The future of enterprise VPN will be software-defined


There is no doubt the face of both the enterprise workforce and the network is changing. Existing network management approaches were designed around fixed branch networks (places) accessing applications within private data centers.

Today, connecting people and ‘things’ over the Internet and deploying applications within the public cloud represents a dramatic increase in the number of remote network endpoints that need to be managed. 

Increasing adoption of cloud, mobile and Internet of things (IoT) capability means more enterprise traffic is being driven off private wide area networks (WANs) – like Multiprotocol Label Switching (MPLS) – and instead moving over the Internet. 

In addition, many endpoints are now connected wirelessly, adding additional concerns about security and compliance.

The new enterprise landscape IDC predicts that in the U.S. alone, the mobile worker population will increase to 105.4 million in 2020 from 96.2 million in 2015. IDC expects mobile workers will account for nearly three quarters of the total U.S. workforce by the end of the forecast period. 

Drivers behind the growth in mobile worker population include the increasing affordability of smartphones and tablets, as well as the growing acceptance of corporate ‘Bring Your Own Device’ (BYOD) programs. 

In addition, Gartner predicts there will be around 8 billion ‘things’ connected to the Internet by 2020, up from 6.4 billion today.

This shift is giving rise to a new type of VPN infrastructure that is more dynamic, software-defined and orchestrated. VPN has become part of the Software-Defined WAN (SD-WAN) movement, which is taking the enterprise by storm. 

IDC and other analyst firms estimate the SD-WAN market will grow over 90 per cent CAGR through 2020, creating a $6 Billion market virtually overnight. The modern SD-WAN version of VPN has little in common with the previous generation of hardware-intensive, complex and expensive VPN technology beyond the encryption standards (e.g. Internet Protocol Security (IPSec) or Secure Sockets Layer (SSL)).

Key properties

The VPN of the future will center on a few key properties:

• Topology-independent: the ability to be deployed in either spoke-andhub or meshed topologies with equal ease.

• Virtualisation: the traditional IPSec and SSL encrypted tunnel is being combined with generic routing encapsulation (GRE) – which establishes a direct, point-to-point connection between network nodes – to create virtualised overlay networks that can run over any wired and wireless WAN access network, including 4G LTE.

• Orchestration: using cloud-like orchestration, VPN overlay networks can be built programmatically, eliminating the configuration complexity of traditional VPNs

• Traffic Steering: SD-WAN enables traffic to be ‘steered’ by policy between physical underlay and virtual overlay networks. This allows MPLS and Internet broadband links to be bundled into a single hybrid WAN to improve performance and availability.

• End-to-End Management: next generation cloud management platforms can manage VPN connections end-to-end across the enterprise, erasing the traditional LAN/WAN boundaries that have confounded visibility, security and control of branch networks.

A sizable branch network today might be several thousand sites. In a few years there may still be 2,000 branches, but they may have tens of thousands of remote people and hundreds of thousands of things connected to their network. 

The VPN of the future will help businesses ensure all of those endpoints are secured, controlled and compliant.  

  • Todd Krautkremer is a SVP, Strategy & Corporate Development at Cradlepoint 


Source link