Cloud-Managed Branch Routing: Policy-Driven WANs

“Our Tokyo branch just went dark…”

“Did you make a configuration change?”

“I just updated the router with the same configuration as our Frankfurt office.”


To say enforcing a consistent network and security policy across a multi-branch WAN with traditional routing technologies is a challenge would be an understatement. It’s very easy to mistype a command, press the wrong button or configure an invalid option for a particular site/router.

IT teams often introduce scripts and other mechanisms in an attempt to streamline configuration and reduce errors but ultimately, it will over-complicate an already convoluted setup where the impact of a configuration mishap is only compounded. As a result, configuration inconsistencies and oversights often lead to network outages and security gaps that become increasingly difficult to diagnose and contain as the business grows.

From a business perspective, the common remedy is stringent change-control and disaster recovery processes. Although creating such policies is rarely a bad idea, their ability to effectively prevent human error with an ever-growing WAN is limited. In fact, overbearing change-control will only lead to a less responsive IT team, unable to maintain, update or optimize the unique time-sensitive requirements of the router or WAN link at a particular site. Regardless, rather than plan for a disaster isn’t it better to prevent it in the first place?

Aside from carrying risk, traditional routing solutions are simply not built with today’s software-rich, multi-branch networks in mind. This leads to time-consuming, cumbersome management and a solution that ultimately fails to deliver a consistent experience for users across the WAN, especially remote workers.

Policy-Driven WAN (Cloud-Managed Branch Routing)

The real answer? A cloud-managed branch routing or SD-WAN solution that facilitates a Policy-Driven WAN. Policy-based management (with cloud-managed branch routing) enables the business to govern the WAN (and its usage) through a single, cohesive policy via a centralized management platform, removing misconfiguration that would otherwise arise. In turn, it also makes the life of the IT team much easier. ‘Configure it once, apply to all’. Of course, if you need to make tweaks to individual sites, you can, but the process is typically cocooned with audit trails, policy exceptions, automatic error-detection and roll-back functionality.

It’s not just about avoiding disaster though, traditional routing solutions often have a steep learning curve and getting the most out of such a solution is often both difficult and time-consuming. A policy-driven WAN abstracts the technical intricacies with organizational and network-based objectives – “I want to prevent video-streaming services saturating bandwidth”, “I want to restrict corporate users accessing social media” or “I want to apply this new software update to all sites tonight”. Achieving said objectives is markedly easier with a policy-driven WAN and an intelligent cloud-based management console. Try achieving these same objectives on a per-site basis with a CLI or similar legacy platform… you might be a while!

Cloud Managed Branch Routing

Another (massive) benefit to policy-based management is full-stack management (if the platform supports it). Ideally, a network policy should work for all users regardless of how they access the network. Unfortunately, organizations commonly have a disjointed approach to this. While users may have one experience at HQ, that often changes (usually to the detriment) while at a remote branch or utilizing the corporate VPN. This has a negative impact on user experience and manifests into yet another administrative struggle.

Full-stack management solves this problem. Security and performance profiles that are applied to the access network (LAN) can be honored and carried over to the WAN. This ensures the user has a consistent experience regardless of how and where they access the network.


In short, legacy WAN/router solutions simply aren’t fit for purpose in geographically spread, multi-branch organizations. They incur far too much risk, are cumbersome to maintain and their complexity and inaccessibility often impedes their effectiveness.

Conversely, cloud-managed branch routing/SD-WAN solutions are built with modern multi-site organizations in mind. It’s no longer about simply configuring your WAN uplinks and ACLs (Access Control Lists), it’s about delivering business objectives, improving WAN efficiency and enforcing a coherent security and network policy across the entirety of the access network.

This new approach benefits every aspect of an organization. It enhances user experience, slashes downtime, improves performance and security, reduces the burden on IT and provides a platform that promotes business growth and adaptability.



Nathaniel Moore (CWNE #222) is a Product Marketing Manager for Aerohive Networks with experience as a Systems Engineer in computer networking and wireless systems across multi-vendor solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *