We know SD WAN benefits conversations are occurring within IT teams considering Software-Defined WAN services for their organisation. With this in mind, I've taken the 6 questions, as they relate to SD WAN benefits, which we regularly hear within our Netify SD WAN comparison submissions.
Can we reduce total cost of ownership?
Can we remove the reliance of the service provider and self manage our WAN?
How does using the Internet impact our mission-critical and delay-sensitive application traffic?
How networking and security are supported using SD WAN over public IP connectivity?
How do we migrate from MPLS to SD WAN?
What is the high-level benefit of SD WAN?
SD WAN will reduce costs vs MPLS
First, your budget buys both greater bandwidth in respect of traffic aggregation. Plus, the actual circuits are generally lower in cost when compared to MPLS. Software WAN allows business to intelligently aggregate the overall bandwidth either via path or application preference. The overall benefit results in real time use of the best circuit type per application (4G, 5G, Broadband or Ethernet) with ease of management via your single pane of glass interface, i.e. changes can be made as reporting insights are analysed.
Second, you get that bandwidth at a much lower cost. It doesn't matter to SD WAN what type of connection you use within your office locations - Software-defined WAN solutions let you perform simultaneous link aggregation, without regard for the type of connection. And that means you can select cheaper connection options for low-priority traffic and spring for pricier connections for high-priority traffic.
The cost reduction question is wider than most IT teams initially recognise. If there's an intent to reduce your WAN pricing then yes, it is possible to procure low cost Internet from the lowest bidder within your branch office locations. There is also the total cost of ownership benefit which is tangible in respect of the multi-feature capability of Software-WAN, i.e one capability supporting IP VPN, Security, WAN optimisation, reporting and more.
Overall, connectivity has become a commodity in respect of both Internet leased lines, MPLS and VPLS. We've witnessed the decision making process of IT teams, which is value based change when commercials are discussed. And while 100Mbps Ethernet may appear similar across multiple WAN providers, the detail is in their network backbone coverage, PE nodes and support from their NOC (Network Operation Centre).
With the benefits of Software WAN in mind, vendor pricing teams often deploy a low cost multiple ISP strategy to reduce costs. Without analysing an individual WAN architecture, the danger (where ISP to ISP connectivity is deployed) could be increased latency and jitter.
Lastly, SD WAN pricing across internet bandwidth is different between countries. The UK software-WAN pricing is not too dissimilar when compared to MPLS resulting in less of a commercial reduction and, in some instances, a more costly solution due to refreshed capability. The US market is markedly different as MPLS is significantly more expensive when compared to Ethernet Internet leased lines.
2. Can we can DIY manage our own SD WAN solution?
We've recently been involved in the deployment of over 300 branch offices across Broadband with Cisco Meraki as the SD WAN vendor. In the main, this configuration has been a little protracted because the Meraki interface, while simpler vs command line, still requires knowledge to make the most of each feature.
Then, there are the decisions which need to be made. Think about it, one of the SD WAN benefits is the ability to do 'so much' via one single pane of glass interface when compared to traditional edge routers and stand-alone devices. With your new SD WAN solution, you can manage and deploy a Firewall with DDOS protection, IPS (Intrusion Protection), UTM (Unified Threat Management), restrict access and even display a network of CCTV cameras (thanks Meraki). The downside is making the right decisions based on your specific business requirements is complicated.
Fortunately, one of the benefits is the ability to deploy a stock policy across the majority of aspects which reduces network complexity. In other words, SD WAN vendors are aware that there needs to be an initial configuration in order to ensure the WAN is quickly deployed.
Over the past 12 months, I've witnessed the creation of a middle option between managed WAN and DIY. The co-managed or part managed service is gaining ground. As an example, a business may order Meraki (traditionally a DIY solution) with an initial setup configuration which is defined using professional services consultancy. But, post-delivery, the service becomes self managed with professional services on hand where required.
3. Using the Internet to support mission critical cloud applications vs MPLS
With dynamic path selection, application priority and WAN optimisation technologies (sometimes built in), you'd be forgiven for thinking SD WAN could improve the tin can telephone comms used in your younger days (See link to learn more).
