why sd-wan alone is not...
TRANSCRIPT
In order to recognize the full potential of SD-WAN,
businesses need a solution that fundamentally understands
application performance.
Why SD-WAN Alone is Not
Enough
W H I T E P A P E R
Macro Trends
The last ten years have been filled with massive shifts in the way applications and infrastructure
are built, deployed, and managed. Fueled by innovation in cloud infrastructure, new applica-
tion design technologies, and pervasive low-cost Internet connectivity, seemingly anyone can
deploy an entire infrastructure on a public cloud in minutes or take advantage of software-as-a-
service (SaaS) offerings for a variety of what were once very expensive application suites that
were historically deployed in a data center on expensive servers and storage. Business applica-
tions are becoming more involved, complex, and rich in content, driven by innovative experi-
ences created in global scale consumer applications.
Legacy wide-area network (WAN) designs have proven unable to keep pace with these changes.
Private multiprotocol label switched (MPLS) WAN links which provide secure VPN connectivity
from remote sites to data centers remain an expensive proposition especially given their generally
inferior bandwidth capacity compared to broadband. With richer applications in use in remote
offices, private WAN links have become a burden to productivity.
Because of these macro trends, businesses are faced with a series of issues:
SD-WAN Solves the Dilemma?
Software-defined WAN (SD-WAN) claims to provide a solution for these issues by allowing the
user to define policies for how application traffic is forwarded. With SD-WAN, policies can be
defined to specify which WAN links can be used for which applications, allowing the user to enjoy
transport-agnostic connectivity amongst sites, WAN high availability for the remote office, and the
cost benefits of deploying broadband Internet to reduce or eliminate private MPLS WAN links.
The dirty secret for most SD-WAN vendors is that their architecture is built using some form
of a packet routing or packet processing engine. While SD-WAN functionality on the surface
seems to be a natural evolution of packet routing and packet processing, packet-based systems
are ill-equipped to understand today’s applications given how both application complexity and
content richness have increased, and HTTPS has become the de facto transport, which is ren-
dered completely opaque by TLS. Packet-based systems are fundamentally unable to look at
application-level transactions across multiple connections using both discrete data points and
heuristics to accurately identify and understand the application in use and how it is performing.
C L O U D G E N I X | W H I T E P A P E R | W H Y S D - W A N A L O N E I S N O T E N O U G H | 2
HOW DO WE TAKE ADVANTAGE
of cloud computing and SaaS applications?
HOW DO WE REALIZE a better user experience for our remote office users?
HOW CAN WE PROVIDE high availability for our remote offices?
HOW CAN WE REDUCE cost for our remote offices?
HOW CAN I GET AWAY from complex configs and start specifying my business intent?
Packet-based systems rely on reachability, latency, loss, jitter, and bandwidth as metrics to
determine overall performance, but have little to no understanding of application goodput or
transaction response time because of their inability to truly understand the application. It is
for this reason that most packet-based systems are designed as router extensions or router
replacements—and while they may provide some value, they fall short in application detection,
require complex technical policies rather than business policies, and lack the ability to truly
understand the user’s experience of an application.
To make matters worse, packet-based systems rely on reachability of a peer as a means of deter-
mining availability. When they build a network amongst devices, they rely on paths to a peer in a
distant site (the overlay network) when making forwarding decisions. For traffic destined to sites
with no peer, they are generally rendered useless and cannot make forwarding decisions, leaving
the handling to the underlying network (also known as the underlay). When introducing cloud
applications, many such solutions demand that you deploy a virtual machine with their software in
the cloud, or, use points of presence (POPs) that they have deployed, comingling your traffic with
traffic from other companies—presenting performance, compliance, and availability concerns.
Introducing CloudGenix AppFabricTM
CloudGenix provides the industry’s most robust SD-WAN solution and is an evolution beyond
the traditional packet-based SD-WAN solutions that are available today. CloudGenix Instant-On
Network (ION) devices automatically build a secure application fabric—known as AppFabric—
which securely connects your sites and applications over any transport. CloudGenix allows you
to define policies that map to your business intent for your applications, sites, and WAN links,
specifying the performance, security, and compliance needs for each.
C L O U D G E N I X | W H I T E P A P E R | W H Y S D - W A N A L O N E I S N O T E N O U G H | 3
FIGURE 1: CLOUDGENIX APPFABRIC SECURELY CONNECTS YOUR SITES AND APPLICATIONS, AND INTELLIGENTLY HANDLES APPLICATION TRAFFIC USING THE MOST PERFORMANT, ALLOWABLE PATH.
