SD-WAN Guide for Business



What is an SD-WAN?

Software-Defined Wide Area Networking (SD-WAN) is a holistic WAN model that includes connectivity, orchestration, and management and can support multiple security approaches. With ‘software-defined’ connectivity, enterprises have flexible control over what paths applications traverse, whether it is broadband internet, 5G/LTE, MPLS or a private network, through centralized policy management.

By centralizing control in the cloud and combining multiple networking and optimization functions at the edge, customers gain greater flexibility, reliability, agility, and performance combined with better economics. A SD-WAN can be delivered as a fully or co-managed service or deployed by an enterprise as part of what is called a DIY model.

Common features of an SD-WAN include the ability to:

  • Combine network links serving one location into a single pool of capacity available for all applications and services
  • Customize bandwidth and connectivity to meet the needs of specific network services, locations, or users
  • Centrally define and manage policies and network traffic without requiring manual configuration at each device

More recently, the term “SASE,” Secure Access Service Edge, has been adopted by both enterprises and vendors. SASE (pronounced “sassy”) refers to a more overarching architecture that includes Network as-a-Service and Network Security as-a-Service with SD-WAN’s connectivity playing a vital role in any SASE deployment.

How SD-WAN Works

SD-WAN centralizes control in the cloud and combines functions at the edge, so customers gain greater flexibility and performance combined with better economics.


SD-WAN Connectivity Options:
Private Core, MPLS, and internet for on-premises and remote

Why SD-WAN and why now?

SD-WAN offers several benefits to enterprises that operate in the digital economy. It provides improved application performance through a combination of WAN optimization techniques and the ability to dynamically assign QoS as per application's (and user) requirements.

SD-WAN technology automates and speeds up site deployments, configurations, operations and troubleshooting tasks. It provides for automatic failover so, in the case of one link failure or congestion, traffic can be easily redirected to another link. SD-WAN’s flexible and agile nature provides for optimal choice and utilization of connectivity, thereby reducing upfront cost and lowering operating expenses.

Does my enterprise need SD-WAN?

The real question is who doesn’t need SD-WAN Security. With cloud adoption and the increasing complexity of the WAN, traditional approaches to engineering the WAN no longer offer the flexibility required by enterprises. Enterprises also require service delivery, including security, to be deployed in the cloud where they consume IaaS/PaaS/SaaS. It is an approach that is applicable to any organization irrespective of size, location, or industry, as long as they have begun their journey to the cloud.

How will an SD-WAN solution benefit my enterprise?

SD-WAN delivers the benefits of the cloud consumption model, now applied to networking. In the same way that the cloud delivers scale, global reach, simplicity, scalability, and optimal TCO, freeing IT from just “keeping the lights on,” SD-WAN technology now brings these benefits to networking. It introduces the ease of deployment and consumption demanded by enterprises of all sizes.

SD-WAN benefits reduced operational expenses by lowering training costs and decreasing deployment times, especially when consumed as a managed service. It also helps to optimizes sometimes expensive or inefficient WAN connectivity, both by facilitating migration from MPLS as well as by introducing optimization and application policy control that results in more effective bandwidth use.

SD-WAN naturally lends itself to a cloud-first approach for the WAN, enabling and optimizing multi-cloud connectivity – IaaS, PaaS, and SaaS – and depending upon the architecture, automating this connectivity across different geographies for peak application performance. This is a very different approach from previous approaches that relied on IPSEC tunnels and non-optimized MPLS topologies.

When integrated with a SASE deployment, the combination of SD-WAN and SASE bring the benefits of the cloud consumption model to both, spanning both networking and security.

SD-WAN Architecture

What is the importance of Services PoPs in enabling an SD-WAN?

SD-WAN Architecture is ideally based on a cloud-edge services that relies on what we term “Services PoPs.” These are sophisticated hardware platforms within the cloud that integrate not only routing and switching, but also compute and storage. This provides a foundation for the deployment of SD-WAN capabilities, different from branch-centric architecture that can’t effectively leverage cloud capabilities, or a less-sophisticated transport PoP architecture that is incapable of supporting the mix of networking and security services.

