SD-WAN stands for software-defined wide area network. The phrase “software-defined WAN” refers to the application of software-defined networking (SDN) concepts to the WAN. These modern architectural principles are applied to the WAN in order to turn the control layer of the network (once all hardware) into software. That’s a revolutionary change, because now the network’s control functions are in a cloud-based controller that can be programmed in ways that were never possible before.
SD-WAN virtualizes numerous components of the traditional network (e.g. secure routing, application optimization, etc.). Plus, it centralizes the network management via a cloud-based “orchestrator.” This centralized control is a key feature because it allows SD-WAN solutions to intelligently direct IP traffic in order to optimize performance. SD-WAN continually monitors bandwidth utilization, packet loss, and latency, and dynamically selects the best path according to whatever parameters you choose. By continually monitoring and readjusting, SD-WAN ensures that you always get the best application performance possible.
SD-WAN fundamentally does two things:
Now, let’s talk about exactly how SD-WAN accomplishes this. SD-WAN is an endpoint device that must be installed on a corporate network. It’s usually a hardware appliance but sometimes the endpoint can be virtual customer-provided equipment or “vCPE”.
SD-WAN makes use of all network paths (both private and public) through the centralized controller. Using a system of rule-based policies, bandwidth resources are automatically assigned based on your prioritized list of applications, users, and locations. SD-WAN continually monitors bandwidth utilization, packet loss, and latency, and dynamically selects the best path according to whatever parameters you choose. By continually monitoring and readjusting, SD-WAN ensures that you always get the best application performance possible.
SD-WAN’s centralized management controls are available in the web portal or online console, also called a “single pane of glass.” This is where you configure exactly how you want your SD-WAN to prioritize and route traffic and which features you want it to use. It’s also where you can view network and application performance data for your entire WAN. From here, you can access SD-WAN’s features, provisioning new links and services and tapping into features like active-active links, dynamic routing protocols, quality of service, and more.
SD-WAN has popularized the strategy of converting your network’s private MPLS connections to public connections. The benefit is that you can leverage the cost advantages of broadband internet service for secure connectivity and access to cloud-based resources. This allows for cost savings, but it may also decrease the reliability and performance of the network.
Another key benefit of SD-WAN is that it can act as an on-ramp to the cloud, offering direct connections to top cloud service providers such as Amazon® Web Services, Microsoft® Azure, Google® Cloud Platform, IBM®, and more. This gives CIOs and network architects a simple way to link their corporate WAN with an array of private and public cloud resources. It also means they don’t have to accept the performance of the public internet to connect them. You get turnkey private or shared connections to your cloud infrastructure or applications.
Another benefit of SD-WAN is its ability to detect network outages and automatically reroute IP traffic accordingly to reduce downtime. SD-WAN improves the resiliency of the WAN by dynamically balancing traffic across multiple paths to increase application performance. SD-WAN solutions determine the best path to deliver business-critical applications based on available bandwidth across the entire WAN.
The advantage of SD-WAN is that it can solve an array of traditional network challenges, including:
When first introduced decades ago, Multiprotocol Label Switching (MPLS) upended the networking world as the new highly-efficient way to transport data between two or more locations. Today, SD-WAN is largely doing the same thing. So, what’s the difference? It comes down to cost and reliability mostly, but the two are also fundamentally different.
MPLS operates similarly to switches and routers by using packet-forwarding technology and labels to make data-forwarding decisions for IP traffic on a network. The result is the highest quality of service and reliability possible, which explains why businesses still typically use MPLS to carry their high-priority IP traffic across the WAN. But this stability comes at a higher cost when compared to other types of connectivity or network access methodologies.MPLS is also subject to geographical boundaries as each MPLS link is reliant on the local telecommunications carrier.
To be clear: SD-WAN is not a network connectivity type or access methodology, so comparing it to MPLS is not an apples-to-apples comparison. SD-WAN is a hardware device and solution offering that allows you to leverage any type of bandwidth–private or public. Many people incorrectly believe that “it’s only SD-WAN if you use internet links,” but this is false.
