What are the top 5 SD WAN challenges?

Challenges of SD-WAN
Challenges of SD-WAN

The pace of digital transformation within the IT sector is putting significant strain on enterprise IT teams. There is a widespread drive to adopt next-generation technologies to meet the demands of remote workers and their public cloud consumption. SD WAN is one of the leading digital technologies to help enterprises transform how users work but IT teams are challenged to bring together vendor solutions. IT teams must also align their user workflows, their use of cloud services, their policies across device usage and their security to understand how SD WAN vendors can add value.

Table of Contents

“Netify offer free tools to help IT teams understand which vendors offer the right use case to solve SD WAN buying challenges.”

The Netify SD WAN quick assessment quiz which helps IT teams build their vendor shortlist in minutes. And the more comprehensive vendor comparison tool which requires a free login to behind filtering features in realtime.

There is a need to pause the business and map out the application and user flow to consider how transformation might occur. For example, users may access business resources in a certain way today which may not be efficient or secure. While IT technology is growing in capability, the complexity of deploying services is reducing. To understand which SD WAN vendor fits your needs, clear documentation is needed which describes your individual business use case for Software WAN.

Challenge 1 – How to select the right SD WAN vendor?

The selection of SD WAN services may not appear to be the most insurmountable of challenges facing IT teams, it requires time and resource coupled with significant associated risk. Conducting SD WAN vendor research is often difficult which is, in part, due to product vendor marketing which often results in feature overload. Therefore, the initial challenge is to align SD WAN features to your specific needs and business outcome requirements.

How do you align features? The typical feature-set revolves around the current capability of SD WAN solutions and future features based on your own Enterprise digital transformation journey using Software WAN technology. SASE security and access Cloud services are now the leading considerations when organizations select their next WAN solution over and above the actual WAN product feature-set.

Gartner is discussing AI (Artificial Intelligence) as the next frontier of networking revolving around setup, orchestration and ongoing changes managed by cloud intelligence. Cloud services adoption is growing significantly, with certain vendors opting to use the Azure, AWS and Google Cloud backbones to deliver connectivity. While vendors remain committed to providing WAN edge devices, the trend is moving toward a virtualised world based on software. In this respect, SD WAN is becoming SDP (Software Defined Perimeter) as users connect to cloud resources directly from their device browser.

These changes are putting a strain on IT teams as they plan and develop use cases for WAN technology. Therefore, the challenge is to clearly understand the needs of your business today and in the near future. The office is no longer where business is done but where people meet for face to face when required. Covid-19 accelerated an already changing world which has forced SD WAN deployment to meet the needs of remote users. We note the use of ‘Shared Services Centre’ rather than branch-office, which firmly recognizes home/remote working adoption.

The value of SD WAN is sold based on benefits which include agility and automation. However, each vendor varies across complexity and ease of use. For example, specific vendor solutions offer out of the box DIY capability with others requiring the involvement of integrators and professional services to deliver.

The final vendor selection challenge is based on how SD WAN vendors go to market. The majority of SD WAN solutions are only available via channel distributors, integrators, partners and VARs (Value Added Resellers). With this in mind, IT teams are required to select the right partner of said vendor required to deliver the solution. The task is made difficult because there is often limited research data available to differentiate the capability of each vendor partner.

Any prospective SD WAN delivery partner (distributor, integrator, reseller) should also understand the complete digital transformation landscape. The vendors, service providers and partners you engage with must understand the challenge and provide a consultative approach to the solution.

Challenge 2 – How do you trust the Internet to deliver SD WAN performance?

The Internet is the primary platform for delivering application access, representing a major shift away from technologies such as MPLS. The demise of MPLS has been discussed in numerous articles, but the main problem with MPLS (aside from expense) is the very reason for the technologies huge growth over the last 20 years – privacy. Although MPLS is offered with back-to-back access to selected Cloud vendors, SD WAN using the Internet encompasses access to ALL public cloud vendors, which allows users to connect into their resources from wherever they’re able to use Internet connectivity. As users, we are constantly connected to devices that use the Internet to access our work and personal applications.

SD WAN solutions using the Internet are not capable of providing end-to-end QoS (Quality of Service), which means you cannot end-to-end prioritize applications. To ensure network performance is adequate, IT teams need to consider the right architecture vs business needs. The challenge for Global Enterprise business is more significant vs. their national counterparts due to the nature of Internet latency between countries. SD WAN vendors have evolved their global capability to include access to private backbones that enable fast traffic transit between countries and public gateways, which are in turn connected to multiple high performing ISPs (Internet Service Providers). The adoption of global backbone deployments, or global public gateways by certain vendors, sometimes narrows their customer base as performance is governed by how close branch-offices are located vs the local PoP.

