SD WAN solutions are here to stay and it's only a matter of time before many network professionals will find themselves evaluating solutions for install.
Envisioning your entire WAN as a single, living, breathing entity instead of a bunch of individual circuits and connections, however, is a new concept to most WAN engineers.We, therefore, may have a hard time wrapping our heads around just what to look for in an SD WAN solution.
In fact, SD WAN VPN solutions today can perform so many enterprise features in a single solution, that it's likely that many of the features fall outside the day to day responsibility of just the WAN engineer. Thus, the evaluation process at your organization is likely to be multi-disciplinary, involving WAN professionals, security professionals, applications professionals and maybe even others.
What to include when creating a list of SD WAN providers?
1. Consider how your potential backbone and appliance will respond across downtime and outages.
2. How branch sites will deal with bandwidth restrictions by employing technologies such as bandwidth steering.
3. Path selection capability which allows users and locations to take advantage of the best path vs your network status.
4. What bandwidth controls are required, will you leverage private MPLS backbones or the Internet.
5. What project management and technical design authority is needed to deliver your project?
6.Consider the support and ongoing management of prospective SD WAN providers vs your current installation.
7. SD WAN offers powerful analytics and reporting, what are your expectations to deliver on the knowledge base required to fully take advantage of software-based WAN technology?
8. Security and Cloud are both enabled via SD WAN devices but understanding the overall capability is critical in todays threatened world.
9. What other features are required from your SD WAN platform including application acceleration and caching. 10. How Global vs UK network implementation will require careful focus.
So what should a comprehensive set of requirements for your organization's review process take into account? Every SD WAN implementation is different, but the most common areas to consider are fairly easy to define and that's what we'll try to do here. SD WAN solutions range from very limited (edge device only) to full-featured, fully integrated cloud solutions. For the purposes of this article, I'll target the more full-featured solutions, if you're looking for a more limited implementation, obviously, you can simply de-emphasize the requirements here that are less important to you or your business. Let's look at the areas you need to consider when creating your requirements.
Multiple circuit redundancy
Most organizations considering SD WAN solutions are employing redundant data circuits to at least some of their branch offices. You also need your SD WAN solution to take redundancy into account within the deployment. You should determine not just how the solution reacts in the event of a link failure, but also ask what happens when an SD WAN controller fails. Are the controllers in-line (at a headquarters location) or are they in the cloud? Is there a redundant controller in the event of a controller failure? In the event of a circuit failure at a branch, you'll want to determine how quickly you need the solution to fail (all traffic) over to the backup path.
Tunnel bonding or circuit aggregation
It's common for SD WAN solutions to support bandwidth steering (something we'll talk about below), but perhaps you have a need for circuit bonding where you combine the two paths into a single, larger virtual circuit during regular operation. SD WAN solutions vary in how (and if) they can accomplish this. Work to determine if, and where you might need this capability and be prepared to describe this to your potential vendors.
Performance-based path selection
This is commonly referred to as bandwidth steering and involves classifying different traffic classes on the fly and steering them onto the best available path at the moment. Again, SD WAN solutions differ in how they achieve this, so be prepared to set forth some requirements for what traffic types are high priority, medium priority, or low priority. Also be prepared to discuss what amount of bandwidth you'd like to target on your dedicated links vs. your commodity Internet links (during normal operations).
Bandwidth controls / QOS
Many SD WAN solutions also include tools for managing your bandwidth on the available circuits. Perhaps you want to shape user Internet traffic down to no more than 30% of your total available bandwidth. Or perhaps you want to make sure that there is always a minimum of 10Mbits/second available and protected for your office to office SIP traffic. Determine these requirements early so that you can discuss them with the vendors and set expectations accordingly. QOS features should be available, and more robust solutions will solutions will be able to do their best to enforce these QOS rules whether it's over the commodity connections or dedicated connections.
Installation expectations and hardware compatibility
Especially if you are a larger Enterprise business, it may be critical to try to use as many of your existing edge devices as possible to keep implementation costs down. If this is the case, you'll want to catalog what you have out in the field and perhaps set a target for what can be re-used. Even if you're not intending to re-use the edge devices that exist today, installation considerations are important. Zero-touch deployment features are a huge draw for enterprises that are evaluating SD WAN solutions, so have a target and some requirements in mind for just how long an average branch install should take and how much "hands-on" work should be required (or NOT required). After all, if you have to go to each location to do these deployments, you may be missing out on one of the key features of SD WAN solutions in the first place.
Management and analytics
Since SD WAN solutions will typically tie together many different areas of your organizational IT operations, a single management pane may present some new challenges. You're going to have application developers that might need logins, security professionals, helpdesk staff, and of course your LAN and WAN specialists. In addition, you may need multiple levels of access for those individuals. So work to define what information you need out of your management portal(s), what access levels might make sense to you, and whether you need things like single sign on or tie-in to your existing LDAP or RADIUS servers.
Most of the larger SD WAN solutions allow you to integrate full security feature sets now. You can have a NGFW at each location, with a central management console, and full visibility into your security posture at a glance. Be prepared to define what your expectations are for the security deployments at the sites. This might include traffic inspection, endpoint security, DDOS detection, and any number of other security features you might have deployed today as standalone devices.
Other Virtual Network Functions (VNFs)
Many solutions providers today can also integrate other advanced network functions into your deployment. These might include things like application accelerators, cloud optimization, or WAN optimizers. These might be implemented as appliances in the cloud, or they could be deployed at individual sites. If deployed at the sites, they may be an appliance, a VM, or a blade in the router. Every solution may be different, but if you have needs for these services, define what they are, and where you need them and be ready to share those needs with the vendors.
Deploying an SD WAN solution can save your enterprise time, money and headaches. Zero-touch deployment can make bringing on new offices almost completely painless. And getting your entire WAN extracted up to a coherent virtual overlay can vastly simplify how you view your operations day-to-day. But implementing your first one will mean bringing together multiple departments and putting together a multi-disciplinary set of requirements in order to do it successfully. I hope the above framework puts you on the path to a successful deployment.
Visit the Netify SASE Cybersecurity and SD WAN marketplace.
Get the data points you need to help with your SASE Cybersecurity and SD WAN decision making process.