hybrid networksgaining technological and commercial agility from a new approach to networking September 2014

2 orange-business.com

introduction 3

business challenges 4

new approach to the network 6

contents

orange-business.com 3

the network in the modern enterprise

The network is now at the heart of everything businesses do, powering more applications, connecting more devices and carrying more data than ever before. Today’s end users want the network to be everywhere, to work as it’s supposed to work, and to do everything they need it to do quickly and consistently. They also don’t want to have to think about it at all: it just needs to be there and be effective.

But it’s no longer enough for the enterprise network just to provide access to applications hosted in corporate data centers. It also needs to provide seamless connectivity to the Internet and cloud applications from multiple devices. Enterprises need a network that allows them to meet end-user demands for increased connectivity, mobility and support, without costs spiraling out of control.

introduction

figure 1: what is driving the move to hybrid?

hybridnetworking

commercialmanagement

security &compliance

cost control

bandwidthdemands

SaaS

new usagecases performance

management

4 orange-business.com

traffic explosion

The unrelenting growth of network traffic is the key reason that the enterprise network needs to evolve. The latest analysis from Cisco predicts that global IP traffic will triple between 2014 and 2018 to reach a staggering 1.6 Zettabytes per year. For the first time in the history of the Internet, the majority of traffic during this period will come from devices that are not PCs. In addition, Wi-Fi will exceed wired traffic, and high-definition (HD) video will overtake standard definition (SD) video.

Enterprises are just as affected by this explosion of traffic as consumers are. In fact, desktop videoconferencing is the fastest

growing business Internet service in the forecast period. It is predicted to grow by 45% to a total of 238 million users by 2018. Business IP telephony users are expected to number 244 million by 2018, making it the most popular business Internet service of all.

Clearly, enterprises want new business communications applications like collaboration tools and unified communications (UC) suites, voice over IP (VoIP), videoconferencing, presence, even ERP and CRM tools – but they want to be able to use them reliably and securely. The CIO has to source and deliver a higher performing network that is both secure and scalable and delivers the best possible total cost of ownership (TCO).

business challenges

figure 2: what you are telling us

“we need to connect all our small sites to SAP, but can’t have expensive connectivity for this”

“costs are being driven down by the CFO, and it’s hard to maintain justification for better quality at any price”

“our MPLS network was built for our SAP needs, but now this is only 5% of the traffic”

“we want to buy our hybrid network from one provider, not 50, to simplify our purchase management”“cost reductions on bandwidth

no longer compensate for growth in multimedia traffic, this is the networking challenge”

orange-business.com 5

business challenges

increasing mobility

Mobile devices are beginning to outnumber PCs in the enterprise environment. By 2015, Gartner predicts that shipments of tablets alone will outstrip PCs globally. Mobile phones are already the most common device, with over six times as many shipping as PCs.

As more organizations have embraced bring your own device (BYOD), the need to secure the mobile device in the enterprise environment has increased – and organizations have had no choice but to address the issue proactively or risk the inevitable security breaches. Unified, Web-based network protection is vital with the number of devices and apps demanding access to the network from so many different locations.

The rise of BYOD means organizations also need to implement access control, automated provisioning, encryption and compliance policies to cover all the potential security-risk bases. Access control, automated provisioning, segregation, prevention of data leakage, encryption and compliance are all priorities for the IT department.

the app era

The nature of applications has also changed. The consumerization of IT is enabling users to download a vast number of apps on a range of devices to help them at both work and play. These bite-size apps are cheap, easy to use and are a million miles away from traditional monolithic enterprise applications.

According to Digi-Capital, spending on apps has more than doubled from under $10 billion in 2011 to over $20 billion in 2013. It predicts that this rapid growth will continue to reach over $70 billion by 2017.

Enterprise end users now want and expect to use apps at work. This leaves the IT department with a whole new range of IT resources to manage, resource and secure. The network itself needs to handle different kinds of traffic – to numerous different destinations – with end users expecting better performance.

the security imperative

Security has become increasingly critical in this networked age, but the IT department can no longer rely on just protecting the company perimeter. The growing use of Internet services and the increasing mobility of workers make this perimeter meaningless.

Attacks on the company can come from anywhere, and traditional security tools are ineffective against significant threats such as data leakage. In addition, the IT department needs to extend security tools, such as identity and access management, out of the enterprise and into the public cloud and beyond.

benefits of the hybrid network

The hybrid network combines the best of the IP VPN and the Internet and is available as a standard service to deliver the following benefits:

� performance: better Internet and intranet end-user satisfaction

� governance: worldwide application of security policy

� flexibility: development of new cloud applications and uses

� cost efficiency: optimized transport costs

� security: implementation of the controls required

� peace of mind: fully-managed, standard, secure solution

� manageability: single point of contact to help with operational incidents and contract management

6 orange-business.com

new approach to the networkthe changing nature of the network

These changing enterprise requirements and working habits mean that the network also needs to evolve. Enterprises are seeing their networks being used in new ways with an explosion in video and other collaboration services delivered by a combination of in-house and external cloud providers.

