Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have revolutionized the world of networking. NFV’s success in telecom space and the imagination of a few experts to extend to this enterprise have given birth to the idea of Enterprise Network Functions Virtualization (ENFV). The concept of physical network appliances is going away, leaving only the switch as the lone wolf in the appliances space. Moving every network appliance from a physical world to virtual and packing them in a single x86 appliance is possible now. This Point of View (PoV) document discusses about one such trend of virtualizing important network and security functions and therefore making the branch networks run from a single box.

Current approach and its challenges

Large corporations of various industry verticals such as retail or banking heavily rely on branches in conducting day-to-day business for one simple reason – they are closer to the consumer of their products or services. While cloudification has successfully moved the applications to a central location, the people who need to access these applications are distributed across the country or globe. However, with the increasing costs and need for consolidation it’s no longer possible to have an IT staff member in each branch. Some of these branches may be as small as 5-10 employees. With increasing complexity in technologies, the generic IT administrators no longer can handle highly specialized IT tasks. You need specialized operating system administrators, back-up administrators, IT security staff and somebody to manage them all. Of course, a branch cannot afford an expansive IT department. Management of Head Quarters IT or the data centers are being outsourced to commercial outsourcing & professional services organizations. Can you manage a branch with no IT staff? Seems unrealistic, but with the branch-in-a-box approach, it’s doable.

Current approach in connecting the branch is:

• MPLS link from a service provider
• Branch network router (appliance) (often provided & managed by the service provider)
• Small firewall or Unified Threat Management (UTM) (as security is an inevitable investment to protect from unknown threats)
• Internet link for local Internet breakout (some corporations back-haul the Internet traffic to main data center for improved control and minimizing security layers, at the cost of performance and user experience). Local Internet breakout is encouraged by the wide spread adoption of applications on the Public Cloud.
• A local server (for a small network Active Directory, file & print sharing or simply a local storage)
• Few applications only local to the branches (time & attendance, Point of Sales, or local CCTV monitoring)
• A small backup solution (if there is any critical data to be backed-up locally)
• A layer 2 switch to connect the rest of the network
• A wireless LAN controller (newer solutions such as Cloud WiFi eliminates the need for local controllers)
• Wireless Access Points (WAPs) in strategic locations of the branch office While the above approach perfectly connects the branch to the Data Center or Head Quarters, there are several shortcomings in this approach.
• Cost of several layers of equipment
• Additional cost to build redundant equipment (if the branch is critical)
• Technology obsolescence and need to upgrade (often forklift)

• Specialized IT staff to manage
• Fate of the critical data that is not backed-up

New approach – Virtualized Branch Networking

Virtualized Branch Networking with the power of hyper-convergence is the new approach that is geared-up to address the above shortcomings.

• It eliminates multiple appliances, converging them to a single appliance or a commodity x86 server
• Redundancy is still a challenge, but can be addressed through software methods
• Easier to replace an x86 server with the latest machine or scale it with additional memory and storage
• No branch IT staff required
• Option to centrally back-up the data (real-time or after office hours) and restore it when branch fails

This is achieved through virtualization of network functions including routing, wireless LAN controller, firewall, and virtualized servers for running various local applications. Switch may be still required, but a small network switch (supported by few manufacturers now) as a module in the server itself, serves the purpose. Access points cannot be replaced though.

The benefits hyper-convergence brings to a branch office network is not only limited to running network functions; with the compute and storage available on these appliances you may run small branch office applications, domain, file and print services, time and attendance applications or CCTV surveillance consoles. All these come with the enterprise grade advantage of centralized back up and management.

This single server can be shipped to the branch offices preconfigured waiting to be connected to the Internet (a task which can be achieved by a non-IT staff) and powered, while rest of the configuration, management, policies and control from one central location. In a single click, back up of branch data can be initiated, restored from central location and the branch is up and running in no time.

Benefits

Resultant benefits are several:

• Minimize power consumption of several devices
• Minimize multiple points of failure
• Less space required (instead of a 42U rack, go for a 19U mounted cabinet rack)
• Data loss eliminated
• Improved security
• Better user experience

Critical success factors

Several leading network vendors have recognized the need of customers managing large number of branches and have packaged their hyper-converged branch solutions. However, the following will determine the success factors of such solutions:

• Ability to support Ethernet and other WAN terminations
• Ability to support hardware level redundancy
• Ability to support 3G/4G
• Ability to restore the base image of the appliance/server using an USB/flash storage
• Centralized backup and restoration
• Wider support for business applications
• Advanced security feature sets

As the customers adopt more and more branch-in-a-box solutions, feedback exchange with vendors and system integrators these solutions will mature over the period resulting in simplified, secure branch office networking. Be assured, time has come to order your branch networking in a box and unbox your branch.

Mohan Krishnamurthy Madwachar- Mohan has coauthored eight books published by Syngress:

• Designing & Building Enterprise DMZs (ISBN: 1597491004)
• Configuring Juniper Networks NetScreen & SSG Firewalls (ISBN: 1597491187)
• How to Cheat and Securing Linux (ISBN: 1597492078)
• How to Cheat at Administering Office Communications Server 2007 (ISBN: 1597492126)
• Microsoft Forefront Security Administration Guide (ISBN: 1597492447)
• The Real MCTS/MCITP Windows Server 2008 Configuring Applications Infrastructure Exam 70-643 Prep Kit (ISBN: 1597492478)
• CompTIA Network+ Certification Study Guide (ISBN: 1597494887), and
• CompTIA Security+ Certification Study Guide (ISBN: 1597495409)

He also writes in newspaper columns on various subjects and has contributed to leading content companies as a technical writer and a subject matter expert.

To contact the author, write to: Marketing.gis@wipro.com