Remote O�ce
Data Center
Remote O�ce
Remote O�ce
ION 7000
MPLS
Public Internet
ION 3000
ION 3000
ION 3000
Cloudand Saas
AppFabric is unique in that appli-
cation detection includes all of the
capabilities of traditional packet-
based systems—IP addresses, ports,
and layer 7 deep packet inspec-
tionZ—but goes above and beyond
by examining endpoints, transports,
and cross-connection and sub-
connection behaviors to accurately
identify applications. With an ac-
curate understanding of the appli-
cation in question, policies that are uniform can be configured that are globally consistent and
extend beyond just performance management.
Why AppFabric is a Must Have
AppFabric is a radically new approach to networking. With AppFabric, policies are defined by
business intent for performance, security, and compliance:
• Performance—specify the per-formance and resources required to support a positive user experi-ence, and handle flows according to actual performance metrics of the application itself rather than packet and link metrics
• Security—define the security perimeter for the remote offices and which applications are allowed to traverse the network boundary using detection of the actual ap-plication rather than IP addresses and ports
• Compliance—specify the WAN paths that the application flows are allowed to take and make forward-ing decisions accordingly
With AppFabric, one consistent application definition exists for all three policy types. With an
accurate detection of the application, policy enforcement is far more accurate, and more intel-
ligent decisions are made based on actual application metrics rather than low-level, inaccurate
packet details. AppFabric uses a superset of packet-based platforms (link statistics, latency,
bandwidth, reachability, packet loss, jitter) in addition to transaction response times, server
response time, and application goodput. Further, mean opinion scores (MOS) are calculated for
each link and media applications, which helps keep service providers honest when it comes to
service level agreements (SLAs) that you may have negotiated.
transaction time
failures/errors
fingerprintCODEC
directionality
MOS
#flowssize
Application Sessions
jitter
size
loss
pps
Packets
packet
OTHERS APPFABRIC
session
FIGURE 2: CLOUDGENIX APPFABRIC GOES BEYOND WAN MEASUREMENT AND ALSO INCLUDES METRICS FROM APPLICA-TION TRANSACTIONS TO MAKE HANDLING DECISIONS.
C L O U D G E N I X | W H I T E P A P E R | W H Y S D - W A N A L O N E I S N O T E N O U G H | 4
FIGURE 3: CLOUDGENIX APPFABRIC AUTOMATICALLY BUILDS THE NETWORK ACCORDING TO POLICY DEFINITIONS ENCOMPASSING PERFORMANCE, COMPLIANCE, AND SECURITY.
ABOUT CLOUDGENIXCloudGenix provides a software-defined WAN solution with AppFabric technology that enables you to build a global WAN based on
business policies for application performance, compliance, and security, across all sites and users. Unlike router-based solutions, CloudGe-
nix AppFabric allows you to define top-down global policies based on business intent rather than fragmented bottoms-up configu-
ration changes based on technical implementation. With CloudGenix, you can easily integrate heterogeneous WAN connections for
any site, take advantage of cloud and SaaS applications, improve visibility for app performance and SLAs, and dramatically simplify
network operations.
SEE FOR YOURSELF
SEE CLOUDGENIX IN ACTION FOR YOURSELF! VISIT WWW.CLOUDGENIX.COM/TRIAL TO REGISTER FOR A NO-RISK FREE TRIAL TODAY.
© 2017 Cloudgenix inc. All rights reserved.
The CloudGenix Difference
Only CloudGenix AppFabric pro-
vides a top-down, application-
centric policy built around business
intent that couples performance,
security, and compliance, thereby
shifting the configuration and man-
agement of SD-WAN from a series
of disjoint networking primitives to
one based on applications, sites,
and WAN links. With CloudGenix,
devices can integrate with your
existing infrastructure, providing un-
paralleled visibility into application
performance and WAN activity.
CloudGenix allows you to deploy at your own pace and decommission routers to reduce
remote office hardware and management complexity when you are ready. Fine-grained un-
derstanding of the application itself allows CloudGenix to make more intelligent decisions on
policy enforcement leading to better overall performance and user experience. You can confi-
dently adopt cloud and SaaS applications without worrying about your traffic being comingled
with traffic from other customers at another vendors POP—all functions operate even when a
peer does not exist in the remote network.
C L O U D G E N I X | W H I T E P A P E R | W H Y S D - W A N A L O N E I S N O T E N O U G H | 5
FIGURE 4: CLOUDGENIX SHOWS POWERFUL, ACTIONABLE INSIGHTS INTO HOW YOUR WAN LINKS AND APPLICATIONS ARE PERFORMING.
2665 North First St., #110 San Jose, CA 95134 | 1.844.800.CGNX | [email protected]