December 2017 · Reading time: 10 mins
Introduction
The cloud adoption wave of the late 2010s forced many enterprises to re-evaluate their network architecture, particularly the WAN. Traditional hub-and-spoke topologies struggled to support increasing demands for cloud applications. In this post, we explore WAN architecture strategies that aligned with cloud readiness initiatives during 2017 and beyond.
Legacy WAN Limitations in a Cloud-First World
Many enterprises in 2017 still relied heavily on MPLS backhauling all internet-bound traffic through central data centers. While this provided control and inspection, it introduced latency for cloud services like Office 365, Salesforce, and AWS-hosted apps. Users in branch offices experienced degraded performance, and IT teams wrestled with increasing complexity and cost.
Cloud-Native Traffic Patterns
Cloud services altered traffic patterns fundamentally. Instead of 80% of traffic flowing east-west inside the enterprise, now a significant portion was destined to public internet services. This shift demanded network designs that embraced local internet breakout, distributed security, and flexible transport options.
SD-WAN as a Catalyst
SD-WAN emerged as a powerful enabler of cloud-ready WAN transformation. It decoupled the control plane from hardware and allowed enterprises to leverage multiple underlay transport types: MPLS, broadband, LTE. Key features included:
- Application-aware routing
- Dynamic path selection
- Centralized orchestration
- Policy-based traffic engineering
Vendors like VeloCloud (VMware), Cisco (Viptela, Meraki), and Silver Peak offered solutions that aligned well with hybrid and multi-cloud needs.
Direct-to-Cloud Access Models
Instead of sending all SaaS traffic through HQ firewalls, organizations began deploying secure local internet breakout strategies. DNS-based filtering, cloud-hosted SWGs (e.g., Zscaler), and CASBs provided distributed policy enforcement. This reduced latency, improved user experience, and unburdened core WAN links.
Branch Architecture Adjustments
The branch evolved into a leaner, more agile node. With SD-WAN, firewalls, WAN optimization, and routing functions converged into a single platform. Zero-touch provisioning became a standard deployment requirement. In 2017, this concept—often referred to as the “thin branch”—gained traction across retail, finance, and education verticals.
Cloud Interconnect and WAN Gateways
Organizations with significant IaaS investments explored direct interconnects to public clouds via ExpressRoute (Azure), AWS Direct Connect, or Google Cloud Interconnect. These connections bypassed the internet entirely, offering SLA-backed performance, reduced jitter, and higher security posture.
Security Integration with WAN Strategy
By 2017, security teams worked closely with networking teams to integrate next-gen firewalling, IDS/IPS, and policy enforcement into WAN design. Concepts like SASE (Secure Access Service Edge) were emerging, promising tighter integration between networking and security via cloud-based delivery.
Vendor Landscape and Market Consolidation
The SD-WAN market in 2017 was rapidly consolidating. Cisco’s acquisition of Viptela, VMware’s of VeloCloud, and HPE’s purchase of Silver Peak (later) signaled strong enterprise demand. Selecting the right vendor became a matter of aligning architectural fit, manageability, cost, and security integration.
Best Practices for Cloud-Ready WAN Design
- Start with application traffic analysis to understand flows and priorities.
- Pilot SD-WAN in non-critical sites before full rollout.
- Ensure security controls align with distributed breakouts.
- Plan for cloud on-ramps near major SaaS/IaaS regions.
- Monitor post-deployment performance and user experience actively.
Conclusion
In 2017, the journey toward cloud readiness was no longer optional. WAN architectures had to evolve to support distributed applications, agile provisioning, and enhanced user experience. SD-WAN, direct-to-cloud access, and integrated security stood out as key elements in that transformation.