Co-managed SD-WAN: IT decision makers are leaning in but how do you get the best of both worlds?

Avatar for Gary AudinBy Gary Audin|Sep 14, 2020|7:30 am CDT

The need for a virtual workforce is forcing many leaders to rethink their IT operations, and for SD-WAN adopters this has many considering more managed and co-managed services. But why does the work-from-anywhere strategy require more support, and what’s the difference between a managed SD-WAN service and a co-managed service? This article explores SD-WAN management in response to the pandemic, showing you how to use co-managed models to get the best of both worlds.

IT is being restructured under the pressures of remote work

The COVID-19 pandemic is having a significant impact on IT departments. An increased number of help requests coming from employees at home must be addressed. Secure remote access and VPNs now need to be cost effective and reliable for the long term. Security is a bigger and more urgent issue with remote employees connecting at-home devices.

Ultimately, today’s work-from-anywhere model is stimulating a restructuring of IT operations that is changing the way business gets done. This is particularly the case as IT leaders implement SD-WAN to assist with their work-from-home strategy.

SD-WAN offers advantages such as applying SD-branch approaches to the virtual workforce and easing the IT burdens of remote connectivity, security, and performance for bandwidth-hungry video conferencing applications. But SD-WAN isn’t a plug-and-play technology–it requires ongoing updates and management. Under the new pressures of remote work, IT leaders are thinking long and hard about who should take on the responsibilities required with any deployment. That’s because SD-WAN can entail:

Companies are leaning more heavily on SD-WAN services

Leaders are more cognizant of the fact that SD-WAN benefits shouldn’t outstrip the experts needed to administer it. Cost savings can be eroded when complexity and ongoing management adds too heavily to the ROI equation.

Those that have in-house expertise are naturally immune, as they are more likely to have the required resources available. These companies were largely the early adopters of the do-it-yourself (DIY) solutions, where devices were installed without regard for service guarantees and SLAs. But this is not the case for everyone. Today, remote workers or even branch offices typically lack the needed knowledge, expertise, and resources for ongoing operational management. This also helps explain why the tables are now turning.

Two dynamics are coming together. SD-WAN is reaching mainstream adoption where enterprises are more dependent on providers for assistance. Meanwhile, IT teams are busy serving the new needs of the enterprise–COVID-19. All of this makes IT leaders opt for more service packages. Survey data from major analyst firms demonstrate this recent tipping of the scales.

In making the choice to adopt a managed service, most IT leaders are reluctant to outsource SD-WAN completely–only desiring selective service, according to Omdia. Providers have responded, adding co-managed services to their portfolios. Here’s what this “middle” option means for IT leaders, and how to get the best of this hybrid model.

Can you really have the best of both worlds? Co-managed “gotchas”

It helps to first explain, what is co-managed SD-WAN? A co-managed model is a shared responsibility arrangement, creating balance where businesses benefit from distancing themselves from the administration and complexity while still retaining control over the network service. Advances in SD-WAN specifically allow for this balance, namely centralized management capabilities, cloud-based SDWaaS (SD-WAN as a Service), and online consoles. As a turnkey alternative to the DIY approach, this model decreases the burdens of SD-WAN setup and network performance management without eradicating the client’s loss of control–all at an extra cost of course. (See a direct comparison of solutions in the chart at the end of this article.)

In shared models, companies no longer face the binary choice between a fully managed service and DIY, where cost and control have traditionally been pitted against each other. Thus, the co-managed decision may feel like a no-brainer. However, truly getting the best of both worlds takes careful consideration in the areas of agility, flexibility, and security. Buyer beware.

Your network freedom depends on their solution flexibility

Beware of SD-WAN providers that simply add a high price tag for their service–when in fact–that service only limits your IT freedom. These services might lock you into specific networks, connectivity types, and internet service providers. In today’s fast-paced, fast-changing world, IT leaders favor more flexibility and choice. Ask these questions:

Your speed-of-change rides on their responsiveness

Understand specifically what service controls you have and which tasks require a service ticket. Tickets can take days or weeks, slowing your speed-to-change. Your provider’s mean time to responsiveness is critical, as are on-demand service controls and real-time performance visibility for each individual application. Ensure you have direct control over the services you change the most, and understand who will serve requirements that fall outside your control and how fast they can execute.

Your security simplicity also depends on their capabilities

Security is now part of the SD-WAN infrastructure with firewalls as embedded features and a variety of ancillary security functions built into today’s solutions. This can be extremely valuable for companies seeking to reduce IT complexity, outsource, and reduce the security “noise” of firewall alert management. When every organization wants to leverage the cost benefits of the public internet, firewalls are must–which in turn make unified threat management and SOC response teams a requirement as well. Evaluate your provider’s security maturity and how they will help you expand your coverage. Take into consideration these security functions:

At the end of the day, a co-managed model is a great way to modernize legacy IT infrastructure, gaining the advantages while still freeing your IT resources. A detailed, pragmatic approach is required when it comes to understanding who does what and how your partner is set up to execute on your needs. Masergy’s co-managed SD-WAN service model helps explain how to succeed with shared responsibilities.

Fully Managed vs. Co-Managed: Who does what?

While specifics may vary across providers, here’s the approach Masergy takes.

Fully Managed Solution: Provider does it all, but you still get some control Co-managed Solution: Shared responsibilities
Design Provider Provider
Implementation/Install Provider Provider
Configuration Provider Client: You customize standard firewall rules and other security policy configurations using the portal
Network management and monitoring Provider Provider: End-to-end management and monitoring is provided, but the service may vary when public internet connectivity is deployed
• When clients bring their own ISPs for connectivity (using an “over the top” solution), then Masergy manages and monitors the SD-WAN equipment only
• When clients use Masergy-provided ISPs for connectivity, Masergy provides end-to-end management and monitoring
Policy management: Business policy, firewall policy, security profiles Provider and/or Client: Portal allows client to make on-demand modifications, alternatively client can call Masergy NOC Client: You customize standard configurations using the portal and manage them on an ongoing basis
Incident resolution Provider: All break-fix performed by Masergy NOC Shared: Clients are responsible for any break/fix related to Layers 4-7 of the OSI network model while Masergy is responsible for Layers 1-3
Moves, adds, changes, deletes (MACDs) Provider and/or Client: Portal allows client to make on-demand modifications, alternatively client can call Masergy NOC Shared: Client is responsible for all MACDs pertaining to Layers 4-7 of the OSI network model while Masergy is responsible for Layers 1-3

Interested in learning more about SD-WAN?

Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.