Industrial Enterprise Networks

Last WAN standing?

As more enterprises adapt to a remote, highly distributed force, industrial machinery is not going anywhere — and needs more connectivity than ever before. The Industrial Internet of Things is driving a new architecture for the industrial enterprise. Coevolve’s CTO Ciaran Roche explains.

From branch offices to users in 2020

The last five years have been an exciting time for enterprise networks. SD-WAN, SASE, huge increases in bandwidth to offices using commodity Internet capacity. It feels like we saw more innovation in this period than in the 10–15 years before that.

There’s just one problem — offices. The middle of 2020 and the sudden COVID-related lockdowns saw vast numbers of enterprises rush to adopt remote working, almost overnight. A global enterprise with 200 remote offices and 10,000 employees no longer had to consider connectivity at those 200 offices, they had to support most of those 10,000 users working from their home Internet connections. We’ve seen some huge success stories from enterprises that figured this model out, and many have embraced it: the majority of businesses are now planning for partial or complete remote working on a permanent basis.

This rapid change has moved the focus away from traditional branch-centric approaches to user-oriented models. That shift has worked well for businesses that were already heavily invested in SaaS and cloud infrastructure, as many of them were already less dependent on internal applications and resources.

The industrial exception

While users may have left the network perimeter, there is one industry vertical where connectivity to physical locations is more important than ever. Industrial enterprises that operate manufacturing plants and other processing facilities don’t easily have the ability to send employees to work from home. In fact, in many of these businesses the network isn’t just supporting clusters of users accessing business applications, it’s carrying vital data from sensors for further processing and analysis.

The phrase “Internet of Things” or IoT is one of the broadest (and over-hyped) technology topics of the last decade. The very fact that it can refer to anything from a Wi-Fi doorbell to a vibration sensor in the engine of a commercial jet aircraft means that there will obviously be wildly different interpretations. However, industrial IoT has proven to be a very real phenomenon, and enterprises of all sizes are investing in this technology to obtain more granular metrics on production, predict failures before they even occur, and improve overall levels of efficiency.

This trend has resulted in a massive increase in the amount of data generated within an industrial enterprise, and is a primary driver for new technologies at the edge, specifically in these:

  •  Extending the edge into the industrial IoT environment
  • Multi-tiered compute and storage, including edge compute capabilities
  • Using technologies like SD-WAN to securely integrate the Information Technology (IT) and Operational Technology (OT) networks

The combined effect of these drivers is that the WAN is now more important than ever in industrial enterprises, and the functionality required is becoming more sophisticated. This in turn is driving the need for managed service providers that can add greater value in these environments, moving beyond the traditional WAN edge boundary and service definition.

Beyond the WAN edge: handling complex industrial IoT requirements

Historically, branch office topologies in enterprise networks were made up of WAN connectivity and LAN / WLAN infrastructure, with larger sites having multiple tiers of layer 2 / 3 LAN switches. In industrial enterprises, separate networks often existed to connect machinery or other production equipment that needed to communicate with each other. This was typically called an Operational Technology (OT) environment, and it was often deliberately kept completely isolated from the primary IT infrastructure.

We’re now seeing a change in the functionality and connectivity that is required at these sites. The biggest change relates to the vast quantity of devices that need network connectivity. The cost of network-connected sensors has dropped by more than 80% in the last decade, which has allowed manufacturers to deploy them at many more locations throughout their plants. These sensors can provide more granular data on temperature, vibration, movement, light or a number of business-specific metrics that can be processed and used to deliver measurable improvements.

These network-connected sensors need to access the network somehow. We are seeing a significant increase in the number of wireless-connected devices of this type that need connectivity. It isn’t just Wi-Fi that is being used — many industrial businesses also make extensive use of other radio-based wireless technologies like Z-Wave and Zigbee. Larger campuses, especially those with outdoor machinery or equipment that requires reliable connectivity are using technologies like private 4G LTE, as well as low-bandwidth technology like Sigfox and LoRa. 5G technology is also expected to see some adoption in these use cases over the coming years.

