In the first of a series of articles highlighting where tech is failing to make the grade, Galeal Zino, CEO at NetFoundry, sets his sights on SD-WAN. Can the much-vaunted networking tech bridge the growing divide between networking and application needs?
SD-WAN does its job – it connects WAN sites to other WAN sites extremely well. So, why are there increasing concerns about SD-WAN, namely security problems, higher than expected costs and complexity?
Companies such as Netflix and Walmart can deploy code thousands of times per day. Thousands of times per day! How can we accurately update our network configurations and firewalls thousands of times per day? How can we instantly provision private circuits and SD-WAN CPE from IoT to cloud, and everything in between?
This is the mismatch. We are moving towards agile, cloud-native, DevOps automated continuous development and deployment, while the network still relies on manual configurations, siloed, separated groups and slow provisioning processes.
We need to run our apps anywhere– across Internet, edges, clouds, service meshes, mobile user and IoT devices — in a programmable, automated manner. We need to enable developers and apps to programmatically define the networking and security they need. We need ‘Connectivity-as-Code’.
Connectivity-as-Code is the natural next step after the success of Infrastructure-as-Code (IaC). Just as IaC relieves developers from underlying infrastructure considerations (e.g. bare metal, virtualised or containerised), Connectivity-as-Code abstracts developers, DevOps and cloud architects from underlying networks (Internet, SD-WAN, MPLS-WAN). Just as IaC addressed speed and agility (enabling continuous deployment), reduced costs and decreased the security risks of manual configurations, Connectivity-as-Code will enable developers to automate the deployment of secure-by-design apps, without requiring expensive hardware, circuits or VPNs.
In a nutshell, Connectivity-as-Code helps underlying networks (such as SD-WANs) avoid falling short of expectations. The WAN focuses on its job — connecting sites — while the apps become inherently secure, reliable and automated over any WAN or Internet connection.
The emergence of DevSecOps
Just as Connectivity-as-Code is the follow-up to Infrastructure-as-Code, DevSecOps is the follow-up to DevOps. In the words of Red Hat, DevSecOps focuses on thinking about application and infrastructure security from the start of the dev process.
To enable DevSecOps architectures, we need Connectivity-as-Code and application-specific networking to enable developers, administrators and architects to programmatically define the networking and security they need from the start. Connectivity becomes part of the solution, rather than causing deployment and delivery cycles to rewind back to the long cycles of monolithic applications, private data centres and firewall rules.