redefining remote access with a managed sd-wan€¦ · redefining remote access with a managed...

Redefining Remote Access with a Managed SD-WAN

The Cloud-First WAN Company

1www.aryaka.com 1800 Gateway Drive, Suite #200, San Mateo, CA 94404, 1-877-727-9252 1


Dependency on VPNs for Remote Access

Executive Summary

Organizations now support an increasing number of remote and mobile employees who require access to core business resources, as businesses expand their work-from-anywhere strategies. Tasks performed remotely have moved beyond simply sending email and now include collaborating, writing code, submitting and sourcing information, and accessing business critical applications.

Today, there is no difference between tasks expected of remote and mobile employees. Individual user productivity and the productivity of the company is therefore tied directly to the workforce’s ability to remotely access business applications, data, and IT services from any device at any location and at any time. VPN has been the logical solution for remote access since it offers a relatively low-cost approach and ensures the data is kept secure and encrypted when traversing the internet. Enterprises have come to rely upon VPN as the primary means of connecting mobile workers and remote branch offices to the corporate infrastructure from disparate locations.

Challenges with VPNs

Despite the widespread adoption of various VPN technologies, this mode of remote access is not without issues. VPNs remain heavily dependent upon the public Internet to deliver application access end-to-end. Applications running across the VPN may benefit from the functionality, security, and management of a private (tunnel) network, but they are subject to the limitations of the public network.

The public Internet, especially across long distances, suffers from high-levels of packet loss and increased latency, as data from Aryaka’s State of the WAN Report shows (see figure 1 below). Complete reliance on the public Internet, therefore, can create unpredictable roadblocks to VPN performance.

SD-WAN has been hailed as a next-generation solution that’s revolutionizing the corporate WAN and paving the way for simplified and cost-effective cloud and SaaS connectivity. However, though SD-WAN is providing benefits to organizations looking to relieve dependency on MPLS, it is only truly optimal for regional and global WAN deploy-ments – and only effective for users in the branch office or HQ, leaving the burgeoning remote and mobile workforce without a comparable solution for connectivity.

This paper will discuss the challenges that organizations struggle to overcome with their remote access, including VPN issues and lack of dynamic content delivery. It will also address the need for a more holistic solution that reflects the drive we are seeing throughout IT to simplify infrastructure. It will also provide insight into how SD-WAN can redefine remote access -- without changing your security policies.

http://www.aryaka.com



ChennaiMumbai

San JoseShanghai

SingaporeDistance - 8661 miles

Range - 765 - 2190 ms

Average - 907.739 ms

Variation - 16.75%

San Jose to Chennai

Distance - 2164 miles

Range - 183 - 382 ms


Variation - 8.06%

San Jose to Chicago


Range - 716 - 1180 ms


Variation - 15.67%

Mumbai to Dallas


Range - 567 - 770 ms

Average - 530.49 ms

Variation - 38.02%

San Jose to Seoul


Range - 525 - 1072 ms


Variation - 29.28%

Amsterdam to Chicago


Range - 727 - 2793 ms


Variation - 66.39%

San Jose to Singapore


Range - 623 - 40851 ms


Variation - 152.81%

San Jose to Shanghai

JohannesburgDistance - 9119 miles

Range - 809 - 2737 ms


Variation - 40.60%

Dallas to Johannesburg

Chicago SeoulDallas

Amsterdam

For the remote workforce, using Internet-dependent technologies leads to slow VPN performance, frequent disconnects, and a poor user experience. Access to on-premises applications is slow since traffic must traverse long haul internet links, and the problem is compounded for access to cloud/SaaS applications, since traffic is backhauled over the Internet to ensure security.

Application performance over the VPN is often so unsatisfactory that it can lead to non-adoption of affected applications. Employees may also try to circumvent application disruptions by using shadow IT, like Dropbox and other unsecured collaboration tools, over the public Internet to bypass the VPN. Users also complain that they are required to install multiple VPN clients on their many devices, and there is lack of clarity about which VPN client one should connect to while travelling.

The remote workforce’s performance issues become challenges for IT teams, as IT is faced with numerous complaints regarding the performance and connectivity challenges. In addition to fielding multiple calls and support tickets, IT teams must also deal with the security risks and compliance concerns that are raised when employees resort to alternate methods to avoid VPN issues and use unapproved solutions to access or share information.

IT teams also lack visibility into the network, since the traffic traverses the public Internet. Without that visibility, application performance challenges become difficult to monitor or predict, and network admins must be reactionary instead of proactive when facing challenges raised by remote access.




Existing solutions for improving remote access typically require additional budget. Rather than simplifying infrastructure, the current solutions add increasing complexity to the overall IT infrastructure, requiring investments in everything from VPN concentrators, VPN accelerators, and load balancers, to WAN optimization technologies and more.

