Transcription
SD-LAN: THE FUTURE OFLOCAL AREA NETWORKSSD-LAN: THE FUTURE OFLOCAL AREA NETWORKSTraditional Wi-Fi and wired access networks aren’t keeping pacewith today’s rapidly evolving, dynamic wireless-first organizations—but there’s a new solution that does.Traditional Wi-Fi and wired access networks aren’t keeping pacewith today’s rapidly evolving, dynamic wireless-first organizations—but there’s a new solution that does.
SD-LAN: The Future of Local Area NetworksSD-LAN: The Future of Local Area NetworksTable of ContentsIntroduction4Chapter 1: The (rapidly increasing) evolution of access networks6Chapter 2: What is SD-LAN?10Chapter 3: How SD-LAN is changing the LAN landscape14Conclusion: The future is here18
SD-LAN: The Future of Local Area NetworksIntroductionBy 2020, at least 20 billon devices will be connected to the Internet of Things—and many analystspredict twice that number.1 Whether it’s 20 billion,or even 50 billion, that’s a lot of devices weighingdown static networks and impeding performance.unable to run real-time applications, while othersdesperately need an easier way to handle thegrowing volume of BYOD, guest, and IoT devicesthat require access and authentication from thecorporate network.For organizations, it’s not as simple as limitingconnections. In today’s business world, the connections and flexibility afforded by mobile devicesare essential.The results? Frustrated users, lost productivity, andserious security risks from relatively low-sophistication devices and an increased attack surface.But as more and more devices connect to yourcompany network, unintended consequencesfollow: inconsistent wireless coverage; failed connections to employee, guest, and customer devices;staggered performance when accessing media-richcontent; and unmanaged network access. Manycompanies are finding their legacy wireless LAN4Only 1 out of 10 IT administratorsconsider their networks “future-ready.”2This eBook discusses the challenges of accessnetworks and a new solution to those challenges:software-defined LAN (SD-LAN), which expandson the principles of software-defined networks(SDN) and SD-WAN to create increased wired andwireless access network adaptability, flexibility,cost-effectiveness, and scale while also providingmission-critical business continuity.5
SD-LAN: The Future of Local Area NetworksCHAPTER 1The (rapidly increasing)evolution of access networksFor most of the networking world’s history, evolution came through hardware and software innovation. Now, software is driving dramatic changes innetworking.3 More aspects of our environment aredigital, mobility is transforming lives, people aremore connected than ever, and societal and globaltrends are contributing to the formation of a newsoftware-defined world.For enterprises, this mobile connectivity trend isredefining business processes and productivity. Soexpanding your wireless LAN is, or should be, a topinvestment priority.However, with the increased pace of change drivenby mobility and a wireless-first world, it is becomingincreasingly difficult for vendors to meet demandswithout a complete rethink of network architectureapproaches overall.Key computing trends driving the need for a new network paradigm:4Changing traffic patterns—Applications thatcommonly access geographically distributed databases and servers through public and privateclouds require extremely flexible traffic management and access to bandwidth on demand.The consumerization of IT—The BYOD trendrequires flexible and secure networks.Five essential pre-requisites of today’s access networks in a world where the onlyconstant is change:3 Adaptability—Continuously adjusts to client,application, and infrastructure changes Business continuity—Self-optimizing,self-healing, and self-organizing operation Flexibility—Easily integrates with existingarchitecture and applications Scalability—Starts small and grows—or shrinks—as requirements change Cost-effectiveness—Reduces the cost of acquisition and ongoing operation of the network6The rise of cloud services—Users expect ondemand access to applications, infrastructure,and other IT resources.“Big data” means more bandwidth—Handlingtoday’s mega datasets requires massive parallelprocessing that is fueling a constant demand foradditional capacity and any-to-any connectivity.Security in the Internet of Things—The onlyway to adequately secure IoT devices is throughgranular identity and a software-defined approachto security keys.7