One solution to mitigate against application performance issues is to deploy ISP underlay from a single carrier positioned to deliver network services connectivity across one backbone. The single carrier approach can be augmented with failover connectivity from 4G/5G service providers or local ISP connectivity. SD WAN will also detect circuit degradation or allow the use of multiple circuits whereby one could be used for Voice and the failover could be used for mission-critical apps (as an example).

There is a new move from QoS to QoE (Quality of Experience), which measures user experience across network performance and application delivery. Network connectivity selection requires careful analysis of SLA (Service Level Agreement) across backbone performance, uptime and support. The average Internet backbone is broadly the same performance as MPLS, meaning the advantages of using a private backbone are further diminished.

Challenge 3 – How do you secure SD WAN?

Gartner is responsible for creating the SASE (Secure Access Service Edge) framework to define the security features and platforms required to secure users connecting to public networks. SASE consists of FWaaS (Firewall as a Service), SWG (Secure Web Gateway) and ZTNA (Zero Trust Network Access). Almost all users require access to cloud applications which puts them at risk of ever-expanding attack vectors. SASE is designed to meet the challenge of network and user security while offering IT teams the flexibility to deploy security with clarity and reduced complexity.

The challenge from an IT buyers perspective is understanding which SASE solution makes the most sense vs complexity. There is a subset of vendors offering out of the box SASE solutions which are easy to configure with simple policy control but perhaps not as powerful in respect of management interface options. Simultaneously, the adoption of traditional security vendor solutions is very configurable but requires more knowledge and expertise or the involvement of a specialist partner or integrator.

Securing SD WAN in the data center or cloud services infrastructure is also one of the most discussed SD WAN design topics. Some vendors offer their solutions built into Azure and AWS and others deploy virtualised instances into central global locations. Lastly, there are numerous vendors who add their appliances on an ad-hoc basis depending on location. Securing the resources from Azure (Office 365 included), AWS and Google Cloud is one of the significant deployment risk factors.

Monitoring and reporting of network traffic are key elements of any security solution. With this said, there needs to be some form of automation and reduction in false positives to ensure your IT team is not all consumed with threats on an hour by hour basis. Another challenge faced by IT teams is understanding which network threats are false positives and which alarms represent a current and real threat. Careful analysis of the vendors SASE security management interface will fully inform your business on whether or not the particular solution is fit for your requirements and users. There are trade-offs to be made based on the complexity of your network and internal IT skills.

Challenge 4 – How to deliver cost reduction with SD WAN?

One of the most prevalent SD WAN marketing messages is ‘saving money’ by moving from expensive MPLS to an Internet-based VPN. There is truth to this statement but the cost-saving outcome is not always achieved and results largely depend on how your ROI (Return on Investment) business case is constructed.

MPLS is more expensive in the US when compared to the equivalent Internet connections, but here in the UK, there is more parity between MPLS and Internet costs. Savings are often difficult to quantify since SD WAN could increase network resiliency, which means the business is less susceptible to downtime resulting in revenue loss. It is also the case that SD WAN enables IT teams to do more, to react quicker and generally optimize bandwidth traffic based on comprehensive network statistics and reporting. Again, sometimes challenging to quantify but could result in the requirement for fewer network engineers.

With any network change, there is typically some form of Capex and resource required to help project manage the solution, which in turn increases short term cost to the business. In general terms, SD WAN is capable of generating cost savings if cost reduction is the intent of your IT team. As an example, SD WAN offers the flexibility to procure the lowest cost Internet services within each of your locations. Security and networking functions can be consolidated into a single device that will save money vs standalone Firewall appliances.

Challenge 5 – How to choose between DIY, Co-Managed or fully managed SD WAN?

Traditionally, IT teams were forced to decide how they wanted their WAN managed. With SD WAN, the lines blur with some vendors offering a service wrap that does not move the company down one of these distinct paths. When the vendor owns the complete technology stack, they can get involved in the end solution in whatever aspect is required.

CNaC (Cloud Native Architecture) discusses how complete technology stack vendors are better position to deliver WAN services vs traditional service providers or partners and integrators. In short, the reason is that their support staff are in control of every technology stack component. If a customer needs help with a particular aspect (co-managed), the vendor assists because they have the required knowledge and control. On a day-to-day basis, if the customer wants to make a simple in-house change, they can go ahead and make it happen (DIY). And even at the fully managed end of SD WAN services, CNaC vendors can still offer the capability to provide DIY or co-managed solutions.

One take away here is that IT teams are no longer forced to endure the typical service provider route of buying WAN services. In the past, even making simple changes took days (if not weeks), causing extreme frustration and potential network issues. More than ongoing changes, IoT (Internet of Things) and BYoD (Bring your own Device) mean SD WAN needs to be agile; companies are required to deliver services quickly and in-line with how business is done today.

Thanks for reading. What should you do next?

If you’re an IT decision maker, take a look at the Netify marketplace to view our extensive research across multiple SD WAN, SASE & Cloud solutions. And, try our SD WAN assessment to find your perfect SD WAN, SASE or Cloud match.