In an SD-WAN deployment, IP traffic is intelligently routed to either hardware or software endpoints with end-to-end encryption across the entire WAN. Because SD-WAN is not tied to a particular carrier, the endpoints can leverage any type of bandwidth–meaning you can use a private MPLS service or a more cost-effective public internet broadband service. And what’s more, you can mix and match public and private connections in a hybrid model. This can lower the per-megabit cost as well as reduce the geographical barriers associated with MPLS.
SD-WAN is a hardware device installed on a network to gain distinct advantages, whereas a software-defined network is just that–a network built using software-defined principles and architectural models. The two are often confused because they can come bundled together in a single solution, sometimes called “in-net SD-WAN solutions.”
Think of a software-defined network (SDN) as the foundation or cloud platform that serves an SD-WAN solution offering. With an in-net solution, the SD-WAN functionality is tied to the providers’ network service cloud. In essence, it’s an SD-WAN-equipped Network as a Service (NaaS) solution. Some people also call this SD-WAN as a Service.
Generally speaking, the more private MPLS links you can convert to public internet broadband links, the more savings you will generate. But SD-WAN offers more ways to save than just link conversion. And the more important consideration is: How will the public internet affect the reliability of your network? Here’s what you need to know.
Most CIOs are attracted by the cost savings of SD-WAN with public broadband, and rightfully so. Some articles online show savings of 90% and upwards. While these cases are probably verifiable, IT leaders should be aware that these case studies reflect situations where ALL (or the vast majority) of private connections were converted to broadband internet. Customers that move only a few access points to the public internet will recognize a far more conservative cost savings.
Keep in mind that cost savings and network reliability work in positive correlation–as costs decrease so does reliability. Networks using only broadband have a much lower reliability than those using private MPLS access. Depending on the importance of business continuity and your network risk tolerance, an all-broadband approach to SD-WAN may not be advisable for your critical business applications.
At Masergy, we see our clients recognize about 40% cost savings, on average. They report the savings not just from network link conversion but also from vendor consolidation, productivity gains, and security efficiencies as well. Check out this infographic to see how one client achieved 36% ROI on Masergy’s Managed SD-WAN.
SD-WAN secures traffic in transit, making it a key player in network security. Solutions that include integrated firewalls and associated unified threat detection and response services help strengthen security posture as offices and branch locations leverage the internet for connectivity.
But there are other security benefits that are often overlooked. SD-WAN facilitates the normally difficult task of WAN segmentation, which helps businesses address issues such as security threats coming from within. Segmentation is a key security strategy and a focal point for many Zero-Trust security strategies. SD-WAN also plays a key role in first-line-of-defense capabilities. SD-WAN solutions can improve network security by whitelisting online applications and websites for branch offices that may not have local firewalls.
Given that SD-WAN paves the way for companies and their branch locations to leverage the internet for connectivity, security must be at the top of the priority list. When SD-WAN is deployed over dedicated internet connectivity or public broadband it can introduce security risks that require next-generation firewalls, threat monitoring and management. Therefore, bundling security into SD-WAN isn’t just an option—it’s a requirement.
Closely monitored firewalls are key defense mechanisms when SD-WAN shifts the network architecture away from a small set of centrally managed internet gateways and toward a highly distributed set of gateways. Because this dispersed architecture inherently increases the attack surface, the next move of any savvy network engineer is to implement next-generation firewalls with Unified Threat Management. You’ll want:
Get critical security questions to ask yourself in this SD-WAN Security Guide
The first step in planning for SD-WAN is to decide how you want to deploy it. Do you want a self-managed solution or a fully managed service? IT leaders are thinking long and hard about who should take on the responsibilities required, because SD-WAN deployment can entail:
Taking a Do-It-Yourself (DIY) approach requires purchasing hardware from a manufacturer and administering, maintaining, and managing the service using your own internal IT team. This may be worth it if you want total control. But even with skilled and experienced networking staff, some feel more comfortable using a managed SD-WAN service, working with a provider that implements and manages SD-WANs every day. This removes the burden off the client’s IT team, freeing them to work on more strategic initiatives.
What do most IT leaders do? Here’s what the research shows:
According to analysts at Omdia, in making the choice to adopt a managed service, most IT leaders are reluctant to outsource SD-WAN completely–only desiring selective service. SD-WAN providers have responded by adding co-managed services to their portfolios. Recognized as an alternative to a fully managed service, here’s what this “middle” option means.
