Ruslan Rakhmetov, Security Vision
Computer networks connect devices and allow data exchange for various tasks: combining a smart home speaker with a kettle, monitoring security status in a remote office, shopping in an online shop, accessing a working document storage from home, etc. We have already talked about the types of networks (local and geographically distributed, private and public), and in this article we want to focus on the features of Wide Area Networks (WAN) and the technologies used to create them.
The main task of a WAN is to connect distant objects to each other, and more expensive technologies than Bluetooth or Wi-Fi are used for this purpose. Therefore, capital expenditure can often be optimised by adding smart control to the network. This can be compared to superapps, which not only keep users within the same ecosystem of services, but also give the latter more capabilities from a single interface. One of the earliest superapps is China's WeChat, which combined household and financial, government and other services within a messenger. The user of this superapplication can chat with friends, order food, transfer money and pay utility bills. If you imagine a company with a large number of offices across the country, it would also be useful for network administrators to manage such networks from a single interface, for example, using MPLS (Multiprotocol Label Switching) or SD WAN (Software-Defined Wide Area Network).
Since scaling and traffic management is much easier with SD WAN, maintenance costs are lower, and adding new locations is faster, we will focus on this technology and cover its main features.
Software centric management
First and foremost, SD WANs are organised programmatically, as the name implies. This approach allows you to configure WAN networks not on individual devices, but through a single interface, as, for example, the management of a smart home in applications from Yandex and Amazon. If you imagine the classic approach, it would be like a set of remote controls for TV, air conditioner and smart bulbs, while the unified software interface is through a common app on a smartphone, or even by voice without the need to have the phone in your hand all the time.
For IT professionals, easy management is the first obvious benefit of SD technology, but businesses can also reduce the cost of traditional expensive MPLS lines and be able to adapt to the growth and changing needs of employees and customers.
Dynamic routing
SD-WANs can choose the best path for traffic and change it from case to case based on current settings. Traditional WANs typically use static routing, and this can have less reliability and lower performance (speed). A dynamic approach can be compared to car navigation systems that re-route routes based on traffic jams, toll roads, or if the driver deviates from the original route. Re-routing according to the situation allows the driver to avoid distractions and makes travelling safer by relieving roads in repair or densely populated areas. In addition to simplified navigation, dynamic reconfiguration can be seen everywhere: smart traffic lights (switching depending on traffic jams and time of day), music services (changing the selection depending on your likes and dislikes), nuclear power plants (controlling heat exchange and electricity generation according to consumption statistics by season and time of day).
Dynamic configuration in SD WAN allows for real-time network configuration, simplifying the addition of new nodes and traffic optimisation without sysadmins' trips and the need for on-site intervention. The technology provides automatic switching and redundancy of connections, which increases network availability and reduces the risk of downtime, because even one hour of business downtime, unavailability of an online shop or bank application can negatively affect profits and customer confidence.
Traffic optimisation
SD-WAN offers data compression, caching and traffic distribution between different links to improve application performance and save money through faster connections. Automatic failover between links also contributes to higher network and application availability, as discussed above.
You can compare this optimisation to the recent files directory in MS Windows, the collection of recently opened applications on your smartphone or browser caching, where Google Chrome, for example, saves pictures and text, logins and passwords so that when you re-open the page, you don't have to download everything again (this saves traffic and speeds up surfing the web).
Security
SD WAN can include traffic encryption, anti-malware mechanisms and network segmentation capabilities. The solution provides IT and IS professionals with monitoring and reporting capabilities to help them detect incidents faster and analyse traffic to identify anomalies. Event log analysis can be enabled, and SIEM can be enabled for more effective threat handling and for further incident processing in SOAR. For businesses, centralised policy management also allows you to manage and quality of service, ensuring compliance with regulations and standards, and avoiding potential negative customer experiences.
The high level of security and advanced monitoring is similar to the use of video intercoms and surveillance cameras in entrances and indoors. These tools can be used to receive notification of the status and activity of pets, couriers delivering goods to the door, or the arrival of expected or uninvited guests.
Data transmission is very important and consists not only in connecting devices with each other by cables or wirelessly, but also must provide the right communication channel (the width of the channel - a kind of multi-lane road highway, where thousands of cars can pass), traffic optimisation (choosing the path and the right turn at the ‘junction’) and dynamic routing (finding more optimal and easier routes, rearranging depending on the conditions around).
For company offices and simply devices separated by long distances (where NFC, Bluetooth and Wi-Fi can't reach), WAN networks can be created in different ways:
- classical approach, possibly with optimisation on individual transmitter devices;
- MPLS, which operates at layers 2 (Data Link) and 3 (Network) of the OSI network model;
- SD-WAN, the benefits of which we have explored in more detail in this article.
The most important thing is to adhere to optimal parameters and security standards to ensure reliable and predictable data delivery and to fulfil the basic task of connecting everything you can for different tasks.
