How to choose a software defined WAN (SD-WAN)

making decision arrows path confused

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Only 1% of companies use software-defined WAN (SD-WAN) solutions today, but Gartner says the promise of cost savings and performance improvements will drive that number to more than 30% by 2019.  Why aren’t more businesses deploying now given the sizeable list of vendor tools available?  It could be a lack of understanding about the varying approaches to bringing software-defined networking to the branch.

Before exploring those differences, let’s review why SD-WAN is so promising for branch environments. Compared to traditional WANs, SD-WANs reduce the complexity of network hardware at branch offices and centralize and simplify management. SD-WANs also allow businesses to augment or replace MPLS networks by using less expensive Internet links in a logical overlay and intelligently routing traffic over multiple paths directly to the Internet, rather than through a central data center. This improves application performance and makes more efficient use of bandwidth.

So, what are the key considerations when choosing a SD-WAN solution? 

The first thing you should consider revolves around automated management and the impact automation will have on deployment and management costs. Even if a deployment is simple, how many IT resources and staff will you need to redesign, deploy and operate a new SD-WAN deployment? If new products, technologies and management tools are needed, will this require new skills or training? IT organizations should ask vendors how they minimize the cost and effort of “Day 2” operations management such as policy changes, adding new applications, security monitoring and image updates.

Route control is another important consideration for SD-WAN solutions.  Without proper route control, business critical applications running on the WAN may not get the bandwidth, priority and load balancing needed for the best user experience. Ideally, application traffic utilizes all available WAN circuits and bandwidth to make best use of an IT department’s existing WAN infrastructure, by load balancing across WAN circuits and utilizing backup edge routers.

Quality of Service policies within an SD-WAN solution will ensure that the most critical applications are sent over the highest performing paths, but you should consider a solution’s ability to detect problems and respond to network outages so that critical applications don’t experience loss of service. Managing the route control capabilities of an SD-WAN solution can be complex and looking at the management tools of a solution can provide insight into whether sophisticated features are easy to manage for IT.

An SD-WAN solution’s ability to support hybrid deployments, by combining multiple WAN transports such as MPLS, Internet, cellular or satellite links, is another factor you should take into consideration. Each has different capabilities in areas such as bandwidth, SLA classes of service, security postures, and pricing.

A secure dynamic VPN overlay simplifies deployment and operation by abstracting and hiding the complexity of each type of transport. IT departments should ask whether an SD-WAN solution supports all the types of transports an organization might need, and the speed of redundancy in the event of a failure. Solutions should also be scalable enough to meet future needs and support security features, such as encryption, that might be business critical.

Visibility into how in-house and SaaS applications are performing is also critical to ensuring the best user experience. You should consider what level of visibility an SD-WAN solution offers into application performance and which paths applications are taking over the network in real-time. A solution that optimizes TCP windowing, compression, object caching and content prepositioning will give you further insights into traffic prioritization and better application service level agreement, a key value in purchasing an SD-WAN solution.

One of the most common concerns about moving to software-based networking solutions is security. You should not assume data is protected over private MPLS VPNs, public Internet or cellular services. Instead, your SD-WAN solution should ensure data integrity and privacy over all WAN transports and specify what levels of encryption are supported. You should ask how automated the negotiation, renewal and revocation of IPsec encryption keys are between sites and how well the provider-facing interfaces are protected against outside attacks in areas such as scanning, penetration, and denial of service.

SD-WAN solutions can provide embedded firewall and intrusion prevention systems (IPS) and offer advanced protection to users who access the Internet directly from the branch, particularly with capabilities such as content filtering and malware protection. IT departments looking at SD-WAN security features as a top priority should also consider solutions that have been evaluated by industry or government bodies, comply with common security certifications and have a formal incident response team in place to notify customers of vulnerabilities. 

The list might seem daunting, but with the SD-WAN market still young, vendor offerings are changing quickly. Taking these considerations into account will ensure that organizations new to SD-WAN will find improved performance, lowered costs and substantial security.

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022