This consumes IT resources for deployment, monitoring, and maintenance. And as enterprises evolve to include an expanding number of remote workers who need to access an increasing amount of data-intensive, real-time applications from sites and locations worldwide, it becomes more difficult to scale the VPN infrastructure.

Even with an a more complicated infrastructure, VPNs may still present challenges that cannot be solved by hardware. Concentrators may also require private connectivity, but that doesn’t solve the issues of latency and load balancing that cause poor application performance for mobile users.

Existing Solutions

The Need for Software-Defined Remote Access

As an increasing amount of data and applications move to the cloud, enterprises are growing used to consuming their network-related needs as they do their applications: as cloud-based services. This makes sense, as the as-a-service model removes the cost and time associated with constructing a network, from the purchase and installation of hardware to the manual monitoring and management thereof.

Software-defined infrastructure gives enterprises solutions that they can consume immediately while retaining the flexibility they need for growth and innovation. We see this happening with the explosion of growth in the SD-WAN market currently; however, most SD-WAN solutions do not offer options for remote or mobile workers and instead must be deployed at the branch office level.

There is, therefore, a remote-access shaped hole in the SD-WAN market. What enterprises need is the ability to optimize their existing VPN technology without having to purchase new infrastructure or providing an outlay of massive CapEx and OpEx. In addition, a software-defined remote access solution should allow enterprises to keep their existing security policies in place, as IT teams invest a lot of time and resources in building robust policy and ensuring that the entire organization adheres to it.




Aryaka Secure Remote Access

How do you solve the above problems when the majority of the solutions on the market create new problems for IT to manage? There is only one solution that marries SD-WAN, WAN-optimization, and dynamic CDN capabilities and delivers them globally to your remote and mobile workforce: Aryaka’s Secure Remote Access is the first clientless SD-WAN for the remote and mobile workforce, delivering reliable, fast, and predictable remote access anywhere in the world – without having to change your security policies.

Global SD-WAN:

Aryaka’s Secure Remote Access consists of the following SmartServices features:

A Global Private Network

Businesses can leverage Aryaka’s Global SD-WAN to extend their corporate applications to a global remote work-force over their existing VPN technology to deliver more reliable, faster, and consistent application performance. Connecting through the Aryaka global private network enhances application performance, reduces costs, increases flexibility, and ensures enhanced secure connectivity. With Aryaka Secure Remote Acccess, VPN traffic bypasses the congested public Internet, and overcomes unreliability by providing predictable latency and zero packet loss.

WAN Optimization

Typical WAN Optimization solutions improve application performance, but are restricted to users working out of branch offices. Therefore, users accessing applications remotely do not obtain the benefits of the optimization over the middle mile. Aryaka Secure Remote Access with built-in TCP Optimization, however, extends these bene-fits for both on-premises and cloud/SaaS applications, even while being accessed remotely.

Aryaka Secure Remote Access Architecture




Dynamic CDN

Today’s business runs on dynamic content – from personalized shopping carts to real-time collaboration tools. Static content delivery networks no longer suffice for enterprises looking to support global workers. Aryaka’s Secure Remote Access contains a built-in Dynamic CDN, which uses a combination of an enterprise-grade private network, intelligent routing, TCP optimization, and persistent connections to enhance user experience of dynamic and interactive content.

Aryaka and the Secure Access Service Edge

The Secure Access Service Edge (SASE) represents the emerging convergence of Network as a Service and Security as a Service in a predominantly cloud-based security model. This model will allow IT teams to cost-effectively connect and secure an enterprise’s network and its users in an agile, scalable way. SASE creates a homogeneous network and security architecture for the entire enterprise, including data centers, branch offices, cloud resources, and mobile and remote users.

Aryaka is well-aligned with Network as Service and Security as a Service delivery models and believes SASE complexity - as it combines a multitude of network and security functions - will inevitably drive its adoption as a managed service.

30+




Aryaka Secure Remote Access Dynamic CDN component has the following features:

1. Dynamic IP Acceleration

Dynamic IP acceleration enables better performance of applications by accelerating all IP-based traffic, whether browser-based on non-browser-based. Aryaka’s Dynamic CDN component includes TCP Optimization, which speeds up application delivery through more aggressive TCP transfers, improving congestion control and congestion avoidance.

2. Intelligent DNS-based Routing

Using Intelligent DNS routing across the Aryaka global private network ensures that the remote user is always connected to the closest server and the origin server is always reached via the optimal path, thus delivering exceptional performance.

