Why Best-In-Class Cloud Services Have Multiple Data Centers Worldwide

The cloud is a nebulous concept to most people, including IT professionals. It’s everywhere and nowhere — customers generally have no knowledge of or control over the location of the IT infrastructure that enables cloud services. Nevertheless, the physical location of cloud resources is critically important, which is why best-in-class cloud service providers have multiple production data centers around the world.

Geographic diversity greatly reduces the risk that a catastrophic event will cause downtime for customers. If a hurricane knocks out one data center on the U.S. East Coast, for example, customer requests can be redirected to alternate facilities. In choosing sites, service providers should look for data centers that are protected as much as possible against weather and seismic events. Geopolitical stability, the proximity of Internet backbone connections, and the availability of local IT resources and talent were also key considerations in the site selection process.

In addition to maximizing availability, geographic diversity brings cloud services closer to local customers. That maximizes performance by minimizing the latency created when data must travel long distances to remote data centers.

Security and regulatory compliance are enhanced by a network of global data centers. Best-in-class service providers select only hardened facilities with the highest levels of physical and logical security controls.

The European Union (EU) General Data Protection Regulation (GDPR) plays a role in the choice of data center facilities as well. The GDPR imposes strict requirements for the security and privacy of the personal data of EU citizens and favors the location of such data within the EU. By operating data centers in the EU, cloud providers can help their customers comply with the GDPR.

InSpeed Networks is first and foremost a cloud service provider. Our software-defined WAN (SD-WAN) solution consists of a small onsite appliance and a cloud instance. The appliance automatically connects to the InSpeed cloud, where patented technology begins monitoring and streamlining Internet traffic.

That’s why InSpeed has 15 production data centers around the world. In North America, our facilities are located in California, Texas, Virginia, Ohio, Florida and New Jersey, and Quebec, Canada. Our European data centers are located in London, Frankfurt and Paris. In the Asia-Pacific region, we have data centers in Tokyo, Seoul, Singapore, Sydney and Mumbai. On the horizon are future locations in the Philippines and Malaysia.

Customers may think of InSpeed as the small onsite appliance that connects them to the Internet. The appliance is tangible, and its location is known. But the real “magic” behind InSpeed Quality Service takes place in the cloud. While that might seem nebulous you can rest assured that we’ve made strategic decisions about the location of our cloud resources to ensure the availability and security of our service

InSpeed Networks Announces Global Expansion of Data Centers

Palo Alto, California, October 23, 2018 – InSpeed Networks, the technology leader in SD-WAN solutions for improving network performance, visibility and security announced today they have expanded their data center coverage to include global sites in Europe (London, Frankfurt and Paris) and Asia Pacific (Tokyo, Seoul, Singapore, and Mumbai). They will be adding data centers in Australia, the Philippines and Malaysia in 2019.

The expansion enhances InSpeed’s ability to better serve customers beyond their existing North American data centers in California, Texas, Virginia, Ohio, Florida, New Jersey and Quebec, by maximizing performance and reducing the risk of downtime.

InSpeed selected hardened facilities with the highest levels of physical and logical security controls, that are geopolitically stable, have nearby Internet backbone connections and that have on-site IT resources and talent. In the remote chance of a data center becoming unavailable, redirecting customers’ network traffic to an alternate site is an option.

“Each of these global data centers brings the InSpeed cloud closer to customers, improving performance by minimizing the latency created when data travels long distances,” said Michael Mansouri, Chairman and CEO of InSpeed Networks. “Also, we chose sites that are geographically diverse and less prone to natural disaster to reduce the risk that a catastrophic event will cause downtime for customers.”

Each data center that InSpeed utilizes holds certifications/attestations such as: ISO 27001, SOC 1, and SOC2 to provide third party verified assurance that they protect customer data and end user privacy as required by HIPAA, PCI DSS, GDPR, and United States state privacy laws.

The European Union (EU) General Data Protection Regulation (GDPR) also played a role in InSpeed’s choice of data center facilities as well. “We take security very seriously—InSpeed Quality Service was built with integrated security,” said Ed Basart, Chief Strategy Officer and Founder of InSpeed Networks. “The GDPR imposes strict requirements for the security and privacy of the personal data of EU citizens and favors the location of that data within the EU, so we made sure that the security at every site has been certified by independent assessors.”

