qstockmedia - Fotolia

Versa's SD-Branch could create simplified 'thin branch' management

Networking expert Zeus Kerravala weighs in on Versa Networks' SD-WAN extension, SD-Branch, which could simplify branch management while creating a thin branch.

The concept of the "thin branch" has been theorized for as long as branch offices have existed. Branch management can be messy and complex, since branches typically require a cornucopia of equipment, including routers, firewalls, WAN optimization, VPN concentrators and a number of other appliances. The problem with this, of course, is the branch management overhead is tremendous, as each appliance typically needs to be configured, upgraded and maintained individually. This prompts the thought, "There must be a better way."

Utopia would be a single box that had all the functionality required for a branch. These boxes have been discussed for decades now, but the closest the industry ever came was with unified threat management that bundled together a number of security functions. But this single-box vision is what's known as the thin branch.

Versa could introduce simplified branch management and a thin branch

Last week, Versa Networks announced an extension to its software-defined WAN platform, SD-Branch, that could bring the concept of the thin branch to life. Some might wonder why it makes sense to tie branch redesign to the wide area network, but the two are inherently linked. Rearchitecting connectivity and not changing the branch only fixes half the problem. One of the value propositions of SD-WAN is lower operational costs. Focusing on the transport, but not the branch, limits the value of the transition. 

With SD-WAN, network operations teams are already of the mindset to change things up, so attacking the network and the branch at the same time is sensible.

As I mentioned, there have been attempts to consolidate branch management functions before, but Versa's approach differs in two areas. The first is no one has tried to tie branch redesign to SD-WAN. Without tying in the branch, you're solving only part of the problem. IT tends to have an "if it ain't broke, don't fix it" mentality. For example, if everything is working in a branch, IT can push the decision to redesign the branch to a later date. With SD-WAN, network operations teams are already of the mindset to change things up, so attacking the network and the branch at the same time is sensible. 

The second difference is Versa's use of network functions virtualization enables it to run a variety of applications on the platform. Versa's platform is loaded with a number of features, including integrated Long Term Evolution, an Ethernet switch, a Wi-Fi access point, full routing, next-generation firewall and other functions needed in a branch. Versa also has a KVM hypervisor on board, which lets businesses run their favorite virtualized application on the platform itself. For example, if the organization already has a large installed base of Riverbed WAN optimization devices, it can run the virtualized version on the box. This could extend to functions like Fortinet security, Avaya telephony or other name-brand vendors.

While Versa offers integrated Wi-Fi with the platform, it's really meant for single access point deployments. A customer could load something like an Aruba Wi-Fi controller on the Versa platform and use it to manage enterprise-wide wireless. The key is that the use of the KVM-based hypervisor creates choices for customers; they can run the onboard function or pick their own top-of-the-line vendor. Then, branch management as a whole becomes less complex.

Another benefit of the virtualized services is they become more agile and can be spun up and down on demand. Take the example of a branch office where the company migrates to a hybrid WAN -- using MPLS and broadband. The company keeps the old architecture in place and backhauls all the traffic through the data center, so no firewall would be needed. But months down the road, if the organization decides to do local internet breakout, it would need an on-premises firewall. Historically, that would require someone physically deploying a new appliance. With Versa's SD-Branch extension, that firewall function can be turned on with the click of a mouse. 

Thoughts about SD-WAN deployment are shifting

The Versa launch is well-timed, as customers are starting to think more broadly about SD-WAN. Until now, most customers were deploying SD-WAN strictly for cost savings. A recent ZK Research and TechTarget WAN survey showed the need to increase WAN agility is now the top driver for SD-WAN deployment. 

SD-WAN has been around long enough that there's no more debate about whether it's cheaper than a legacy network. It is. But businesses that are deploying SD-WAN should start thinking about what new things SD-WAN can enable -- and this should include shifting to a thin branch, where branch management complexity and managing multiple appliances goes away.

Next Steps

A guide to understanding SD-WAN

An EarthLink SD-WAN case study

Start here before considering SD-WAN

This was last published in May 2017

Dig Deeper on Branch office network design