SD-LAN: The Future of Local Area NetworksGiven the explosive proliferation of devicesthroughout the network, IT departments must beable to build an intelligent infrastructure. This infrastructure must continuously adjust and adapt tokeep up with the pace of change that mobility andIoT has created and provide reliable access andsecurity to maintain business integrity. BecauseIoT provides such a large attack surface, adequatesecurity measures through granular identity and asoftware-defined approach to security keys is vital.Scalability to support this influx of devices is alsoessential because it enables organizations to growseamlessly without making major changes to thenetwork, which can be complex and costly.But in trying to meet today’s dynamic networkingrequirements, network designers find themselvesconstrained by the limitations of current networks:4 Complexity that leads to stasis—Addingor moving devices and implementing network-wide policies are complex, time-consuming, and primarily manual endeavorsthat risk service disruption, discouragingnetwork changes.8SD-LAN: The Future of Local Area Networks Limited scale—Traditional wireless LANarchitectures rely on a centralized controllerthat has limited capacity, requiring additionalcomponents to be acquired as more accesspoints are introduced. This becomes increasingly complex across distributed sites. Vendor dependence—Lengthy vendor hardware product cycles and a lack of standard,open interfaces limit the ability of networkoperators to tailor the network to theirindividual environments.40% of total network costs aredevoted to maintenance and support.2Unfortunately, the traditional, static way of designing, deploying, and operating access networksdoesn’t allow the network—or your IT team—tokeep up with the dynamic pace of today’s connectedworld. There has to be a better way.There is: software-defined LAN (SD-LAN).9
SD-LAN: The Future of Local Area NetworksCHAPTER 2What is SD-LAN?To understand SD-LAN, let’s first backtrack a bitand look at the architecture and technologies thatled to SD-LAN.Software-defined networking (SDN) is an emergingarchitecture that decouples the network controland forwarding functions, enabling networkcontrol to become directly programmable andthe underlying infrastructure to be abstracted forapplications and network services. This allowsThe SDN architecture is:4network engineers and administrators to respondquickly to changing business requirements becausethey can shape traffic from a centralized consolewithout having to touch individual devices. It alsodelivers services to where they’re needed in thenetwork, without regard to what specific devices aserver or other device is connected to.4 Functionalseparation, network virtualization, and automationthrough programmability are the key technologies.Directly programmableAgileCentrally managedSDN setup:Programmatically configuredSoftware-drivenAPPLICATION LAYERBusiness ApplicationsAPIAPIAPICONTROL LAYERNetwork ServicesNetwork ProtocolsINFRASTRUCTURE LAYERSource: Open Networking Foundation, efinition10But SDN has two obvious shortcomings: It’s reallyabout protocols rather than operations, staff, andend-user-visible features, function, and capabilities; and it has relatively little impact at the accesslayer (intermediary and edge switches and accesspoints, in particular)—critical elements that definewireless LAN today.Its ease of deployment, central manageability, andreduced costs make SD-WAN an attractive optionfor many businesses, according to Gartner analystAndrew Lerner, who tracks the SD-WAN marketclosely.6 Lerner estimates that an SD-WAN can beup to two and a half times less expensive than atraditional WAN architecture.Like SDN, software-defined WAN (SD-WAN) separates the control and data planes of the WAN andenables a degree of control across multiple WAN elements, physical and virtual, not otherwise possible.While SDN is an architecture, SD-WAN is a buyabletechnology. Much of the technology that makes upSD-WAN is not new; rather it’s the packaging of ittogether—aggregation technologies, central management, the ability to dynamically share networkbandwidth across connection points—that is.SD-LAN builds on the principles of SDN in the datacenter and SD-WAN to bring specific benefits ofadaptability, flexibility, cost-effectiveness, andscale to wired and wireless access networks—while providing mission-critical business continuityto the network access layer. It is an applicationand policy-driven architecture that unchainshardware and software layers while creatingself-organizing and centrally managed networksthat are simpler to operate, integrate, and scale.11
