Work @ Home with SD-WAN
May 19, 2020
The New WAN Edge, or Just A New Name for Remote Access?
Remote workers traditionally use VPN to connect into company networks.
An IP-based VPN creates a secure point-to-point connection through the public Internet by relying on a software client to perform encapsulation and encryption functions required by the IPsec protocol.
But those remote access technologies were expected to support a small subset of the total number of employees, not the entire workforce. Scaling VPNs to hundreds or thousands of home workers presents significant challenges, not the least of which is adding enough licenses, ports and bandwidth to support the onslaught of remote connection requests. There are also security considerations when so many are working outside of the corporate firewall, not just occasionally, but all the time.
Maybe there is a better way?
With the rapid increase in remote workers, and the fact that these employees are accessing the same enterprise applications as office-based workers, there is an emerging business case to be made for extending SD-WAN deployments to include work from home employees.
Frost & Sullivan
SD-WAN has shifted the network edge from the data center to the branch office; should it now be extended to the home office?
The cost of equipping every work from homer with a $$ SD-WAN device–in addition to all of the other expenses supporting remote workers–could be viewed as an IT budget buster. But is it really? It may not be as significant when the employees is spending 100% of their time working at home, instead of just part of the time, since they wont be needing all that expensive office space and equipment.
The question then becomes, will the superior performance that SD-WAN provides in the branch office have the same impact on the home network?
A VPN creates secure point-to-point tunnels from the end-users’ laptop to the corporate data center to access the internal network and applications. VPNs typically backhaul all traffic through data center firewall before making a u-turn to access the Internet or cloud, which can add delay and consume bandwidth and other network resources. Enabling VPN users to access the Internet directly through ‘split tunneling’ can increase the vulnerability of the remote desktop.
QOS provided SD-WAN can support direct access to the corporate data center, as well as direct access to cloud applications through gateways, without compromising security. That is because the best SD-WAN edge devices contain an enterprise grade firewall and other security features. Some can also connect to cloud-based security services such as Zscaler, which eliminates the need to backhaul.
Traditional VPNs do nothing to address the performance issues endemic to consumer broadband. Corporate IT departments are not equipped to monitor or troubleshoot home broadband connections, which are far less reliable than dedicated business access lines.
High variability of broadband performance parameters such as packet loss, delay and jitter (delay variation) are the primary cause of real time applications performing poorly.
SD-WAN from QOS can offer the following advantages over standard remote access VPN:
- Direct access to SaaS providers through low latency cloud gateways eliminates the backhauling bottleneck for superior performance when accessing Office365, RingCentral, Citrix and others.
- Create IPsec tunnels from the enterprise data center out to the remote workers. This allows the remote users to have consistent access to corporate-hosted applications.
- SD-WAN connections can be automatically established to optimize application traffic that is site-to-cloud, site-to-data center and site-to-site between home workers, a task that would be highly labor intensive to configure with traditional VPN tunneling.
How SD-WAN improves upon the home broadband experience
While the standard IPsec VPN provides a measure of security for the connection, it does nothing to overcome the variability of home broadband, which is usually running over a ‘shared media’ connection. For example, there are likely to be other business or recreational users in the home sharing that single connection. SD-WAN can be configured to enforce policies that give priority to the employees business applications by establishing logical separation from other users sharing the same connection. That can ensure that your important Zoom conference with a major customer’s procurement team does not break up when the kids are sharing Instagram videos or playing with Xbox.
Most SD-WAN technologies can route traffic dynamically over the best performing link when there are more than one, resulting in dramatic gains in performance for real time applications, and some vendors can even improve performance over a single-threaded broadband connection.
They do this by continuously monitoring the performance of the connection. If the metrics start to degrade, a condition known as ‘brownout,’ (such as when excessive packet loss causing packets to be retransmitted creates long delays), the device can use FEC (forward error correction), to send duplicate packets to combat packet loss and improve the end-to-end application performance.
To answer the original question, SD-WAN offers the ability to extend the corporate security and application perimeter to encompass even remote users with the level of performance they have come to expect on business-grade networks. The home worker can now be as productive, or even more productive, as when they are sitting in the downtown office.
“17% of the time a single broadband Internet access link fails to deliver expected application performance. That may not sound like a lot, but consider that standard business grade access services have SLAs from 99.9% to 99.999%. That 17% would translate to performance metric of only 83%.”
“Tests by VMware VeloCloud have shown a 10x higher average throughput for Office 365 running over a single link due to mitigation of packet loss, latency and jitter by the SD-WAN device.”
Let QOS equip your work from home workforce and save time and money.
For Day 1 support, QOS can validate and pre-configure the work from home SD-WAN devices prior to shipping to the employee, so all they have to do is open the box and plug the device into the cable or DSL modem and QOS will do the rest. QOS delivers and activates the SD-WAN devices on-time and with far less management overhead that can save the equivalent of two full time IT resources in large installations.