How to Avoid China VPN Crackdown and What Corporations With Branches in China Must Do…

According to China Ministry of Industry and Information Technology announcement, companies and individuals who are using VPN in order to communicate outside of China, will be blocked starting April 1st 2018.*

Organizations who use the internet to connect with their Chinese offices should be deeply concerned by that announcement. Starting this April, branches in China will no longer be able to communicate outside of China within their private secured corporate network (VPN).

What are the options to overcome this VPN crackdown ?

there are 3 options to overcome this issue :
  1. Order an MPLS link from your branch office to your corporate. This solution takes much time and resources to fulfill and may not be optimal for most organizations who are not well prepared for it in advance.
  2.  Register your VPN with the authorized telecom provider. Problems shall occur since the process of legitimately registering with Chinese telecom companies has yet to take shape, in addition to the fact that corporate traffic shall be monitored by the Chinese authorities
  3. Use Internet Binat and Aryaka private network to bypass the traffic directly and securely to your headquarter or main office in just a few days. 

Choosing the best solution possible 

Option 1 (MPLS) involves 3 to 6 months for the installation of a line.
Option 2 is unclear due to bureaucracy and lack of industry standards and also not ideal in terms of corporate Information Security (tough encrypted)
Option 3 is the best way to go and the ONLY REAL SOLUTION for your global communication in and outside of China. With our communication junctions located in China and connected with dedicated fiber links, we are able to connect any China branch to your head office (or vice versa) in a secure and stable way. The only requirement on your side is an internet connection on both ends.
Keep your corporate secrets safe and work with your China branch Contact us and receive all the information and tools to help you overcome China’s VPN crackdown.

*

About the author:
Internet Binat provides communication and information security services to the business sector. Our services include internet access, information security, communication infrastructure administration, WAN networks and server hosting in Israel and abroad.

Does it Make Sense to Trust your Email Hosting Provider’s Security?

With more and more organizations adopting cloud services such as Gmail Mail and Microsoft Office 365, migrating their mailbox hosting to the cloud, a common dilemma CISOs face is whether to put all the eggs in one basket”, and trust the hosting provider to protect the mailboxes as well. Most organizational cloud email providers are suited with basic security features, but what about when we REALLY need to make sure our emails are completely safe?
Despite being market-leading players, common cloud service providers seem to fail to secure mailboxes efficiently. Since hosting providers are a main target for hackers, they Lack the ability to provide complementary features which will guarantee Full Encryption and total protection against outside threats along with accessibility from within the organization. Here are some important considerations to keep in mind when keeping our organization’s email safe: 
  1. Common providers allow the option for hackers to easily obtain a testing” mailbox. through it, they will attempt to run malware against the protection engines until eventually it succeeds to breach through into your personal inbox. From there the way to millions of inboxes is very short.
  1. Large email providers are the primary ideal target for hackers. Hackers have more motivation creating malware which is relevant for and capable of infecting as many mailboxes as possible. Breaching through large providers defense would be the most rewarding, thus the preferred target for hackers. In other words phishing Hosting Providers is simply fishing where the fish are!
  1. Hosting providers offer various services for their clients. While getting hands on an email account and the contacts it contains may be a nice trophy, Credential Harvesting is most rewarding when it grants access not only to the mailbox, but also to other corporate resources and assets associated with the same Hosting or Cloud Provider.
  1. With so many subscribers, false positives may turn to be catastrophic. Large providers tend to tweak security filters very carefully trying to avoid false-positives. This could potentially come at the cost of security preferring false negatives (and passing potentially malicious content),  over false positives, thus exposing the organization to more security risks.
  1. Enterprise Email Hosting requires great capability in terms of managing parallel sessions of users withing the platform. When a huge number of subscribers ask to sandbox attachments at the same time, Performance may become a serious issue . In such cases, security scanning may take a lot of time, sometimes even up to an hour.
  1. Large providers tend to offer slow and complex interface logging and alerts which normally requires additional subscriptions for extra information and further auditing. This is a big problem when IT resources are limited, or when IT is flooded with various products and interfaces accessed on a regular basis.
  1. Another great value missing among large providers, is the ennoblement to provide insight into both the attack and the attacker to make it easier to prioritize alerts and respond to threats.
  1. Large Hosting Providers do not consistently investigate security incidents. Thus, they don’t offer the same security standard as Intelligence security providers do. It is essential for enterprises to posses a security service which is provided by an Intelligence company, fueled by knowledge of security experts, daily investigating the business world’s breaches and hacks.
No protection is a 100% bulletproof in the cyber world, however the more layers we add to security, the lower the chances of malicious content passing through. 3rd party security services offer great value for enterprises, both when it comes to operational cost savings and in adding another layer of security. Normally, using feeds from various vendors, these providers are capable of spotting known threats at much higher rates, and identifying unknown threats by sandboxing in an isolated environment.
About the author:
Internet Binat provides communication and information security services to the business sector. Our services include internet access, information security, communication infrastructure administration, WAN networks and server hosting in Israel and abroad.