However, the laws of physics still apply. In other words, if your global business is sending traffic from the US to Asia, there's an inherent delay which exists. Where delay sensitive apps are deployed, there is a specific latency figure which must be achieved in order to successfully hold a conversation across your Internet circuit. And this very point is why Enterprise business deployed MPLS with strict EF (Expedited Forwarding) end to end from the WAN edge with Quality of Service to provide the business with an SLA on traffic performance.
Overall, I would recommend a hybrid WAN approach to architecture, ie. use private layer 3 MPLS where needed, layer 2 VPLS for interconnecting data centres on the same LAN and Internet to meet the demands of traffic flows between multiple branch offices. One further option is to consider an SD WAN vendor that operates a Global network with local access via the Internet.
4. How SD WAN is deploying VPN with next generation Security
The IPSec VPN has been around for decades allowing organisations to leverage public IP connectivity as the foundation for secure WAN connectivity. SD WAN is not particularly evolving the VPN aspect of security, the fundamentals of creating a secure encrypted tunnel remain the same from a technology deployment perspective.
The benefit of SD WAN security surrounds both the insights created from granular reporting (which allows us to see exactly what traffic is passing across the WAN) together with the ability to deploy Firewall, IPS, DDoS protection, UTM and content filtering.
With traditional WAN services, each value add capability is normally deployed via separate vendors.
5. SD WAN allows us to easily migrate our WAN services
Using the Internet ensures the migration of WAN services is made much easier. With zero touch deployment, together with 4G and 5G connectivity, the process has become much simpler where multiple branch offices are concerned. In fact, any Internet connection will support the ability to bring up VPN services outside of MPLS (post-testing and acceptance).
Careful thought must be given to dual running of services, especially where MPLS is concerned with no Internet access. There are certain vendors which are much better suited to supporting MPLS vs others which will connect to MPLS but only via convoluted methods.
What is the overall SD WAN value proposition?
1. Intelligent Pathways
You're at a four-way intersection, just like any other four-way intersection. It has traffic lights and cars coming from all directions. But there's one problem: traffic lights aren't controlling traffic with any kind of logic. Instead, lights turn red and green at random, as do the crosswalk lights. So you're not really dealing with an intersection--you're dealing with a massive four-way pileup.
At its most basic level, this describes a system directing network traffic without SD WAN.
SD WAN doesn't just direct traffic. Like traffic lights, SD-WAN directs traffic based on a reliable, logical pattern. The brilliance of SD WAN is that it's even smarter than that and not at all arbitrary. With direction from the centralised controller, SD-WAN offers intelligent pathway control throughout your network by directing traffic based on application. How that traffic is directed is decided by the controller.
That way, unlike a regular WAN, SD-WAN doesn't need to route traffic through a central data hub. Instead, it can direct all traffic from its origination point based on network-wide instructions. And those instructions can be updated at any time to increase efficiency.
It doesn't even matter whether the links use the same technology. All that matters is efficiency.
2. Agility and Responsiveness
At a base level, SD WAN divorces the hardware infrastructure from network configuration and traffic engineering. That translates to major improvements in agility and responsiveness.
Traditional WAN services have bandwidth limitations. The beauty of SD WANs is that they can combine the bandwidth of multiple WAN connections without missing a beat. And if your business needs to add or remove WAN connections, cellular connections, or fixed-line connections, you can do it quickly and easily. The result is maximum flexibility when connecting to cloud providers on a Global basis, think Amazon AWS or Microsoft Azure via ExpressRoute.
That way, you can rapidly deploy the benefits of WANs without needing to dispatch IT personnel to a specific branch location. Remember, it's cloud-based and application performance control is given to a centralised controller, so you can make changes to the whole system from the same place.
Think of how much faster you could respond to demand if you didn't have to coordinate IT efforts across multiple locations.
3. Performance Matters
Finally, SD WAN offers a benefit your business can't afford to ignore: improved performance.
In our increasingly digital world, businesses need cloud applications in order to run. Without those applications, office work stops in its tracks. The problem is that many large businesses also have a distributed workforce and multiple branches. You need all of them to be secure, but you also need all of them to be efficient.
SD WAN offers universal network control and standardised security, no matter how far apart your offices are. And since you have control of your pathways and can select business-critical cloud applications and data packets, you can ensure that your business never needs to slow down.
There's no backhaul, which means there are no backhaul penalties associated with MPLS and none of the inefficiencies associated with traditional WANs. Instead, you get fast, cost-effective performance benefits you can rely on every time.