SD-LAN: The Future of Local Area NetworksSD-LAN: The Future of Local Area NetworksAn SD-LAN solution requires five key layers:SD-LANAPI LayerAdaptive access self-optimizes, self-heals, and selforganizes wireless access points and access switches.Cloud-Based Management LayerApp Optimization Layer Ability to intelligently adapt device coverageand capacity through use of software definable radios and multiple connection technologies (802.11a/b/g/n/ac/wave 1/wave 2/MIMO/MU-MIMO, BLE, and extensibility through USB)Identity-Driven Access LayerAdaptive Access Layer A unified layer of wireless and wired infrastructure devices, with shared policies andmanagementEnterprise SD-LAN HardwareApplication optimization prioritizes and changesnetwork behavior based on the apps. Dynamic optimization of the LAN, driven byapp priorities Ability to focus network resources where theyserve the organization’s most important needs Fine-grained application visibility and controlat the network edge Control without the controllers—dynamiccontrol protocols are used to distribute ashared control plane for increased resiliency,scale, and speedSecure, identity-driven access dynamically defineswhat users, devices, and things can do when theyaccess the SD-LAN. Context-based policy control polices accessby user, device, application, location, availablebandwidth, or time of day Access can be granted or revoked at a granular level for collections of users, devices andthings, or just one of those, on corporate,guest and IoT networks The removal of hardware dependency, providing seamless introduction of new accesspoints and switches into existing networkinfrastructure. All hardware platforms shouldsupport the same software.Centralized cloud-based network managementreduces cost and complexity of network operationswith centralized public or private cloud networking. Deployment in public or private cloud with aunified architecture for flexible operations Centralized management for simplified networkplanning, deployment, and troubleshooting Ability to distribute policy changes quicklyand efficiently across geographically distributed locationsOpen APIs with programmable interfaces allowtight integration of network and applicationinfrastructures. Programmability that enables apps to deriveinformation from the network and enablesthe network to respond to app requirements A “big data” cloud architecture to enableinsights from users, devices, and things An open developer program to enable anecosystem of developers, software vendors,and MSPs IoT networks increase the chances of securitybreaches, since many IoT devices, camerasand sensors have limited built-in security.IoT devices need to be uniquely identified onthe Wi-Fi network, which is made possible bysoftware-defined private pre-shared keys.1213
SD-LAN: The Future of Local Area NetworksCHAPTER 3How SD-LAN is changingthe LAN landscapeJust how can SD-LAN help your organization—howdo its specific features specifically serve your needs?By basing core implementations and policies insoftware, network shops can realize enhancedconfigurability, scalability, continuity, andsimplified operations while unlocking valuebeyond connectivity.Increased operational efficiencySD-LAN implementations are self-optimizing,self-organizing, self-reorganizing, self-configuring,and self-reconfiguring in response to changingconditions. This limits the day-to-day work of theoperations staff largely to policy management andoccasional troubleshooting and end-user assistance—which should increase staff productivity.A single management interface for wired andwireless domains and unified network policieswith device templates allow IT to configure anynumber of Wi-Fi devices and access switches.Access switches have dramatically differentrequirements than those at the core. The edgeis getting more geographically spread out—withmore users, more devices, and more locations.14Cumbersome command-line interface (CLI)doesn’t work for edge switches anymore; theserequire easy, UI-based centralized cloud management and unified wired/wireless policies.Reducing capital and operational costThe removal of WLAN controller hardware andlicensing can lead to dramatic cost savings—without loss of functionality. It can result in significantly lower relative capital expenditure (CapEx),reduction in footprint and associated operationalexpenditure (OpEx), simplified architecting andinstallation of access points, ease of ongoing management, and increased solution resiliency anduser productivity improvements. With labor-intensive