SD-WAN presents enterprises with the opportunity to use techniques like Network Function Virtualization (NFV) and service chaining in the WAN.

There are lots of acronyms – here’s what they mean:

SDN, SD-WAN and NFV Terminology

Security architecture in SD-WAN

Several trends are driving the security architecture that enterprises are adopting in an SD-WAN environment. These include:

  • There is an increasing need to reach the Internet closer to the edge, rather than backhauling traffic. Major SaaS vendors, including Google and Microsoft, have deployed extensive CDNs and intelligently distribute content to improve end user experience. Backhauling traffic negates many of the benefits this would otherwise provide
  • Cloud-based security services are gaining market share. Enterprises are increasingly adopting services like Zscaler to secure outbound Internet connectivity (including user authentication, policy management, logging, etc.) without dedicated security appliances. Service chaining with SD-WAN can greatly simplify the process of redirecting traffic intelligently to these services
  • Regionalized next-generation firewalls can be used for specific traffic types. For non-web traffic that requires an additional level of inspection, control or filtering, next-generation firewalls can be deployed regionally. Again, SD-WAN policies can redirect specific traffic to the nearest inspection point, without the traditional complexity of policy based routing or other configuration

The impact of NFV

Network Function Virtualization (NFV) is changing how services that would traditionally have been deployed as appliances are implemented at each site. Instead of physical appliances, services (like firewalls) can be deployed as a virtualized service. Several SD-WAN offerings leverage the fact that they run on standard x86 hardware to provide a virtual environment to run these services. Some enterprises take this a step further and deploy generic VM host hardware at their sites, with SD-WAN, firewalls, and other functions becoming VNFs on this hardware.

This trend is likely to continue, and the maturity of the integration between the layers (e.g., SD-WAN and security) will continue to improve. Reducing the number of appliances is seen by many enterprises as a positive step, as it allows for a reduction in hardware maintenance costs and potential failure points.

Coevolve’s Integrated SD-WAN Solution incorporates Service Chaining and NFV to integrate next-generation security solutions with the WAN.