SD-WAN stands for software-defined wide area network. The phrase “software-defined WAN” refers to the application of software-defined networking (SDN) concepts to the WAN. These modern architectural principles are applied to the WAN in order to turn the control layer of the network (once all hardware) into software. That’s a revolutionary change, because now the network’s control functions are in a cloud-based controller that can be programmed in ways that were never possible before.
SD-WAN virtualizes numerous components of the traditional network (e.g. secure routing, application optimization, etc.). Plus, it centralizes the network management via a cloud-based “orchestrator.” This centralized control is a key feature because it allows SD-WAN solutions to intelligently direct IP traffic in order to optimize performance. SD-WAN continually monitors bandwidth utilization, packet loss, and latency, and dynamically selects the best path according to whatever parameters you choose. By continually monitoring and readjusting, SD-WAN ensures that you always get the best application performance possible.
SD-WAN fundamentally does two things:
Now, let’s talk about exactly how SD-WAN accomplishes this. SD-WAN is an endpoint device that must be installed on a corporate network. It’s usually a hardware appliance but sometimes the endpoint can be virtual customer-provided equipment or “vCPE”.
SD-WAN makes use of all network paths (both private and public) through the centralized controller. Using a system of rule-based policies, bandwidth resources are automatically assigned based on your prioritized list of applications, users, and locations. SD-WAN continually monitors bandwidth utilization, packet loss, and latency, and dynamically selects the best path according to whatever parameters you choose. By continually monitoring and readjusting, SD-WAN ensures that you always get the best application performance possible.
SD-WAN’s centralized management controls are available in the web portal or online console, also called a “single pane of glass.” This is where you configure exactly how you want your SD-WAN to prioritize and route traffic and which features you want it to use. It’s also where you can view network and application performance data for your entire WAN. From here, you can access SD-WAN’s features, provisioning new links and services and tapping into features like active-active links, dynamic routing protocols, quality of service, and more.
SD-WAN has popularized the strategy of converting your network’s private MPLS connections to public connections. The benefit is that you can leverage the cost advantages of broadband internet service for secure connectivity and access to cloud-based resources. This allows for cost savings, but it may also decrease the reliability and performance of the network.
Another key benefit of SD-WAN is that it can act as an on-ramp to the cloud, offering direct connections to top cloud service providers such as Amazon® Web Services, Microsoft® Azure, Google® Cloud Platform, IBM®, and more. This gives CIOs and network architects a simple way to link their corporate WAN with an array of private and public cloud resources. It also means they don’t have to accept the performance of the public internet to connect them. You get turnkey private or shared connections to your cloud infrastructure or applications.
Another benefit of SD-WAN is its ability to detect network outages and automatically reroute IP traffic accordingly to reduce downtime. SD-WAN improves the resiliency of the WAN by dynamically balancing traffic across multiple paths to increase application performance. SD-WAN solutions determine the best path to deliver business-critical applications based on available bandwidth across the entire WAN.
The advantage of SD-WAN is that it can solve an array of traditional network challenges, including:
When first introduced decades ago, Multiprotocol Label Switching (MPLS) upended the networking world as the new highly-efficient way to transport data between two or more locations. Today, SD-WAN is largely doing the same thing. So, what’s the difference? It comes down to cost and reliability mostly, but the two are also fundamentally different.
MPLS operates similarly to switches and routers by using packet-forwarding technology and labels to make data-forwarding decisions for IP traffic on a network. The result is the highest quality of service and reliability possible, which explains why businesses still typically use MPLS to carry their high-priority IP traffic across the WAN. But this stability comes at a higher cost when compared to other types of connectivity or network access methodologies.MPLS is also subject to geographical boundaries as each MPLS link is reliant on the local telecommunications carrier.
To be clear: SD-WAN is not a network connectivity type or access methodology, so comparing it to MPLS is not an apples-to-apples comparison. SD-WAN is a hardware device and solution offering that allows you to leverage any type of bandwidth–private or public. Many people incorrectly believe that “it’s only SD-WAN if you use internet links,” but this is false.
In an SD-WAN deployment, IP traffic is intelligently routed to either hardware or software endpoints with end-to-end encryption across the entire WAN. Because SD-WAN is not tied to a particular carrier, the endpoints can leverage any type of bandwidth–meaning you can use a private MPLS service or a more cost-effective public internet broadband service. And what’s more, you can mix and match public and private connections in a hybrid model. This can lower the per-megabit cost as well as reduce the geographical barriers associated with MPLS.
SD-WAN is a hardware device installed on a network to gain distinct advantages, whereas a software-defined network is just that–a network built using software-defined principles and architectural models. The two are often confused because they can come bundled together in a single solution, sometimes called “in-net SD-WAN solutions.”
Think of a software-defined network (SDN) as the foundation or cloud platform that serves an SD-WAN solution offering. With an in-net solution, the SD-WAN functionality is tied to the providers’ network service cloud. In essence, it’s an SD-WAN-equipped Network as a Service (NaaS) solution. Some people also call this SD-WAN as a Service.
Generally speaking, the more private MPLS links you can convert to public internet broadband links, the more savings you will generate. But SD-WAN offers more ways to save than just link conversion. And the more important consideration is: How will the public internet affect the reliability of your network? Here’s what you need to know.
Most CIOs are attracted by the cost savings of SD-WAN with public broadband, and rightfully so. Some articles online show savings of 90% and upwards. While these cases are probably verifiable, IT leaders should be aware that these case studies reflect situations where ALL (or the vast majority) of private connections were converted to broadband internet. Customers that move only a few access points to the public internet will recognize a far more conservative cost savings.
