Akamai Diversity

The Akamai Blog

Remote access in a software defined world

When I first ventured into technology, I wish someone gave me a heads-up about the bevy of acronyms to remember. It feels like every day a new acronym related to technology is formed. It's hard enough remembering names within my family. During Thanksgiving with a full house, I struggle to remember even my own name! When I first heard of SDN - software defined networking, I was still working for a mobile technology vendor. That was a world where even network elements had acronyms (SGSN, RNC, GGSN, HLR, etc). SDN hadn't found adoption as much as it did within the enterprise/data center space. SDN is the separation of the network control plane from the forwarding plane, moving it to a centralized point where the control plane (represented by a controller) orchestrates several forwarding devices. This separation, while leveraging network virtualization, allows for optimization of control plane workflows and also aims at making the network agile and flexible. I was enamored with the concept. For one, I could count down to days when I no longer engaged in the manual, error-prone and time-consuming process of logging into each network device via the command line interface (CLI) to program the control plane of network devices. I still wonder how I remembered the CLI commands during my networking certification exams and system administrator days.

Then came another - SDWAN - Software Defined Wide Area Networking. At least the first two words sounded familiar, but its application to WAN was intriguing; and that's what it is. SDWAN is the application of SDN technology to the Wide Area Network. The case for SDWAN stems from movement of on-premise applications to the cloud (Office 365, Box, Salesforce, G-suite, etc.) and also a change in application workflows that require networks to adapt to this change. Companies typically use MPLS to create a private network, but it does not provide the access needed to these cloud applications and guarantee performance for end-users. Companies looking to drive down cost of ownership of MPLS look to SDWAN to centrally analyze and provision network traffic as well as aggregate multiple types of network connections to create strong and cost-effective connections.

It didn't stop there. Next, I heard Software Defined Data Center (SDDC), Software Defined Perimeter (SDP), and Software Defined Access (SDA). Don't worry, I didn't get too annoyed. Just as I was about to pull out my hair, I realized a pattern: all these new terms also included "software defined". Clearly, going the "software defined anything" route has some benefits. It makes the network agile and flexible, enables control plane workflow optimization, lowers enterprise's CapEx and OpEx, increases visibility into the network, and improves IT efficiency through automation - just to mention a few. 

It's clear to see the benefits to having some "SDx" technology within the enterprise network especially in the area of remote access to applications. We can start with having a cloud-based, multi-tenant, SDN-type of solution that requires no specialized hardware, but is implemented in a globally distributed system of application proxies in a fashion that puts each user within one-network hop of any proxy and each internal application fronted by one. The centralized control plane allows changes to be made simultaneously and easily managed across the network. The multi-tenant cloud infrastructure allows businesses to dynamically scale the network as needed. From an operations standpoint, collapsing functionality of the alphabet-soup of network solutions (i.e ADC, FW, VPN, IAM, MFA, etc.) that require proprietary configuration and management into a single solution where control (that is centralized) and data planes are implemented in software only is very appealing to IT teams. Notably, it reduces operations overhead and increases productivity. Add the capability to manage identity of users/devices and who accesses any application, while at the same time authenticating them at multiple levels using the same solution, and you drive down the cost running your security infrastructure.

This solution, when used in an SDWAN deployment, is an excellent option to deliver applications over broadband/wireless internet connections in a secure manner ensuring users are authenticated outside of the network. Users are also able to have a single sign-on experience to cloud and legacy applications after successful authentication. Using application proxies provides much needed visibility into network traffic and allows administrators to implement layer 7 inspection and introduce WAF capabilities on all user traffic while optimizing the connectivity at network, transport and application layers to provide a fast and seamless experience for users accessing the applications. In addition, the application proxies, implementing an SDP around high-value applications, provide necessary isolation and mitigate any lateral movement which network attacks depend on.

Check out EAA, a solution with all the features above and more.

Leave a comment