There is not only a major increase in traffic, but also a shift to the Internet as a destination for cloud services. Cost pressures are forcing customers to look for lower cost transport via Internet offload, but this introduces both security and performance management issues.

The increasing importance of network connectivity makes resilience something that is no longer reserved just for large sites and data centers – it is required for all users, wherever they are based.

To move forward, enterprises need to think about the network from the perspective of the business. What do they want from their network, what do they most need it to do for them to be effective? What traffic should travel over the Internet, and what via the IP VPN? Once they know what is most important, they can structure the network requirements from there.

To achieve this, enterprises need the flexibility of a network that can dynamically prioritize traffic based on importance, location, device and user. It also needs to be capable of connecting to and interacting with other public cloud service providers securely.

The hybrid network can deliver all of this by combining the best features of both the traditional IP VPN and the Internet. It is built on three pillars: distributed Internet breakout, Internet offload and cloud interconnection, along with application optimization, all delivered on a secure platform.

figure 3: the hybrid network

MPLSethernet

Internet

data center

cloudapplications

customerInternetaccess

headquarters

branchoffices

mobileworkers

Internetbrowsing

orange-business.com 7

new approach to the network

distributed Internet breakout

The first pillar of the hybrid network addresses the need to rethink Internet breakout. As part of the consolidation drive a decade ago around local IT procurement, IT departments looked to consolidate Internet access to better control and secure it. For global companies, this typically took the form of three regional gateways that broke Internet traffic out from the VPN.

The problem with this approach is that as Internet use increases, it causes congestion on the IP VPN, potentially disrupting enterprise applications. In addition, because of the long physical distances between the user, the gateway and the destination site, the increased network latency can make some Internet applications virtually unusable.

In an attempt to solve these performance problems, many local IT departments reverted back to the old approach of procuring local Internet services from their local ISPs, but of course, this brings back all the old problems of being unable to exert central control, manage costs and enforce a global security policy.

The solution to this dilemma is to drastically increase the number of breakout locations. With 15-20 breakout locations, for example, end users have a much shorter path to the Internet from the corporate network, reducing latency and traffic on the enterprise IP VPN.

In addition, by eliminating local Internet procurement, IT departments can reduce management overhead by dealing with a single provider for both IP VPN and Internet services and ensure that all sites comply with the global security policy.

Internet offload

The second pillar of the hybrid network is Internet offload, which looks at moving specific traffic from the enterprise IP VPN onto the Internet according to business rules. For example, if the IP VPN is congested, then batch transfers or even video traffic could be offloaded to the Internet as required.

What choices are made about offload is a function of enterprise network governance and should be made dynamically based on what capacity is available. A typical application would be to support an enterprise-wide rollout of Lync, which is putting strain on the IP VPN with many users choosing to use HD voice or desktop video in branch office locations. Prioritizing certain traffic and putting the remainder on the Internet can help assure the performance of the most important traffic.

Internet connectivity is cheaper than using IP VPN, so enterprises are able to effectively supplement their core network service with cheaper bandwidth. Of course not all Internet traffic is the same, and IT departments should look to prioritize various enterprise SaaS traffic over simple browsing traffic, for example.

Application optimization is the key here, because it gives you the granularity, visibility and control over all your applications. This is especially important for branch offices, which typically do not have high-bandwidth links.

figure 4: visualizing, optimizing and controlling application flows

8 orange-business.com

new approach to the network

cloud interconnection

The final pillar of the hybrid network is cloud interconnection. The cloud has already disrupted the way users access computing resources from storage to applications. In combination with the explosion in cloud and mobility, IT departments are increasingly adopting a policy of “cloud first” and “mobile first” for new application development.

Organizations want to pay per use for business tools like Office 365, in place of the traditional, expensive CAPEX model

– leveraging the power of the cloud and on-demand network. These tools are vital to effective day-to-day operations, with Office 365 remaining arguably the killer business app to most organizations. For better performance, companies should access Office 365 directly through their corporate network, rather than relying on the best-effort performance of the Internet.

The way to enable this is to have direct interconnection between the network provider and the cloud service provider. This gives enterprises the ability to prioritize business-critical applications such as enterprise SaaS over standard Internet browsing traffic, for example.

security at center

This additional flexibility mustn’t come at the expense of security. Data will still need to be protected both at transit and at rest. The hybrid network gives enterprises the ability to implement and enforce a consistent security policy wherever the user is located, on any device and using any network.

