive latency or is saturated by other traffic. Rolling out these types of appliances in normal times is relatively straightforward and even though it is a bit more involved in the current situation – they are still a lot more reliable and easier to manage than having to manually tweak each remote users’ unique broadband setup. Additionally, some solutions also enable a “software defined” use case where the remote worker is provisioned centrally and treated as an unequipped site on the network.
Another more technical challenging issue is that of corporate network congestion caused by many formerly “office” users now connecting remotely via VPN. This is a harder problem to overcome as most organisations’ networks are architected with the assumption that only a few users need to connect remotely. As such, shifting to a design where there are now 95% of users accessing via VPN can lead to poor performance, not just affecting a few remote users, but everybody within the organisation.
SD-WAN at home
The longer-term solution is to re-architect the network with more capacity for inbound connectivity. However, this is a time-consuming task and, by itself, may not solve the issue if there is no intelligence around how applications and users are prioritised based on the needs of the organisations. For example, staff that are processing orders need these transactions to be given network priority over other tasks such as ongoing incremental data backup. These types of solution reside with the Software Defined Wide Area Network (SD-WAN) area of technology and have typically been used by larger enterprises for over a decade to streamline network traffic between a branch and a head office.
SD-WAN allows IT departments to set granular rules around how each user and application consumes network resources, and this is then dynamically and automatically managed based on the current network and internet conditions. SD-WAN technology can also leverage a new approach, called “transparent hybrid WAN” (TH-WAN) that makes it simpler and faster to deploy by eliminating the need for reconfiguring network devices.
The use of both WAN edge optimisation and SD-WAN for managing a vast number of remote workers offers many advantages and with newer TH-WAN versions also has the advantage of rapid deployment. For IT managers desperately trying to solve the seemingly impossible tasks of making the corporate WAN extend to the home worker, they should be seriously considered.