A Services PoP architecture for SD-WAN also offers a foundation for the deployment of SASE capabilities at the cloud-edge. Link.

What are the various types of SD-WAN Deployment Models?

There are three basic types of SD-WAN deployments: Internet-based SD-WANs, Telco and MSP Managed Service SD-WANs, and SD-WAN as-a-Service. The performance needs of your global users and applications, the skillset of your in-house team, and your appetite for taking on the job of building and managing an SD-WAN, will determine which deployment option is best for your business.

1. Internet-based SD-WAN (Do-it-Yourself, or DIY)

Internet-based SD-WANs, also known as DIY, use appliances at each company location, either behind routers or replacing them as the branch connection to the enterprise network and to the internet (SD-WAN appliances can also collapse the typical branch stack by replacing appliances for WAN optimization and firewalls).

Network traffic is forwarded over legacy MPLS links or the internet depending on performance considerations and established policies. While using the internet to complement MPLS offers a low-cost, flexible, and rapid deployment option, and makes it easier to connect users to cloud/SaaS applications, performance of the public internet is often spotty, particularly over longer distances and in parts of the world where the internet is less reliable. Latency, packet loss and jitter are inherent to the internet and these issues are aggravated with distance.

Internet-based SD-WANs also leave the burden of managing the WAN on IT, and you still may have to invest in WAN optimization and other technologies to have a fully functioning network.

2. Telco or MSP Service SD-WAN

With a managed service SD-WAN, the customer pays a service provider to install and deliver connectivity, as well as any appliances the service may require. The managed SD-WAN is a value-added service and may come with service level agreements (SLAs), but the managed service is typically deployed using some of the same hardware to support internet-based SD-WANs and will typically rely on the public internet for access to cloud/SaaS applications, meaning the same caveats apply: application performance and user experience will suffer over greater distances. In addition, the telco or MSP offering the managed service will rely on hardware and software from one or more networking and security vendors, creating support handoffs that result in a less than stellar experience.

3. Managed SDWAN as-a-Service

With SD-WAN as-a-Service, which we call a Cloud-First WAN, companies acquire SD-WAN much the way they buy cloud services today, using a consumption model. Instead of constructing their own SD-WAN using the internet, or having a service provider deliver that same tech, next-generation networks such as Aryaka’s Cloud-First Managed SD-WAN combines the security and reliability of a private network with the flexibility, low cost, and quick deployment of the internet to deliver a superior connectivity solution and support experience.

Businesses can rely on a fast and secure private core network without having to build out a heavy infrastructure and manage additional hardware at the edge, making it simple to expand branch offices or move locations as they please, without compromising on reliability, and application performance, or security.

Enabling this faster connectivity through a global private network layered with WAN optimization ensures every employee around the world has seamless access and gets consistent performance when accessing mission-critical applications anywhere in the world.

Which Enterprise Infrastructure is right for you?

Not sure which SD-WAN is right for your business? Here’s a look at the pros and cons of the different deployment options.

Managed SD-WAN as-a-Service:

  • Pros:
    • Private Network Connectivity
    • Reliable performance and consistent latencies
    • Direct IaaS/PaaS/SaaS connectivity
    • Works with all applications: on-premises, cloud, and SaaS
    • Built-in WAN optimization
    • Network and application monitoring
    • Deployment in hours or days including Last Mile Services
    • Zero CapEx/Lower TCO

  • Cons:
    • Not ideal for IT departments wanting to construct their own network infrastructure
    • Offered by only a handful of providers

Telco or MSP SD-WAN:

  • Pros:
    • Reliable performance and consistent latencies within region
      • Direct IaaS/PaaS/SaaS connectivity
      • Fully managed service with support

  • Cons:
    • SD-WAN is deployed as an overlay which may create a less visible underlay (transport network), impacting SLAs
    • May not be delivered as a PoP-centric service, impacting potential SASE integration
    • Provider may need to partner with others for out-of-region connectivity
    • May require customer to pay for additional functionality
    • May lack connectivity to some cloud/SaaS services
    • May not include WAN optimization

