WAN Architecture Webinar: How Will You Transform Your WAN in 2018?

February 19, 2018

During our recent webinar, “The 2018 Guide to WAN Architecture and Design,” many of you participated in a spot survey and asked some excellent questions. We promised to share the results of that research and address as many questions as possible, so let’s get to it.

For those who might have missed the webinar, we highlighted the networking challenges enterprises will face in 2018 and how best to address them. Dr. Jim Metzler, founder of Ashton, Metzler & Associates, presented findings from his recent research, and Ofir Agasi, Director of Product Marketing at Cato, shared case studies and strategies to address those challenges. You can watch the webinar and learn about Jim’s research here.

What are the most important drivers for improving your WAN?

We asked participants two poll questions during the webinar — one about the most important drivers for improving their WANs, and the other about the biggest networking challenges facing their existing WAN architectures.

Overall, we found two drivers ranked highest (27% of responses) — “Prioritize business-critical application traffic” and “Reduce connectivity cost” (see Figure 1). Prioritizing business-critical traffic is, of course, important as entertainment and non-critical traffic are a reality of enterprise networks. With Cato Cloud, IT managers can not just prioritize business-critical traffic, but report on and manage all traffic types across their backbones.

“We found that Netflix was being streamed across the network during company hours,” says George McNeill, director of I.T. for Arlington Orthopedics, one of the largest orthopedic practices in North Texas, “With our firewall, we would have only been able to block Netflix, and that was my knee-jerk reaction, but then whoever was watching Netflix would switch to another network.”

“Cato allowed me to identify the user watching Netflix and on which device — his cell phone. This way I was able to send him an email to hold off on movie time during company time. And if he keeps doing it without permission? I’m going to turn off Netflix for just that phone during work hours,” he says.

Which driver is the most important for improving your WAN?

Figure 1

Reducing connectivity costs is typically a high priority for organizations considering SD-WAN. But once they deploy SD-WAN, our research (and others) show that agility becomes the major benefit. In part, that’s because traditional cost estimates for switching to SD-WAN appliances fail to consider the full range of services needed for an SD-WAN deployment. Securing branch offices is one major factor. Another factor is the Internet’s erraticness and, as such, the inability to leave a costly MPLS service. Cato addresses both by converging a complete suite of security services into the Cato network, an SLA-backed network that’s an affordable, MPLS alternative.

The biggest networking challenges: site provisioning times and visibility

As for the challenges facing current WAN architectures, the speed of site provisioning was ranked number one overall (29%) followed by the lack of visibility into network traffic (25%, see Figure 2).

The long delays associated with deploying new MPLS locations is well documented. Installing a new MPLS circuit can take 90 days or more. SD-WAN addresses this problem by being able to use broadband circuits. Cato goes even a step further by integrating mobile users into the SD-WAN. IT managers are able to use our mobile client and 4G/LTE access to get users up and running in minutes.

“Cato gave us freedom,” says Paul Burns, IT Director at Humphreys & Partners Architects, an architectural services firm based in Dallas. “Now we can use a socket, a VPN tunnel, or the mobile client, depending on location and user requirements.”  

Burns was unable to connect remote offices with other SD-WAN solutions. “My biggest concern with connecting [our] Vietnam [office] to our previous SD-WAN, was shipping the appliance. There was the matter of clearing customs and installation. We’d be dealing with a communist country, and I wasn’t familiar with its culture. With Cato, users just download and run Cato’s mobile client.”

What is the biggest networking challenge you deal with in your current WAN architecture?

Figure 2

The lack of visibility has become a major problem for networking professionals. Today, most Internet traffic is encrypted, limiting the visibility of many traditional IT tools. Security and networking appliances often lack the resources to decrypt all SSL/TLS traffic at scale. This says nothing about the mobile traffic that traditionally bypasses the WAN/SD-WAN altogether.

With Cato, IT managers gain visibility into all enterprise traffic regardless of origin or destination. Cato Cloud intercepts SSL/TLS traffic at scale. Decrypting and re-encrypting traffic has no impact on Cato Cloud performance. And since Cato Cloud treats mobile users (and cloud resources) on an equal footing with office users, networking teams gain a single poital with visibility into their mobile, cloud, and fixed traffic (see “A Single Pane of Glass”).

A Single Pane-of-Glass

Cato provides deep visibility into all enterprise traffic.

Questions and Answers

During the webinar, many questions were asked about Cato Cloud. Here are the answers to some of them:

Does the firewall service provide compromised website filtering? Say if a user tries to go to a website that has recently been compromised by a virus?

Absolutely. Cato Security Services is a fully managed suite of enterprise-grade and agile network security capabilities directly built into the network. Cato Security Services are seamlessly and continuously updated by Cato’s dedicated networking and security experts.

Does Cato offer service in Canada?

Yes, Cato has two points of presence (PoPs) in Canada. Additional PoPs are strategically situated to be within 25ms of most areas within Canada and the rest of North America. We’re constantly expanding the network, which currently spans 39 PoPs around the globe, putting most major areas near the Cato network (see “The Cato Cloud Network’).

Besides the SD-WAN, does Cato Cloud also do IPS, antivirus, SSL interception, opening ports, L7 protection (e.g. block dropbox), and forwarding traffic?

Yes, an essential feature for Cato Cloud is the ability to act as your edge security solution. Current services include a next generation firewall/VPN, Secure Web Gateway, Advanced Threat Prevention (including Cato IPS), Cloud and Mobile Access Protection, and Network Forensics.

How do you address real-time services, if MPLS services are replaced with Internet links?

Cato Cloud is unlike traditional SD-WAN appliances that must rely on the Internet backbone. The Cato Cloud network is a global, geographically distributed, SLA-backed network of PoPs, interconnected by multiple tier-1 carriers. Jitter, latency, and packet loss are closely managed. The Internet is only used in the last mile to the customer premises. Numerous customers, such as Humphreys and Fisher & Company, run real-time services across the Cato backbone.

The Cato Cloud Network

Map of PoPs

Read more about WAN architecture and design

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.