Answer: provided in the explanation section
Step-by-step explanation:
Network Merging and Acquisitions
Environment:
· 400 Windows Servers
· 8000 Windows client devices (laptops running Windows os)
· 40 Linux servers Active Directory Domain Services to provide DNS services to all the hosts, both Windows and Linux.
· Unix servers(Other environment to be merged)
· host resolution they use is BIND
A great challenge of managing a network at a growing company is that of acquisitions. That is, one of the ways a developing company grows is by acquiring other companies. When that acquisition happens, there is usually the require to connect the two networks together.
Connecting two networks environments together is one of those tasks that makes network engineers groan. As networks are not built to any type of agreed-upon norm, what the opposite network will hold is always unpredictable, most probably in a difficult-to-integrate way.
Quick & Dirty IPSEC Tunnel
When an acquisition deal happen, management needs the IT infrastructures connected. The proper way of bringing networks together involves a full audit of the remote network to insure compliance with regulatory obligations, inventorying IP address blocks both public and private and BGP ASNs in use, understanding IGP routing schemes, reviewing WAN provider contracts, itemizing hardware and software in use, purchasing needed equipment, staging infrastructure changes, scheduling maintenance windows, and so on.
Main problems with quick and dirty IPSEC tunnels are
Maintaining network lists manually.
manual maintenance of route injection into the IGP.
Probable single points of failure.
Using SD-WAN As Acquisition Network Glue:
Thinking through SD-WAN technology, quick connectivity option that’s better than a quick and dirty IPSEC tunnel. SD-WAN offers
1. Easily managed redundant plumbing :
SD-WAN forms a mesh of tunnels on top of all available paths. That means that a local circuit outage neither takes down the ability to forward nor needs a network engineer to re-configure IP tunnel endpoints.
2. IGP integration:
When route injection is often available with IPSEC tunnels, it is found that route injection is not terribly reliable, depending on vendor, software version, and a host of other factors. I have not been keen to rely on routes being injected or withdrawn by an IPSEC VPN endpoint.
3. Segment isolation:
An SD-WAN function available from many of SD-WAN vendors is that of segment isolation. You can create virtual network segments that permit intra-segment communication while preventing inter-segment communication. In the case of an acquisition, that functionality seems really helpful.
Segment isolation can also help simplify routing. If you’re facing overlapping, this might help avoid a complex NAT scheme.
4. Service chaining:
Many SD-WAN products shows service chaining. That is, SD-WAN devices tunnel between each other. By seeing the tunnelling ability, it’s possible to drop traffic off when we need.
Drawbacks Of The SD-WAN Approach
A few drawbacks in using SD-WAN as a network merger tool come to mind.
Cost:
The cost of adding a new network segment to an SD-WAN deployment varies by licensing scheme, but is not at all free. Quick and dirty IPSEC tunnels often are free which requires no capital expense to stand up.
Remote hands:
In order to leverage SD-WAN at remote sites, there is a great chance you’ll need remote hands to pull off the device installation. That’s not anything else than deploying SD-WAN in your own network
Perhaps not quick and dirty enough:
The great problem facing around is the long time it takes to stand up dedicated WAN circuits. IPSEC tunnels are often the path of very less resistance to bringing up a private connection between two newly acquainted organizations.
To Conclude:
Using IPSEC tunnels to join networks together what will eventually be part of a unified IT whole isn’t a mature solution in the modern era. SD-WAN looks like a mature solution that do not need require private MPLS circuits to function.
If private MPLS circuits are eventually added to the SD-WAN mix, technology transition is not required. The SD-WAN option can stay in place as-is, using the MPLS circuit being added to the SD-WAN forwarding device as a newly available path. That means the temporary solution can transition into the permanent solution by grace.
SD-WAN can be opted as a way to onboard an acquired network permanently, at the same time retaining the fast time to connect that an IPSEC tunnel offers. For organizations who already have an SD-WAN solution in place, there is nothing to think about. Considering organizations who haven’t invested in SD-WAN so far, this might be an additional driver to do so.