 

About InSpeed Networks

InSpeed Networks, incorporated in April, 2015 by ShoreTel (SHOR) co-founder Ed Basart, delivers a simple, yet powerful SD-WAN solution specifically designed to address the service quality, performance and security demands of Voice over IP, videoconferencing and distributed business applications. The company’s technology leading SD-WAN solution ensures application network performance, security and visibility while reducing network bandwidth costs by up to 75%. For more information, visit www.inspeednetworks.com.

WHY SD-WAN REQUIRES STRONG, INTEGRATED SECURITY

When software-defined WAN (SD-WAN) technology first entered the market, it was primarily touted as means of reducing data transport costs, facilitating branch office connectivity and centralizing WAN management.

But it’s virtually impossible to separate network functionality from security. The WAN needs strong protection against Internet-borne threats, particularly when branch locations have direct Internet connectivity.

That’s why it’s critical to integrate strong security into the SD-WAN. In particular, the SD-WAN needs firewall functionality in order to inspect packets traveling across the network and either block or allow them based upon ports, protocols, IP addresses and other rules. This helps ensure that the traffic coming into the network is an appropriate response to an outbound request.

However, most SD-WAN products were not designed with security in mind. That means organizations must implement a third-party firewall or secure web gateway to protect the WAN. Problem is, you have to purchase, administer and support an additional appliance at each branch location. This increases cost, complexity and IT operational headaches.

With InSpeed’s SD-WAN solution, the local Internet connection is protected from external attack with firewall mechanisms based upon security best practices. Stateful packet filtering is performed both at the WAN interface on the InSpeed onsite appliance and in the InSpeed Quality Service (IQS) cloud instance. InSpeed also performs network address translation (NAT) at the IQS cloud instance, and provides local port forwarding with NAT.

In addition to prioritizing Interactive application traffic, IQS ensures that enterprise security policies are enforced over every WAN connection. InSpeed also provides DNS management, DHCP server and relay functionality, and load balancing and failover across multiple WAN links. InSpeed also helps ensure strong authentication and authorization for access to IQS configurations. Operational access to production infrastructure uses public key cryptography. Complex passwords are required for InSpeed portal accounts. and multifactor authentication can be used for privileged access.

IQS protects sensitive data through end-to-end encryption of all WAN traffic. It automatically establishes a secure VPN tunnel between the onsite appliance and the IQS cloud instance, creating a private network mesh connecting all locations.

The IQS cloud instance is located in a hardened data center with the highest levels of security. The IQS platform and third-party software components are continuously monitored for vulnerabilities and updated aggressively based upon risk.

In a recent research note, Gartner recommend that organizations use cloud-based Security-as-a-Service solutions to relieve some of the complexities and management headaches associated with securing direct Internet connections in remote locations. Because InSpeed is so simple to use and cost-efficient, it can be implemented in small offices and home offices. All sites can be managed from one centralized portal.

While SD-WAN facilitates the use of lower-cost connectivity, it also exposes remote offices and workers to Internet-borne threats. Because it’s difficult to manage multiple security appliances across branch locations, SD-WAN solutions should incorporate strong security. InSpeed Quality Service provides firewall functionality, strong authentication, encryption and other security features to reduce risk without operational complexity.

HOW SD-WAN CAN HELP ENHANCE CYBERSECURITY

Traditional security architectures focused primarily on protecting the network perimeter. Firewalls and other devices were used to create a defensive barrier between an organization’s secure internal network and the open Internet. While perimeter security is still critical it no longer provides adequate protection. The cloud, mobile and an increasingly distributed IT environment have created a “perimeter” that is porous and ill-defined.

Security risks have also increased due to shifts in wide-area network (WAN) connectivity. In the past, organizations would connect branch offices to headquarters using dedicated private lines or multiprotocol label switching (MPLS) services. Branch locations typically did not connect directly to the Internet. Instead, Internet traffic was backhauled over the WAN through headquarters, which had more robust defenses.

MPLS is reliable and secure but also extremely expensive. In addition, it’s not well-suited to today’s network traffic patterns, which emphasize Internet services, cloud-based applications and communication tools such as voice over IP (VoIP) and video conferencing. Backhauling Internet traffic creates latency that impacts the user experience. Direct local access to the Internet provides a better user experience at a much lower cost. However, the Internet is not reliable or secure.

The need to connect branch locations directly to the Internet is one of many factors driving the adoption of software-defined WAN (SD-WAN). SD-WAN makes it possible to mix multiple data transport services, including broadband Internet, to create a hybrid WAN. The “software-defined” component is a communications overlay and policy-based automation that selects the best path for WAN traffic based upon network conditions and application requirements. This helps to overcome the inherent unreliability of the Internet, enabling organizations to reduce WAN expenses significantly by taking advantage of more cost-efficient bandwidth.

