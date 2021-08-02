Francisco García, director of Systems Engineering at Extreme Networks.

The new work scenarios – driven by the health crisis, but already present in many companies for years – are posing IT departments new challenges related to connectivity management and network service delivery beyond the corporate campus network. Network environments are increasingly distributed and companies proliferate remote offices or locations, branch offices or even simply multiple teleworking sites connected to the corporate network.

Network environments are increasingly distributed and complex

In this context of increasingly distributed and complex architectures, the need arises for network technologies that simplify and facilitate the tasks of deployment, configuration and management of remote network equipment, that provide security and reliability to communications and that allow to control costs.

Today we have a viable and efficient alternative to the traditional approach to using VPNs over carrier-provided WAN links: fabric technology. Traditionally, fabric has been seen as a specific technology for data center environments or at most campus networks. However, this technology, with all its power, it can be natively deployed beyond these environments, and applied to any remote WAN-connected location.

Fabirc technology can be applied to any remote location connected via WAN

The use of fabrics in distributed environments is redefining network architectures, who need to meet the demands of the digital age. The long wait times required to make network modifications and rigid architecture designs deprive IT of the agility needed to evolve as the business demands. Fabric technology eliminates these delays and enables much more agile networks to be designed, facilitating rapid application deployment and service provisioning, while improving network reliability, stability, and security. Using a fabric network to connect branch offices and remote sites offers numerous advantages over using other conventional solutions such as routers, VPNs or third-party SD-WAN solutions. Let’s see some of them:

1. Quick start-up of new services / network changes throughout the infrastructure. fabric is a virtualization technology, so network services are abstracted from the underlying infrastructure. This provides much more agility when changing or launching new network services. Instead of having to provision the services on a site-by-site basis, they only need to be provisioned at the network edge level. It is seldom necessary to configure core or aggregation switches – which contributes to greater network stability. In addition, because the items to configure are greatly reduced, services are deployed more quickly and often without the need for maintenance windows.

2. Unified management from a single console. The entire network is managed as a single infrastructure, no matter if it is a network point at corporate headquarters or in an office on the other side of the world. This offers significant operational advantages: it simplifies the deployment of new infrastructure elements, accelerates the detection and resolution of problems, reduces the training needs of the department in multiple technologies, etc.

3. “Zero-touch” installation of network equipment at remote sites. Deployment and configuration of network equipment in branch offices is significantly simplified. With state-of-the-art network equipment, commissioning can be done in minutes, without requiring on-site technical staff. When a new switch is networked and started, it automatically registers with the management application and configures itself using templates.

4. Microsegmentation. Network segmentation capabilities are invaluable, both from a security and network management standpoint. With fabric, these capabilities are now available to the entire distributed infrastructure, not just the campus network. It enables the integration of multiple physically separate networks within a converged infrastructure, while offering a high degree of isolation and separation of each of the networks at the logical level. These segments or logical networks are completely isolated, are invisible from each other and do not allow cross traffic between them, unless expressly configured. All of this can be implemented very easily in remote locations, simply by provisioning it at the network end.

5. Reduction of distributed firewalls. Firewall management is very complex in large organizations, since when deployed in distributed environments the number of firewall policies that must be actively created and managed grows exponentially. fabric simplifies this task by allowing you to isolate end-to-end traffic zones and segment traffic in a simpler, more scalable, and less expensive way. Many companies find that by extending micro-segmentation capabilities to their remote sites they are able to significantly reduce the number of firewalls they have distributed, and as a consequence they also reduce the needs for policy management.

6. Dynamic Auto-Attach. This possibility is very useful when it comes to simplifying and securing the provision of network services in remote offices. Services are dynamically provisioned at the edge of the network, when users, devices, and applications connect. When a user disconnects from the switch and the network service they were using is no longer needed, the configuration is removed and the service is automatically canceled on the end switches. This improves the organization’s security posture by eliminating the risk of “back doors”.

7. Reliable connectivity for remote offices. The configuration options provided by the fabric improve network performance and reliability. You can define QoS parameters and route traffic based on policies, to guarantee traffic priority for mission-critical applications. Tunnel shaping functionality helps ensure quality of service and reduce latency when many remote office tunnels are added on a high-speed interface at the main network site or corporate headquarters.

8. Connectivity options with private and public WAN infrastructure. Finally, it is necessary to mention the flexibility that it provides, since fabric can be deployed over dedicated or public WAN connections. The public Internet can be used, implementing security mechanisms such as IPSec encryption to guarantee the security of communications between the headquarters and remote offices. If you choose to use a private WAN, you also take advantage of the benefits that fabric offers, not only in terms of security, but also in performance and reliability.

In short, fabric is a very powerful technology, providing simplicity, automation and security, and with usage scenarios that go beyond the data center or campus network. Applying this technology across the entire network, end-to-end, and at remote locations provides very significant advantages, both operational and cost-saving, compared to the option of using third-party routers, VPNs or SD-WAN solutions.