IT Focus Area: infrastructure operations
January 9, 2017
SD-WAN: Finally, a Breakthrough in WAN Technology!
Editor’s Note: Sirius and Forsythe are now one company. Sirius acquired Forsythe in October 2017 and we are pleased to share their exceptional content with you.
Everything that you know about the wide area network (WAN) is changing and for good reasons.
For more than 15 years, WANs have been built upon aging technologies, often layered together, and have not kept pace with the innovation in other areas of IT. Old school WANs do not support enterprises that need to reliably move performance sensitive application streams between clouds, branches and data centers.
This lack of innovation has made WANs expensive, inflexible, complex, and insecure. The WAN represents the most expensive bandwidth in the enterprise.
Today’s enterprises require more flexibility in the way they allocate bandwidth, so they can seamlessly support fast, agile, and bandwidth-intensive services. But they rarely have the budgets dollars available to invest in this often-overlooked portion of their infrastructure.
In addition to high costs and a lack of agility, WANs pose several challenges. For example:
- It’s complex to install and manage. To deploy a new branch, you need to order a router, have your highly-skilled network engineer unbox and configure it, and then ship it to the destination branch. If they mislabel a box and ship the router to the wrong location or make a mistake with the configuration, they must troubleshoot the error remotely. Can you afford to have your top engineers spend this much time on remedial tasks?
- It’s not secure. The physical security of WAN routers and encryption of WAN traffic are often not handled properly. Data traversing the WAN is usually secured with pre-shared keys that are not changed on a regular basis. This opens the door for somebody to walk away with a large portion of your enterprise WAN configuration or to easily decrypt your WAN traffic.
Introducing SD-WAN (And 4 Reasons Why You Want to Use It)
Luckily, you now have a more flexible and cost-effective alternative to legacy methods of managing your WAN.
SD-WAN allows you to choose from among multiple transport technologies (Internet, MPLS, 4G, etc.) to connect your branch offices back to your data center. This increases your available bandwidth, reduces your costs, reduces your time to market, and will place traffic on a path that performs to service level agreements (SLAs) and avoids performance degradation.
SD-WAN can classify and dynamically measure application performance to see which WAN link currently provides the better path for your data. Then, it sends data across the most capable path, while constantly re-evaluating the performance of each path. This optimization process can dramatically lower costs by leveraging inexpensive Internet circuits as an acceptable transport medium for appropriate applications while improving the end user experience.
Here are four reasons to why you can’t ignore SD-WAN:
SD-WANoffers cost savings of up to 70 percent on WAN connectivity spend. You’ll save in areas including hardware, transport, and operations. If you spend millions on your WAN each year, your savings can quickly add up.
You’ll also save on personnel costs, as you won’t need skilled resources to continuously manage and troubleshoot your network. With SD-WAN, you can apply templates and policies to devices to make management easier and WAN router configurations consistent.
SD-WAN enhances your security by:
- Minimizing the risk of human error by orchestrating change, using configuration templates, and ensuring consistency via policy.
- Classifying application traffic to enable application level routing for path, performance, and application egress point enforcement.
- Facilitating direct Internet access at the branch, while still integrating with a centralized or distributed unified threat management (UTM) model.
- Protecting your network and data with features such as encryption, rotating keys, and segmentation.
- Automatically disabling lost or stolen devices to prevent unauthorized users from accessing your data.
SD-WAN simplifies your network management by providing a central interface for all operations. For example, if you want to change a global configuration, you can make a policy change instead of manually configuring hundreds of devices.
SD-WAN also offers zero-touch provisioning, so you can get up and running quickly, by shipping the SD-WAN appliance directly to the branch and having them “call home” by registering with your central controller.
The WAN represents a significant layering of technologies. While this layering is functional, it is very complex and difficult to manage.
SD-WAN vendors are creating new methods to simplify not only deployment, but granular traffic routing based on big data-style analytics and insight. The most significant innovations to date are:
- Zero-touch provisioning
- Cloud-based control
- Configuration automation
- Global policy enforcement
- Simplification of complex routing and application controls
- Traffic segmentation
- Active/Active consumption of all available links on a per-application basis
What to Look for in an SD-WAN Solution
Many vendors claim to offer SD-WAN services, but they don’t offer the true hybrid WAN that will help you achieve the benefits outlined above. Here’s what to look for in a true SD-WAN solution:
- Hybrid path selection with application level path awareness
- Centralized controller: onsite or cloud
- A single pane of glass for management and troubleshooting
- Customizable application identification engine
- Honoring, maintaining, or updating DSCP markings through virtual private networks (VPNs) and multiprotocol label switching (MPLS)
- Zero-touch provisioning (ZTP)
- Low-touch integration with existing environment
- Automated rotation of overlay-tunnel encryption keys, at short intervals
- Secure and authenticated communication between the forwarders and controller
- Ability to run routing protocols such as open shortest path first (OSPF) and border gateway portal (BGP) for integration into the data center and possibly the branch
- Remediation of blackouts (link-down) and brownouts (link-degraded)
- Direct path to Internet and network functions virtualization (NFV) routing capabilities
A Couple of Risks Associated with SD-WAN
1. Multiple Internet Service Providers (ISPs) delivering internet connectivity to branches
Providing internet connectivity across all branch locations presents a unique operational challenge. Procurement, installation, support, and contract management can quickly turn an engagement intended for increased performance, reliability and cost savings into an expensive operational nightmare. An aggregator and/or master agent can help you drive down internet cost and simplify operations.
2. Direct internet access at branches must be secured
Enabling direct internet access at remote locations increases the points in the network where the organization is exposed to the outside world. User traffic still needs to be subject to threat detection and prevention measures such as content/URL filtering, malware prevention, and data loss prevention. Rather than placing a firewall at every single branch, which only adds cost and complexity, you can utilize a cloud-based, centrally managed service such as zScaler to protect your environment. A cloud-based approach to security enables organizations to rapidly deploy, and manage, security policies to protect end users and sensitive company data.
SD-WAN = Lower Costs + Greater Agility
SD-WAN is changing the way that we deploy and manage networks. SD-WAN has many benefits, including lower costs and improving agility. With so much to gain, now is the time to put SD-WAN on your radar.