But what about security? Doesn’t a direct Internet connection amplify security risks? Yes, but the right SD-WAN can help to enhance security across the distributed IT environment. Best-in-class SD-WAN solutions use standards-based authentication and encryption to protect data traveling over the Internet.

Security is a core component of InSpeed’s SD-WAN solution. InSpeed Quality Service (IQS) is a cloud-based controller that prioritizes network traffic, manages bandwidth and ensures that business policies are enforced over any connection. The InSpeed cloud instance is located in a hardened data center with the highest levels of security.

A small on-premises network appliance is installed in-line with a site’s WAN connections, sending all traffic over a secure VPN tunnel to the InSpeed cloud. Robust, end-to-end encryption gives added security to enterprise WAN traffic.

IQS makes it easy to set up a secure, private, site-to-site network mesh using broadband Internet connections. It provides the same level of security and reliability as a carrier circuit along with the Quality of Service (QoS) features that InSpeed is known for, as well as the critical components of a firewall that protect against external attacks—all included in our standard product. In addition, InSpeed minimizes the security risks associated with remote workers connecting to the corporate network. By integrating the remote user into the corporate WAN mesh, InSpeed secures the connection from a small office/home office to headquarters without the need for complex firewall configuration and management.

Firewalls and other perimeter defenses are still key elements of a layered security approach. However, cloud connectivity and the distributed nature of today’s IT environment means that data is traversing the Internet as well as private networks. IQS helps to protect that data while ensuring a high-quality user experience.

Does MPLS Still Have a Role to Play in the Modern Software-Defined WAN?

Hint: You Can Get the Best of Both Worlds.

Software-defined WAN (SD-WAN) is often touted as a cost-saving technology that enables organizations to slash their telecom expenses. The savings typically comes through the elimination of multiprotocol label switching (MPLS) services, which are reliable and secure but also very expensive compared to other data transport options. However, pigeonholing SD-WAN as the “anti MPLS” solution overlooks one of its primary benefits: flexibility.

First, a little history. MPLS has its roots in traditional “leased line” telco circuits that provided a fixed path from point A to point B. Designed to improve IP network traffic performance, MPLS adds a label to the data packet header that determines the forwarding path the data should follow.

In essence, MPLS creates a virtual “leased line” by carving out a fixed path over a Layer 3 routed IP network that’s shared by multiple customers. End-user customers add virtual private network (VPN) “tunnels” to encrypt traffic, providing security.

MPLS has been widely deployed because of its inherent reliability and security. Broadband Internet, in contrast, is a “best effort” medium that traditionally has been used only for low-priority traffic or in areas where MPLS was not an option.

MPLS was great for multi-branch locations during its heyday but is limited in performance and sold at two orders of magnitude higher cost per bit. One of its limitations is that all locations need to be connected to the same service provider, which increases the cost and, in some cases, precludes its use due to lack of availability. Although generally more reliable than broadband Internet, it is manually configured and prone to performance and availability issues due to service provider configuration errors.

There are other drawbacks as well. Provisioning MPLS service or adding bandwidth typically requires significant lead time – weeks and months. And MPLS may not be available in some remote locations.

SD-WAN gives customers the flexibility to choose the best data transport service(s) for their needs without sacrificing the benefits of MPLS. Commodity broadband Internet connections — which are cheaper, more widely available and faster to provision than MPLS — can be combined to create a WAN that is highly resilient.

Customers hesitant to simply drop MPLS can create hybrid networks with commodity broadband in conjunction with MPLS. Best-in-class SD-WAN solutions continuously monitor network conditions and make automatic, load balancing routing decisions. Sub-second failover protects against service provider outages with little to no impact on the user experience. VPN tunnels with end-to-end encryption protect data as it travels over the public Internet.

Given the critical importance of the WAN to business operations, many network administrators are reluctant to move away from MPLS. And they don’t have to. Again, SD-WAN provides flexibility and choice. MPLS can be maintained for traditional data center traffic and other connectivity options added to handle Internet traffic.

Many of InSpeed’s customers have indeed used our SD-WAN solution to eliminate MPLS. They found that InSpeed and broadband provided better performance and Quality of Service than MPLS — so why pay the premium price? But that’s a business decision. We believe that MPLS still has a role to play in the modern WAN and give you the flexibility to leverage it along with other data transport options.