Another reason it’s time to retire traditional routers at the branch: Sub-par SaaS Performance!
We often hear from customers that their employees complain that Salesforce.com (or Office365 or Workday or any of myriad SaaS apps) is more responsive from home or from Starbucks than from the branch office.
Why? Because conventional router-centric WAN architectures typically backhaul all SaaS and IaaS traffic to the data centre for more advanced security verification than is typically affordable at branch sites. Backhaul, which is usually based on expensive MPLS transports often limited in bandwidth, adds latency that robs performance from SaaS applications and IaaS services. As a result, employees become frustrated with the quality of experience and may avoid working in the branch office altogether. And worse yet, impaired worker productivity often results higher operational costs and even reduced revenue.
To deliver the highest and most consistent SaaS and IaaS performance possible, why not connect users directly to these cloud services over the internet from the branch? Why not send that traffic in high speed broadband links that are often less expensive than leased line MPLS services? The challenge with doing so is overcoming the reliability and security concerns inherent with using internet services for enterprise applications. With an advanced, application-driven SD-WAN, this is now possible. Let’s look at both.
Internet services are prone to periods where packet loss and latency can exceed acceptable thresholds (brownout) that can impair SaaS and IaaS performance. This is exactly the challenge we’re trying to overcome! However, by using two or more broadband services, preferably from alternate providers but at least diversely routed, this challenge can be addressed. If one service experiences a brownout, an advanced SD-WAN that continuously monitors packet loss and latency can re-direct traffic to the “best performing” link, maintaining high SaaS and IaaS performance for the user. When the impaired service recovers, it automatically becomes available again to the WAN transport bandwidth pool.
Not all web apps are created equal. Therefore, the SD-WAN solution must include the ability to enforce granular application-driven security policies. A possible policy might specify that trusted SaaS apps like Salesforce, O365, Workday, Box and Dropbox can be steered directly to internet services from the branch since enterprises can confidently rely on the security measures these applications inherently support. But for recreational or unknown web-bound traffic, the policy might dictate more advanced security screening. An advanced, application-aware SD-WAN solution can intelligently and automatically steer this traffic to either cloud-based security services or to next-generation firewalls and IDS/IPS services back at headquarters by service chaining.
The SD-WAN solution must also keep pace with constantly changing IP address tables utilised by popular SaaS applications such as Office 365, Salesforce.com, Box and others. These updates must be captured and distributed daily and automatically to all sites, analogous to the updates you may experience for virus protection signatures on your laptop. Basic SD-WAN solutions that require manual re-programming of IP addresses or that rely on third-party signature libraries simply can’t keep up.
If your users are complaining about sub-par application performance whether SaaS, IaaS or data centre-hosted apps, it’s time to unload conventional routers and deploy an advanced SD-WAN solution.
To discover more about sub par SaaS performance, why not register for Digital Transformation EXPO Europe, Register your interest here. ______________________________________________________________________________________________________________________________________________