For remote branch office networks there has been a significant shift in the use of private MPLS networks in favour of internet OTT (over the top) connectivity. The branch offices are more commonly using a cheaper access circuit, typically a residential grade ADSL service or even a 3G/4G cellular connection, to get connectivity back to the head office or data centre applications.
There are two reasons for this change. Firstly, the technology available in routers to build your own secure network (IPSec) is included and secondly this eliminates the high monthly cost that an MPLS access service would attract.
This sounds great - you’re saved your company a lot of on-going IT spend. But at what cost?
- Is it as secure? End to end IPSec encryption gives the same privacy and confidentiality levels as having the telecom service provider separate your network traffic using MPLS.
- Is it as reliable? The short answer is that it is likely your residential grade DSL service has the quality to service your business requirements (how often does your home network go down?). It probably even uses the same lines and equipment in the service provider network. And, even if you spend a bit more on a cellular backup service for the branch router (such as 3G/4G USB modem) you’re still going to be saving money compared to the MPLS service cost.
- Is it easy to manage? This is where the telecom service provider was probably adding value by managing the router on an MPLS service: SLAs, outage notification alerts. The IT guy might find it difficult to know if the residential DSL service is working, if the branch router is alive and certainly isn’t going to be sent any alerts if it is down.
A hybrid model - you and your service provider manage the network
Telecom service providers need to change their product offerings to support this kind of OTT network. And in doing so they can also empower you with more visibility and self service capability.
OneConfig is working with service providers to enable this kind of new product. Juniper SRX gateways in the branches, managed from the cloud using OneConfig. The service provider can maintain that value add support with visibility of your network and devices through the OneConfig portal, and can get connectivity outage alerting. The IT manager can use OneConfig to see status of the branch, see traffic and firewall graphs to diagnose issues or plan capacity, and also make changes to the security policy.