A New Approach to SD-WAN Management

A New Approach to SD-WAN Management

  • September 5, 2018

For a while now, there have been two basic SD-WAN solutions offering a choice between DIY (appliance-based) or fully managed (service-based) solutions. Each choice has its advantages, but they also have distinct disadvantages. Being at opposite ends of the spectrum, customers are increasingly preferring an SD-WAN solution that encompasses the advantages of both solutions. In essence, they want a solution that is managed as an appliance but provided as a service.

Comparing Both Ends of the Spectrum

An appliance-based solution allows organizations to manage and direct their SD-WAN solution and utilize various Internet connection options, rather than being tied to a particular carrier. The customer has the ability to make changes to the network and update any security policies when they choose.

In contrast, a service-based solution is provided and managed by a particular carrier. The carrier provides any needed appliances and a private network with security features included in the package solution.

Enterprises who have implemented an SD-WAN appliance-based solution have typically encountered three common problems.

  1. Erratic Internet – The autonomy of using a variety of Internet connections means there is no carrier-backed SLA provided to protect against latency and unpredictability. With no backbone to send traffic over to provide consistent connectivity, Internet connections are unpredictable. Internet performance simply fluctuates too much moment-to-moment and day-to-day, particularly when connections cross between backbones or Internet regions, to deliver the predictable performance needed for enterprise-grade voice and other critical applications.
  2. No Security – SD-WAN appliance solutions don’t provide any security, so security must be added to the solution via service-insertion or service-chaining. When moving from MPLS to SD-WAN appliances, each location will now have its own connection to the Internet. How will they secure all of the Internet access points created by SD-WAN? By expanding the attack surface, every office with DIA now requires the full range of security services including next-generation firewall (NGFW), IDS/IPS, sandboxing and more. Patching upgrades and capacity planning, now for many locations, needs to keep pace with increasing traffic loads and a growing threat landscape.
  3. Integration Challenges – Missing components that a service provider can provide, such as SLA backbones and security services, are significant gaps in the solution. No SD-WAN appliance addresses mobile users or is inherently suitable for the cloud. Once companies deploy SD-WAN, there is still the problem of connecting and protecting mobile users and providing secure access to cloud resources.

The Shift Away From DIY

It’s no wonder that, when polling organizations using SD-WAN, research shows growing service adoption.  About 30% of respondents in 2017 indicated they were using a service provider for SD-WAN, a number increased to 49% in 2018. This 19% jump suggests the issues with appliance-based SD-WAN motivated some organizations to move to a service-based solution. However, let’s not forget, carrier-managed SD-WAN services have their own set of challenges:

  • Cost – The components of a carrier-based solution aren’t much different from an appliance-based solution. In reality, they’re just wrapping third-party SD-WAN and security appliances with the existing carrier networks and charging for the packaged solution.
  • Agility – With a managed service, your hands are tied. The network and security services are managed by the carrier, and the customer must rely on the carriers support services for any needed changes. Simple changes, such as firewall rules, could take a couple of days.
  • Bad Service – Not all carriers have a reputation for exceptional service. Committing to one service provider could mean paying for a service that isn’t necessarily good service.

Self-service SD WAN Allows For Flexibility

The advantages of SD-WAN are undeniable, but organizations today would like to see the benefits of both appliance and managed SD-WAN solutions without the drawbacks. There is an SD-WAN solution that brings the best of both into one solution – self-service SD-WAN.

Most SD-WAN and network security capabilities move from appliances on the customer premises into the cloud provider’s core. The SD-WAN as-a-service provider maintains the underlying shared infrastructure — the servers, storage, network infrastructure, and software — allowing enterprises to modify, configure and manage their SD-WAN as if they ran on their own dedicated equipment. Enterprises gain the best of both worlds of low-cost shared infrastructure and the flexibility and performance of dedicated devices. With a self-service solution, the customer is in control of changes the business requires, costs are reduced, and repair time is improved.

Technology has shifted, and businesses require an agile WAN infrastructure with the ability to roll out sites in days, not weeks or months. The WAN is transforming into a resource that connects mobile, SaaS, IaaS, and offices that requires more than simple connectivity. Intelligence, reach, optimization, security are attributes the WAN needs today, and a self-service SD-WAN as a Service solution brings all the advantages of SD-WAN into one solution.

The Cato Cloud from Cato Networks provides a self-service solution and optimizes both the last mile between the customer edges and the Cato PoPs, and the middle mile on the Cato global backbone, Cato Cloud provides a Management Application that enables full traffic visibility for the entire organizational network and the ability to manage a unified policy across all users, locations, data, and applications. The Cato Cloud environment is managed by Cato’s global Network and Security Operations Center, manned by a team of network and security experts to ensure maximum uptime, optimal performance and the highest level of security.

Find out how Cato Networks can transform your WAN by subscribing to our blog.

Dave Greenfield

Dave Greenfield

Dave is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.

More Posts - Website

Dave Greenfield

Author: Dave Greenfield

Dave is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.