Why CSO must consider moving security to the cloud?

In today’s reality, Chief Security Officer, or CSO, is quite a frustrating job. You are always in a position to defend organization resources from ever growing threats, preventing the next attack or data leak and Identifying theft or a Virus which may encrypt corporate data.

Dealing with such challenges is even more complex when users and apps move more and more outside traditional security and perimeters, with the ever growing number of security devices, countless types of software integrated in data centers, limited IT staff… and with the capital investments that all of the above incorporate you get the toughness of CSOs daily challenge.

This reality is forcing CSOs to reconsider alternative solutions in order to accommodate to these challenges. Corporate IT must now face a crossroad in which the traditional way of thinking is less and less relevant, and a new approach to Security in Cloud-oriented environments is required in order to face the new challenges within the corporate resources and capabilities.

Implementing Corporate Cloud Security Solutions

Corporate IT is responsible for the safety of corporation data. It cannot ignore even the slightest potential breach and must be able to achieve the following goals with a comprehensive solution for cloud security, which shall include the following features:

  1. Perform at scale with limited or no IT human resources.
  2. Protect corporate resources residing both in the organization perimeter and the cloud.
  3. Enforce security 24/7 and alert regarding security issues around the clock.
  4. Protect the corporation periodically with up-to-date security updates.
  5. Easy to maintain and most importantly obviate the need for security boxes updates and replacements.
  6. Effortlessly Scalable.
  7. Congest security solutions into a single pane of glass.
  8. Protect corporate users no matter their location or the type of device they use.
  9. Achieve high performance for internal applications both on-perm or in cloud.

When planning business security strategies, all considerations are to be observed. It is crucial taking into account the ability to efficiently maintain and operate the strategy, in a way which would achieve the set goals on a day to day basis, with the IT resources available.


Internet Binat provides communication and information security services to the business sector. Our services include internet access, information security, communication infrastructure administration, WAN networks and server hosting in Israel and abroad.

What does the new Chinese VPN ban mean to corporate IT?

What is VPN and why it is used?

Many organizations that have remote sites or/and mobile users in China, uses IPSEC-VPN or SSL-VPN over the internet. This way of connectivity is very common way to connect mobile users or/and remote sites in a secure way to the corporate resources, located at the main office/data center or as a cloud services.

What’s the reason behind Chinese authorities to ban VPN use?

The reason for this step, is to prevent Chinese citizens to access unauthorized access to websites outside of China, using VPN technology.

This new ban is about to be implemented starting February 2018 but some of our customers who works from China, indicates that they already started facing issues with their VPN from the remote sites and mobile users.

What are the other methods that can be used to fix this issue?

Traditionally this problem was solved by using an MPLS connectivity to connect a specific remote site to the corporate network.