Internet-based SD-WAN

  • Pros:
    • Rapid deployment and cost savings if internet-only
    • Network and application monitoring
    • Great for regional deployments
    • Deploys in days

  • Cons:
    • Most likely not delivered as a PoP-centric service, impacting potential SASE integration except via a 3rd party security vendor
    • Inherits weaknesses of both internet (performance) and MPLS (cost, non-flexible, deployment times) with the enterprise responsible for all link contracting
    • Does not address global application performance issues
    • Zero CapEx
    • Lack of support for cloud/SaaS optimization

What is a Cloud-First SD-WAN solution and what advantages does it offer?

A Cloud-First WAN is an architectural approach that enables agility, simplicity, choice and the ability to deliver an amazing user and application experience. Many SD-WAN vendors take a box-centric view with little accountability for the end-to-end global experience, while traditional service providers stitch together technology offerings from multiple vendors and consequently must compromise on delivering a seamless experience.

The path forward is to take a platform approach that leverages a unified services architecture that is extensible and reaches end-to-end. This platform must offer the service sophistication that enables the suite of connectivity, cloud, security, and WAN optimization services — services that are deployed in a SaaS model to all customers and that are easily enhanced.

The sophistication of the service nodes that enable these services are an order of magnitude in capability beyond simple transport points of presence (PoPs) that form the basis of some SD-WAN architectures. Benefits of a cloud-first approach include reduced time to market, operational simplicity, and multi-cloud readiness.


Aryaka SDWAN Architecture

SD-WAN v/s MPLS

What is the difference between SD-WAN and MPLS?

One question that sometimes creates confusion is the difference between SD-WAN and MPLS, even if it isn’t really an apples-to-apples comparison. But one way to look at it is that SD-WAN is an architectural concept for network design that is just what the term implies, ‘software-defined,’ decoupling the networking and security hardware from its control mechanism. This contrasts to MPLS which at its core is a networking technology, now over two decades old and forming the foundation on top of which many enterprises ported their applications to an IP infrastructure. Also remember that SD-WAN is capable of leveraging multiple WAN technologies, including MPLS.

MPLS SD-WAN
Is a connection-oriented technology, hence MPLS dictates a hub-and spoke network architecture that is ill-suited to accommodate the needs of cloud adoption Can leverage connection-less transport technologies and traffic can be routed anywhere without backhauling
Dedicated enterprise network with expensive bandwidth and high SLAs Multiple transport methods can be leveraged: DIA, 5G, MPLS, and more
Different enterprises’ traffic is separated but not encrypted Fully encrypted tunnels from/to any enterprise site
High bandwidth cost and suboptimal routing to cloud-based resources Lower costs due to policy-based routing which leverages cheaper transport for some applications
No built-in elasticity in bandwidth utilization Traffic bursts can be broken out into the Internet
CLI-based network operation Focus on automation and orchestration
MPLS can be costly and is slow to deploy, based on CLI-based network operation. MPLS-based networks cannot keep up with the agility of digital business models due to provisioning times. SD-WAN is ideally based on automation and orchestration – but that promise isn’t always true. Many traditional SD-WAN approaches perpetuate the CLI model with complex policy definition.
MPLS’ hub-and-spoke nature also typically enforces a box-centric centric security model that cannot effectively secure cloud applications or support emerging hybrid workforce models. SASE ideally integrates a cloud-centric, zero trust security model. However, this is not true with all SASE vendor models. And a solid SD-WAN solution with the ability to deliver on enterprise-SLAs is still the foundation for successful SASE rollout.

How do I migrate to SD-WAN, and where does MPLS come into play?

