What is an enterprise access network
In enterprise IT infrastructure, an access network (wired and wireless) is considered to be the least critical compared to data center and wide area network. But this is a vital part of the enterprise network where the user experience decides the perception about the network. The dynamics of user traffic are changing, especially with more IoT devices coming into the access network, content heavy social media, voice, video and data, which puts a lot of stress on the access network. At the same time a user access network is where the IT service desk faces more than 70% of the tickets, irrespective of whether the root cause lies within the access network or not.
Current business challenges of enterprise access network
Key business challenges that businesses face with an enterprise access network are mentioned below:
Figure 1: Business challenges
Besides the business challenges, an access network has several operational challenges as given below:
Wired and wireless access is based on IP address. This network approach becomes complex to manage in large enterprises.
Service desk lacks visibility of user privileges.
Distributed management and configuration of network and business policy across access network manually. Lack of programmability makes the management of access network cumbersome.
The configurations of access devices are done in a box-by-box approach. No central visibility and control over the network as a whole.
Lack of segmentation based on user or policy. The network segmentation is handled at the VLAN layer, which is not a scalable method and becomes expensive while managing manually.
Difficult to achieve mandatory compliance of isolation and security especially with diverse type of devices, users across the network.
What is software defined access?
Software Defined Access (SDA) is a method based on the SDN (Software Defined Networking) principle to have a faster, secure network access for users. It provides access to any application in minutes, without compromising on security. Gain better awareness of what is accessing your network, irrespective of whether it is an intelligent user or an IoT device. SDA is achieved by creating a secure network fabric across devices in the network.
A typical campus or branch office network looks like below.
Figure 2: A typical enterprise user access network
The new way with software defined access
In the new SDA method, a controller is introduced, which controls the whole network and makes all access and edge layers into a single logical fabric. All business and network policy is applied to the access network at once through a single centrally controlled console.
Figure 3: The new software defined access
The SDA has functions of policy, automation and configuration. The controller being central and connected to all devices, has visibility to all data, thus getting complete information about network flow and applications going through devices. This makes monitoring and troubleshooting much easier and faster.
Intent based networking: Software Defined Access is intent based. The business intent or policy can be applied and automated from a single controller.
Network fabric: Network is not distributed, but is managed as a single fabric for all access devices. This fabric is formed of wired access switches, wireless controllers and access points.
Analytics: Whereas earlier the network was distributed and running in individual switches, SD gives complete analytics in the central controller. This provides data at network and application layers, making it easy to get visibility and the ability to faster troubleshoot application access issues.
Policy based: Access to the network is based on programmable policies pushed centrally. Unique and seamless authentication and authorization is possible for users to access network. This authentication and authorization can be connected to the central active directory database and aligned with user business policy.
Automated: Onboarding of users, devices and applications through automated systems make configuration and provisioning much faster, and enable IT access layer to respond to business requests in much lesser time.
Secure: The fabric data plane is based on VXLAN and is encrypted. The encrypted traffic analysis and secure central authentication through policy enforcer makes it a secure segmented network at access layer.
Business use cases for software defined access
Network segmentation: Right user segmentation in network beyond just VLAN. The SDA enables enhanced network segmentation with VXLAN, which makes right access policy for right kind of users, and devices.
Monitoring and troubleshooting: Single dashboard for user and infrastructure monitoring gives better visibility for network and resources. Also gives visibility to users and application flows reducing troubleshooting time.
Simplified guest access: Simplified policy provisioning for guest users in the network especially on wireless. This can be automated and integrated with guest management services, thus, making guest user enablement a next generation experience.
IoT at Scale: SDA makes IOT adoption much easier with right access to network, segregating from normal users. Right policy configuration for IoT devices makes appropriate segmentation possible for IOT devices.
Faster user onboarding: User onboarding can be done much faster since the SDA fabric is automated and integrated with ITSM systems and orchestrators.
User mobility and seamless access: The users get a seamless and unique access based on their access privilege across wired or wireless network irrespective what segment users are situated.
Software Defined Access is a new way of doing networking at the access layer. While it is easy to take a Greenfield approach to SDA, the Brownfield implementation requires a lot of planning to move to a software defined way. The specific vendor capability, hardware-software capability to support the new features like VXLAN, security and authentication need to be verified before moving to SDA. It is advisable for enterprise customers to take a consulting approach, do pilot where they need to validate the use cases, readiness and further moving towards the SDA, to enable enterprise access to a digital network.
Director Network Services, Cloud & Infrastructure Services, Wipro Limited
Ramesh has 18 years of experience in the field of Information Technology, Networking Infrastructure Architecting, and Technical Delivery. He specializes in the field of software defined, traditional and cloud networking areas. Currently, he heads the Software Defined Networking practice globally within Wipro’s Cloud & Infrastructure Services. He leads a team of SDN Solution architects, Cloud and Openstack networking professionals, to shape the future of the SDN business for Wipro in global geographies. He holds multiple industry leading certifications, which include Juniper Networking Professional certification, as well as Openstack certifications from Red Hat and Mirantis. Ramesh can be reached at email@example.com