A few weeks back, Gartner analyst Bjarne Munch stated, “Internet and MPLS play an equally important role for enterprise connectivity. Network planners must establish a unified WAN with strong integration between these two networks to avoid performance problems.”[i]

So, why should IT move to a hybrid WAN architecture? What are the benefits?

#1 – Control Costs

Growth in bandwidth demand is overwhelming customer networks, particularly at the branch. IP traffic is expected to grow three times over the next five years due to video, cloud applications, rich media and data center centralization. At the same time, Nemertes’ 2014 WAN Best Practices and Success Factors report states that 60% of IT WAN budgets will remain flat or decline in 2015.

To keep costs down, many IT teams are planning to augment their WAN transport with Internet connections, such as business class Ethernet.  We are also seeing greater adoption of application optimization services that accelerates traffic or offloads the WAN. Cisco’s Intelligent WAN Advanced Services team has been working with dozens of customers on this journey, and the early results show cost savings of 30-50% from using Internet transport and app optimization. These strategies allow IT to keep pace with bandwidth demand without the need for additional budget.

#2 – Better SaaS Application Performance

Gartner forecasts that 80% of organizations will primarily use SaaS applications by 2018.[ii] Today, the majority of SaaS applications run over an expensive corporate WAN, only to get to the Internet.  The result? Further application delays and unnecessary costs.  And as SaaS becomes more attractive, the Internet edge will need move to the branch. Among our US and European customers surveyed, only 30% have direct Internet access from their remote offices today, but this will increase to 80% in the next two years.

Before all these customers open up their branches to the Internet, they need a scalable model for advanced threat defense. Cisco Cloud Web Security (CWS) with Advanced Malware Protection (AMP) allows IT to inspect traffic at the branch, so they can secure direct Internet connections without backhauling traffic to the servers at their main office.  With AMP, you can address the full attack continuum by blocking threats before they happen, as well as providing continuous analysis and retrospective visibility into places in the network that the threat may have traveled.

A great example of company harnessing the value of CWS is Richie Brothers Auctioneers, a company that runs auctions worldwide for high value industrial machinery, much of which is sold to customers online. Knowing that security and user experience were critical to their success, they were able to support guest traffic from across the world without compromising their corporate enterprise applications.

#3 – Greater Business Agility

There are many organizations that have to bring up and tear down remote sites on a frequent basis, including construction, entertainment, retail, etc. Fast-growing enterprises also need to get new offices up and running as soon as the lease is signed. As a result, IT feels tremendous pressure because no business wants to pay rent on a space with no productivity, waiting weeks or months to provision a leased line. But with a hybrid WAN architecture, IT has the flexibility to easily turn on 4G LTE connections immediately and keep the business moving forward.

Deploying and Managing Your Hybrid WAN

What are the most important considerations for building a hybrid WAN solution?


Simplify to a single routing and security domain

Whether an enterprise is moving to a new service provider or adding a new WAN connection, each of these elements creates greater operational complexity and requires IT to manage more branch configurations. Then, as IT implements changes, updates in one part of the network may cause a problem in another, unless you reduce the overall complexity.

Cisco addresses this challenge by proving a framework for IT to deliver a common operational model across all connections using Dynamic Multi-point VPN (DMVPN). This technology allows IT to build out a single virtualized WAN across all sites and to manage only one routing and security domain.

Enforce Application SLAs

Directing traffic across multiple connections can get overwhelming, especially with the growing number of applications that IT departments need to manage across their networks. Again, IT would need to continuously chase network updates as new application requirements are introduced from the business.

A second concern is getting full visibility into all network conditions, which goes beyond just knowing if the line is up or down. For example, the network should be able to know if traffic congestion will introduce too much latency or jitter for an important video application and then seamlessly move traffic to a better path in real-time.

To help customers drive traffic efficiently across the network and deliver a high quality experience, Cisco has dramatically simplified path selection with Performance Routing v3 (PfRv3). The latest release now provides an application-centric controller architecture where only the hub needs to be configured with application updates. In addition, PfRv3 recognizes over 1,200 applications and applies best practice policies that prioritize real-time and business-critical traffic – which of course can be customized by IT if needed.

Troubleshoot with Deep Visibility

In a Hybrid WAN, pinpointing the source of a problem may also be more complicated because traffic is moving across multiple connections and can change routes. This is a problem for IT because most application performance issues fall to the network team. IT needs deep visibility into every connection and hop in the network and the ability to see application-level data. However, getting that visibility can be cumbersome and expensive, especially when using probes.

Application Visibility and Control (AVC) is a technology that is integrated into Cisco routers and switches. This integration provides a significant advantage because IT no longer needs to deploy probes. In fact, this approach makes visibility pervasive, since it is integrated in the network infrastructure and can collect the information and provide real-time critical reporting. Using features like Cisco’s Mediatrace with the LiveAction management console, a network manager can run a hop-by-hop analysis with deep network visibility to pinpoint issues in minutes.

Engineers at HDR confirmed the criticality of AVC: “If we can’t monitor and troubleshoot network operations moment by moment, we can’t guarantee the delivery and performance of the applications that are critical to the company’s success.”

Power Your Hybrid WAN with Advanced Network Services

As Gartner analyst, Bjarne Munch highlights, “The Internet is a permanent and integral part of Enterprise WANs.” Internet, along with 4G LTE, offers enterprises the ability to lower costs, meet time to market demands, and efficiently deliver applications.

But to successfully move to a hybrid WAN architecture, network engineers must address the performance, reliability and security challenges that go along with it. The advanced network services of the Cisco Intelligent WAN not only allow customers to efficiently resolve those issues, but to do it on an all-in-one platform with IT simplicity.

Learn more at http://cisco.com/go/iwan

[i] Gartner, Hybrid Will Be the New Normal for Next Generation Enterprise WAN, 2 September 2014. G00266397

[ii] Gartner, Forecast Overview: Public Cloud Services, Worldwide. 09 September 2014. G00261926


Raakhee Mistry

Senior Director

EN & Cloud Marketing