However there are some issues with this kind of solution:

  1. Time to implement .This kind of solution takes around 6 to 1 2 month to implement (depend on the remote site location).
  2. No flexibility. It take long time to upgrade the speed or change the connectivity end location.
  3. 0 agility and elasticity.
  4. Doesn’t support cloud connectivity.
  5. No redundancy

Is there a way to solve the VPN issues and gain all the benefits of using the flexibility the internet is giving us in China?

The specific situation where old technology (like the one I described) doesn’t give answer to the new challenges require organizations to adopt new technologies that can Handel all the requirements with ease .

Since 2009, Aryaka networks built a ground breaking technology based on a private network, that allows companies to have a stable and redundant secured connectivity with traffic optimization and acceleration worldwide as a service module that also provide a bullet proof service that solves the problem with the Chinese VPN ban instantly and without compromising the corporate security policy.

Want to hear more about our services? Please contact us and we will be happy to provide with  more details.

Executing Security at Scale

Raise your hand if you’re not using part or all of these technologies:

    • NGFW
    • URL Filter
    • Antivirus
    • Sandbox
    • VPN

…Pretty much all of us, right? Now raise your hand if you are decrypting SSL/TLS outbound.

SSL/TLS has skyrocketed in the past few years and will continue to grow. If you aren’t decrypting SSL/TLS you have to ask yourself, what good is my NGFW, Antivirus, etc if I am completely blind to this traffic? The answer is simple, it isn’t good, in fact it’s terrible. You are bound by the constraints of legacy security, source/destination and ports. It’s like locking a screen door. It will keep the flies out but it won’t stop any real threats.

Certainly all of your legacy security vendors will tell you that they can decrypt SSL/TLS but it comes at a significant cost to you.

So what does that mean to you? Time to refresh all of your gear but this time you need to buy bigger boxes.  Just go to the business, request a huge Capex, ask for professional services, training, and new head count. Piece of cake right?

That is the old way of thinking and for many of us, that was our reality for the past decade. The business is changing how we do security and we must align to these objectives:

Fast Response Time

  • Higher productivity
  • Prioritize business apps
  • Empower users to use cloud apps

Reduced Risk

  • Secure all users, on all devices, everywhere
  • Consistent policy and protection
  • Always up-to-date

IT Simplification

  • Consolidate point products and simply IT
  • Cloud-enabled network
  • Rapid deployment

Traditional security doesn’t meet today’s business needs and demands.  ask yourself, what level of effort and cost are you willing to accept to do this yourself with legacy security appliances? Is this something that you can do in the next 6, 12, 18, or 24 months?

The best solution is getting an holistic and transparent service from cloud security providers. Maybe it’s time to look at cloud security company that has already done the heavy lifting and proven themselves with over 16 million users.

If you want to learn more on a better way to handle security, please contact us

Starting 2018: no more VPN in China

The Chinese government has issued a statement announcing that, as part of tightening censorship policy in the country, the access to most of the global internet will be blocked very soon. The government has ordered local, state-owned, telecommunications companies – China Mobile, China Unicom and China Telecom – to block the VPN access to the net, effective from February, 2018.

The censorship in China

Although Chinese government officials often strongly deny this, China is infamously known as a country that censors the internet and blocks access to thousands of popular international websites, including Google and social networks, like Facebook, Instagram and Twitter. This censorship policy has received the name “The Great Firewall of China”.

In this way, the government manages to control the news’ content and public opinion, while preventing criticism of the Communist regime in the country. For example, while student protests against the communist regime in Tiananmen Square in 1989 and protestors demand for democratic reforms in the country, are commonly known all over the world, in China itself, it is almost impossible to find any references to these events on the internet.

However, millions of people in China have so far managed to circumvent censorship restrictions by using VPNs, thus gaining access to all the forbidden websites in China, without this being brought to the attention of the authorities. Although the Chinese government is aware of this matter, it is impossible to know the identity of VPN users and what information they send or receive.

Recently, opponents of the government who are not able to publish information inside China, have started to release it on websites outside of the country, thanks to VPNs that allow them to bring information back to the Chinese citizens. By doing this, they have succeeded in causing harm to the public opinion about the existing regime in China. In light of this situation comes the recent announcement regarding the total ban of the VPNs all over China.