One of the fundamental drivers for SD-WAN is the ability to better optimize and automate WAN connectivity. Before SD-WAN, many enterprises deployed MPLS while also connecting to the internet for non-mission-critical data and applications, but this provisioning is manual, time-consuming, prone to error and doesn’t provide centralized visibility. With SD-WAN’s centralized orchestration, enterprises can now take advantage of the increased flexibility in moving between MPLS and the internet. This path selection is sometimes referred to as a Hybrid WAN, where connectivity follows multiple paths. Without SD-WAN, managing a Hybrid WAN is manual, making it both tedious and time-consuming.

MPLS migration and augmentation can be seamless, or a fork-lift operation depending on the approach chosen. A careful consideration of cloud connectivity, MPLS replacement or augmentation, and the internet are needed to minimize downtime and risk. Here is a four-step approach to a seamless SD-WAN migration:

  • Identify Candidate Sites: The first step is to identify candidate sites and branches that will migrate to SD-WAN.
  • SD-WAN can be rolled out in an incremental fashion and can co-exist with existing WAN technologies.
  • Bandwidth and Applications: Calculate the total bandwidth needs from the brand or site. Also identify applications with high bandwidth requirement and list them into mission critical and non-mission critical.
  • Transport Mix: Determine transport mix, placing non-business critical applications over the internet, and critical applications over a high-performance private core.
  • Direct Cloud Connectivity: Identify SaaS applications and IaaS providers used. Migrate from connectivity through the datacenter to direct connectivity.

There are multiple ways to deploy SD-WAN deployment models, each with varying levels of complexity, cost and scalability. SD-WAN architectures are broadly classified into three categories: Carrier Managed, Overlay and Cloud-First.

A carrier-managed SD-WAN relies on hardware and software from one or more vendors, resulting in a service offering that requires handoffs between the provider and the vendor when there is an issue.

Overlay SD-WANs are deployed as a DIY model from the edge, with the enterprise taking on burden of deploying and managing connectivity and security, leveraging the carrier’s transport ‘underlay’. However, this means perpetuating dependency on MPLS since the overlay network doesn’t exercise control over the transport layer of the underlay networks and the only way to support mission-critical applications with the SLAs they require is via MPLS.

A cloud-first SD-WAN is based on a services PoP architecture that delivers the service sophistication at the cloud-edge and is aligned with enterprise cloud adoption initiatives.

SD-WAN to SASE

How is SD-WAN different from SASE?

SD-WAN is a foundational element of a broader SASE architecture. It is designed to greatly simplify the management of an enterprise’s WAN, which have grown increasingly complex and cumbersome to manage over time as workloads and workforces have shifted dramatically. What is clear is that SASE without SD-WAN for connectivity is a hollow promise.

This connectivity, leveraging a solid and stable network, is what is required to deliver the application performance and productivity enterprises demand. Building on a Services PoP-centric SD-WAN service, enterprises can easily consume additional security capabilities at the cloud edge as they become available. This doesn’t all need to happen at once and can be phased in based on the enterprise’s unique requirements.

There is also confusion between SD-WAN, SASE and MPLS. It is not either-or. It is possible for all to be deployed within the same WAN architecture. MPLS is a transport option for SD-WAN, as is Dedicated Internet Access (DIA) or a private core like that which Aryaka offers and fits within an SD-WAN architecture. SD-WAN provides connectivity for SASE.

Want to know more about SASE – Check out our SASE Guide.

What are analysts saying about SD-WAN and SASE?

Depending on who you ask, the size and potential of the SD-WAN market can range from $1-10 billion, but everyone agrees this technology is part of a growing change in the networking environment. Expanding the discussion, when looking at the combined networking and security market, some vendors are beginning to forecast SASE deployments, of which SD-WAN is a component.

Over the next five years, the market for secure access service edge will grow at a CAGR of 36%, reaching almost $15 billion by 2025. Buyers will split between single-vendor and dual-vendor approaches. – Gartner, July 2021

Note that NaaS, consisting of SD-WAN and FWaaS, will reach 7.5B in 2025. The NSaaS component will grow to 7.2B in 2025. The networking buying center is in many enterprises still distinct from the security buying center, but these are merging.

SD-WAN Vendors

What is the key SD-WAN use cases?

SD-WAN supports a set of critical enterprise use cases. Most organizations leverage the technology or managed service for more than one.

  • Enabling a Hybrid Workplace: SD-WAN improves application performance and provides direct cloud connectivity to simplify hybrid and multi-cloud initiatives. Flexible network security protects users, devices, and applications no matter where they connect from whether it’s on-site or from home.
  • Providing a Secure Internet Access: SD-WAN enables remote users secure access to SaaS, IaaS and internet when working from anywhere. It reduces complexity in configuration and operations.
  • Enabling Cloud Migration: SD-WAN simplifies cloud migration by providing out of the box direct connectivity to leading IaaS providers, SaaS application acceleration and multi-cloud connectivity.
  • Transitioning from MPLS to SD-WAN: SD-WAN provides a seamless migration path from MPLS. SD-WAN can co-exist with MPLS or completely replace it with a high quality fully meshed Layer 2 transport core with comparable QoS but with reduced cost and complexity.
  • Improving Application Performance: SD-WAN provides direct connectivity to SaaS providers. The solution includes a fully meshed private core network with over multiple PoPs around the world, to mitigate the effect of latency on application performance.
  • Improving UCaaS Performance: SD-WAN recognizes and marks UCaaS traffic, steers it optimally and dynamically across internet access links and through the core infrastructure, minimizing packet loss and latency, to deliver an optimized user experience.
  • Improving or Enabling China Connectivity: SD-WAN may deliver optimal coverage of key locations in China, supporting both inbound and outbound data.

How do I select an SD-WAN vendor or provider?

Building on the earlier SD-WAN architecture discussion, how does one select between the approaches to generate desired business outcomes?

Traditional networking box vendors like Cisco, Juniper and others sell SD-WAN hardware along with some installation and maintenance services. Typically, enterprise customers buy various hardware elements and connectivity from multiple vendors and stitch the solution together in a Do-It-Yourself (DIY) model. This requires house expertise or contractors to deploy the solution. Though it offers flexibility in terms of choice of equipment, it can be costly and complex as well as compromise on agility and potential deployment risk.

The alternative is to work with a managed service provider that sources SD-WAN technology from one or more networking and security vendors. Though this approach removes many of the deployment and maintenance issues inherent with DIY, it still introduces support issues and larger enterprises will reap more advantages due to provider focus. It also means working with telcos who have mixed customer support records.

Based on the above, questions to ask your SD-WAN technology vendor or telco include:

  • Is the service fully managed with 24/7 support backed by global NOCs?
  • Does it integrate last-mile connectivity with procurement and monitoring?
  • Does it leverage a multi-cloud architecture with direct regional-based connectivity?
  • Does it offer guaranteed application performance with integrated optimization?
  • Does it leverage sophisticated Services PoPs for cloud-edge service delivery with proximity to most the world’s knowledge workers?
  • Does it deliver global performance SLAs based on a dedicated private core with a SPOC?

SDWAN FAQs

What is SD-WAN?

Software-Defined Wide Area Networking (SD-WAN) is a holistic WAN model that includes connectivity, orchestration, and management and can support multiple security approaches. With ‘software-defined’ connectivity, enterprises have flexible control over what paths applications traverse, whether it is broadband internet, 5G/LTE, MPLS or a private network, through centralized policy management.

By centralizing control in the cloud and combining multiple networking and optimization functions at the edge, customers gain greater flexibility, reliability, agility, and performance combined with better economics. SD-WAN can be delivered as a fully or co-managed service or deployed by an enterprise as part of what is called a DIY model.

More recently, the term “SASE,” Secure Access Service Edge, has been adopted by both enterprises and vendors. SASE (pronounced “sassy”) refers to a more overarching architecture that includes Network as-a-Service and Network Security as-a-Service with SD-WAN’s connectivity playing a vital role in any SASE deployment.

Why SD-WAN and why now?

SD-WAN offers several benefits to enterprises that operate in the digital economy. It provides improved application performance through a combination of WAN optimization techniques and the ability to dynamically assign QoS as per application's (and user) requirements.

SD-WAN technology automates and speeds up site deployments, configurations, operations and troubleshooting tasks. It provides for automatic failover so, in the case of one link failure or congestion, traffic can be easily redirected to another link. SD-WAN’s flexible and agile nature provides for optimal choice and utilization of connectivity, thereby reducing upfront cost and lowering operating expenses.

Does my enterprise need SD-WAN?

The real question is who doesn’t need SD-WAN Security. With cloud adoption and the increasing complexity of the WAN, traditional approaches to engineering the WAN no longer offer the flexibility required by enterprises. Enterprises also require service delivery, including security, to be deployed in the cloud where they consume IaaS/PaaS/SaaS. It is an approach that is applicable to any organization irrespective of size, location, or industry, as long as they have begun their journey to the cloud.

<

How will an SD-WAN solution benefit my enterprise?

SD-WAN delivers the benefits of the cloud consumption model, now applied to networking. In the same way that the cloud delivers scale, global reach, simplicity, scalability, and optimal TCO, freeing IT from just “keeping the lights on,” SD-WAN technology now brings these benefits to networking. It introduces the ease of deployment and consumption demanded by enterprises of all sizes.

SD-WAN benefits reduced operational expenses by lowering training costs and decreasing deployment times, especially when consumed as a managed service. It also helps to optimizes sometimes expensive or inefficient WAN connectivity, both by facilitating migration from MPLS as well as by introducing optimization and application policy control that results in more effective bandwidth use.

SD-WAN naturally lends itself to a cloud-first approach for the WAN, enabling and optimizing multi-cloud connectivity – IaaS, PaaS, and SaaS – and depending upon the architecture, automating this connectivity across different geographies for peak application performance. This is a very different approach from previous approaches that relied on IPSEC tunnels and non-optimized MPLS topologies.

When integrated with a SASE deployment, the combination of SD-WAN and SASE bring the benefits of the cloud consumption model to both, spanning both networking and security.


What is the difference between SD-WAN and MPLS?

One question that sometimes creates confusion is the difference between SD-WAN and MPLS, even if it isn’t really an apples-to-apples comparison. But one way to look at it is that SD-WAN is an architectural concept for network design that is just what the term implies, ‘software-defined,’ decoupling the networking and security hardware from its control mechanism. This contrasts to MPLS which at its core is a networking technology, now over two decades old and forming the foundation on top of which many enterprises ported their applications to an IP infrastructure. Also remember that SD-WAN is capable of leveraging multiple WAN technologies, including MPLS.

MPLS SD-WAN
Is a connection-oriented technology, hence MPLS dictates a hub-and spoke network architecture that is ill-suited to accommodate the needs of cloud adoption Can leverage connection-less transport technologies and traffic can be routed anywhere without backhauling
Dedicated enterprise network with expensive bandwidth and high SLAs Multiple transport methods can be leveraged: DIA, 5G, MPLS, and more
Different enterprises’ traffic is separated but not encrypted Fully encrypted tunnels from/to any enterprise site
High bandwidth cost and suboptimal routing to cloud-based resources Lower costs due to policy-based routing which leverages cheaper transport for some applications
No built-in elasticity in bandwidth utilization Traffic bursts can be broken out into the Internet
CLI-based network operation Focus on automation and orchestration
MPLS can be costly and is slow to deploy, based on CLI-based network operation. MPLS-based networks cannot keep up with the agility of digital business models due to provisioning times. SD-WAN is ideally based on automation and orchestration – but that promise isn’t always true. Many traditional SD-WAN approaches perpetuate the CLI model with complex policy definition.
MPLS’ hub-and-spoke nature also typically enforces a box-centric centric security model that cannot effectively secure cloud applications or support emerging hybrid workforce models. SASE ideally integrates a cloud-centric, zero trust security model. However, this is not true with all SASE vendor models. And a solid SD-WAN solution with the ability to deliver on enterprise-SLAs is still the foundation for successful SASE rollout.

How do I migrate to SD-WAN, and where does MPLS come into play?

One of the fundamental drivers for SD-WAN is the ability to better optimize and automate WAN connectivity. Before SD-WAN, many enterprises deployed MPLS while also connecting to the internet for non-mission-critical data and applications, but this provisioning is manual, time-consuming, prone to error and doesn’t provide centralized visibility. With SD-WAN’s centralized orchestration, enterprises can now take advantage of the increased flexibility in moving between MPLS and the internet. This path selection is sometimes referred to as a Hybrid WAN, where connectivity follows multiple paths. Without SD-WAN, managing a Hybrid WAN is manual, making it both tedious and time-consuming.

MPLS migration and augmentation can be seamless, or a fork-lift operation depending on the approach chosen. A careful consideration of cloud connectivity, MPLS replacement or augmentation, and the internet are needed to minimize downtime and risk. Here is a four-step approach to a seamless SD-WAN migration:

  1. Identify Candidate Sites: The first step is to identify candidate sites and branches that will migrate to SD-WAN. SD-WAN can be rolled out in an incremental fashion and can co-exist with existing WAN technologies.
  2. Bandwidth and Applications: Calculate the total bandwidth needs from the brand or site. Also identify applications with high bandwidth requirement and list them into mission critical and non-mission critical.
  3. Transport Mix: Determine transport mix, placing non-business critical applications over the internet, and critical applications over a high-performance private core.
  4. Direct Cloud Connectivity: Identify SaaS applications and IaaS providers used. Migrate from connectivity through the datacenter to direct connectivity.

There are multiple ways to deploy SD-WAN deployment models, each with varying levels of complexity, cost and scalability. SD-WAN architectures are broadly classified into three categories: Carrier Managed, Overlay and Cloud-First.

A carrier-managed SD-WAN relies on hardware and software from one or more vendors, resulting in a service offering that requires handoffs between the provider and the vendor when there is an issue.

Overlay SD-WANs are deployed as a DIY model from the edge, with the enterprise taking on burden of deploying and managing connectivity and security, leveraging the carrier’s transport ‘underlay’. However, this means perpetuating dependency on MPLS since the overlay network doesn’t exercise control over the transport layer of the underlay networks and the only way to support mission-critical applications with the SLAs they require is via MPLS.

A cloud-first SD-WAN is based on a services PoP architecture that delivers the service sophistication at the cloud-edge and is aligned with enterprise cloud adoption initiatives.

What is the key SD-WAN use cases?

SD-WAN supports a set of critical enterprise use cases. Most organizations leverage the technology or managed service for more than one.

  • Enabling a Hybrid Workplace: SD-WAN improves application performance and provides direct cloud connectivity to simplify hybrid and multi-cloud initiatives. Flexible network security protects users, devices, and applications no matter where they connect from whether it’s on-site or from home.
  • Providing a Secure Internet Access: SD-WAN enables remote users secure access to SaaS, IaaS and internet when working from anywhere. It reduces complexity in configuration and operations.
  • Enabling Cloud Migration: SD-WAN simplifies cloud migration by providing out of the box direct connectivity to leading IaaS providers, SaaS application acceleration and multi-cloud connectivity.
  • Transitioning from MPLS to SD-WAN: SD-WAN provides a seamless migration path from MPLS. SD-WAN can co-exist with MPLS or completely replace it with a high quality fully meshed Layer 2 transport core with comparable QoS but with reduced cost and complexity.
  • Improving Application Performance: SD-WAN provides direct connectivity to SaaS providers. The solution includes a fully meshed private core network with over multiple PoPs around the world, to mitigate the effect of latency on application performance.
  • Improving UCaaS Performance: SD-WAN recognizes and marks UCaaS traffic, steers it optimally and dynamically across internet access links and through the core infrastructure, minimizing packet loss and latency, to deliver an optimized user experience.
  • Improving or Enabling China Connectivity: SD-WAN may deliver optimal coverage of key locations in China, supporting both inbound and outbound data.

