Guido Vrola - Fotolia

SD-WAN routing changes branch dynamics

This week, bloggers look into the changes wrought in the branch by SD-WAN routing, endpoint security tools and Microsoft's new SONiC open source software.

Mike Fratto, an analyst at GlobalData in Sterling, Va., foresees SD-WAN routing replacing branch routing. "I make no secret that I think SD-WAN is the cat's meow," Fratto said. Depending on the size of company and size of its branch offices, dedicated branch routers have already been replaced by a unified threat management or firewall system. At many branches, there is only a single WAN connection and no need for a router. Branch routers have continued to be deployed at locations with more than one WAN connection, where IT teams want redundancy for the firewall routing stack or to separate the routing function for security purposes. According to Fratto, SD-WAN routing eliminates the need for single-function branch routers.

In addition, Fratto said, SD-WAN routing eliminates what he termed complicated and brittle routed WAN, although some engineers may be hesitant to give up on carefully constructed Border Gateway Protocol structures at first. "I simply don't see a good reason for most enterprises to continue to use a suite of bespoke functions, either in hardware or software. Doing so simply complicates management for very little benefit. Don't carry your legacy networking into the future," Fratto said. He added companies need to consolidate and replace old functions as much as possible, rather than integrate redundant capabilities.

Dig deeper into Fratto's assessment of SD-WAN routing.

How to manage endpoint security

Mark Bowker, an analyst at Enterprise Strategy Group in Milford, Mass., said IT teams wrestle with whether to upgrade existing security tools or invest in new platforms to secure endpoints. The network perimeter is constantly expanding with the growth of cloud, mobile and IoT. As new devices, applications and innovations make their way to IT operations, teams are left debating the best vendor strategy and when to acquire new tools. IT operations teams face challenges responding to security team requests even as they wrestle with the IT budget decision-making process.

According to Bowker, modern management platforms allow users to set and execute policies across different applications, devices and platforms, but these features are often poorly understood by security teams. Nevertheless, existing investments and strategies are changing as the hurdles facing businesses force IT teams to explore modern management. Overall, Bowker said endpoint security management tools are beginning to converge and look much the same. Cisco, Jamf, IBM, VMware AirWatch and Microsoft are building in more security protections, while vendors such as Symantec, McAfee and Trend Micro focus more on endpoint security. Threat intelligence to prevent attacks is a key consideration for companies, but IT teams must make important decisions about the best management approach to take advantage of capabilities from IBM, Cisco, Microsoft, Google and other vendors.

Read more of Bowker's analysis of endpoint security management.

Microsoft makes data center play

Drew Conry-Murray, writing in PacketPushers, profiled the open source SONiC switch operating system, developed by Microsoft and the focus of a demonstration by Barefoot Networks and Apstra at the 2018 Open Compute Project Summit. Microsoft has followed a pattern common among hyperscale data center operators such as Google and Facebook of taking components from its environment and building up open source communities around them.

The release marks a new Microsoft data center play, as it tries to attract developers to enhance the software and a broader range of users that will benefit the company. According to Conry-Murray, startups and other vendors are drawn to SONiC because it gives them the chance to sell their products to Microsoft and other large adopters.

Barefoot used Microsoft's Switch Abstraction Interface to show how its silicon performed on white box switches while Apstra demonstrated SONiC support through its AOS intent-based networking system, with Mellanox switch hardware. "Apstra, which configures and orchestrates network infrastructure, needs to interoperate with a broad range of network software and hardware to appeal to the broadest range of customers," Conry-Murray said. However, Apstra doesn't offer full support for SONiC yet, offering only a proof of concept for the time being, he added.

Dig deeper into Conry-Murray's thoughts on SONiC.

Dig Deeper on SD-WAN

Unified Communications
Mobile Computing
Data Center