Five criteria for evaluating managed SD-WAN solutions

If your organization is considering managed SD-WAN services over the do-it-yourself devices (which require self-deployment, configuration, and management) here are five things to consider when evaluating partners.

What you’ll learn

• Critical built-in security features
• Lesser-known cloud SLAs
• How to evaluate managed services

1. Built-in features and services to enhance your security posture

Most SD-WAN devices themselves are not innately built to be secure. Ask these questions before you buy:

• Does your SD-WAN solution include an integrated, next-generation firewall with Unified Threat Management (UTM)?
• Do you offer secure local internet breakouts, and if so, how?
• Does your SD-WAN hardware appliance include an integrated router and next-generation firewall, making it easy to directly and securely route traffic to the internet without stacking multiple devices at a given location?

While some providers will have IPSec tunneling and may even have next-gen firewalls built into their SD-WAN offering, others will go even further by:

• Incorporating security analytics into the network performance dashboard and customer portal—this is the mark of security tools embedded into the network fabric (not just bolted on as an aftermarket component) which enables real-time visibility
• Offering add-on managed security solutions and 24/7 monitoring services or even a complete managed detection and response solution—this takes the security monitoring workload off customer IT teams

2. Flexible hybrid networking to lower your costs

A major catalyst behind SD-WAN adoption is to efficiently use any combination of public and private network connectivity to lower WAN connectivity costs and maximize WAN usage. These key capabilities enable cost-efficient connectivity bandwidth utilization.

Transport-Agnostic Service: SD-WAN services should be transport/access agnostic, allowing customers to design any combination of public and private network connectivity.

Active-Active Links: Being able to combine all your bandwidth is arguably the biggest selling point of SD-WAN. This is called an active-active or dual-active configuration. Instead of using a public broadband internet or a wireless link in a passive mode as a backup for a private link, an SD-WAN solution should let enterprises use both services in an active-active mode.

3. Service level agreements to improve the application user experience

A managed SD-WAN service provider should be able to support WAN services globally. Service level agreements (SLAs) help expose the differences in these services. Key considerations include:

• SLAs for network availability, latency, packet loss, and jitter as well as SLAs that extend SD-WAN to customer premise equipment (CPE)
• Time to repair or replace equipment ensures continued operations of SD-WAN locations
• Cloud SLAs: When using direct internet access to providers like Amazon Web Services and others, cloud SLAs help customers deliver a consistent application experience by guaranteeing network performance until the cloud provider takes ownership of the traffic.

4. Dynamic traffic engineering to maximize your resource efficiency

The ability to prioritize traffic (voice and video over IP, for example) over both public and private links and the ability to ensure quality-of-service across applications are essential. Dynamic traffic engineering and application-aware routing are key features and benefits. These enable the service to choose the optimal network path for bandwidth and quality of service based on particular application requirements.

Two other valuable features that enable intelligent, on-demand application-based routing are advanced error correction and dynamic application steering (DAP). These help overcome the adverse effects of dropped and out-of-order packets on internet links and ensure uninterrupted service to end-users.

5. A fully managed service to enhance your productivity

It’s important to ask a few questions of the provider to understand what “managed service” entails.

• Will the managed service provider deploy and manage the solution end-to-end including equipment management and proactive network monitoring on a 24/7 basis?
• Will you (the customer) have visibility and control over the solution or will you have to rely on the provider?
• Will you have dedicated resources to manage the implementation and ongoing service?