All paths lead to the Secure and Automated Multicloud. And this applies to the WAN edge. Drivers such as cost reduction, the need for simplified operations, or the desire to derive better performance of your branch all can serve as the impetus to take as step in the right direction on your journey.
Juniper created the 5-Step framework to describe this journey for the branch network. This enables you and your business to achieve a secure and automated multicloud enterprise. The 5-Steps helps you orient yourself in the journey, and what to expect next. And for each stage, it helps to set up for the next stage.
Step One – The Product-based Branch
Step one is where we see most of our customers’ branch networks today. Here, the enterprise branch network does its job, but not very efficiently. At the branch there is a stack of devices, each with a specific purpose and the overall lifecycle of each of those devices is unique to the product. Most branches do not have automation and most need manual intervention.
A common strategy to reduce the management burden is to combine two or more functional roles into one device to minimize impact or change required at the branch. An obvious choice is to combine routing and security into one customer premise equipment, or CPE.
Step Two – The Solution-based Branch
In step two, we evolve to a solution mindset. Now, it’s not to say that networks have not been designed to solve problems. Instead, they use SDN/NFV technologies to solve challenging problems that were just patched together in the past. One solution is to adopt zero touch provisioning (ZTP) of the devices, along with centralized, cloud-based management. ZTP helps not only reduce , but also helps establish a framework and solution to update software on the branch remotely in a very agile manner.
Customers that are looking to drive non-critical traffic from MPLS links to the internet can adopt SD-WAN. SD-WAN can also be used in a greenfield scenario as a way to expand the WAN and branch footprint by using an ISP and still maintain or achieve better application quality of experience (QoE) by using simple application based routing, DPI and app based QoS technologies embedded in the branch products. Deciding to break out internet traffic at the branch is when built in security at the branch becomes very important as well.
Step Three – The Operations-Driven Branch
In step three, the aim is for IT teams to be operations driven. Most operations typically have been bottoms up. To date, network and operations engineers resorted to using whatever technology was available to run operations. Traditionally this meant patching the overall operations/NOC infrastructure with vendor specific or 3rd party tools. In this stage, however, an operations-driven approach drives a more tops down approach in terms of intent driven multi-service branch/WAN orchestration. Expecting an outcome of a self-service portal allows your users to consume network as a service, and offers services that can be added on the branch with the self-service portal or even through API’s, allowing scale to thousands of branches. This is basically thinking of network functions as lego blocks that can be connected or service chains to build a network service design template that can be initiated/provisioned in real-time by the end customer.
With multi-tenant orchestration, different levels of access can be offered to an admin and operations teams can segment or slice the infrastructure for different tenants. [The network?] does not have to be limited to one person or one vendor. Instead, 3rd party VNFs are onboarded to provide the desired service chain at the branch that is orchestrated and managed centrally. Using SD-WAN + VNFs not only orchestrates the network infrastructure, but it also secures network infrastructure with capabilities like unified advanced threat management that can be centrally defined with policies and implemented uniformly across the branch/WAN infrastructure.
Step Four – The Business-Driven Branch
In step four, the branch network becomes business driven. The network is agile and flexible, and is also fungible in terms of network service and capacity needs. Engineered for simplicity, the network just works, never getting in the way, and ultimately helps the business get solutions to market faster.
An emerging example of this is the demo Juniper presented at the recent IoT World event. We demonstrated how to plug an AWS Greengrass IoT agent on the NFX, our versatile uCPE device, for edge computing at the branch. This allowed the NFX to relay all sensor traffic to the AWS cloud while providing the sensor devices with the ability to quarantine a particular sensor device if it is compromised. This is an example where a network is ahead of the business needs.
Step Five – The Secure and Automated Multicloud Branch
Step five is the final destination, with all of the different network domains – the campus, branch, WAN, data center and assets in a public cloud. All places in the network are seamlessly connected over a unified SDN/NFV framework with an end-to-end software-defined secure network, achieving seamless data and application portability, which are the building blocks to complete network readiness for digital transformation.
