Get in Touch
Get in Touch


The evolution of networks part 1: VPN, SaaS and the rise of SD-WAN

September 15, 2021

Song Toh   

VP Global Network Services, Tata Communications

The demands of businesses have become more complex over the last year. In the first of this two-part series of blog posts, Song Toh, Vice President of Tata Communications Global Network Services, looks back to the networking technology that got us here and the networking transformation that will take us to a more agile future.

Over the last few decades, with every improvement, upgrade or optimisation technology has undergone, the networks that connect them have also been evolving.

With time, these and other technologies were absorbed into enterprise architecture through the consumerisation of business technology. And it’s these staggered, iterative, rapid changes that have created the complex corporate infrastructure and networks we use today.

In this first piece, we’ll look at how it all started.

The data centre shift

Enterprise networks began with data centre focused, wide area network (WAN) architecture. So, the network was just the office branches and the data centres which held their applications. There was a time when some of these applications even sat in a desktop in an office, where the business users would connect to it.

But as the network got bigger, and requirements got more sophisticated, applications eventually moved into data centres.

With data centres, businesses had dedicated compute capacity, security and network bandwidth. Users (employees) simply went into the office to connect to these resources, and this was considered state of the art up until around 15 – 20 years ago.

Rise of VPNs and the first remote workers

By the 90s, enterprises were using virtual private networks (VPN) or MPLS networks to connect to their data centres. As the VPN encrypted the connection and there was no direct connection to the internet at the time, it was a secure method of protecting organisations.

It also meant that, without changing the overarching architecture, some users could now work from home. They would need to install VPN software on their home desktop or use a laptop with it pre-installed to have access to the business network and applications. For these remote working pioneers, the experience of working from home was usually plagued by errors, and troubleshooting with IT was troublesome.

Because connectivity requirements for remote users were not that sophisticated at the time, this worked. Essentially, if you logged into the VPN from home, you would appear to be in the office. And everything connected to the office network was trusted, as network security was a much simpler problem.

However, that would change with the emergence of cloud computing.

The rise of SaaS and the inefficiencies of private WAN

“By the turn of the millennium, we begin to see the start of the shift away from corporate data centres, which were based on a CAPEX (capital expenditure) funding model.”

Vendors began offering applications ‘as a service’ from the cloud, where you pay what you consume.

As IT teams became leaner and more efficient, many realised this Software as a Service (SaaS) consumption-based model was much more flexible as well as they absolved enterprises from having to spend funds on building and maintaining on-premise data centres.

However, now the process of connecting to enterprise apps wasn’t as convenient as it used to be. The data centre-architecture was now inefficient as applications were no longer being hosted on the business’ data centre, but on that of the vendors. So, network traffic was now taking much longer, and often unnecessary routes.

For example, if you worked in San Francisco for a company that was headquartered in New York. To access your company’s CRM app, your connection would have to go from San Francisco to New York, then up into the internet to access your vendor’s data centre, which may be based in the same region as your office (San Francisco).

These long roundtrips began leading to poor user experiences, with more delays and errors such as timeouts. And with time, the bandwidth that went from office to the data centres started to get choked by increased bandwidth required by modern graphical user interface.

Businesses needed to breakout of this framework of long, inefficient network routes if they wanted to improve the working experience of their employees.

And that’s exactly what they did.

The Internet Breakout

To get around these choked networks, businesses started using local internet breakouts as a way to connect straight to the internet. With an internet connection at branches that linked enterprise users directly to the internet, it meant shorter routes for network traffic and a better user experience when accessing cloud-hosted applications.

At first, most of the traffic still went through the data centre, even if employees were using SaaS applications. That’s because at the time, only a handful of the business apps – such as CRMs or HR apps – were consumed as SaaS by enterprises.

However, the turning point started when software companies decided to stop selling desktop versions of their apps altogether. An example is Microsoft which changed its product offering into Office 365, which was cloud first and viewed desktop clients secondary.

These sorts of decisions changed the scale of business’ networking needs dramatically.

“Enterprises that previously only needed to manage an internet breakout from their data centre for maybe a fifth of their users were now having to do it for 80 – 100% of their users.”

The current architecture simply wasn’t sustainable for this way of working. It meant businesses had to put in more direct internet connections, increasing their complexity levels as they started needing to manage multiple connections at each branch.

More worrying however, was the fact that those branches now connected the business directly to the internet, which meant businesses had to focus more resources on cybersecurity. In the past, no one outside the organisation could access the business network unless they somehow got in through the private network, which, along with the IP address, simply wasn’t available outside the organisation.

But this had all changed and it was getting more and more complicated to secure and configure all business’ networks.

SD-WAN to the rescue

With hybrid network at branches, the configuration of each branch router became a more complex task. This also meant every time there was a change in policy, the arduous work of reconfiguring them had to happen again.

“With the introduction of SD-WAN, that configuration was moved to a centralised cloud controller, so businesses had the ability to apply different configurations to routers based on an individual branch’s needs.”

So, say a business had hundreds of branches and 98% of them were regular internet branches, with a few data centres. With SD-WAN, a business could apply different network profiles to its different branches to optimise the user experience of employees.

The profiles were standardised as templates, making them a lot easier and faster to reconfigure branches. And with time, secured SD-WAN solutions with firewall features were introduced in a bid to further reduce complexity.

And that’s where we were until about two years ago.

In the next blog in this series, we’ll look at the network developments that took us through to the present day of en masse remote working and look at some of the networking developments the future holds like intent-based networking.