Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

The best route to the cloud: SD-WAN and cloud security


In the modern world, enterprises are entering a place where they have legitimate uses for all types of networks—private line, Ethernet, satellite, DSL, broadband, and so on. As a result, companies have to become more sophisticated planners, consumers, and users of this array of networks.

SD-WAN technology allows businesses to leverage these various networks in a strategic manner because it uses available information about the networks to make routing decisions. In addition, SD-WAN’s centralized orchestration provides a more intuitive and user-friendly interface to allow companies to set application-specific policies for the entire business—regardless of branch office or user location. With SD-WAN, companies can avoid the incredibly complex set of programming rules currently used to oversee multiple network connections and instead set straightforward policies and then manage and enforce those policies across all locations.

Those are just some of the impacts SD-WAN has on enterprise networks. This blog examines additional changes brought about by SD-WAN, as well as their potential ramifications.

It's time to change the way businesses structure network connectivity

Companies have historically used hub-and-spoke architectures to provide network connectivity and funnel all internet traffic through central or regional data centers, usually over wide-area networks such as MPLS. As pointed out in an earlier blog by Alex Teteris, that type of routing is costly and inhibits application performance. It is simply inefficient for a global business to push all internet traffic through a location that could be thousands of miles from the end user.

With SD-WAN, companies employ local internet breakout strategies in which traffic is optimized through local controllers in branch offices, allowing for that internet connection to be closer to the end user. SD-WAN selects the optimal transport based upon policy and business conditions and leverages various types of circuits (broadband and 4G/LTE) to connect end users to the internet, reserving MPLS links for DC-bound traffic.

SD-WAN allows companies to think about their internet traffic differently than in the past. Instead of having a monolithic view of it, companies can route traffic over optimal networks, leading to lower costs and more efficient use of bandwidth. For instance, a company may have one path that it dedicates to voice over IP traffic, and that could be an internet connection in branch offices or a private line connection in its main office. In another example, a branch using SD-WAN may leverage broadband as its primary transport service, but automatically readjust its path to a DSL circuit when a problem is discovered and send traffic over the connection that is performing the best.

Different locations need different solutions

It should be clear that the migration of applications to the cloud will lead to a restructuring of the network architecture. Companies have to rethink the centrality of the internet to their operations. They must also recognize that, with SD-WAN, their demands for internet bandwidth will increase, while their need for dedicated MPLS bandwidth may fall.

But SD-WAN will also lead companies away from the binary approaches they’ve taken to connectivity in the past. Traditionally, if a company had 900 locations on a network, every one of those locations used the same type of connection. Those MPLS-based connections were expensive and didn’t reflect the on-the-ground fact that one location might have 20 users, while another might have 1,500. SD-WAN allows companies to have multiple site profiles so that the sales office with 20 people could simply have an internet connection while the site with 1,500 people could have a mix of connections, some of which likely involve MPLS and private line circuits.

As a result of multiple site profiles, a company may integrate broadband internet connections from a variety of service providers. While a company could just use a large ISP for all connections worldwide, local service providers, especially in foreign countries, often provide internet access at significantly reduced costs and companies should be ready to take advantage of these savings. To manage multiple ISPs, companies may need to adopt ISP aggregators to assist with SD-WAN.

There is also a need for robust security when sending traffic from locations directly to the internet via SD-WAN. This security must provide the same capabilities that were present in the data center for every connection used by the SD-WAN solution. Zscaler offers such capabilities via the cloud so that the organization can provide identical and consistent protection no matter where, when, or how users are accessing business-critical applications.

The benefits of embracing SD-WAN

Using SD-WAN decreases network complexity for companies in the long run as it minimizes configuration problems, it’s less expensive than routing all traffic over legacy network connections, and it delivers a faster and smoother user experience. SD-WAN enables flexible routing strategies based on classes of applications and business needs and will reduce traffic to legacy data centers.

With SD-WAN, companies can get new locations up and running while far less time and money on configuration. With legacy network connections like an MPLS or Ethernet circuit, companies have typically had to wait four to six months for installation. With SD-WAN and internet from a local provider, companies can be operational in a matter of a few days. Many of the configuration challenges that confounded companies using legacy network connections can be automated with SD-WAN, which again reduces delays and frees up IT resources to focus on providing the business with more direct value. 

SD-WAN local breakout strategies also ensure that connectivity is faster and more reliable than in the past because connections are made directly to the user’s destination, rather than backhauling over legacy hub-and-spoke architectures to data centers for security treatment. The bottom line is that with secure SD-WAN, companies can reduce connection costs and decrease complexity, while enabling fast, direct connections to the internet for their end users.

Want to learn more? Watch this webinar on three secrets to SD-WAN success.

Read other blogs in this series:  SD-WAN and Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dan Shelton is director of product management at Zscaler.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

Exceptional Customer Experiences Begin at Home
Exceptional Customer Experiences Begin at Home
Read Post
The Power of Zscaler Intelligence: Generative AI and Holistic View of Risk
The Power of Zscaler Intelligence: Generative AI and Holistic View of Risk
Read Post
Take Cloud Native Security to the Next Level with Integrated DLP and Threat Intel
Take Cloud Native Security to the Next Level with Integrated DLP and Threat Intel
Read Post
Cloud Compliance
The Impact of Public Cloud Across Your Organization
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.