OpEx rapidly outpacing CapEx in today’sbusiness environments, SD-LAN offers lower TCOthrough its cloud-based management. “Let’s faceit—operations staffs still require all the productivity they can muster; budgets and staffing levelsaren’t going back to the pre-recession days, so thisis where SD-LAN could conceivably really closethe deal,” writes Craig J. Mathias, a principal withFarpoint Group, an advisory firm that specializesin wireless networking and mobile IT.7Increased scale and flexibilityPlanning for changeSoftware as a Service delivery via the cloud helpscompanies eliminate the expense of purchasingor maintaining expensive application servers andsoftware. With SD-LAN, this pay-as-you-grow modelensures organizations have the flexibility to scaletheir networks to match business growth. Thecloud management platform scales to support themanagement and monitoring of thousands of devices from a single console with minimal overhead.Scaling is as easy as adding or removing additionalnetwork access points and switches, which greatlysimplifies network planning and development.In dense deployments, such as when accesspoints are in adjacent rooms, administratorsmay have to switch off their 2.4 GHz radios onevery second or third access point to reduceinterference. With the adaptive access layer thathas software-definable radios, administratorscan switch that second radio to 5 GHz, effectivelyincreasing capacity—future-proofing the purchase and ensuring immediate ROI.An application-optimized network ensures corporate CRM and financial systems get the necessaryquality of service. Cloud management, a must-havein today’s business environment, allows IT to moreeasily manage thousands of access points, switches, sites, end users, and devices—and benefitsorganizations in operation costs and deploymentspeed for years to come.15
SD-LAN: The Future of Local Area NetworksGranular network protectionSD-LAN’s granularity digs down to the level of individual users and devices and provides insights onlocation, time of day, and user role. It also includescapabilities important in local operational policiessuch as BYOD, guess access, and support for IoT.Profile-based management and security implemented at the edge of the network helps minimizerisk to the organization. SD-LAN can leverage localauthentication mechanisms to determine authorization and encryption keys. Security is single-pointof-control system-wide uniformity, which makes iteasier to respond to security threats.Identity-driven SD-LAN allows administrators toapply fine-grained security policies to individualusers on the guest network, complementingthe authentication method already in use in thecorporate network—a huge benefit for organizations that typically use a single guest SSID witha common pre-shared key that can be compro-16SD-LAN: The Future of Local Area Networksmised. That identity-driven process also createsgreater security. With software-defined privatepre-shared keys and application visibility andcontrol (AVC) with custom signatures that can becreated to monitor apps and apply fireware rulesat the access layer, SD-LAN confronts the securityconcerns created by IoT.Value beyond connectivityLocation and presence APIs provide tangible benefits in retail, manufacturing, and logistics. Monitoring APIs allow MSPs to offer Wi-Fi as a service andadd value with customized network-managementdashboards. For schools and colleges, APIs cancreate easy guest onboarding and sponsorshipworkflow that are integrated into student andfaculty IT portals, making self-serve IT a reality.APIs can be configured for the present and can beadded in the future, leading to a truly programmable, future-proof access network.In summary, SD-LAN offers the following benefits:9 Reduced complexity—Automation, policy, andsimplicity are applied to operations, bringingbig savings in cost, improved reliability, andmuch more. Reduced costs—Going beyond improvedproductivity of your IT team, SD-LAN makesthe networks themselves smarter and usescontrol and management tools to simplifynetwork administrators’ lives. App visibility and control—SD-LAN is a sourceof data for analytics, such as understandingwhat apps are doing on the network. SD-LANcan then use this information in conjunctionwith policies to tune app behavior automatically. Policy-based management—It’s significantlyeasier to change policies in SD-LAN than it is towhip out the CLI, as well as more cost-effective,reliable, and secure. Improved reliability—Implementations canproactively deal with reliability issues andnetwork emergencies. Improved security—Traffic monitoring withcustomized signatures for IoT app traffic thatprovides app visibility and control right at thefirewall on the access point, and a uniqueidentity for each device. Easy scalability—SD-LAN techniques canmitigate expensive OpEx. And SD-LANs maysoon be able to produce proactive maintenance messages, limiting installation toassuring building codes are met and plugging in a cable. The remaining configuration,management, and tuning will be automatic.The software- and policy-based nature ofSD-LAN makes it easy to add new features.17
