Mathias Rosenthal - Fotolia
Choosing a little-known software-defined WAN startup to support an organization's core business applications in the public cloud would likely have sounded like a head-in-the-clouds idea in early 2016. But that's exactly what Adobe did when it deployed Versa Networks' SD-WAN architecture.
Adobe realized it needed to adapt to its growing and shifting business in 2013. The company's response was to move all of its workloads -- the customer-facing applications and accompanying back-end requirements -- into public cloud environments. These changes would span across multiple sites in 37 countries, for more than 18,000 employees.
Criteria for Adobe's transition included high availability for business continuity, visibility for better security and increased performance for optimal user experience. The company's existing network, however, didn't meet those requirements.
That's where Shane Jenkins, manager of global network design and planning for Adobe, and Eustolio Betancourt, Adobe's network solutions architect, came in. They faced the task of redesigning Adobe's network. To make matters more interesting, the company's leadership added cost savings as a condition.
"We had a mandate from corporate to do four-nines availability for critical services -- and to do that with a smaller budget," Betancourt said.
Adobe's existing network
At that time, Adobe had a hub-and-spoke architecture, with each Adobe branch office containing a single link into an MPLS overlay network, according to Betancourt. But an MPLS link into the cloud was expensive, he said, which left the company with an inadequate process to access its virtual private clouds (VPCs) in AWS and Microsoft Azure.
"We were backhauling internet traffic to hub locations, even to access our private instances in VPCs in AWS and Azure," he added. In some instances, internet traffic backhauled to a different country.
The resulting poor performance drove the Adobe team to seek better control of its overlay network and easier connectivity among Adobe sites and public and private resources, Betancourt said. The team wanted the flexibility to plug different transport types into its network fabric and get direct internet access at each branch office. It also wanted to make every Adobe office one hop away from any resource it needed to access.
Adobe's phased approach to SD-WAN
Before Adobe dove into any drastic changes using SD-WAN technology, the research stage was essential to weed through the options, Betancourt said.
"Don't believe in all of the different opinions out there," Betancourt said. "Sure, take those into account, but then go evaluate it yourself and make your own opinion."
He advised thoroughly evaluating each vendor option, looking into the openness of the SD-WAN platform and the available services in order to make the right business decision.
For Adobe, Versa Networks SD-WAN met its network requirements. Adobe would be able to fold its applications, cloud resources and connectivity into Versa SD-WAN architecture, Betancourt said.
The first phase, initiated in early 2016, involved moving Adobe's network access layer into the SD-WAN fabric. This meant switching to Versa-certified white box routers in each branch office location and connecting all the on-premises devices to the fabric. But first, the team had to address concerns among Adobe's engineers about white box deployment, Betancourt said.
"The relief came from the fact that Versa ships us a white box with the software already on it," he said. "You never have to deal with the underlay of that software. If a box happens to go down, it's as simple as updating the serial number in the [Versa] Director and powering it back on."
Currently, the Adobe team is about 90% done with its on-premises site deployments, he added. The second phase is to bring Adobe's virtual private clouds into the SD-WAN fabric.
"We already have all our cloud controllers inside AWS," Betancourt said. "We have a virtual data center spun up as a branch, and we're testing that to make sure it's suitable for business needs."
One such business need was ensuring performance meets voice and video traffic requirements, he said, especially in Adobe's transition from MPLS to internet circuits. But the technology built into SD-WAN overcame most of the traditional gaps that come with typical internet transports, he added.
Challenges in deploying Versa SD-WAN architecture
While the SD-WAN deployment proceeded better than the team expected, Jenkins said some speed bumps popped up along the way.
Eustolio Betancourtnetwork solutions architect, Adobe
"The biggest challenge we had was probably with logistics -- getting the hardware on site in various countries around the world," Jenkins said. This included getting the appliances through customs, shipping challenges, taxes and import licenses.
The Adobe team also ran into issues with the SD-WAN software, including service-chaining bugs and security gaps with single sign-on and Security Assertion Markup Language support. But Adobe went to Versa support with the various code problems, and Versa delivered the needed software fixes, he added.
Adobe also experienced risk aversion among various groups within the company, especially with a "no-name" vendor like Versa Networks, Jenkins said. Many engineers were skeptical about the technology's maturity and even laughed at the idea, he added.
"It took a lot of time to convince the engineers, managers and executive leadership," he said. The operations group, for example, was worried about how to maintain and support the SD-WAN fabric. This prompted the team to set up educational classes in Adobe locations around the world to provide hands-on lab experience with the devices.
"We did a lot of our own marketing, like lunch-and-learn events to educate across the business," he said. Betancourt even conducted a speaking tour throughout the company, in which he discussed the vision and its potential benefits.
Adobe's final results with Versa SD-WAN architecture
Deploying Versa SD-WAN architecture gave Adobe increased bandwidth, high performance, better user experience, enhanced monitoring, data analysis and cloud connectivity, according to Jenkins and Betancourt.
Because the SD-WAN fabric allowed Adobe to move from MPLS to internet circuits as its primary transport, the team also complied with corporate's mandate to save money. With Adobe's previous network architecture, total cost of ownership over five years was a little over $500,000 for a single site, Jenkins said.
With Versa SD-WAN architecture, Adobe's operating model per site now costs a little over $200,000 a year over a five-year period, Jenkins said.
"That's about a 50% reduction over five years of total cost of operations. And that's just one site -- multiply that across the 37 countries we're in, and that's a massive amount of savings over five years."