Wide-Area Networks (WAN) allow enterprises to extend their computer networks over long distances, connecting remote branch offices to data centers, the Internet and the Cloud. When networks are extended over greater distances, they face operational challenges such as network congestion, packet loss and potentially even service outages. Software Defined Wide-Area Networks (SD-WAN) are designed to address these problems by replacing traditional routers with software-controlled consumer premise equipment (CPE) that can dynamically share network bandwidth across multiple connections.
SD-WAN allows enterprises to leverage any combination of transport services, (MPLS, 4G/5G, dedicated or shared Internet, etc.) to securely connect users to applications. SD-WAN uses a centralized control function to more intelligently direct traffic across the WAN. The centralized controller dynamically routes network traffic based upon business or application policies and takes into account the available network bandwidth to efficiently route traffic across the network.
Gartner views SD-WAN as a key technology1 to help enterprises transform their networks from fragile to agile and offers the best mix of performance, price and flexibility compared to alternative hardware-centric approaches. They predict that by 2023, more than 90% of WAN edge infrastructure will be based on SD-WAN versus traditional routers.
Traditional infrastructure will no longer be able to meeting the demands as data traffic growth continues to explode, Cisco2 expects global IP traffic will increase 3X over the next 5 years with SD-WAN traffic expected to grow at a 37% compound annual growth rate (CAGR) compared to 3% for traditional-based WANs.
International Data Corporation (IDC) recently noted3 that SD-WAN continues to be one of the fastest-growing segments of the network infrastructure market, driven by a variety of factors:
Combined with the rapid adoption of SD-WAN by leading communications service providers globally, these trends continue to drive deployments of SD-WAN, providing enterprises with dynamic management of hybrid WAN connections and the ability to guarantee high levels of quality of service on a per application basis.
Research firm Gartner identified four required characteristics for SD-WAN4:
1Magic Quadrant for WAN Edge Infrastructure, Gartner, Oct 2018
2Cisco Visual Networking Index: Forecast and Trends, 2017-2022 White Paper, Cisco, Feb 2019
3SD-WAN Infrastructure Market poised to reach $5.25 Billion in 2023, IDC, Jul 2019
4Market Guide for Managed SD-WAN Services, Gartner, May 2019
A new security breach seemingly appears in the news on a daily basis. In Symantec’s Internet Threat Report5, one out of every 10 urls are malicious, website attacks are up 56% and on average 4,800 websites are compromised each month. McAfee reports6, ransomware attacks grew by 118% and 92% of organizations have stolen cloud credentials for sale on the Dark Web7. Making matters worse, it’s harder than ever to hire skilled security professionals as 69%8 of cyber security teams are understaffed and only 34% have a high degree of confidence in their team’s ability to successfully detect and respond to cyber threats.
SD-WAN introduces new security options, not previously available with legacy networking technologies that make it easier to manage and secure network traffic. It uses a centralized control function that builds all of the Internet Protocol Security (IPSec) tunnels between all of the locations as soon as you plug-in the SD-WAN customer premise equipment (CPE). The SD-WAN controller builds a full mesh network, so it can communicate with all of the other sites without having to go back to the data center to ensure that all network traffic is encrypted and secure.
SD-WAN enables network managers to establish network segmentation across all sites of the organization. Network segmentation allows an organization to isolate access to specific types of network devices and these network segments can be extended to the Next-Generation Firewall (NGFW) via encrypted links to control traffic between network segments. An example of this would be for HVAC contractors or suppliers who need remote access to monitor and manage HVAC systems across an organization. Segmenting the WAN can limit the impact of a cyber-attack to a small, manageable area. In the 2013 Target security breach9, hackers stole credit card data after they accessed Target’s network via the HVAC contractor. If the HVAC systems had been on a separate network segment, this security breach would have been isolated to just HVAC systems.
It is often said that you can’t secure what you can’t see and historically enterprises didn’t have much visibility into what traffic is going across the WAN. Masergy’s Intelligent Service Control (ISC) Portal, offering a single pane of glass for a unified view of analytics for network, UCaaS, WAN edge devices and application performance for end-to-end visibility across cloud, on-premise and hybrid environments. The ISC dashboard provides an instant overview of where IP traffic is coming from and where it’s going to ensure that you are in control of the traffic that is traversing the WAN.
Compared to traditional WANs, SD-WANs can lead to substantial cost savings. Gartner estimates that the cost for SD-WAN hardware, software and support of remote locations is up to 40% less10than that of traditional routers. Organizations have cited that they spend up to 90% less time configuring SD-WAN CPE vs. traditional routers. In addition, organizations can realize a significant cost savings in bandwidth costs. SD-WAN dramatically improves load sharing across multiple ports which can delay the need to purchase additional bandwidth from the carrier or allow for greater use of lower-cost Internet connectivity. Savings can be realized by routing traffic such that only real-time traffic is delivered over the more expensive link (MPLS or dedicated Internet) and less critical traffic can be delivered over the less expensive shared broadband link.
