The Benefits of Refreshing Router-Centric WANs with SD-WAN

businessman works in office with a laptop with internet effects of picture id1127531455

The advantages of SaaS applications and other cloud services has businesses rethinking their traditional router-centric WAN strategy. That’s because many of today’s business-critical applications carry the twin challenges of needing high performance, especially for latency-sensitive applications such as unified communications, combined with high volumes of data. These requirements can quickly swamp traditional WAN connections that backhaul data and transactions through the data center. Without the ability to connect directly to the internet, application speeds slow and performance suffers.

The other challenge is that routers generally only view data at the packet level, with little to no intelligent recognition or prioritization of business applications. As a result, mission-critical SaaS applications must not only compete for bandwidth with other business data, but also with non-essential traffic such as YouTube videos or Spotify streams. Without the ability to recognize, prioritize, and steer connections to business-critical SaaS applications, it’s all just data going in and out of the branch routers. The result is lowered application functionality, user experience, and business results.

Transitioning from WAN Routers to SD-WAN

According to a report by IHS Markit for Q2 2019, SD-WAN revenues were up 23% over Q1 as corporations continue to accelerate the replacement of their installed WAN routers with SD-WAN appliances. This growing trend is why a recent IDC report predicts that the SD-WAN market is likely to reach $4.5 billion by 2022, growing at an astounding rate of 40% year over year – an unusually high growth rate even for the high tech industry.

These changes are being driven by the need to make data and other online resources available in real time to even the most remote workers happening at the same time as the aging installed base of WAN routers needs to be refreshed. As enterprises enter this router replacement phase, many are taking the opportunity to rethink their WAN strategy by upgrading to SD-WAN compatible hardware.

However, some organization still struggle toovercome their preconception that routers and dedicated MPLS connections are the only option for reliable WAN connectivity. That is simply no longer the case. SD-WAN offers a faster route to an efficient, global enterprise network. It not only allows direct and secure connections to cloud-based applications and services over the public internet and direct interconnectivity between branch offices – both without backhauling all traffic through a central hub, but it can still support secure MPLS connections back to the core data center when necessary.

This sort of connection flexibility is crucial. As organizations migrate to increasingly complex hybrid cloud data architectures, they quickly discover that new cloud-based SaaS applications used at the branch that have to travel over traditional, router-centric technologies end up with serious performance and functionality challenges, which can significantly reduce efficiency, productivity, and user experience. They need access to cloud services through direct connections over public networks. And at the same time, many still prefer fast, reliable, and secure MPLS connections between the branch and data center. SD-WAN ensures that connectivity is not an either/or proposition.

Choosing the Right SD-WAN Solution

Of course, like any burgeoning opportunity, new vendors have been flocking to the SD-WAN market, flooding it with a wide range of competing solutions. This is often the first hurdle organizations face when considering a transition strategy. Wading through this complexity begins by first fully understanding your branch connectivity needs and then mapping solutions against those requirements.

One of the most overlooked issues for organizations adopting SD-WAN technologies is the need to provide the same level of security for their direct internet connection that was available when such connections were routed through the central data center. Most SD-WAN solutions fall short in this area, providing at most a simple firewall to protect connections over public networks. To make up the difference, organizations are forced to design, deploy, and manage an overlay security solution that adds layers of management complexity and overhead that often undermines the savings that SD-WAN was supposed to provide.

In addition, when security and connectivity are not fully integrated, organizations can experience serious lapses in visibility and control because security has to continually react to connectivity changes, creating lag times that leave gaps in protection and impact performance.

Instead, any viable SD-WAN candidate should natively provide a consistent security posture through the availability of a full stack of integrated security functions, including NGFW, IPS, anti-virus and anti-malware, web filtering, encryption, and sandboxing. CASB services should also be implemented to protect SaaS applications and prevent Shadow IT-related challenges. And because SD-WAN traffic traveling over public networks needs to be encrypted, those security tools also need to be able to decrypt, inspect, and re-encrypt data at business application speeds. Unfortunately, NGFW solutions – and not just those included with most SD-WAN appliances – tend to struggle to keep up with encrypted data inspection requirements.

Other essential SD-WAN functions include providing the same traffic and connectivity management services provided by traditional routers. However, SD-WAN solutions also need to be able to prioritize business-critical applications using advanced application recognition and steering. This ensures that applications receive the proper bandwidth and priority from the first packet, as much as tripling application performance.

And because few branches have their own IT staff, zero-touch deployment is also crucial. It enables faster branch roll outs by reducing deployment from days or weeks to hours or minutes. A unified console that can manage both network and security operations can go a long way towards controlling IT overhead. Organizations should also consider SD-WAN tools that can be easily expanded to secure local branch LANs as well, solving two issues with a single solution.

Realizing the Benefits of SD-WAN

At the end of the day, when an organization invests in digital infrastructure they are not looking for theoretical gains. They are looking for a clear return on investment (ROI), increased efficiencies, and greater productivity. It can therefore come as quite a shock when the technology they have invested in is not able to perform to expected specifications.

But through careful planning, leveraging third-party resources – like the NSS Labs SD-WAN Test Report or the Gartner Magic Quadrant for WAN Edge Infrastructure, and clearly defining your organization’s unique requirements, you can make the transition from static MPLS and router-centric WAN connections to the flexible and scalable benefits of a secure SD-WAN solution strategy.

Learn how Fortinet’s Secure SD-WAN Solution uses a security-driven networking approach to improve user experience and simplify operations at the WAN Edge.


Copyright © 2019 IDG Communications, Inc.