We made it!

We got all of our staff working from home in 2020.

Often, however, the underlying infrastructure that supports homeworkers is not really designed for the task. This results in performance limitations, is unwieldy, costly and hard to manage as a result.

Is there a better model? In 2021, we need to take the time to implement the highest performance and secure infrastructure, that is resilient by design, to give our organisations the competitive edge to take on the challenges of what is next.

Here we look at the options and how to address the main two basic challenges of remote access:

The Challenges

Optimise Access

Optimising access for the remote workforce, that needs to conduct business from anywhere

Optimise Security

Controlling and securing access to business applications in physical or cloud datacenters, or to public cloud applications, such as Office 365.

Use Case #1

Remote Access to Physical Datacentres

Remote users need regional or global access to applications hosted in datacenters. Traditionally, they accessed applications by running VPN clients on their remote devices and connected to VPN concentrators or datacenter firewalls. When remote users entered the network through remote locations, they would have to traverse the MPLS or Internet VPN to the servers in the datacenter.

Since VPN access is done entirely over the public Internet, users are exposed to erratic Internet routing with its significant latency and packet loss. These factors can severely degrade the application experience, frustrating users and hampering their productivity.

Furthermore, once authenticated, traditional VPN solutions enable users to access a whole network. This means that hackers may be one password away from getting an unrestricted foothold on the network.

Use Case #2

Remote Access to Cloud Datacentres

While similar in concept to physical datacenters, cloud datacenters pose new networking and security challenges for fixed and mobile users. Legacy WAN architectures that backhauled traffic to a physical datacenter, need to incorporate the datacenter’s split into physical and cloud datacenter(s), sometimes hundreds of miles apart. None of the obvious solutions are sufficient.

Continuing to forward the traffic from the physical datacenter and then onto the cloud datacenter leaves datacenter-bound and mobile user traffic subject to the erratic routing of the Internet while adding latency due to the “trombone effect.”

Cloud interconnect services, such as DirectConnect for Amazon Web Services (AWS) and ExpressRoute for Microsoft Azure, provide direct connections from physical datacenter to the cloud. But remote users remain subject to Internet performance while site- and user-traffic are subject to tromboning.

Allowing remote users direct access to the cloud is equally ineffective. It eliminates tromboning, but leaves users subject to Internet performance. In addition, direct access bypasses the corporate network security stack, requiring the deployment of new cloud-based security solutions.

Use Case #3

Remote Access to Cloud Applications

Accessing cloud applications (SaaS) introduces even more nuances. Cloud apps are outside of IT control so WAN optimisation capabilities cannot be extended into the application provider’s datacenter. Yet users need to access cloud application instances. Take an SFDC instance located within a specific region. All users, regardless of location, must access that instance and face the same connectivity challenges as they would if accessing the company’s datacenter.

Network security is even harder to implement. Traditional network security relies on a “line of sight” into the traffic to inspect and secure it. But as with direct mobile access to cloud datacenters, direct mobile-to-cloud access bypasses the corporate network security stack. Companies again face a tough choice: either force backhauling of mobile Internet traffic to the datacenter, which adds latency and degrades the user experience, or increase costs by deploying a cloud-based security point solution — such as a SWG or CASB — to intercept and inspect all mobile traffic to the cloud.

The Challenge for the WAN and Remote Access

Historically, mobility was never a “WAN issue.” After all, remote users connected to firewalls to access applications in the company datacenter, not to the WAN. The WAN connected only physical locations — headquarters, branch offices, manufacturing plants, project sites, and the like. But with mobility being the rule, not the exception, separating the two no longer makes sense. Mobility and the cloud are essential to how we work. Any WAN transformation project must account for both of them.

Remote Access by Design - Secure Access Service Edge (SASE)

A SASE platform has a multitenant WAN backbone built from globally dispersed points of presence (PoPs) that are fully meshed, creating a private and optimised global overlay. Edge resources — including physical locations, cloud datacenters, and remote users — establish secure tunnels to the nearest PoPs using IPsec or DTLS. Cloud applications are accessed by routing traffic to the closest PoP as measured by latency and loss.

The SASE’s cloud network is a full replacement for traditional VPN solutions. By running mobile client or with clientless browser access, the mobile device finds and connects to the nearest PoP. The user authenticates using multi-factor authentication. Once connected to the PoP, the user is part of the virtual enterprise WAN and can access any authorised application.

With its global, SLA-backed backbone, the SASE’s cloud network connects remote users to both physical and cloud datacenter resources anywhere in the world without the erraticness of the Internet middle mile. And since the IP ranges of both the physical datacenter and the cloud datacenters are visible on the WAN to authorised users, an optimal direct path can be calculated, avoiding tromboning. Gone are the chokepoints and backhauling that undermined mobile user performance.

Get a quick demo or a POC.

Get a Demo

Mobile Access

Comparison

High Performance and Secure Remote Working

Get a demo or a free POC. Book Time to Talk

Office

City Reach

5 Greenwich View

London

E14 9NN

Conversation

info@fortressas.com
+44 20 3858 0099