• United States

SD-WAN: Breaking down its important elements

Dec 03, 20187 mins

Finding the best SD-WAN fit starts with evaluating branch WAN bandwidth and application requirements

question marks
Credit: Murat Göçmen / Getty Images

Software-defined WAN traffic is exploding, and so is the number of technology providers competing for enterprise SD-WAN customers. Here are some key issues to consider as IT pros investigate SD-WAN deployment options and weigh the importance of features such as application prioritization, multicloud support and integrated network security.

SD-WAN technologies and services are designed to combine multiple physical WAN links into one logical network and provide traffic prioritization to accelerate application performance. Using network abstraction, SD-WAN improves the economics of branch connectivity by enabling organizations to leverage inexpensive circuits, such as the Internet, to address growing bandwidth requirements. SD-WAN is relatively easy to deploy and manage as it maps new services – application prioritization, security, management – on top of existing physical networks.

When evaluating SD-WAN options (there are currently more than 30 providers of SD-WAN technologies and services), it’s important to focus on the business value the technology can bring to an organization. For starters, organizations should review their current and near future requirement for connecting employees (and customers) in remote branch offices to mission-critical applications that reside either in a central data center or in the cloud. Some initial questions to consider include:

  • How many branch locations do you currently have? How many employees are at distributed branches?
  • Which applications are mission critical to distributed employees? Where are these applications hosted? (data center, SaaS, public cloud)
  • What are the current WAN bandwidth requirements at each location and how fast is the demand for WAN bandwidth growing? What is your current spending on WAN bandwidth?
  • What are your key security requirements at the branch?

Answers to these questions will help IT organizations prioritize the key features and capabilities required of an SD-WAN provider.

Internal SD-WAN deployment vs. managed service

The first strategic choice is deciding what kind of partner you want to deploy and support your SD-WAN architecture.

IT organizations can work directly with the leading SD-WAN technology providers and their channel partners, or purchase a managed SD-WAN service from a service provider such as AT&T, Verizon, CenturyLink, Comcast and many others. Most organizations will benefit from an experienced channel partner to integrate SD-WAN into their existing branch/WAN infrastructure, which may include routers, WAN optimization appliances, firewalls and other network security elements. Many organizations will want to outsource SD-WAN technology and related bandwidth decisions to a managed service provider.

Organizations that plan to implement an internally developed (non-managed) SD-WAN solution need to examine several key issues for deployment. These include a review of their branch WAN/LAN architecture, WAN bandwidth requirements and providers, and, of course, selecting an SD-WAN technology.

Determining WAN bandwidth requirements

On average, an organization’s WAN bandwidth requirements are growing at approximately 20% per year. SD-WAN enables the deployment of hybrid WAN, which employs two or more distinct WAN circuits to increase available bandwidth and improve reliability. Most organizations leverage SD-WAN to add inexpensive Internet bandwidth to their existing MPLS links. Selecting WAN services from multiple service providers with diverse fiber connectivity can provide insurance against WAN outages. IT teams should also evaluate the potential to leverage 4G LTE links as backup for their remote branches.

Reviewing WAN/LAN branch architecture

Most distributed organizations have an installed base of WAN and LAN equipment already deployed at their branch locations. This gear may include WAN routers, network security (such as firewalls and IP VPNs), LAN switches, Wi-Fi controllers and WAN optimization products. SD-WAN technology generally integrates well with existing WAN/LAN infrastructure, but it does typically require organizations to deploy another box (appliance or server) at the branch location and has its own unique management interfaces. Migration to SD-WAN offers IT organizations the ability to review and, in some cases, replace existing network equipment at the branch. For example, some SD-WAN solutions allow organizations to forego the need to deploy routers and WAN optimization gear. SD-WAN can also provide basic network security at the branch.

After evaluating their WAN requirements, considering WAN bandwidth options, and reviewing their branch network architecture, IT organizations are ready to select from the numerous SD-WAN technology suppliers. Key product features that should factor into any evaluation include: traffic prioritization, multicloud support, ease of deployment, centralized management, network security, and partnership ecosystem.

Traffic prioritization via SD-WAN

SD-WAN enables application prioritization and traffic load balancing to ensure critical applications use the best link available. SD-WAN solutions can recognize most leading applications and provide preset levels of prioritization. IT organizations can adjust these settings as required over time.

Multicloud support

Remote and branch users typically access applications in a variety of cloud locations, including the internal data center, IaaS (AWS and Azure) and SaaS (Salesforce and Office 365). SD-WAN solutions need to understand the location and security requirements of traffic coming to and from the Internet. SD-WAN providers are working with leading IaaS and SaaS providers to offer streamlined access and improved performance for specific applications/platforms.

SD-WAN ease of deployment

All SD-WAN suppliers position their products as being easy to deploy in remote locations, and this is critical for distributed organizations without IT personnel at their branch offices. SD-WAN products should be plug-and-play with WAN circuits and remote configuration. They should also be easy to integrate with existing network equipment (router, for example) and network security products (such as firewalls) at the branch.

Centralized management

SD-WAN architecture places much of the “intelligence” for management in centralized data center or cloud-base locations. SD-WAN products should be highly automated and easy to manage. They should adjust to changing WAN traffic conditions and application requirements. SD-WAN products also need to integrate with existing network and application management systems.

Network security

SD-WAN technology includes the ability to secure unreliable Internet links and identify anomalous traffic flows. Most SD-WAN products provide basic firewall capabilities as well as content filtering, endpoint identification and management, and policy enforcement capabilities. They employ packet identification to understand traffic flows – determining, for example, if the traffic is going to or coming from a trusted location or cloud-based service. (Related: What are the options for securing SD-WAN?)

Partnership ecosystem

SD-WAN providers continue to broaden the technology capabilities of their solutions, but many organizations will continue to require SD-WAN to integrate into their installed network and security solutions. SD-WAN solutions must easily integrate into your existing network security paradigm, and most suppliers have created (and are expanding) the list of integrated network security partners. SD-WAN suppliers are also partnering with Wi-Fi technology providers to offer SD-Branch solutions.

Top SD-WAN considerations

SD-WAN has emerged as must-have technology for many distributed organizations. It offers significant benefits in terms of increased bandwidth (for less money) and improved application prioritization, and it helps to enable a multicloud environment. IT leaders implementing SD-WAN should carefully evaluate their branch WAN bandwidth and application requirements. SD-WAN needs to fit seamlessly into existing branch network and security systems. Selecting the “right” channel or managed service provider is always critical for any complex technology decision – and SD-WAN is no different. Many service providers offer fully or partially managed (outsourced) SD-WAN solutions.

There is a tremendous range (dozens) of technology suppliers to choose from when selecting a specific SD-WAN product – from very large suppliers to innovative start-ups. IT leaders should evaluate their unique branch networking and application requirements and select the SD-WAN supplier that best meets their current and near future requirements. Longer term, IT organizations should consider the integrated capabilities of SD-Branch architectures to simplify branch IT operations.

lee doyle

Lee Doyle is principal analyst at Doyle Research, providing client-focused targeted analysis on the evolution of intelligent networks. He has over 25 years’ experience analyzing the IT, network, and telecom markets. Lee has written extensively on such topics as SDN, SD-WAN, NFV, enterprise adoption of networking technologies, and IT-Telecom convergence. Before founding Doyle Research, Lee was group vice president for network, telecom, and security research at IDC. Lee holds a B.A. in economics from Williams College.

More from this author