A co-managed model is a shared responsibility arrangement between the client and provider. It creates a balance where businesses benefit from distancing themselves from the day-to-day administration while still retaining control over the network service. This model decreases the burdens of SD-WAN setup and network performance management without eradicating the client’s loss of control. Of course, service charges apply.
In shared models, companies no longer face the binary choice between a fully managed service and DIY, where cost and control have traditionally been pitted against each other. Thus, the co-managed decision may feel like a no-brainer. However, truly getting the best of both worlds takes consideration in the areas of responsiveness, agility, flexibility, and security.
SD-WAN makes it easy to diversify WAN connectivity with both private and public access methodologies. You can mix and match a network connectors including:
But this flexibility also brings the responsibility to engineer the smartest solution design. When should you use each of these options and how do you establish your SD-WAN routing rules, mapping your business applications to each option?
First, you should have an intimate understanding of your business continuity risk tolerance. It helps to categorize your list of business applications, locations, and user groups by importance, listing them as critical, important, or discretionary. The result of this exercise provides a framework for prioritization and an SD-WAN solution design blueprint that allows you to match applications, locations, and user groups with appropriate connectivity types.
As with any cloud application or service, the performance is only as good as the network connection that supports it. When IT leaders rely on public internet connectivity to support cloud services, availability and reliability can be compromised. SD-WAN helps by offering direct connections to top cloud service providers such as Amazon® Web Services, Microsoft® Azure, Google® Cloud Platform, IBM, and more. This gives CIOs and network architects a simple way to link their corporate WAN with an array of private and public cloud infrastructure resources. Turnkey private or shared connections increase cloud performance and reliability with service level agreements.
Understand how direct connections work in the How-To Guide for Direct Cloud Connections
Learn about Masergy’s Multi-Cloud Connectivity
When every remote employee becomes a branch office to provision, SD-WAN and SD-branch capabilities offer rapid-deploy VPN connections backed by software-defined agility and built-in security. Plus, unified communications applications can be bundled with SD-WAN offerings, helping you ensure crystal clear VoIP and video conferencing across the globe.
Rapid-deploy VPN connections: With SD-WAN dialing up and down connections, tunnels, links, loops, and bandwidth is faster and easier when compared to legacy networks governed by manual processes.
Built-in security: Home Wi-Fi routers and work-issued devices shared at home can become new attack vectors for hackers to exploit, but SD-WAN can help mitigate security risks using cloud firewalls that make it easy to open SSL tunnels and secure them with 24/7 threat monitoring and response services. Clients also add on endpoint detection and response, identity-based WAN analytics, cloud security technologies like Cloud Access Security Broker (CASB) and more.
UCaaS digital collaboration tools: Pairing SD-WAN with unified communications applications creates a fully managed service, backing VoIP and video conferencing with a top-performing network and service level agreements to ensure consistent experiences all around the world.
Don’t miss this Frost & Sullivan report, COVID-19 Highlights the Business Case for SD-WAN
Learn more about using SD-WAN for Work-from-Anywhere
The SD-WAN vendor landscape is noisy with large providers and an ever-increasing number of startups and competitors. This muddies the waters if you’re a decision maker. Do you go with a seemingly safe big-name brand? Or do you bet your global network on a startup? Size aside, there are two different types of providers: SD-WAN equipment manufacturers or resellers, who sell only hardware for the do-it-yourself solutions, and managed SD-WAN service providers.
In the managed services industry, there is a distinct polarity problem: Large providers and small startups, saturate the market. Thus, very few agile, mid-sized providers exist. This is challenging for SD-WAN buyers who may not have the brand clout or company size to earn the full attention of “gorilla-sized” legacy providers, and yet may not feel comfortable partnering with a startup. Thus, many decision makers feel they must choose between the two extremes–getting the service they deserve or the technology they need (see chart below). Extra efforts during due diligence stages are helpful in finding a partner that is “just right.”.
