Software Defined WAN Overlays for Secure Remote Media Production

Jason Banks

jbanks@equinix.com Content creation today spans the globe from the wind swept desert of Namibia for the 2015 blockbuster Mad Max Fury Road to Rio’s beaches for the Summer Games, or less exotic locations like Tennessee’s Bonnaroo Music Festival. While all of these locations and productions are unique in their subject matter, they all share a common need, access to secure, reliable, agnostic IP transport.  Virtualization of the data center has driven a reduction in hardware, cost, and added agility to I.T. environments globally. Software defined WAN (SD-WAN) is now bringing those advantages to the WAN edge. This increased flexibility comes in many forms from fully managed WAN as a service from VeloCloud and Aryaka Networks to more traditional hardware based solution from Viptela. SD-WAN architectures offer several advantages over traditional WAN services resulting in increased service options, improved security, agility, and potential cost savings for media productions. Analysts with Gartner are forecasting that SD-WAN services will become the new normal with a 30% increase in deployments by 2019. Some of the key benefits of SD-WAN for media production: Transport Agnostic - Media production takes place in a myriad of locations with shoots lasting from a few hours to years. Depending on location, traditional services such as MPLS or Metro Ethernet services may not be available or require long lead times. SD-WAN architectures overcome these limitations by being transport agnostic. By supporting dedicated or mixed network access methods, such as, 4G/LTE, high speed Internet, MPLS, and dark fiber. This transport flexibility allows media productions to right size network connectivity and cost. Ease of Deployment - SD-WAN solutions are available as x86 software or traditional multiport hardware switches, featuring a zero touch deployment model that can be configured ahead of time by I.T staff. They simply need to be plugged into the desired network by the remote production staff. Once the edge device is online, it phones home to a pre-programed SD-WAN controller to download any required configuration and security policy. This also allows security and network staff to remotely administer and monitor network and security policy at the production via the controller. The ability to remotely manage the WAN edge at production locations frees staff to fully focus on content production.  Increased Security - Studios and Posthouses spend large amounts of time and resources to meet client and MPAA network security guidelines. However, the traditional concept of the network security perimeter logically defined by corporate firewalls is rapidly

evolving in today’s mobile world. Software defined WAN technologies offer a way to extend network security to remote production locations that can be centrally managed and monitored by security staff. Additional Security Benefits of SD-WAN:

• AES-256 encryption of network overlay tunnels • Trusted Platform Module (TPM) chip built-in allowing for push button

management of PKI infrastructure / encryption key rotation network wide • Application awareness – define security policy based upon applications in

conjunction with packet filtering provided by firewalls • Ability to define independent security zones and policy on a per workflow basis • Ability to integrate with additional SaaS based security services such as Zscaler

proxy services as well as corporate security service insertion • Increased visibility and monitoring of traffic • Centralized security policy management via the SD-WAN controller

Diagram courtesy of Viptela

As mobility and content data set size increase, optimizing the network edge with Performance Hubs and interconnection are key to tying remote productions to studios facilities and content production partners network service offerings. Application performance and network latency can be improved by adopting a peering and interconnection strategy in key geographical areas. Cross connecting directly with network services providers at Internet exchange points reduce network latency and increase application performance for off location staff to collaborate with remote productions. Internet exchange points also serve as the physical glue of the Internet, network service provider backbones, and CDN services. In addition to being network carrier dense

Internet exchange points are where cloud service providers such as Amazon, Google, and MS Azure will be present to provide optimized services to their end customers. Building performance hubs in these key locations allows content production to securely store pre-release content as well as provide access to low latency private connectivity to cloud providers via Equinix Cloud Exchange. It’s an exciting time in both the world of content creation and network technology with new formats such as Dolby Vision, 4K, live broadcast, and mobile entertainment. To truly unlock the potential of content production and delivery, new network architectures and workflows need to be adopted. Software defined WAN and Equinix Performance Hubs offer one potential path to unlock the full potential of remote media production.