With SD-WAN, Pursuing Hybrid Cloud Connectivity Might Be Simpler Than You Think May 14, 2021 Pranav Kondala Edge Computing false For enterprises to innovate, grow, and outpace their competition, they must embrace digital transformation. It enables them to automate tasks and become more agile. According to a consumer report, nearly 78% of enterprise applications are now on the public cloud. That includes Software as a Service (SaaS) applications and Infrastructure as a Service (IaaS) providers, such as Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP). The fact is, adopting cloud services is no longer optional. Yet figuring out connectivity to your branches to support robust use of cloud services can be challenging. If you don’t optimize and simplify connectivity to the cloud, you may not be able to make the most out of your cloud investments. Let’s look at a real-world example, using AWS products and consider a traditional router scenario. (Similar options are available from other cloud providers like Azure. The table provides the product name equivalent.) Amazon Web Services Azure Virtual Private Cloud Virtual Network AWS Direct Connect Azure Express Route Transit Gateway Virtual WAN Virtual Private Gateway Virtual Private Network Gateway One way to extend your branch LAN to the public cloud is to build an IPsec tunnel from your branch router. Typically, there are two popular options: Building IPsec tunnels between branches and the Virtual Private Gateway (VPG) Building IPsec tunnels to a Transit Gateway (TGW) Building IPsec Tunnels Between Branches and a Virtual Private Gateway You can attach a VPG to a Virtual Private Cloud (VPC) and configure multiple site-to-site Virtual Private Network (VPN) connections to data centers and branches. You would configure routing so that any traffic bound to the VPC will route to the VPN tunnel; and any traffic to your branch network will route to a VPG (as illustrated). Building IPsec Tunnels to a Transit Gateway You can attach a TGW to a VPC and configure multiple site-to-site VPN connections to individual branches. You would configure routing so that any traffic bound to the VPC will route to the VPN tunnel; and any traffic to your branch network will route to the TGW, as shown. This approach requires network engineers to configure branch routers and set up the VPN. Depending on the vendor and type of router, this might be a manual process (although some engineers may develop an automated script). Regardless, as the number of branches increases, the process gets complicated and harder to maintain. Without a controlled overlay, the visibility into application performance is also limited. Static IPsec tunnels mean your applications are at the mercy of the transport’s performance. Traditional IPsec will often expose an impaired WAN when application performance degrades and causes reduced productivity or lost revenue. A Wise Investment in SD-WAN All of these scenarios can benefit from investment in a Software Defined Wide Area Network (SD-WAN) that simplifies cloud connectivity. Most SD-WAN vendors have virtual instances of their edge devices available on public cloud marketplaces. By installing an SD-WAN appliance in the VPC, you can add your cloud environment as an endpoint in your SD-WAN network. Then, with SD-WAN orchestration, you can treat your public cloud as any other data center. The branch SD-WAN edges can build tunnels directly to the cloud endpoint and reach applications quickly. The SD-WAN overlay reduces the need for router configurations and provides application enhancements. Similar to traditional routing, SD-WAN allows you to integrate the network into the public cloud in multiple ways. The two most popular ways are to: Install an SD-WAN appliance on the VPC Connect to a third-party virtual SD-WAN appliance on a TGW Installing an SD-WAN Appliance on the VPC In this deployment, a virtual instance of an SD-WAN edge (or vEdge) can be deployed in a VPC, which then learns from other peer vEdges. The branch vEdge will automatically discover your cloud routes and build dynamic or static tunnels to reach applications. Since overlay tunnels are established between branch SD-WAN edge and the public cloud, you will have visibility in the network, and gain SD-WAN enhancements and Quality of Service (QoS) end-to-end. Depending on SD-WAN capabilities, you can also extend your branch operations like Payment Card Industry (PCI) systems, back office applications, and guest Wi-Fi to your public cloud. Connect to a Third-party Virtual SD-WAN Appliance on a Transit Gateway You can now natively connect your network to a TGW without configuring complex IPsec VPN connections. Dynamic routing capability further simplifies route management across hybrid cloud environments. In addition, you no longer need to manage and operate multiple IPsec VPN connections between third-party appliances and the TGW to support higher bandwidth. Many SD-WAN vendors have developed virtual appliance integration with various TGWs. Branch SD-WAN edges build overlay to the virtual appliance in a public cloud and hand off traffic to the TGW for routing. The TGW simplifies routing within the public cloud when applications reside in multiple VPCs. Powering and Simplifying the Network You Depend On No matter how you approach your network and digital infrastructure, it’s nearly impossible to do business without the cloud. With that shift comes increased network complexity. If you already have SD-WAN at your branches, there are a host of ways to optimize connectivity to the public cloud and ensure you make the most out of your SD-WAN investment. If you don’t yet have SD-WAN, there’s no better time than now to explore digital transformation and how you can both power and simplify the network you depend on. About the Author Pranav Kondala is a Solutions Architect at Hughes who loves to help customers solve complex networking problems. He is passionate about technology and solving problems. Pranav works on developing solutions for our customers by working with customers. Outside work, Pranav is an avid explorer, hiker and mentors students at various technology groups and educational institutions. You can follow Pranav on LinkedIn and Twitter @PranavKondala Categories See All SD-WAN (54) Networking (26) Retail Technology (21) EMV (11) Managed Security (11) Managed Services (8) SASE (8) Conference (7) Edge Computing (6) Digital Media (5) WiFi Analytics (4) SCS (1) Popular Blogs The Battle of Bandwidth: MPLS vs. SD-WANMay 11, 2021 3 Top Trend-based Opportunities for C-StoresJun 18, 2021 Hughes Employees Who’ve Shaped an IndustryApr 12, 2021 Market-Driven Technology RoadmapsApr 14, 2021 Outdoor EMV Liability: What Comes Next?Apr 30, 2021 Related Posts See All Takeaways from 2020 Mike Tippets, Vice President, Enterprise Marketing December 03, 2020 What We Learned About the Edge and Edge Computing from Innovation Day Rohit Tripathi September 24, 2020 Hughes Network Systems “Innovation Day” Highlights Edge Computing Possibilities August 04, 2020 A New Way to Close Knowledge Gaps in Edge Computing and Its Strategic Value Rohit Tripathi June 25, 2020 Questions You Should Ask When Considering Edge Computing for Your Enterprise Rohit Tripathi April 30, 2020 ENJOY THIS POST? Provide your email below to receive a monthly round-up of what’s happening in the world of connectivity! First Name Last Name Email Company Campaign ID CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.