SD-Branch: networks in transition

In recent months it has become abundantly clear that digitalization as a future topic is more relevant now than ever before. Be it for the public and education sectors, for private individuals, or even for companies that operate at several locations or branches. They are faced with what is, at once, both an opportunity and a challenge: How do we come to terms with the changes in working conditions and the increased expectations that employees, customers and business partners have of digitalization? How does the future of branch digitalization look?

First and foremost: For companies wishing to stay competitive and innovative in the medium and long term, process digitalization and automation are a must. Quite simply, those who miss out on digitalization will eventually fall by the wayside. The good news is that, with Software-Defined Networking, there is no reason for any enterprise not to progress digitally. As a holistic approach, the automation and simplification of processes with SD-Branch allows companies operating multiple locations to focus better on the essentials of IT administration. By saving costs and time, we can focus on management, monitoring and the security of the network. Also, a modern and efficient company network is the basis for digital transformation.

Challenges for modern companies

Networks for modern chain stores are a real challenge: They operate many digital applications that have to react quickly and flexibly to new requirements. However, a holistic SD-branch solution offers much more than just the interconnection of different locations. It starts with the configuration of switches at the branches and goes on to a uniform security solution at every branch. WLAN, LAN and security from a single source ensure the smooth interaction of the various network components and, and the end of the day, they are essential for future viability.

Software-defined networking

Business models with distributed, virtual locations depend on decentralized access to the company network and its services. At the same time, the hosting of applications and services at the company headquarters is a thing of the past. Salesforce, SAP or Microsoft 365 are just a few of the common applications thatcan be hosted in the cloud today. For years the trend has been to outsource processes from the company network to the cloud. Ultimately, however, this increases the bandwidth requirements for Internet access at the headquarters.

This is where the move away from traditional networks with cost-intensive MPLS lines towards SD-WAN delivers enormous advantages. With less traffic running via the company network but via local Internet breakouts instead, the load and latency times at the headquarters are reduced. After all, a Software-Defined Networking solution allows individual applications to be routed directly to the Internet instead of running via the MPLS WAN to the headquarters.

For many regions, however, high-speed fiber-optic connections are nowhere in sight. The solution here is a hybrid WAN. The required bandwidths are achieved by operating multiple Internet connections at a site (DSL, fiber, cable, MPLS line, etc.) in parallel. To be on the safe side, LTE is recommended as a backup for highest availability.

With a LANCOM solution, application-based load balancing makes the best use of all of the Internet lines. A modern software-defined wide-area network automatically and dynamically uses any type of wide-area network (WAN) for site connectivity. VPN tunnels and multi-service networks are set up automatically and new branches are integrated incredibly quickly. The central control of the entire network, be it from the company headquarters or via a Managed Service Provider (MSP), is mapped in software-defined networking.

Management in branch structures


When managing branches and offices, many companies still rely on separately managed and configured LAN and Wi-Fi networks at their locations. Configuration and management of the hardware is handled in the traditional way by an on-site technician. But there is an easier way: With software-defined networking, you can radically digitalize and simplify the connection of new locations. New routers are commissioned using “zero-touch deployment”: Individual configuration becomes a thing of the past. WAN edge devices such as switches and access points, and also virtual locations are connected automatically using a cloud-management solution—expensive field-service operations are thus completely unnecessary.

Wi-Fi for all requirements

Uncomplicated Wi-Fi access in branches for employees, separate customer hotspots and innovative in-store services are only achievable with a digital concept for the branch. Especially in retail, future-proofing means to implement omnichannel concepts such as in-store navigation or digital marketing campaigns at the point of sale. It wouldn’t work without Wi-Fi, though. A software-defined wireless local area network for distributed locations combines all the features of a WLAN controller with the flexibility of a cloud-managed Wi-Fi network. New access points or applications are easily integrated into in-store systems and rolled out to all branches via auto-configuration and zero-touch deployment.

Switches at multiple sites

A small retail branch usually gets by with one access switch for connecting two to three access points, three to four connected checkout systems, an office computer and a WAN gateway. In traditional network operations, each individual switch must be manually configured at each location. Even for experienced network administrators, this is a time-consuming task: The workload and the number of errors increase exponentially with the number of devices, which can result in complex troubleshooting of configuration errors. In contrast, SD-LAN fully automates the otherwise laborious configuration of switches. Whatever networks are being set up, the configuration of the switch ports is computed and rolled out fully automatically. Even new switches are simply connected and then receive their customized, error-free configuration. This enables the secure and automated provision of any type of multi-service network on switch ports.

Security demands at all sites

It is no secret that a high level of network security is vital for corporate networks with regard to malware and advanced persistent threats. This is where network-wide or site-specific security guidelines make work easier for any admin. Centrally managed cybersecurity, for example via the LANCOM Management Cloud, offers the option of connecting the firewalls via Auto VPN and Zero Touch. On top of that, a central dashboard monitors the conformity and compliance of all networks.

Holistic orchestration

In the ideal case, each location has a holistic orchestration of the branch network and local networks. This enables companies to actively drive change and benefit from the immense cost savings and competitive advantages that fast, flexible connectivity has to offer. Those who benefit most are retailer and restaurant chains.

And in addition to classic SD-WAN you have cloud-managed local networks, i.e. LAN, WLAN and, if necessary, security. With a LANCOM SD solution, you securely connect to your branches and securely exchange data with external service providers, such as credit institutions, content providers or cloud services. All of the network processes at the branches can be controlled centrally and monitored from a single dashboard. By the way, all current LANCOM devices (routers, gateways, LANCOM R&S®Unified Firewalls, and access points) support SDN technology. So what is there to wait for?

The author Lutz Linzenmeier is Senior Sales Cloud Specialist & SE Manager International at LANCOM Systems.

No Comments Yet

Leave a Reply

Your email address will not be published. Required fields are marked *

When you leave a comment, the system automatically stores the following data:

    • your name or your pseudonym (mandatory information / will be published)
    • your e-mail address (mandatory / will not be published)
    • your IP address (the IP address will be deleted automatically after 60 days)
    • date and time of the comment submitted
    • a website (optional)
    • your comment text and personal data contained therein
    • I also agree that all personal data entered together with my IP address will only be checked and stored by the Akismet spam filter in the USA for the purpose of spam prevention. Further information on Akismet and revocation options can be found here.