What is a VPN?

Virtual Private Network (VPN)  allows anyone to access the internet securely without their ISP being exposed to the information they send and receive.

VPN browsing has several advantages, among them, the ability to browse privately without revealing details about the nature of the activity on the various websites, concealment of the exact geographic location (for example, browsing from one country with another country’s address), protection against bugs or hacking of information systems, and downloading files without anyone knowing the identity of the person who is downloading them.

VPN browsing has a number of disadvantages as well, such as some decrease in browsing speed (due to the fact that the VPN functions as an additional server through which the data must pass); certain risks to the privacy of user’s personal information when browsing the web via a free VPN service provider.

That is why one should choose a trustworthy and reliable service provider.

VPNs are typically used by companies and individuals who are interested in keeping their information private from external parties (such as internet providers or hackers), and in particular in China, internet is actually the only way Chinese people can obtain objective information of what is happening in the world.

And now, apparently, this freedom of information in China is about to end.

Who will be affected by this move?

First and foremost, Chinese residents and opponents of the government will be the ones to be harmed, as they no longer will be able to use VPNs to connect to the world’s leading websites, to release information or to access it. Meaning, the only information that Chinese people can be exposed to will be that which is approved by Chinese censors.

In addition, the move will harm Chinese academics as they will not be able to access foreign journals or contact their colleagues around the world. Furthermore, foreign businesses based in China will not be able to use VPNs to communicate with their branches or headquarters in other countries, and their ability to secure their information will also be impaired.

Is there a solution?

The answer is yes.

Internet Binat offers a number of advanced solutions designed for international companies in different fields of business activity and provides solutions to a variety of challenges, including the one currently forming in China.

For additional information:


What if your MPLS could:

  • Be deployed in hours or days through one single provider?
  • Provide seamless access to cloud and SaaS applications, along with private connectivity to the branch office or data center?
  • Include WAN Optimization within the network, so that applications run faster and save on bandwidth over the network?

You would be able then to:

Unfortunately, your MPLS can’t.

MPLS is difficult to deploy and has no flexibility. Trying to establish an MPLS link at a branch office can take months. And if you already have an established connection at your current location, but intend to move offices, you’re talking about long project times to receive the same level of connectivity. This problem gets compounded as your business expands globally, as there is no single global MPLS vendor.

MPLS cannot access cloud-based and SaaS applications. As global enterprises move their data and applications to cloud and SaaS environments, MPLS becomes obsolete. MPLS links are designed to connect into direct locations, not the cloud. Therefore, businesses are forced to work around these issues by backhauling cloud and SaaS applications through the data center. Unfortunately, this does not provide the reliability and performance end-users require to be productive.

MPLS does not include WAN Optimization. In order to achieve some consistent application performance through MPLS, WAN Optimization appliances are necessary at the edge of each network. This, in turn, adds additional investments in the form of hardware purchases and the IT resources needed to maintain them.


If you could software define MPLS, here is what it would look like:

  • You could deploy a private and secure network in a matter of days, and it could be scaled in minutes, with no capital expenditure.
  • You could enable users to access cloud-based and SaaS applications with the same consistency as the data in their branch offices.
  • You could layer additional networking technology within the network to simplify the infrastructure, provide faster performance, and offer complete network and application visibility.

And if MPLS were being designed today. Here are the components it would have:

  • A Global Private Network: This would bypass the public Internet to provide MPLS-grade connectivity to deliver a consistent and reliable user experience. One single private network would also relieve an enterprise from having to manage MPLS contracts from tens of providers to create their network.
  • WAN Optimization: This would speed up application performance for end users around the world and reduce the bandwidth used throughout the network.
  • SD-WAN functionality: This provides more efficient path selection through the network along with reducing complexity and cost of the WAN as a whole.
  • Cloud/SaaS Connectivity: The network would be able to integrate these applications into the network, providing faster and more efficient access compared to legacy networks.
  • Speed of Deployment: Businesses could setup their enterprise WAN as fast as they could log onto the Internet.