It allows enterprises to dynamically adapt security settings depending on the business risk that the user poses to data. So, for example, a user would have a different level of security depending on his role in the organization, the data he wants

to access, and the security of the device and network he is using.

This granular security and access management also needs to extend to the cloud, so that users have the same protection irrespective of whether the resource they are accessing is located in the cloud or in the enterprise data center.

Federated identity and access management (IAM) allows the IT department to apply the same corporate security policy to the cloud. So instead of users needing to set up a separate identity for each cloud application, they can use their existing corporate identity. Federated identity also means that users can be set

up on cloud services in much the same way that they can for any other corporate resource.

Mobile workers need protection on the move. Device management can protect mobile devices and keep confidential material from falling into the wrong hands via remote wipe and lock. In addition, it can segment personal and corporate apps and data so that employees can use the device for personal use. Furthermore, mobile SSL VPN functionality provides secure access to corporate applications, wherever the user is located.

BusinessVPN

BusinessVPN Galerie

Galerie video

Office 365SAPIngenico

providedby Orange

and our partners

teleworkers

conn

ect t

o yo

ur o

wn

clou

d pr

ovid

er

secure access, anywhere, anytime

mobileworkers

on-site users

in-housedata centers

figure 5: Business VPN Galerie – applications from anywhere

orange-business.com 9

bringing it all together

The hybrid network brings all of this functionality together as part of a single modular service. It gives enterprises the ability to manage real-time and non-real-time communications, all while addressing the core concerns of cost control, performance management and security

– and ultimately deliver an enhanced end-user experience.

It provides a range of options for carrying traffic to and from intranet and Internet destinations as a standard, managed service. These options support enterprise requirements in terms of central hub or local/regional breakout.

In addition, the hybrid network is engineered as an integrated solution, where all elements work together to facilitate change control. Enterprises can combine MPLS VPN and Internet networks, plus their required security, compliance and performance management services under one commercial and operational framework.

new approach to the network

figure 6: building the hybrid network

understand your application mix, what

does the network deliver today?

what will the network have to do in the future;

what is changing?

change control to ensure flexibility

build your hybrid network with our standard building

blocks

manage, control and secure your applications

across the network

Engineering management specialists Aurecon chose a hybrid network solution via Orange Global WAN and Business VPN Internet service to enhance global collaboration, security, productivity and customer service and to lower costs.

“Global access to specialized skills and local expertise are critical for Aurecon to provide world-class engineering services,” said Sean Elwick, Head of IS, Aurecon. “To transform our business and leverage technology to bring in efficiency and service improvement, we required a robust, fully-managed, integrated and optimized network.”

“The Orange consultative approach and industry-leading service management model, along with a resilient and optimized network, are well aligned with our IT strategy,” he said. “We expect significant productivity gains through collaboration and service improvements, while providing world-class service to our customers.”

about Orange Business Services

Orange Business Services, the Orange branch dedicated to B2B services, is a leading global integrator of communications solutions for multinational corporations. With the world’s largest, seamless network for voice and data, Orange Business Services reaches 220 countries and territories with local support in more than 160. Offering a comprehensive package of communications services covering cloud computing, enterprise mobility, M2M, security, unified communications, videoconferencing and broadband, Orange Business Services delivers a best-in-class customer experience across a global landscape. Thousands of enterprise customers and 1.4 million mobile data users rely on an Orange Business Services international platform for communicating and conducting business. Orange Business Services was awarded four of the telecom industry’s highest accolades at the annual World Communication Awards 2013 – Best Global Operator, Best Cloud Service, Best Enterprise Service and Best Small Business Service – and is the only seven-time winner of Best Global Operator. Learn more at www.orange-business.com, or follow us on LinkedIn, Twitter and Facebook.

Orange is one of the world’s leading telecommunications operators with annual sales of 41 billion Euros and 165,000 employees worldwide at December 31, 2013. Orange is listed on the NYSE Euronext Paris (symbol ORA) and on the New York Stock Exchange (symbol ORAN).

www.orange-business.com

Copyright © Orange Business Services 2014. All rights reserved. The information contained within this document is the property of the Orange Group and its affiliates and subsidiary companies trading as Orange Business Services. Orange, the Orange logo, Orange Business Services and product and service names are trademarks of Orange Brand Services Limited. All other trademarks are the property of their respective owners. This publication provides outline information only. Product information, including specifications, is subject to change without prior notice. 0914/MNC-WPR-HN-002(1)