SD-LAN: The Future of Local Area NetworksC O N C LU S I O NThe future is hereWithout a doubt, SD-LAN offers a strong solution tohelp your organization keep pace with the dynamic,constantly changing network demands brought onby surging mobility and the Internet of Things.But at this early stage, it’s not ubiquitous technology. In fact, Aerohive Networks is the first companyto deliver software-defined access for adaptable,flexible, and cost-effective wireless and wired access networking. Aerohive’s SD-LAN solution buildson core capabilities developed over the last 10years and includes a line of cloud-managed accessswitches and access points, including the AP250, aWave 2 802.11ac access point with software-definable dual 5 GHz radios, integrated BLE (BluetoothLow Energy) beacon technology, and USB connectivity supporting IoT developments. Aerohive’scloud networking solutions centralize network andpolicy management; drive dynamic application andidentity-driven network performance; and providean open API platform for customized IT and business applications.With SD-LAN, Aerohive has built softwaredriven intelligence into every aspect of accessnetworks, including: Application visibility and control Context-based policies Distributed-access infrastructure“It’s important that there be a vision for future-proofing yourinvestment with a big data architecture and the ability to dynamically configure the network with configuration APIs,” writes MilindPansare, strategic marketing director at Aerohive Networks.8“It was customized agility in the data center that enabled Google,Facebook, and Amazon to create compute environments that Next-generation cloud managementprovided huge business advantage. The network edge is the next big Applications and insightsfrontier where business will seek to create competitive advantageAnd getting started with Aerohive’s SD-LAN solutionis simple, requiring only an access point, a switch,and a cloud license.Aerohive even offers free access points so thatyou can try SD-LAN for yourself.and differentiation. After all, that’s where consumer experience andworkforce productivity are drivers of innovation.“With SD-LAN, you’ll be smart today and ready for the future.”TRY SD-LAN ›TRAIN NOW ARRIVING TRAINTRAIN NOWNOW ARRIVINGARRIVING TRAIN NOW ARRIVINGTI C K ETS1819
SD-LAN: The Future of Local Area NetworksAbout AerohiveAerohive enables our customers to simply and confidently connect to the information, applications, andinsights they need to thrive. Our simple, scalable, and secure platform delivers mobility without limitations. For our customers worldwide, every access point is a starting point. Aerohive was founded in 2006and is headquartered in Milpitas, CA. For more information, visit www.aerohive.com.Sources:1“Reality Check: 50B IoT Devices Connected by 2020—Beyond the Hype and into Reality,” RCR Wireless News, June 28, -hype-reality-tag102“Why Do You Need an SD-LAN?” Aerohive re-Defined LAN: Redefine Your Access Layer,” Aerohive Networks, Whitepaper-SD-LAN.pdf4“Software-Defined Networking (SDN) Definition,” Open Networking urces/sdn-definition5“Software-Defined Networking,” Tech Target. August ftware-defined-networking-SDN6“SD-WAN: What Is It and Why You’ll Use It One Day,” Network World, February 10, e-day.html)7“What are the Requirements for SD-LAN?” Aerohive Networks blog, September 13, e-The-Requirements-For-SD-LAN.html8“SD-LAN: Why Your Network Edge Refresh Strategy Needs to be Software Defined,” Aerohive Networks blog, September 12, Defined.html9“What Are the Benefits of SD-LAN?” Aerohive Networks blog, September 14, e-the-benefits-of-SD-LANs.html
Like SDN, software-defined WAN (SD-WAN) sepa-rates the control and data planes of the WAN and enables a degree of control across multiple WAN el-ements, physical and virtual, not otherwise possible. While SDN is an architecture, SD-WAN is a buyable technology. Much of the technology that makes up SD-WAN is not new; rather it's the packaging of it