And that’s what Aryaka has done. We’ve done the equivalent of software-defining MPLS and have been providing it as a service for nearly a decade. As a result, Aryaka’s global SD-WAN provides flexibility, reliability, application performance, and SaaS connectivity with the click of a button.


Aryaka’s global SD-WAN was designed from the beginning to provide globally distributed enterprises fast, reliable, secure, and scalable connectivity, while also enabling users to achieve cloud-based and SaaS application acceleration from remote geographies around the world. Our focus has always been to deliver MPLS-grade connectivity in a software-defined infrastructure, that can deploy new sites and bandwidth in hours. Because we care about our customers’ performance, we provide best-in-class support to ensure they’re up and running no matter where they are in the world.


What do the numbers 4000 and 1100 have to do with your enterprise WAN?

Those are the number of layoffs taking place at British Telecom and Cisco. Along with a big layoff at Riverbed (a WAN Optimization company) just a few years ago, these layoffs are a sign of the turning tide against MPLS, which may still be the foundation of your enterprise connectivity.


MPLS is dying a slow death. It’s a slow death because cloud adoption is speeding up. While MPLS remains the most widely-used secure connectivity solution at the enterprise level, it offers little to no connectivity solutions to applications hosted in the cloud.

Last year, traffic over the enterprise WAN grew by 200% – and 50% of that traffic was generated by cloud platforms and SaaS applications. This was especially pronounced in the Asia-Pacific region, which grew by 250%, where US- and EMEA-based businesses are now expanding globally, and more APAC-based businesses are cropping up as well.

According to the 2017 State of the WAN Report, enterprise WAN traffic grew by an average 200% worldwide.

In addition, bandwidth consumption is at an all-time high, and shows no sign of stopping. In order to compensate for the growth in traffic, as well as solve for issues like packet loss, which can occur when there is congestion across a link, enterprises are investing in larger and larger links.

Legacy solutions like MPLS, however, can’t keep up. It is slow to deploy and scale, meaning that larger links take weeks or months to spin up. MPLS also can’t provide cloud/SaaS connectivity without workarounds, like backhauling (which, incidentally, degrades the quality of the connection and requires more workarounds, like WAN Optimization).

Solutions like Aryaka, which deliver SD-WAN and WAN Optimization built into a purpose-built global private network, have provided the first steps toward an end to the dependency on MPLS by creating a true full replacement to the outdated legacy model.

These layoffs signal the beginning of the end – if the solution no longer serves the needs of the enterprise, why keep investing your IT budget and resources in it?


As MPLS becomes less and less viable as an option for global connectivity, business leaders will turn to network admins for their expertise and guidance on what next to implement. Admins with the training and support in implementing and maintaining next-generation networking have the opportunity to leverage this expertise to grow in their roles and with the company.

Those who continue to push for and lean on legacy technologies because they’re simply “the way things have always been done,” will find that they must play catch-up in terms of industry knowledge and applicable skills once MPLS fully sunsets.

Industry knowledge is leaning toward applications over networks. Cloud computing has become an industry standard. With MPLS out of the picture, networks delivered as a service will become more ubiquitous, meaning that admins will have to spend less time with support tickets relating to speed and performance on the network itself. Instead, as enterprises shift their business- and mission-critical applications into virtual deployments, admins will spend more time optimizing the deployment and delivery of these as-a-service platforms and programs.

All of this supposes, of course, that a next generation solution can take over where MPLS left off – which is exactly what Aryaka’s global SD-WAN does.


Aryaka Global SD-WAN

Aryaka provides everything both IT leaders and their enterprises need to succeed in the fast-approaching future of networking. Although, from the way in which the SD-WAN market is taking off, the future of networking appears to already be here.)

With a purpose-built WAN delivered as a service, Aryaka provides global enterprises with a software-defined MPLS replacement built on 28 points of presence located within 30 ms of 95% of the world’s business users.

