| |||||||||
| |||||||||
Current Filter: Network>>>>>Feature> Application delivery orchestration Editorial Type: Feature Date: 11-2015 Views: 2090 Key Topics: Networking Security Firewalls Key Companies: Barracuda Networks Key Products: Key Industries: | |||
| Klaus Gheri, VP Network Security at Barracuda Networks explains why a firewall alone just will not do The primary role of any firewall is firmly centred on advanced threat protection, but there are a host of other operational challenges keeping IT leaders up at night - especially in a world where applications are increasingly consumed as services. Modern dispersed enterprise networks with integrated cloud service components require a secure communication approach, combining both deep packet inspection and threat mitigation. They must also provide resilient high-performance delivery of business applications essential to business users. Focusing on threat mitigation alone overlooks the critically important need to deliver application traffic, site-to-site and cloud-to-site, securely, with predictable quality of service.
EVOLVING DELIVERY CHALLENGE Due to the associated complex traffic flow patterns generated when using firewalls for VPN and inspection alongside WAN optimisation, businesses resorted to using MPLS-based WAN structures with or without optimisation to backhaul all traffic back to the data centre. And that may have been good enough before the emergence of SaaS offerings and cloud services residing outside of the corporate LAN/WAN confines.
CLOUD CONUNDRUM An infrastructure should be able to separate different types of application traffic using either physical or logical partitioning and also minimise latency. However, that means there needs to be a firewall at the remote location that can differentiate traffic flows into different quality segments and avoid long round-trip times between a user and an application. The best option is to go for direct Internet breakouts at each corporate location, deploying multiple next-generation firewalls capable of intelligent dynamic path selection and the management of decentralised security policies. This enables the creation of network redundancies in which traffic between locations can be appropriately optimised for latency and throughput via compression, data deduplication and protocol optimisation techniques. It also makes it possible to operate a hybrid WAN consisting of traditional WAN lines complemented by Internet-based VPN links. In fact, this approach also lets you pursue a more radical model in which the enterprise uses different ISPs to create multiple tunnels instead of depending on a single Internet-based VPN.
BUILDING THE APPLICATION DELIVERY NETWORK Coping with the demands of dispersed enterprise networks depends on having a firewall in place that's intelligent enough to differentiate between the nature of application traffic and to apply the appropriate action concerning quality of service, bandwidth, privacy and delivery path. What really matters, without exception, is providing the organisation with secure, reliable, and performant access to business applications. Security alone is simply not good enough. | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |