What is SD-WAN?
Software-Defined Wide Area Networking (SD-WAN) is a holistic WAN model that includes connectivity, orchestration, and management and can support multiple security approaches. With ‘software-defined’ connectivity, enterprises have flexible control over what paths applications traverse, whether it is broadband internet, 5G/LTE, MPLS or a private network, through centralized policy management.
By centralizing control in the cloud and combining multiple networking and optimization functions at the edge, customers gain greater flexibility, reliability, agility, and performance combined with better economics. SD-WAN can be delivered as a fully or co-managed service or deployed by an enterprise as part of what is called a DIY model.
More recently, the term “SASE,” Secure Access Service Edge, has been adopted by both enterprises and vendors. SASE (pronounced “sassy”) refers to a more overarching architecture that includes Network as-a-Service and Network Security as-a-Service with SD-WAN’s connectivity playing a vital role in any SASE deployment.
Why SD-WAN and why now?
SD-WAN offers several benefits to enterprises that operate in the digital economy. It provides improved application performance through a combination of WAN optimization techniques and the ability to dynamically assign QoS as per application's (and user) requirements.
SD-WAN technology automates and speeds up site deployments, configurations, operations and troubleshooting tasks. It provides for automatic failover so, in the case of one link failure or congestion, traffic can be easily redirected to another link. SD-WAN’s flexible and agile nature provides for optimal choice and utilization of connectivity, thereby reducing upfront cost and lowering operating expenses.
Does my enterprise need SD-WAN?
The real question is who doesn’t need SD-WAN Security. With cloud adoption and the increasing complexity of the WAN, traditional approaches to engineering the WAN no longer offer the flexibility required by enterprises. Enterprises also require service delivery, including security, to be deployed in the cloud where they consume IaaS/PaaS/SaaS. It is an approach that is applicable to any organization irrespective of size, location, or industry, as long as they have begun their journey to the cloud.
How will an SD-WAN solution benefit my enterprise?
SD-WAN delivers the benefits of the cloud consumption model, now applied to networking. In the same way that the cloud delivers scale, global reach, simplicity, scalability, and optimal TCO, freeing IT from just “keeping the lights on,” SD-WAN technology now brings these benefits to networking. It introduces the ease of deployment and consumption demanded by enterprises of all sizes.
SD-WAN benefits reduced operational expenses by lowering training costs and decreasing deployment times, especially when consumed as a managed service. It also helps to optimizes sometimes expensive or inefficient WAN connectivity, both by facilitating migration from MPLS as well as by introducing optimization and application policy control that results in more effective bandwidth use.
SD-WAN naturally lends itself to a cloud-first approach for the WAN, enabling and optimizing multi-cloud connectivity – IaaS, PaaS, and SaaS – and depending upon the architecture, automating this connectivity across different geographies for peak application performance. This is a very different approach from previous approaches that relied on IPSEC tunnels and non-optimized MPLS topologies.
When integrated with a SASE deployment, the combination of SD-WAN and SASE bring the benefits of the cloud consumption model to both, spanning both networking and security.
What is the difference between SD-WAN and MPLS?
One question that sometimes creates confusion is the difference between SD-WAN and MPLS, even if it isn’t really an apples-to-apples comparison. But one way to look at it is that SD-WAN is an architectural concept for network design that is just what the term implies, ‘software-defined,’ decoupling the networking and security hardware from its control mechanism. This contrasts to MPLS which at its core is a networking technology, now over two decades old and forming the foundation on top of which many enterprises ported their applications to an IP infrastructure. Also remember that SD-WAN is capable of leveraging multiple WAN technologies, including MPLS.
|Is a connection-oriented technology, hence MPLS dictates a hub-and spoke network architecture that is ill-suited to accommodate the needs of cloud adoption||Can leverage connection-less transport technologies and traffic can be routed anywhere without backhauling|
|Dedicated enterprise network with expensive bandwidth and high SLAs||Multiple transport methods can be leveraged: DIA, 5G, MPLS, and more|
|Different enterprises’ traffic is separated but not encrypted||Fully encrypted tunnels from/to any enterprise site|
|High bandwidth cost and suboptimal routing to cloud-based resources||Lower costs due to policy-based routing which leverages cheaper transport for some applications|
|No built-in elasticity in bandwidth utilization||Traffic bursts can be broken out into the Internet|
|CLI-based network operation||Focus on automation and orchestration|
|MPLS can be costly and is slow to deploy, based on CLI-based network operation. MPLS-based networks cannot keep up with the agility of digital business models due to provisioning times.||SD-WAN is ideally based on automation and orchestration – but that promise isn’t always true. Many traditional SD-WAN approaches perpetuate the CLI model with complex policy definition.|
|MPLS’ hub-and-spoke nature also typically enforces a box-centric centric security model that cannot effectively secure cloud applications or support emerging hybrid workforce models.||SASE ideally integrates a cloud-centric, zero trust security model. However, this is not true with all SASE vendor models. And a solid SD-WAN solution with the ability to deliver on enterprise-SLAs is still the foundation for successful SASE rollout.|
How do I migrate to SD-WAN, and where does MPLS come into play?
One of the fundamental drivers for SD-WAN is the ability to better optimize and automate WAN connectivity. Before SD-WAN, many enterprises deployed MPLS while also connecting to the internet for non-mission-critical data and applications, but this provisioning is manual, time-consuming, prone to error and doesn’t provide centralized visibility. With SD-WAN’s centralized orchestration, enterprises can now take advantage of the increased flexibility in moving between MPLS and the internet. This path selection is sometimes referred to as a Hybrid WAN, where connectivity follows multiple paths. Without SD-WAN, managing a Hybrid WAN is manual, making it both tedious and time-consuming.
MPLS migration and augmentation can be seamless, or a fork-lift operation depending on the approach chosen. A careful consideration of cloud connectivity, MPLS replacement or augmentation, and the internet are needed to minimize downtime and risk. Here is a four-step approach to a seamless SD-WAN migration:
- Identify Candidate Sites: The first step is to identify candidate sites and branches that will migrate to SD-WAN. SD-WAN can be rolled out in an incremental fashion and can co-exist with existing WAN technologies.
- Bandwidth and Applications: Calculate the total bandwidth needs from the brand or site. Also identify applications with high bandwidth requirement and list them into mission critical and non-mission critical.
- Transport Mix: Determine transport mix, placing non-business critical applications over the internet, and critical applications over a high-performance private core.
- Direct Cloud Connectivity: Identify SaaS applications and IaaS providers used. Migrate from connectivity through the datacenter to direct connectivity.
There are multiple ways to deploy SD-WAN deployment models, each with varying levels of complexity, cost and scalability. SD-WAN architectures are broadly classified into three categories: Carrier Managed, Overlay and Cloud-First.
A carrier-managed SD-WAN relies on hardware and software from one or more vendors, resulting in a service offering that requires handoffs between the provider and the vendor when there is an issue.
Overlay SD-WANs are deployed as a DIY model from the edge, with the enterprise taking on burden of deploying and managing connectivity and security, leveraging the carrier’s transport ‘underlay’. However, this means perpetuating dependency on MPLS since the overlay network doesn’t exercise control over the transport layer of the underlay networks and the only way to support mission-critical applications with the SLAs they require is via MPLS.
A cloud-first SD-WAN is based on a services PoP architecture that delivers the service sophistication at the cloud-edge and is aligned with enterprise cloud adoption initiatives.
What is the key SD-WAN use cases?
SD-WAN supports a set of critical enterprise use cases. Most organizations leverage the technology or managed service for more than one.
- Enabling a Hybrid Workplace: SD-WAN improves application performance and provides direct cloud connectivity to simplify hybrid and multi-cloud initiatives. Flexible network security protects users, devices, and applications no matter where they connect from whether it’s on-site or from home.
- Providing a Secure Internet Access: SD-WAN enables remote users secure access to SaaS, IaaS and internet when working from anywhere. It reduces complexity in configuration and operations.
- Enabling Cloud Migration: SD-WAN simplifies cloud migration by providing out of the box direct connectivity to leading IaaS providers, SaaS application acceleration and multi-cloud connectivity.
- Transitioning from MPLS to SD-WAN: SD-WAN provides a seamless migration path from MPLS. SD-WAN can co-exist with MPLS or completely replace it with a high quality fully meshed Layer 2 transport core with comparable QoS but with reduced cost and complexity.
- Improving Application Performance: SD-WAN provides direct connectivity to SaaS providers. The solution includes a fully meshed private core network with over multiple PoPs around the world, to mitigate the effect of latency on application performance.
- Improving UCaaS Performance: SD-WAN recognizes and marks UCaaS traffic, steers it optimally and dynamically across internet access links and through the core infrastructure, minimizing packet loss and latency, to deliver an optimized user experience.
- Improving or Enabling China Connectivity: SD-WAN may deliver optimal coverage of key locations in China, supporting both inbound and outbound data.
How is SD-WAN different from SASE?
SD-WAN is a foundational element of a broader SASE architecture. It is designed to greatly simplify the management of an enterprise’s WAN, which have grown increasingly complex and cumbersome to manage over time as workloads and workforces have shifted dramatically. What is clear is that SASE without SD-WAN for connectivity is a hollow promise.
This connectivity, leveraging a solid and stable network, is what is required to deliver the application performance and productivity enterprises demand. Building on a Services PoP-centric SD-WAN service, enterprises can easily consume additional security capabilities at the cloud edge as they become available. This doesn’t all need to happen at once and can be phased in based on the enterprise’s unique requirements.
There is also confusion between SD-WAN, SASE and MPLS. It is not either-or. It is possible for all to be deployed within the same WAN architecture. MPLS is a transport option for SD-WAN, as is Dedicated Internet Access (DIA) or a private core like that which Aryaka offers and fits within an SD-WAN architecture. SD-WAN provides connectivity for SASE.
Want to know more about SASE – Check out our SASE Guide.
What is the importance of Services PoPs in enabling an SD-WAN?
SD-WAN Architecture is ideally based on a cloud-edge services that relies on what we term “Services PoPs.” These are sophisticated hardware platforms within the cloud that integrate not only routing and switching, but also compute and storage. This provides a foundation for the deployment of SD-WAN capabilities, different from branch-centric architecture that can’t effectively leverage cloud capabilities, or a less-sophisticated transport PoP architecture that is incapable of supporting the mix of networking and security services.
A Services PoP architecture for SD-WAN also offers a foundation for the deployment of SASE capabilities at the cloud-edge. Link.
How do I select an SD-WAN vendor or provider?
Building on the earlier SD-WAN architecture discussion, how does one select between the approaches to generate desired business outcomes?
Traditional networking box vendors like Cisco, Juniper and others sell SD-WAN hardware along with some installation and maintenance services. Typically, enterprise customers buy various hardware elements and connectivity from multiple vendors and stitch the solution together in a Do-It-Yourself (DIY) model. This requires house expertise or contractors to deploy the solution. Though it offers flexibility in terms of choice of equipment, it can be costly and complex as well as compromise on agility and potential deployment risk.
The alternative is to work with a managed service provider that sources SD-WAN technology from one or more networking and security vendors. Though this approach removes many of the deployment and maintenance issues inherent with DIY, it still introduces support issues and larger enterprises will reap more advantages due to provider focus. It also means working with telcos who have mixed customer support records.
Based on the above, questions to ask your SD-WAN technology vendor or telco include:
- Is the service fully managed with 24/7 support backed by global NOCs?
- Does it integrate last-mile connectivity with procurement and monitoring?
- Does it leverage a multi-cloud architecture with direct regional-based connectivity?
- Does it offer guaranteed application performance with integrated optimization?
- Does it leverage sophisticated Services PoPs for cloud-edge service delivery with proximity to most the world’s knowledge workers?
- Does it deliver global performance SLAs based on a dedicated private core with a SPOC?
What is a Cloud-First SD-WAN solution and what advantages does it offer?
A Cloud-First WAN is an architectural approach that enables agility, simplicity, choice and the ability to deliver an amazing user and application experience. Many SD-WAN vendors take a box-centric view with little accountability for the end-to-end global experience, while traditional service providers stitch together technology offerings from multiple vendors and consequently must compromise on delivering a seamless experience.
The path forward is to take a platform approach that leverages a unified services architecture that is extensible and reaches end-to-end. This platform must offer the service sophistication that enables the suite of connectivity, cloud, security, and WAN optimization services — services that are deployed in a SaaS model to all customers and that are easily enhanced.
The sophistication of the service nodes that enable these services are an order of magnitude in capability beyond simple transport points of presence (PoPs) that form the basis of some SD-WAN architectures. Benefits of a cloud-first approach include reduced time to market, operational simplicity, and multi-cloud readiness.