Built into that WAN are SD-WAN and WAN Optimization, so there is no CapEx and no additional management required. Aryaka also provides 24/7 support for the network, freeing up network admins to focus on the skills and tasks that matter to their careers: application management. Aryaka makes that even easier by providing up to 40x improvement of application performance.


How big is the SD-WAN market, really? It depends on whom you ask:

  • IDC also speculates that, based on U.S. survey data, nearly half of all enterprises will be considering a migration to SD-WAN next year, while Gartner sees only 25% of enterprises adopting it in the next two years.

Why such vastly different valuations of the same market? Perhaps because no one really agrees on how to define SD-WAN or who needs to use it.


In theory, SD-WAN is what its name suggests: a way of software-defining the enterprise WAN, as opposed to the traditional hardware-centric model.

SD-WAN is a response to the shift in business application architecture from the data center to the cloud, allowing enterprises to connect their end-users in a safe and reliable way to their third-party cloud platforms and SaaS applications.

However, SD-WAN isn’t, in most cases, as simple as just a software-defined on-ramp to a private network – it comprises both hardware and software, and the methods in which it is delivered and by which it performs differ from company to company.

The large number estimated by Research and Markets included:

“SD-WAN hardware that includes appliances and routers, SD-WAN software that includes orchestrators, gateways, cloud routers and firewalls, dashboards, management systems among others, and SD-WAN services that includes Service Provider Managed SD-WAN services and Cloud Managed SD-WAN services.”

The Gartner report details sixteen different vendors, and no two are exactly alike. Some offer overlay and others in-net, there are both regional and global SD-WAN, and you can pay for a managed service or provision the extra resources to do it yourself. So how are you to make heads or tails of which solution is right for you?


One of the reasons why P&S Market Research, Research and Markets, and IDC may see such a high market valuation for SD-WAN is the amount of hardware you might need to purchase to manage your service. Most SD-WAN sit at the edge and require some hardware for deployment.

As Gartner writes:

“Many SD-WAN deployments today haven’t actually replaced traditional routers; they’ve supplemented them for a variety of reasons, including risk aversion and lack of support for legacy T1/E1 interfaces.”

These edge-based SD-WAN are considered “overlay” SD-WAN, where they function as a routing devices between your MPLS and the public Internet. Overlay SD-WAN is location-independent and makes connectivity more interchangeable, while optimizing the last mile.

However, because some SD-WAN following this model do not replace the router but add a box, your budget may need to expand to accommodate the hardware and its maintenance and monitoring. The same applies if Ethernet is not available.

An OpEx model may not be an option, and the system must be managed by the IT team.

In-net SD-WAN, on the other hand, while less common, can offer more flexibility. In-net SD-WAN covers the middle mile, and it can be delivered through what Gartner calls a “cloud-based OTT” model or provide appliances for additional functionality at the edge.

The in-net model, because it provides its own WAN and allows organizations to subscribe to use the WAN as-a-service, can optimize the middle mile for Internet connected sites globally, and new functionalities can be delivered via cloud, without asking users to upgrade hardware.

The only drawbacks for this model appear if the IT team prefers a DIY “construct” model for their WAN, as opposed to a “consume” model, where the network is delivered as-a-service.



Most SD-WAN can still only support regional deployments because they rely only on the Internet and don’t include custom-built private networks for fast cloud and SaaS connectivity. Although it can reduce network complexity and lower network costs at a branch office by replacing regional MPLS through aggregate Internet links, SD-WAN at the edge does not optimize traffic over the middle mile.

And when offices are collaborating and communicating in real-time, or attempting to connect to applications housed in other geographies, regional SD-WAN presents a real latency challenge.

For an SD-WAN to fully tackle those challenges on a global scale, it must leverage a private network that is layered over the Internet to accelerate data and application performance. In that way, the SD-WAN can replace MPLS by combining a private network in the middle mile and Internet at the edge, while still providing MPLS-grade connectivity in all geographies where business is conducted, delivered via privately owned and maintained points of presence (POPs).

