Current Filter: Network>>>>>Feature>

   

The primary role of any firewall is firmly centred on advanced threat protection, but there are a host of other operational challenges keeping IT leaders up at night - especially in a world where applications are increasingly consumed as services.

Modern dispersed enterprise networks with integrated cloud service components require a secure communication approach, combining both deep packet inspection and threat mitigation. They must also provide resilient high-performance delivery of business applications essential to business users.

Focusing on threat mitigation alone overlooks the critically important need to deliver application traffic, site-to-site and cloud-to-site, securely, with predictable quality of service.

EVOLVING DELIVERY CHALLENGE
The standard firewall was always a reliable protector of the corporate LAN/WAN model, but as technology has evolved many businesses have experienced reduced efficiency. Advances have produced WAN optimisation products offering compression, data deduplication and protocol-specific enhancements for applications. However, they often lack adequate VPN or deep inspection functionality.

Due to the associated complex traffic flow patterns generated when using firewalls for VPN and inspection alongside WAN optimisation, businesses resorted to using MPLS-based WAN structures with or without optimisation to backhaul all traffic back to the data centre. And that may have been good enough before the emergence of SaaS offerings and cloud services residing outside of the corporate LAN/WAN confines.

CLOUD CONUNDRUM
The backhauling approach is ultimately inadequate and flawed when it comes to the delivery of cloud services because the MPLS backbone is unable to differentiate between applications using the same physical line. Consequently, internal backup applications or update agents will frequently flood the line, making business-critical online applications hard to use. For global deployments, incurred latency due to long round-trip delays can deteriorate perceived service quality, but using the service from home or when travelling provides a better user experience when compared to being connected to the corporate network.

An infrastructure should be able to separate different types of application traffic using either physical or logical partitioning and also minimise latency. However, that means there needs to be a firewall at the remote location that can differentiate traffic flows into different quality segments and avoid long round-trip times between a user and an application.

The best option is to go for direct Internet breakouts at each corporate location, deploying multiple next-generation firewalls capable of intelligent dynamic path selection and the management of decentralised security policies. This enables the creation of network redundancies in which traffic between locations can be appropriately optimised for latency and throughput via compression, data deduplication and protocol optimisation techniques.

It also makes it possible to operate a hybrid WAN consisting of traditional WAN lines complemented by Internet-based VPN links. In fact, this approach also lets you pursue a more radical model in which the enterprise uses different ISPs to create multiple tunnels instead of depending on a single Internet-based VPN.

BUILDING THE APPLICATION DELIVERY NETWORK
An application-aware firewall, capable of undertaking application delivery orchestration and distributing different types of internal traffic across all available links, is essential. Thus, should an individual link ever fail, the firewall will redistribute traffic flows at the appropriate QoS level avoiding service disruption. Beyond the mere functional capabilities, the key requirement is a highly efficient centralised policy and lifecycle management architecture for these firewalls.

Coping with the demands of dispersed enterprise networks depends on having a firewall in place that's intelligent enough to differentiate between the nature of application traffic and to apply the appropriate action concerning quality of service, bandwidth, privacy and delivery path.

What really matters, without exception, is providing the organisation with secure, reliable, and performant access to business applications. Security alone is simply not good enough.