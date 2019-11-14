As interest in software-defined wide-area networks (SD-WAN) continues to rise, enterprises are coming face to face with the challenge of planning an SD-WAN migration that will serve the company today and into the future, forcing them to deal with a number of unknowns.

The uncertainties include how fast the company will grow, whether new sites will be required, and what revenue and cash flow will look like. Existing and emerging security threats must be considered as well. About the only certainty is that cloud services will continually factor into the equation.

Challenges inherent in network future-proofing

Network planning in this kind of environment requires a degree of future-proofing, meaning implementing a network that is comprehensive and agile enough to accommodate new requirements without compromising on service quality or total cost of ownership. But doing so comes with considerable challenges.

Chief among the challenges is the complexity involved in building an SD-WAN, says Dave Greenfield, Secure Networking Evangelist with Cato Networks. It’s not just a matter of installing an SD-WAN appliance or paying for a service. You’ve also got to consider security across the board, including for cloud services and branches, Greenfield says. Perhaps you need a virtual private network for mobile users, along with WAN optimization, and of course the underlying transport services like MPLS and/or Internet.

“If you need to outfit a new office location, you have to think about how to extend the network to that location and get all the equipment there to support those services for not just fixed users but mobile users,” he says. “And it all has to fit into a framework that works with your existing network.”

Scalability is another issue (or “multi-dimensional scalability,” as Greenfield calls it), given the various technologies that come into play. What are the limits on your SD-WAN appliance in terms of capacity, including the number of tunnels and users it can support? How many sites can your centralized SD-WAN controller handle? Then repeat the questions for your security tools, WAN optimization platform, and so on. The same challenges apply whether you’re taking the do-it-yourself approach or piecing together the components from various service providers, he notes.

A cloud-based approach to SD-WAN and security

“True future-proofing requires a network with no limitations, being able to accommodate multi-dimensional scaling with respect to capacity, compute power, bandwidth, whatever the factor is,” Greenfield says. “You need to be able to scale immediately or in an acceptable timeframe.”

One approach to achieving that goal is to put all the required services in the cloud, which is what Cato has done.

“We argue that you should create a single network stack that will service all users, mobile and fixed, connect all resources—cloud, data center, and branches—and secure them as well,” he says.

Cato delivers SD-WAN services over its own private backbone to ensure predictable service quality. It has also developed its own security services—including next-generation firewall, secure web gateway, advanced threat protection, cloud and mobile security, encryption, anti-malware, and more—to avoid having to pay licensing fees.

The idea is to enable SD-WAN services to accommodate any new requirement effortlessly. Adding new sites is simple with Cato’s zero-touch SD-WAN device, the Cato Socket. Sockets only require an Internet connection. Securing branch offices is equally simple with Cato as all security services run in the Cato Cloud. No additional security tools are required. Mobile users and cloud resources? Those too can connect into Cato. In short, whatever change you may experience, whether it’s adding sites or capacity, connecting mobile users or IoT devices, Cato provides a platform that can accommodate the change, with a predictable level of investment.

What’s more, you’ll be paying for SD-WAN and related services out of your operational budget, not the capital one. So as the company grows and you’ve got more revenue coming in, you’ll have the means to fund additional network capacity. Now you’ve got a network that truly is future-proof.