Regional SD-WAN can serve the needs of businesses with branch offices that don’t cross oceans or users that work from remote geographies; however, global enterprises or enterprises that have the potential to scale should consider a global SD-WAN solution to maximize application performance and data transfer anywhere in the world.


As I mentioned earlier, some IT departments prefer to construct their own network, as opposed to consume a ready-made model.

Even in a DIY situation, WAN management software from DIY SD-WAN vendors can make the orchestration of network services easier at the branch; however, the IT department then must deal with multiple vendors and contracts. In this case, the management of these networks becomes resource-intensive, and integration of new branch offices or links can become a hassle, especially when dealing with large global network scenarios.

In the as-a-service or cloud-based OTT model, the solution is fully integrated. WAN management is taken care of by the as-a-Service SD-WAN provider, freeing up IT resources and budget for other projects.

While the consume model is not for every enterprise, some SD-WAN providers make it possible to customize the services delivered to meet the needs of the purchasing organization in order to best meet their needs with a complete solution.


In the end, it doesn’t matter if the solutions available don’t fit your needs.

As a global enterprise looking to maximize your investment, free up IT resources, and improve application performance throughout the whole network and not just at the edge, the best bet is to work with a global SD-WAN provider with a private WAN.


Aryaka’s global SD-WAN delivers the application performance requirements for today’s cloud and SaaS environments to enterprises with a worldwide presence. Our MPLS-grade global private network was built with full-mesh connectivity on 28 points of presence (PoPs) on all six habitable continents and layered with WAN Optimization, creating an MPLS-grade global private network that accelerates application performance and practically eliminates congestion and packet loss.

Aryaka’s global SD-WAN is also delivered as a service, so you don’t have to buy, configure, deploy, or maintain expensive WAN Optimization boxes in every single location. This approach delivers cloud and SaaS applications to global end-users as if those applications were living in the local corporate data center and can be deployed in a matter of hours, instead of months or years.


SD-WANs are reinvigorating the WAN landscape.  The focus is shifting away from businesses layering additional services, like WAN Optimization, on top of their older, high-cost MPLS to adding multiple and disparate types of WAN links that are more robust at a lower cost.

Enterprises are adopting this new Hybrid WAN strategy in order to keep up with trends like globalization, cloud computing, and mobility. And SD-WAN is a major component that is helping to further the adoption of this rapidly-evolving infrastructure.


The WAN has become key for multinational businesses to connect overseas workers with centralized applications. Traditionally, an enterprise utilized MPLS to connect remote offices, and then added WAN Optimization appliances to make the most of those expensive private connections.

However, applications and network infrastructure no longer reside at a company headquarters or data center; they are increasingly being provided to businesses in the form of a cloud platform or infrastructure-as-a-service. And, these days, enterprises must do more than provide connectivity between distant global offices. They must also deliver reliable application performance from newer cloud or outsourced data center offerings to remote and mobile workers, contractors, and even global business partners.

Moving resources to the cloud complicates application delivery, since it’s just not feasible to run MPLS connections to each and every cloud data center you rely on. Even if the costs were not prohibitive (which they are), the lack of flexibility in this approach flies in the face of today’s agile business movement. MPLS contracts tend to extend for years. Plus, it can take months to deploy to a new location, even for something simple as relocating an office to a building across the street.

That is why most organizations today are relying more on the public Internet to access their cloud applications. The obvious concern for a business with this approach is that the public Internet is plagued by instability and congestion. Dropped packets, latency, and jitter all undermine application performance. When knowledge workers, who have become accustomed to using their applications at LAN speeds, experience delays from poor long-haul WAN connections, business productivity takes a major hit, and I.T. managers get complaints.

This is why many organizations are beginning to focus strategically on developing a “Hybrid WAN” approach – some combination of MPLS and the Internet.