Learn more about the SD-WAN market and how service providers differ
Yes, here are some of the standard features included in Masergy’s SD-WAN solutions:
Having a “single pane of glass” unified portal is what every network architect and IT manager dreams about. But the reality is that adding SD-WAN to a corporate network can also add another separate admin portal in addition to your existing WAN’s admin interface. Multiple logins and multiple interfaces result in a fragmented experience that never achieves 100% visibility and control over the entire corporate WAN… that is unless you use Masergy.
Masergy’s Intelligent Service Control portal is a unified management dashboard and control platform that frees enterprises from cross-referencing disconnected networks and disparate components. With centralized management and a single view of application performance, monitoring and managing your entire network is less complex.
Unmatched network and application intelligence – Get a holistic view of your network, SD-WAN, and cloud applications, including unified communications. End-to-end visibility of application performance across public and private connections – See real-time analytics on every endpoint on your WAN no matter if the site is connected via private links or public “best effort” broadband. Masergy’s unified portal gives you the visibility needed to make faster, more informed decisions about bandwidth allocation and service improvement.
Self-service or full-service options – Make adjustments on the fly using self-service controls or rely on Masergy professionals to manage the network for you. Most customers do both, leveraging the benefits of a co-managed model.
Masergy AIOps is the industry’s first AI-based, digital assistant for network, security, and application optimization. It leverages machine learning and behavioral analytics for network insights. Acting as a virtual engineer for your global SD-WAN, AIOps delivers automated network evaluation for easier configuration improvement. Get real-time alerts and recommendations inside your Masergy SD-WAN management portal, allowing you to quickly enhance application performance. AIOps is based on Masergy’s 20 years of innovative anomaly detection and predictive analytics leadership.
See how AIOps is laying the groundwork for autonomous networking. Read analyst report
Any one you want and a mixture of all. Masergy’s SD-WAN is transport agnostic, meaning you have the flexibility to mix and match public and private access, designing your connectivity to meet the unique needs of your applications, users, and locations all across the globe. Your options include: private connectivity via Masergy’s global software-defined network, dedicated Internet access, and broadband, and fixed wireless (LTE and 5G). You can leverage your existing infrastructure across private and public access points, and Masergy will work with any last-mile provider. You can bring your own bandwidth or Masergy can provision broadband service via any of our 300+ internet service providers around the world.
When you choose Masergy’s private, software-defined network service, you get industry-leading performance with <1 millisecond of jitter and 100% packet delivery across the globe.
But no matter which way you go, you get 24/7 network performance monitoring with proactive service notifications.
Yes. SD-Branch is an SD-WAN-based strategy that allows enterprises to remove IT infrastructure and personnel from branch offices, helping to reduce costs while also improving application performance. SD-Branch replaces the standard IT branch office hardware with software, using SD-WAN as a single platform to address all branch network needs. This enables businesses to operationalize their WAN expenses, turning the capital expense of networking hardware into the operational expense of software and services. SD-Branch can also reduce the time required to turn up a branch office by leveraging LTE and 5G wireless access options.
Masergy virtualizes the multiple networking appliances commonly used at your branch offices extending Masergy’s global, software-defined network into your LAN. Our SD-Branch solution delivers a combination of next-generation firewalls, secure switching, and Wi-Fi access points that are perfect for hybrid WAN deployments with a combination of private Layer 3 links at large offices and SD-WAN at branch locations. Improve your network uptime and application performance, using SD-WAN’s abilities to connect directly to the internet and better utilize bandwidth.
Yes, and more! As your applications move to the cloud, you need agile and secure connectivity to support your digital strategy. Masergy makes it easy to rapidly establish direct connections to cloud service providers and get high-performing SaaS applications with industry-unique cloud service guarantees. Masergy Direct Cloud Connect solutions provide:
Our Managed SD-WAN solution includes modified Fortinet® FortiGate devices at the secure network edge. Masergy selected Fortinet hardware due to the company’s expertise in enterprise cybersecurity and our recognition that in a multi-cloud world, networking and security are inextricably linked.
In addition to the built-in Fortinet next-generation firewalls with secure routing that comes standard with all solutions, we also offer three separate tiers of additional managed detection & response services:
Masergy’s solutions are hyper flexible, providing virtually unlimited design flexibility. You can connect every location, application, and user group in the way that makes the most sense for your business needs today and enjoy the freedom to make changes on an ongoing basis.