VPN is dead, long live cloud

28 Nov 2018

Over the last several years, many analysts have predicted the death of MPLS VPNs (multiprotocol label switching virtual private networks). This includes Gartner, who, way back in 2013, wrote about the death of MPLS, and again as recently as September this year. So, while the predictions may have been off by a year or five, have we finally reached the end of the road for MPLS VPN?

Over the years, traditional VPNs have changed from being a dominant part of branch office connectivity into a critical component of a hybrid WAN network. However, VPNs as a hybrid component are now turning into a compromise, as cloud adoption accelerates.

To understand this shift, we need to first understand the evolution of the corporate environment from a human perspective, and then consider the impact of technological developments. VPN obsolescence is a function of the following statement: Work is no longer where you go to, but what you do. Most corporates are positioned somewhere along this path of human workplace transition, which ultimately dictates technology transformation.

The traditional model of corporate environments, up to the turn of this century, was employees chained to a desk phone, a desktop, and connected to a LAN with servers housed at a central datacentre. Some fortunate individuals may have received laptops and cordless phones, but core productivity remained confined to cubicles, meeting rooms and corner offices. This was the old paradigm of going to work a definitive brick-and-mortar world of productivity.

From a technology perspective, VPN connectivity was key to ensuring branch offices could talk to one another and, more importantly, to the servers sitting in the basement, head office or data centre. CIOs were proud to show off the rows of servers, hosting business-vital applications, which were confined to the secure physical locations of their premises. Some CIOs were bold enough to move to their VPN service provider datacentres, but kept their hardware physically under lock, guard and key.

Meanwhile, from a technology perspective, the dominant number of corporate applications are no longer found on an organisation's own infrastructure, but in a cloud environment. Or at the very least, they're in the process of moving to one. A few file sharing legacy services and latency-specific applications may remain on-site, along with VPN branch connectivity, but this is rapidly changing.

VPN is dead, long live cloud

Hybrid networking addressed the transition period between the two paradigm extremes. As data traffic shifts on mass towards the cloud environment, so the dominant part of connectivity shifts away from desktops connected via LANs and WANs to simply being users connected to the Internet. CIO concerns are also changing. It's no longer about physical device security and secure WAN connectivity. New priorities are edge device protection, application performance and, ultimately, end user experience and data protection over the Internet.

Looking at bandwidth, Internet services are experiencing an approximate 10-fold increase in terms of connectivity every upgrade cycle term (which is usually every 2-3 years). As an example, typical branch Internet connectivity of 10Mbps was the norm a few years ago. Today, most branch Internet connectivity sits at 100Mbps, with many organisations planning to move towards 1Gbps during the next upgrade cycle. Unfortunately, VPN connectivity has not seen the same magnitude of growth, or price re-alignments, as the demand is declining.

From a hybrid perspective, when branch office connectivity was limited, for example, 2 Mbps VPN, with 1 Mbps centralised Internet at a head office half way across the country, it was sensible to prioritise corporate traffic over the VPN to servers at the head office. In this scenario, new applications were few and far between and IT managers knew exactly which server hosted which applications. BYOD was non-existent, and both video streaming and social network traffic was taboo on the small and expensive WAN links. However, as the corporate paradigm shift happened, and applications started communicating to cloud environments directly over the internet, transporting voice, video and data, VPNs have simply becoming irrelevant as an efficient way to carry traffic. Even at head office locations, corporates are now abandoning VPNs and using multiple uncontended Internet links instead, with SD-WAN playing a key part of this evolutionary ecosystem.

So, it may have taken a year or five, but the final nail in the coffin for VPNs has been hammered into place, especially with the arrival of public cloud providers in South Africa. Microsoft and Amazon cloud connectivity is now at our doorstep. And with these companies' plans to deploy local solutions, it's expected that the remaining latency-specific applications will finally move away from dedicated corporate servers. Over the next few months, as these cloud providers continue with their local deployments, and corporates start to migrate, legacy VPN contracts will be scanned and moved into virtual storage, ironically housed on the very same cloud platform that was a catalyst for their obsolescence.