Generally, SD-WAN technology provides the enterprise WAN with better path selection and control. But another aspect of a few SD-WAN technologies today is WAN Optimization. Because WAN Optimization helps enterprises save bandwidth and improve application performance over a single WAN link, it is often used with MPLS to reduce bandwidth requirements. If you are going to pay a premium for MPLS, you’d better get the most of it.

However, the feature sets of today’s SD-WAN products vary greatly from vendor to vendor. Most promise to utilize and manage multiple WAN links that include MPLS and the public Internet, allowing enterprises to load balance over those links, while also creating policies to prioritize certain types of traffic. Management is a key component, but application optimization may not be included, and large deployments can still be architecturally challenging.

A basic SD-WAN “hybrid” deployment might use multiple types of links, reserving the more expensive MPLS for something like video conferencing, which requires a higher quality stable connection, and then saving Internet links for lower priority or non-real time traffic.

But SD-WAN technology alone can’t provide the guaranteed service most enterprises require. While the Holy Grail of SD-WAN might be to allow businesses to reduce overall WAN operating costs by using cheaper underlying links for all of their WAN connectivity, the risk is currently too great for most businesses to go “all in.”  Pulling in the public Internet as a part of a hybrid WAN strategy makes sense, but relying only on the public Internet to provide reliable and stable long-haul WAN access to business-critical applications is potentially disastrous.


The Internet, by and large, is comprised of many competing companies, and the priority for each company is to protect their own traffic and their customers’ traffic. When traffic stays within a single provider’s network, it generally works pretty well. But if traffic crosses oceans and national borders, it will be handed off from one provider to another, each one seeking to dump traffic off at peering points in the middle as quickly as possible. This long-haul data relay race, with your traffic as the baton, is what we call the dreaded “middle mile”.

Now, it’s probably just not conceivable that one of these other large network companies might route their traffic at the expense of yours during a period of congestion…(Nawww, of course not!)  But this actually DOES happen, and is the reason many larger enterprises go the route of paying top dollar for MPLS in the first place.

For enterprises trying to connect their distributed global locations and business processes together across a WAN, this middle mile is emerging as a major enterprise bottleneck. And for enterprises attempting to incorporate a Voice (VoIP) or Video WAN strategy, a quality middle mile is an absolute requirement. Poor network conditions like packet loss, congestion, or jitter can reduce voice or video quality to the point of being unusable, and SD-WAN or WANOp technologies don’t have the ability to solve these issues.


With a hybrid WAN approach enabled by SD-WAN services, businesses no longer have to exclusively deploy expensive, higher bandwidth private WAN links to handle increasing traffic loads.

However, expensive, higher bandwidth private WAN links will still be a necessary part of a hybrid solution – and any hybrid WAN that re-routes traffic over the public Internet will still be subject to the problems discussed above. Not to mention that a hybrid approach will necessarily be complex and costly, requiring that IT construct this heterogenous WAN from various different vendors.

Instead of a hybrid WAN, what enterprises need is a homogenous WAN.

Aryaka’s global SD-WAN is designed to deliver any application, anywhere in the world up to 40x.

For example, Aryaka’s global SD-WAN solves the middle mile problems while reducing complexity and cost, because it is the middle mile. It provides an enterprise-grade global private network that has been purpose-built to accelerate applications over long distances, meaning it provides the stability and reliablilty of MPLS, but with the flexibility the public Internet. Since it has already been pre-built for the enterprise, it can be deployed in a matter of hours or days and consumed as a NaaS. Therefore, businesses no longer have to wait months for a stable connection like they used to for MPLS, nor do they have to cobble together a hybrid WAN from multiple vendors and manage all of the disparate pieces.

Aryaka’s services also include built-in network and application monitoring, so network managers can easily gain insight into traffic and reroute around problems quickly and easily.

With trends like virtualization and cloud already in the mainstream, applications and IT infrastructure have evolved dramatically over the past several years. Now, it’s time for the enterprise WAN to catch up. Hybrid WANs may look like a step in the right direction, but IT must consider the costs of implementing a “good enough” approach using yesterday’s technology over investing in a unified solution that can future-proof the WAN.