After a Decade of VPN and MPLS, What's Next?
Mobility and the cloud are reshaping the way we work, unleashing new levels of productivity and freedom. No longer are people confined to their cubes in order to gain access to behind-the-firewall files and applications on company servers. Today, people are working from anywhere—inside and outside the building—using private and public WIFI and mobile broadband. And the files and applications people depend on to be productive at work are no longer just behind-the-firewall, they also reside in cloud-based services and cloud hosted servers.
Mobility and the cloud are also transforming businesses networks. VPN and MPLS, the mainstays of corporate connectivity, were conceived as IP-alternatives to leased line and frame relay networks. They have served companies well for decades, connecting remote offices and workers to centralized IT resources. But they were never conceived for world where people spend almost equal time outside the office than in and many of the apps, computing and storage resources they need to connect to to get their job done live in the cloud. Enter cloud networking.
Let’s see how public Internet VPN and private MPLS networks stack up against cloud networking.
Public Internet VPN: Cheap, But Not Easy (or Reliable)
When it comes to secure and cost-effective WAN connectivity, Internet VPNs have been the go-to solution for many SMBs. However, traditional VPNs can be a challenge to deploy for all but the most basic of topologies. Hardware and software configuration is painstaking work that requires a network administrator with specialized training, and integrating with existing security and management tools can be equally challenging. As more cloud-based servers are deployed, the configuration nightmares mulitply as traffic has to "trombone" through a central VPN concentrator as it flows from remote sites and users and the cloud. On the upside, Internet-based VPNs are affordable.
From an end user perspective, mobile users find that VPNs don't work the same way across all of their devices and are often frustrated with connection setup and reliability issues, resulting in calls to the helpdesk at all hours.
One downside that traditional VPNs can't address is reliability, visiblilty and control. Using the Internet as a transport network certainly is low cost, but you have little visibility of traffic and no control over how it's routed and what happens when routes fail or get congested. As a result, performance can vary and even the slightest traffic disruption can cause users to get disconnect; usually at the most inopportune time, like just before they save the last thirty minutes of work.
MPLS: More Control Requires More Brains, Boxes, and Bucks
Many medium and large businesses use private MPLS services from their carriers to connect business locations together. As a carrier-managed service, MPLS is highly reliable and more controlled than a VPN over the public Internet. In fact, carriers use MPLS within their network infrastructure too, if that gives you a hint of the level of nerd-vana involved in managing an MPLS network.
On the plus side, MPLS provides you with a private network for site-to-site connections, and you can determine which applications get priority access to the bandwidth. For example, you can make sure that voice and transactional traffic get steady bandwidth while less latency-sensitive traffic, such as email and file backups, travel second class.
On the down side, MPLS is not available everywhere and it can be pretty pricey—plan on paying upwards of $1000/month for a 10M circuit per site. Oh, and you’ll have to wait for the service provider to provision your MPLS circuit, which can easily take a month or more depending on your area. While VPN requires an experienced network administrator to set up, MPLS demands a network engineer with a "PhD in TCP/IP" to configure, tweak and tune, and maintain the terminating routers.
MPLS can provide an effective, albeit expensive, solution for private network connections. However, there's limited support today for connecting public cloud resources, like Virtual Private Servers (VPS) or Docker containers. And no MPLS options exist for connecting a mobile workforce that needs access to their office files and applications from anywhere and any device.
Cloud Networking: Your New Network Has Arrived
As businesses shift more IT resources to the cloud and more workers become mobile, they need a new, modern approach to networking that is born in the cloud and built for mobility. That's cloud networking. It combines the universal reach and accessibility of the public Internet and the reliability and control of private MPLS, with the user transparency and any-to-any connectivity of a LAN.
Pertino is one of a handful of companies pioneering cloud networking and the first to fuse cloud, network virtualization, and software-defined networking technologies into a Network-as-a-Service. With Pertino, an IT pros can build a secure cloud network in minutes that connects people and IT resources from anywhere—no hardware, expertise, or upfront investment required.
Unlike a traditional VPN, which is indiscriminately routed across the Internet, Pertino operates at the heart of the Internet and is constantly self-optimizing based on changing network conditions. Pertino's Cloud Network Engine platform overlays the Internet using top-tier cloud datacenters as points of presence around the world. Each cloud network created on the platform acts like a virtual LAN switch that's linked to the high-speed backbone of the Internet, one-hop away from major carrier access networks.
Pertino achieves MPLS-level reliability by leveraging cloud orchestration and automation capabilities. If there's a disruption or outage anywhere within the datacenter or its Internet connections, the Cloud Network Engine instantly migrates affected cloud networks to another virtual machine, another datacenter, or even to another cloud provider without disconnecting user sessions or terminating file transfers.
Since a Pertino cloud network extends all the way to the device level (e.g. Mac, PC, Android, iOS and Windows and Linux servers), IT organizations have end-to-end visibility and control of all people, devices and traffic across the Internet, completely independent of the underlying physical networks. Previously, these attributes where only associated with MPLS. Now Pertino makes them available to any size company without the cost, complexity and long deployment cycle of MPLS.
From a security perspective, Pertino utilizes a layered approach that leverages the security infrastructure of top-tier cloud providers as a starting point. Then, each Pertino cloud network provides additional layers of security that include a private address space that's "cloaked" from the Internet to prevent address-borne attacks, strong end-to-end encryption (256-bit AES)—including the ability to prevent "sidejacking" by encrypting all device traffic flowing over public WIFI hotspots, integrated certificate handling system, and robust user and device-level authentication.
Cloud networking is not a panacea. Site-to-site VPNs can still make sense for facilities where there are no mobile or cloud requirements, such as a manufacturing plant. Presently, MPLS is a superior network for sustained high-bandwidth and low-latency applications (e.g. trading, heavy VoIP traffic). However, continuing advancements in cloud networking will provide a competitive option for these use cases overtime.
Get Started with Cloud Networking.
Mobility and the cloud are bringing new-found freedom to the way people work and the way businesses deliver IT. Now is the time to free yourself from the cost, complexity, and limitations of decade-old networking technologies by exploring what cloud networking can do for your organization.
Like what you’ve learned so far? Try Pertino for free.