Safe Enough for Government Work? Bringing in the Internet as Part of UK Hybrid Networks
February 22, 2017 Leave a comment
• The UK Government Digital Services (GDS) statements about moving to the Internet may be over ambitious, but they are not wholly wrong.
• SD-WAN is making the Internet a more viable and better-performing WAN alternative.
Internet connectivity has been an accepted part of hybrid WAN infrastructure for a while, but traditionally this has focussed on remote/home workers and small branch offices or retail stores. However, the public Internet is becoming a more mainstream connectivity medium. A big indicator of this shift is the UK GDS announcing that it intends to kill off the Public Services Network (PSN) ‘network of networks’ programme in favour of public Internet services. GDS has been lukewarm on PSN for a while now so the announcement is not a wholly unexpected shock. However, the seemingly open-armed embrace of Internet connectivity is more surprising, particularly for a public sector body where the data held is both sensitive and politically charged. Is this announcement a watershed moment or an overly ambitious/foolhardy move?
Overlay and tunnelling services such as IPsec are now well established and underline that traffic traversing Internet can be secured. IPsec can be used over the public Internet from the nearest MPLS edge PoP to the customer’s premises, but this does not necessarily deliver significant cost savings. More fundamentally, IPsec VPNs do not offer the scalability or suitability for business or organisations (e.g. local government) with a high number of premises. The point-to-point functionality of IPsec tunnels means that although a hub-spoke model can be deployed, it is difficult to support multipoint services. SD-WAN is taking overlay technology to the next level and in an application-centric world it offers a level of granular control that is required to ensure application performance. When it comes to supporting business services over the public Internet, SD-WAN’s importance should not be underestimated. SD-WAN offers application visibility and control, and dynamic access path control across heterogeneous access types, including private and public networks, that has previously not been easily available. 2017 looks set to be a year of SD-WAN launches and Global Data has recently produced a brief buyer’s guide for SDN which can be found here: SD-WAN Buyer’s Guide: A Summary of Potential Technical Benefits.
So is GDS right? Is it safe to make a wholesale move to the Internet? A quick answer is no. It is not yet clear what the GDS’ vision is for wholesale replacement of private MPLS VPNs with public Internet VPNs. But the idea is also not necessarily crazy and it does begin a conversation that is worth having. Public Internet access is a valid choice for smaller offices without high bandwidth demands. For larger offices, a hybrid WAN that mixes MPLS and Internet access, with or without SD-WAN, means that more traffic can be diverted via the Internet over time. The cost saving potential is real, and the technology is reaching a situation where performance can be more closely maintained and monitored. The GDS’ confidence also underlines that with modern encryption and tunneling technologies, most data should be safe over a public Internet connection.