How is SD-WAN different from SASE?

SD-WAN is a foundational element of a broader SASE architecture. It is designed to greatly simplify the management of an enterprise’s WAN, which have grown increasingly complex and cumbersome to manage over time as workloads and workforces have shifted dramatically. What is clear is that SASE without SD-WAN for connectivity is a hollow promise.

This connectivity, leveraging a solid and stable network, is what is required to deliver the application performance and productivity enterprises demand. Building on a Services PoP-centric SD-WAN service, enterprises can easily consume additional security capabilities at the cloud edge as they become available. This doesn’t all need to happen at once and can be phased in based on the enterprise’s unique requirements.

There is also confusion between SD-WAN, SASE and MPLS. It is not either-or. It is possible for all to be deployed within the same WAN architecture. MPLS is a transport option for SD-WAN, as is Dedicated Internet Access (DIA) or a private core like that which Aryaka offers and fits within an SD-WAN architecture. SD-WAN provides connectivity for SASE.

Want to know more about SASE – Check out our SASE Guide.

What is the importance of Services PoPs in enabling an SD-WAN?

SD-WAN Architecture is ideally based on a cloud-edge services that relies on what we term “Services PoPs.” These are sophisticated hardware platforms within the cloud that integrate not only routing and switching, but also compute and storage. This provides a foundation for the deployment of SD-WAN capabilities, different from branch-centric architecture that can’t effectively leverage cloud capabilities, or a less-sophisticated transport PoP architecture that is incapable of supporting the mix of networking and security services.

A Services PoP architecture for SD-WAN also offers a foundation for the deployment of SASE capabilities at the cloud-edge. Link.

How do I select an SD-WAN vendor or provider?

Building on the earlier SD-WAN architecture discussion, how does one select between the approaches to generate desired business outcomes?

Traditional networking box vendors like Cisco, Juniper and others sell SD-WAN hardware along with some installation and maintenance services. Typically, enterprise customers buy various hardware elements and connectivity from multiple vendors and stitch the solution together in a Do-It-Yourself (DIY) model. This requires house expertise or contractors to deploy the solution. Though it offers flexibility in terms of choice of equipment, it can be costly and complex as well as compromise on agility and potential deployment risk.

The alternative is to work with a managed service provider that sources SD-WAN technology from one or more networking and security vendors. Though this approach removes many of the deployment and maintenance issues inherent with DIY, it still introduces support issues and larger enterprises will reap more advantages due to provider focus. It also means working with telcos who have mixed customer support records.

Based on the above, questions to ask your SD-WAN technology vendor or telco include:

  • Is the service fully managed with 24/7 support backed by global NOCs?
  • Does it integrate last-mile connectivity with procurement and monitoring?
  • Does it leverage a multi-cloud architecture with direct regional-based connectivity?
  • Does it offer guaranteed application performance with integrated optimization?
  • Does it leverage sophisticated Services PoPs for cloud-edge service delivery with proximity to most the world’s knowledge workers?
  • Does it deliver global performance SLAs based on a dedicated private core with a SPOC?

What is a Cloud-First SD-WAN solution and what advantages does it offer?

A Cloud-First WAN is an architectural approach that enables agility, simplicity, choice and the ability to deliver an amazing user and application experience. Many SD-WAN vendors take a box-centric view with little accountability for the end-to-end global experience, while traditional service providers stitch together technology offerings from multiple vendors and consequently must compromise on delivering a seamless experience.

The path forward is to take a platform approach that leverages a unified services architecture that is extensible and reaches end-to-end. This platform must offer the service sophistication that enables the suite of connectivity, cloud, security, and WAN optimization services — services that are deployed in a SaaS model to all customers and that are easily enhanced.

The sophistication of the service nodes that enable these services are an order of magnitude in capability beyond simple transport points of presence (PoPs) that form the basis of some SD-WAN architectures. Benefits of a cloud-first approach include reduced time to market, operational simplicity, and multi-cloud readiness.


Aryaka SDWAN Architecture