This wide range of intra-site connectivity creates a potential new role for the network edge. In addition to acting as a gateway for traditional Ethernet-based connectivity, there may be benefits in deploying a centrally-orchestrated platform that can act as a hub for the various wireless technologies used at a site. One of the main benefits of deploying this functionality at the network edge is that the data from the array of sensors at a site no longer just needs to remain at that site — it frequently needs to be processed by, and stored in, infrastructure that is increasingly deployed in the public cloud.

Multi-tiered compute and storage

Having considered the new role the network edge can play in connecting to the sensors and other data sources within a site, we turn our attention to another rapidly-growing requirement in the industrial enterprise. The ever-growing network of sensors is capable of generating an overwhelming amount of data — much more than could easily be transmitted over the WAN. In many use cases, it makes sense to perform the initial processing of this data locally, and then send the derived or refined data to cloud-based infrastructure. The WAN edge is a potentially attractive place to perform this function. We’ve already seen a rapid shift towards the use of x86 compute infrastructure at the branch to run SD-WAN functionality, and this can easily be extended for other business-specific compute requirements.

One of the key benefits of this approach is the ability to have centralized orchestration of these workloads, rather than managing everything locally. We are seeing a growing interest in the use of container-based compute functionality on the WAN edge devices, with standalone containers or small Kubernetes clusters running business-specific workloads very close to the data source.

There are some scenarios where edge compute requirements go beyond what is possible on a standard WAN edge device. We are seeing an increase in mobile, or portable mini data centers that can be deployed at the edge, exactly where the compute resource may be required. Interestingly, the major cloud service providers are even starting to offer these capabilities, managing these compute ‘pods’ through the same interface that is used for cloud-based workloads.

Outside of the site, most large-scale compute and storage for this data will be performed in the public cloud or in co-located data centers. Once again, the WAN edge plays an important role in providing reliable connectivity paths to this infrastructure and can ensure that this traffic is protected from a security and performance perspective.

Combining IT and OT for a secure, converged network

Given the requirements we have previously outlined, it no longer makes sense to look at traditional technologies to glue everything together and provide secure, reliable connectivity for users, machinery, sensors and anything else that requires network access. Industrial enterprises started looking at combining IT and OT environments when the OT connectivity needed to extend beyond the site’s boundaries. Maintaining separate LANs may have been feasible but very few enterprises have the budget or resources to operate multiple parallel WANs.

Sophisticated SD-WAN solutions can provide the necessary segmentation (and even micro-segmentation) to allow the industrial enterprise to operate a fully converged network. The critical OT traffic can be kept completely separate from other data on the network, and can maintain a separate topology if required. For example, connectivity could be permitted only between a locally-deployed container and a specific cloud workload to allow data to be uploaded.

This approach can deliver significant cost savings, as each component of the network no longer needs to be duplicated, and data can be processed and stored in the most appropriate location. It also makes the infrastructure more portable, as the software-defined network can easily accommodate connectivity to new locations in the future if required.

The role of the managed service provider in the industrial enterprise

It is clear that industrial enterprises represent one industry vertical where WANs are growing in importance, even as the trend goes the opposite way in other verticals. But the reasons for this highlight the fact that a generic approach is not what is required. Traditional managed WANs looked very similar between industry verticals. Sure, businesses with critical requirements would have more high-availability sites than others, but the basic service definition was nearly identical in each case.

Even in the case of service providers with multi-domain capabilities, these have typically operated in silos. WAN, LAN, security, application and EUC teams would have only limited interactions, requiring the enterprise to interact with multiple teams and reducing efficiency.

As the technology requirements in this industry vertical become more sophisticated, a role is emerging for a new class of managed service provider that can assist with more than just managing WAN endpoints. To be able to effectively add value to the enterprise, the MSP must demonstrate competencies in more of the areas outlined in this article. This includes a strong understanding of what sits inside the production and OT environments at the sites, and how the huge network of sensors will connect to the network. It requires the ability to consult with the enterprise on compute infrastructure and containerized workloads; where should these be deployed and how are they managed? And finally, it requires a comprehensive set of capabilities on the WAN-facing side, including the ability to manage underlay, overlay and security components.

At Coevolve, we continue to develop our industry-specific capabilities to add value to our enterprise clients. We are working with global enterprises today to develop new architectures for sites that encompass many of these capabilities, delivering improvements in performance, visibility, productivity and cost.