3. Global Load Balancing

The global load balancing feature allows remote and mobile workers to access an optimized VPN by using a single domain name – in other words: users no longer have to sign in and out of VPNs, searching for a strong connection. This is achieved by a simple CNAME configuration on the IT side and therefore does not have to be made by end users, saving time and improving productivity for remote and mobile employees.

4. Clientless Mobile Acceleration

Aryaka Secure Remote Access requires no configuration or new clients to be installed by the end user. This not only prevents user overhead and error, but also saves IT the massive task of establishing and ensuring new security policies. Access to a global private network that is offered as a service allows enterprises to shed their multiple VPN concentrators, load balancers, and other devices required to offer a reliable VPN experience, thereby reducing both cost and complexity of managing a VPN infrastructure.

5. BYOD Support

BYOD makes it easier for workers to accomplish their tasks, because employees can have access to and share data more smoothly. Users can work just about anywhere and at any time without having to save files to flash drives or email documents from one account to another. Delivered as a cloud-based service, Aryaka Secure Remote Access can be deployed in hours and scaled in minutes, and it works with all devices and operating systems.




Secure Remote Access and Application Performance

Let us investigate the beneficial performance impact of deploying Aryaka’s Secure Remote Access service. In this real-world test, the remote VPN user is based in Shenzhen (China) and the application data they download resides in the Microsoft Azure Europe West Region, which in turn is accessed through the HQ office in Amsterdam.

We will first test file transfer performance with a pretty typical configuration: The VPN user does access the data in Azure Europe West via an VPN tunnel that connects them to the Amsterdam HQ VPN concentrator.

Test Case 1: Performance Issues over Long-Distance VPN Tunnel

As Figure 1 shows, the end user is in Shenzhen. The application data the user will try to download resides in the Azure Europe West region.

Figure 1: File Transfer over VPN Tunnel

The real-world measurement is sobering: It takes the user 8 minutes and 42 seconds to download a 100MB file. This could be a product video that a remote sales representative is trying to download to address a question during a meeting with a customer prospect. Clearly, no one is going to wait nearly 10 minutes in a meeting to get a question answered. The result of this underwhelming cloud application performance is remote worker frustration, complaints and overall loss of productivity.

InternetVPN Tunnel

100MB File Transfer from Azure Europe West to User in Shenzhen

8:42 Minutes

LoweredProductivity

ISP 1

ISP 2

ISP 3

AmsterdamShenzhen

VPN UsersHQ

ApplicationData

Europe West




Note that local Internet performance in the Shenzhen region is quite good, so that is not the source of the problem we are observing here. The key issue is the fact that TCP/IP traffic performance will always suffer when long delays and jitter as well as packet loss are incurred due to the long geographical distance as well as the fact that several ISPs are involved in handling the VPN tunnel end-to-end.

Test Case 2: Accelerating Performance with Aryaka Secure Remote Access

Aryaka’s Secure Remote Access allows remote users to connect to both on-prem or SaaS applications and data over a global connection that delivers on strict, deterministic SLAs via the Aryaka Global L2 Core. This overcomes the latency, jitter and packet loss issues associated with the internet middle-mile and provides a cost-effective yet superior alternative for remote workers.

Let’s see how the exact same test scenario performed over the Aryaka Secure Remote Access solution:

Figure 2: File Transfer with Aryaka Secure Remote Access

The real-world measurement for the same test case with the Aryaka solution shows that now it only takes 1 min-ute and 59 seconds to download the same 100MB file. That’s a 400% performance improvement. This is a time that allows the same remote sales representative to bridge the wait time with a short conversation about another topic, allowing them to effectively address the question. Superior application performance results in tangible business benefits.

100MB File Transfer from Azure Europe West to User in Shenzhen

1:59 Minutes

400% Performance Improvement

Aryaka Global L2Core Connection

AryakaPrivateCoreAryaka PoP

Aryaka PoP Shenzhen

SRA UsersAmsterdam

HQ

ApplicationData

Europe West


St s

Aryaka, the Cloud-First WAN company, brings agility, simplicity and a great experience to consuming the WAN-as-a-service. An optimized global network and innovative technology stack delivers the industry’s #1 managed SD-WAN service and sets the gold standard for application performance. Aryaka’s SmartServices platform offers connectivity, application acceleration, security, cloud networking and insights leveragingglobal orchestration and provisioning. The company’s customers include hundreds of global enterprises including several in the Fortune 100.

> Give it a try to experience the benefits for yourself. Sign up for a demo.> Questions? Email [email protected] or give us a call at 1.877.727.9252.> For information on other products, services, use cases or customer success, visit www.aryaka.com.

About Aryaka Networks

Next Steps

redefining remote access with a managed sd-wan€¦ · redefining remote access with a managed...

Documents