In a recent Nemertes study11, SD-WAN can drive savings by preventing cost increases associated with bandwidth increases and by making all links to a site usable simultaneously that allows for less expensive Internet links to be used for some or all of the enterprises more expensive MPLS links. Nemertes noted that connectivity is not the only avenue by which SD-WAN can drive savings. By making redundant links less expensive to deploy and making failover links transparent to end-users, SD-WAN can reduce site outages by 69% and shorten them by 80%, while reducing WAN staffing by 20% and troubleshooting time by 33%.
|Cost Component||Classic WAN
|$ change||% change|
|Annual Circuit Costs||$2,594,869||$1,820,900||$773,969||30%|
|Annual Amortized Capital Costs||$864,267||$332,127||$532,140||62%|
|Annual Problem-Resolution Costs||$17,654||$1,765||$15,889||90%|
Figure 1: Nemertes SD-WAN Cost Model & Business Value Analysis
When the CIO of Ingenico Group12 was tasked with supporting a growth plan that would double the size of the company, he was challenged by a rigid and complex network with multiple providers. Plus, he faced bandwidth demands that were increasing at a rate of 25% or more annually. To build a network fabric that would enable seamless future growth and real agility, Ingenico needed to transform its existing IT strategy, shifting to a software defined hybrid network architecture that would effectively serve 88+ global offices and accelerate their cloud-first approach. Using Masergy’s Managed SD-WAN Ingenico was able to realize a 40% cost savings through global provider consolidation and by transitioning MPLS sites to broadband, while increasing overall bandwidth by 30%!
52019 Internet Security Threat Report, Symantec, Feb 2019
6McAfee Labs Threats Report, McAfee, Aug 2019
7McAfee Cloud Adoption and Risk Report, McAfee, 2019
8State of Cybersecurity, ISACA, 2019
9Target breach began with Contractor’s Electronic Billing Link, WSJ, Feb 2014
105 Network Cost Optimization Opportunities to Evaluate Now, Gartner, Jun 2019
Faced with unpredictable performance of the Internet and other public networks, enterprises are tuning to SD-WAN for better application performance by prioritizing network traffic by application, steering traffic around last-mile congestion and through WAN optimization. A network engineer can create a set of rules so SD-WAN devices will use an appropriate path for each application. For example: SD-WAN can steer the packets of critical or real-time applications down paths with adequate bandwidth and minimal latency and policies can be set so that lower priority traffic is always sent across the most cost-effective link where performance may be less reliable.
11Still Cheaper, Faster, Better: Making the business case for SD-WAN in 2019, Nemertes, 4Q’2018
12Ingenico cuts costs, adds agility and boosts bandwidth with Masergy SD-WAN, Masergy, 2019
Application-aware routing enables the service to choose the optimal network path for bandwidth and quality of service based on particular application requirements. Two valuable features that enable intelligent, on-demand application-based routing are advanced error correction and dynamic application steering (DAP). Advanced error correction overcomes the adverse effects of dropped and out-of-order packets on internet links to provide performance comparable to private networks. DAP provides real-time traffic steering over any broadband or private link based on company-defined business intent policies. In the event of an outage or brownout, DAP automatically fails-over to the secondary connection in under one second, ensuring uninterrupted service to end users.
SD-WAN monitors each network link using metrics that include latency, jitter and dropped packets. When there is network congestion, SD-WAN can steer traffic around the traffic jam and onto an alternative link to ensure better application performance.
WAN Optimization is designed to improve the performance of traffic moving between a branch office and larger sites such as the corporate headquarters, data centers or the cloud. Masergy Managed SD-WAN offers WAN Optimization to reduce the overall amount of data being transferred which speeds up data replication, data center consolidation, virtualization and large data transfers to and from the cloud.
SD-WAN improves overall network availability through several methods: failover, traffic reallocation, better visibility and through greater automation. SD-WAN dynamically assigns traffic to links based on application policies and as a result it can detect more failover scenarios than traditional routers. It measures link performance and will allocate performance-sensitive traffic to the best link. This leads to faster failure and congestion detection so for example Masergy’s managed SD-WAN service will reallocate traffic in less than 1 second.
SD-WAN offers better network visibility and provides improved analytics and troubleshooting functionality that can improve mean time to repair (MTTR) metrics and lead to more proactive network operations.
Gartner reports13 that 82% of network changes are not automated and studies have shown that human error accounts for 20% to 35% of network outages. SD-WAN includes a high degree of automation that significantly reduces manual configuration compared to traditional routers by over 90%14. For example, Masergy’s Intelligent Service Control (ISC) portal simplifies network and application management with real-time visibility, analytics and service control. It provides real-time bandwidth controls to modify port bandwidth globally across both public and private connections and with end-to-end application performance visibility helps customers make faster, more informed decisions about bandwidth allocation.
In summary, SD-WAN provides better security, price, performance & availability!
To deliver on today’s digital business initiatives, you need an agile and secure platform that maximizes global scalability. Two decades ago, Masergy pioneered software-defined networking and continues to innovate solutions that deliver positive outcomes for your enterprise.
Masergy’s Managed SD-WAN is unique because it’s built on Masergy’s network that delivers industry-leading performance with globally consistent SLAs and provides a single portal for real-time analytics and control with unmatched network and application intelligence. Enterprise security is built-in with 24/7 threat monitoring and management and transport-agnostic access lets you mix and match any transport method or connectivity type.
Masergy enables unrivaled application performance across the network and the cloud with Managed SD-WAN, UCaaS, CCaaS and Managed Security solutions. Industry-leading SLAs coupled with an unparalleled customer experience enable global enterprises to achieve business outcomes with certainty.
13How to reduce network downtime in the era of digital business, Gartner, Dec 2016
14Technology insight for SD-WAN, Gartner, Sep 2018