While there may be many reasons that you have an MPLS network, for some organizations there is one simple reason: to connect users to the network at IT headquarters. The approach made a great deal of sense years ago. Why? Internet connections were expensive, IT resources were located in on-prem data centers, and security was centralized. The idea was to create a hub-and-spoke network where all traffic would come back to the headquarters location and go out to the Internet. Since security equipment was expensive and resources to manage the infrastructure were tight, many organizations opted to backhaul their traffic to their main site. Today, modern cloud-forward organizations are finding it possible to eliminate their MPLS networks. In this article, we’ll discuss some reasons why your MPLS network may no longer be needed and how to implement your network while still maintaining the security that you need.
Offices have More than Remotely Changed
Today’s remote offices are changing. Many remote offices have their own Internet connections, but they still often maintain the MPLS network. The approach is to provide the users at those remote offices with access to the internal network. In some cases that internal network simply consists of the identity management platform; very often it is Microsoft Active Directory. IT admins know that connecting remote users to AD requires a private network. AD is not meant to be placed on the public Internet, and as a result, the organization builds a private network to authenticate users. For this particular use case, the MPLS network becomes an expensive solution.
Distancing Yourself from MPLS Networks
As more of the IT infrastructure moves to the cloud, there are less IT resources behind the firewall that users need to access. This reduces the need to have users connect to a directory service. Instead, users can access the resources they need via the Internet. Of course, IT organizations would still like to maintain control over user access and manage devices. Directory-as-a-Service® platforms provide the ability to connect users to the IT resources they need without the requirement of a private network. This function is a core part of the DaaS platform. Next generation directory services are built with cloud-forward organizations in mind. Given that users are located all over the world, cloud infrastructure is now hosted at AWS or Google Compute Engine, web applications are a core part of employee’s daily routines, and the WiFi network is how users access the Internet. Without needing a central network, a cloud-based directory service connects your users to all of those various resources and more.
Eliminate Your MPLS Network with Directory-as-a-Service
I have a couple of questions, do you still have your MPLS network? If so, is the main reason because you are connecting your users to the core directory service and other IT resources? Well, there may be a better way. Modern cloud directory services are replacing the need for on-prem directories; a secondary effect is the ability to get rid of your MPLS network. Drop us a note if you are in this situation. We would be happy to discuss it with you and help think through an architecture that could work for your organization.