Keep in mind that cost savings and network reliability work in positive correlation–as costs decrease so does reliability. Networks using only broadband have a much lower reliability than those using private MPLS access. Depending on the importance of business continuity and your network risk tolerance, an all-broadband approach to SD-WAN may not be advisable for your critical business applications.
At Masergy, we see our clients recognize about 40% cost savings, on average. They report the savings not just from network link conversion but also from vendor consolidation, productivity gains, and security efficiencies as well. Check out this infographic to see how one client achieved 36% ROI on Masergy’s Managed SD-WAN.
SD-WAN secures traffic in transit, making it a key player in network security. Solutions that include integrated firewalls and associated unified threat detection and response services help strengthen security posture as offices and branch locations leverage the internet for connectivity.
But there are other security benefits that are often overlooked. SD-WAN facilitates the normally difficult task of WAN segmentation, which helps businesses address issues such as security threats coming from within. Segmentation is a key security strategy and a focal point for many Zero-Trust security strategies. SD-WAN also plays a key role in first-line-of-defense capabilities. SD-WAN solutions can improve network security by whitelisting online applications and websites for branch offices that may not have local firewalls.
Given that SD-WAN paves the way for companies and their branch locations to leverage the internet for connectivity, security must be at the top of the priority list. When SD-WAN is deployed over dedicated internet connectivity or public broadband it can introduce security risks that require next-generation firewalls, threat monitoring and management. Therefore, bundling security into SD-WAN isn’t just an option—it’s a requirement.
Closely monitored firewalls are key defense mechanisms when SD-WAN shifts the network architecture away from a small set of centrally managed internet gateways and toward a highly distributed set of gateways. Because this dispersed architecture inherently increases the attack surface, the next move of any savvy network engineer is to implement next-generation firewalls with Unified Threat Management. You’ll want:
Get critical security questions to ask yourself in this SD-WAN Security Guide
The first step in planning for SD-WAN is to decide how you want to deploy it. Do you want a self-managed solution or a fully managed service? IT leaders are thinking long and hard about who should take on the responsibilities required, because SD-WAN deployment can entail:
Taking a Do-It-Yourself (DIY) approach requires purchasing hardware from a manufacturer and administering, maintaining, and managing the service using your own internal IT team. This may be worth it if you want total control. But even with skilled and experienced networking staff, some feel more comfortable using a managed SD-WAN service, working with a provider that implements and manages SD-WANs every day. This removes the burden off the client’s IT team, freeing them to work on more strategic initiatives.
What do most IT leaders do? Here’s what the research shows:
According to analysts at Omdia, in making the choice to adopt a managed service, most IT leaders are reluctant to outsource SD-WAN completely–only desiring selective service. SD-WAN providers have responded by adding co-managed services to their portfolios. Recognized as an alternative to a fully managed service, here’s what this “middle” option means.
A co-managed model is a shared responsibility arrangement between the client and provider. It creates a balance where businesses benefit from distancing themselves from the day-to-day administration while still retaining control over the network service. This model decreases the burdens of SD-WAN setup and network performance management without eradicating the client’s loss of control. Of course, service charges apply.
In shared models, companies no longer face the binary choice between a fully managed service and DIY, where cost and control have traditionally been pitted against each other. Thus, the co-managed decision may feel like a no-brainer. However, truly getting the best of both worlds takes consideration in the areas of responsiveness, agility, flexibility, and security.
SD-WAN makes it easy to diversify WAN connectivity with both private and public access methodologies. You can mix and match a network connectors including:
But this flexibility also brings the responsibility to engineer the smartest solution design. When should you use each of these options and how do you establish your SD-WAN routing rules, mapping your business applications to each option?
First, you should have an intimate understanding of your business continuity risk tolerance. It helps to categorize your list of business applications, locations, and user groups by importance, listing them as critical, important, or discretionary. The result of this exercise provides a framework for prioritization and an SD-WAN solution design blueprint that allows you to match applications, locations, and user groups with appropriate connectivity types.
As with any cloud application or service, the performance is only as good as the network connection that supports it. When IT leaders rely on public internet connectivity to support cloud services, availability and reliability can be compromised. SD-WAN helps by offering direct connections to top cloud service providers such as Amazon® Web Services, Microsoft® Azure, Google® Cloud Platform, IBM, and more. This gives CIOs and network architects a simple way to link their corporate WAN with an array of private and public cloud infrastructure resources. Turnkey private or shared connections increase cloud performance and reliability with service level agreements.
Understand how direct connections work in the How-To Guide for Direct Cloud Connections
Learn about Masergy’s Multi-Cloud Connectivity
When every remote employee becomes a branch office to provision, SD-WAN and SD-branch capabilities offer rapid-deploy VPN connections backed by software-defined agility and built-in security. Plus, unified communications applications can be bundled with SD-WAN offerings, helping you ensure crystal clear VoIP and video conferencing across the globe.
Rapid-deploy VPN connections: With SD-WAN dialing up and down connections, tunnels, links, loops, and bandwidth is faster and easier when compared to legacy networks governed by manual processes.
Built-in security: Home Wi-Fi routers and work-issued devices shared at home can become new attack vectors for hackers to exploit, but SD-WAN can help mitigate security risks using cloud firewalls that make it easy to open SSL tunnels and secure them with 24/7 threat monitoring and response services. Clients also add on endpoint detection and response, identity-based WAN analytics, cloud security technologies like Cloud Access Security Broker (CASB) and more.
UCaaS digital collaboration tools: Pairing SD-WAN with unified communications applications creates a fully managed service, backing VoIP and video conferencing with a top-performing network and service level agreements to ensure consistent experiences all around the world.
Don’t miss this Frost & Sullivan report, COVID-19 Highlights the Business Case for SD-WAN
Learn more about using SD-WAN for Work-from-Anywhere