SD-WAN Use Cases – Where to Start with SD-WAN

May 14, 2018

SD-WAN is all the rage in enterprise networking these days. IT teams are excited about the opportunities SD-WAN creates to transform their networks. Scarred by slow, rigid and complex technologies, like MPLS, and complex command line interfaces, networking professionals are turning to SD-WAN to usher in an era of automated and intelligent networks.

But wait. All IT projects and initiatives need a compelling use case to get off the ground, with tangible benefit to justify the investment.  Below are some of the use cases that can launch your SD-WAN project.

Improved WAN resiliency, availability and capacity

The network is the core of our digital business. Many organizations procure MPLS services  to maximize the availability and uptime of the network. But MPLS uptime promise comes at a very high cost. At the end of the day, even carrier SLAs can’t circumvent cut fibers from negligent roadwork. Many organizations have a secondary Internet link as a failover option in case of an outage. But the capacity of secondary connection are unused for daily operation, and failover is often harsh, impacting user productivity.

SD-WAN enables IT to augment MPLS with high-capacity Internet connections from a separate provider. SD-WAN automates the use of both links concurrently using a feature called Policy Based Routing (PBR). PBR matches application traffic to the most appropriate link in real time. If a link fails, PBR will automatically select the alternative link and prioritize traffic by business need to make sure the location remains connected while the underlying services issues is resolved. The combination of the two links through SD-WAN and PBR increases overall resiliency and availability. At the same time, the added capacity increases overall usable bandwidth at the location.

Bottom line: SD-WAN enables the continuous intelligent use of multiple transports to improve network resiliency, availability and capacity to enable uninterrupted user productivity.

Affordable global connectivity for branch offices and mobile users

Global organizations had to rely on expensive global MPLS services to achieve a predictable and consistent network experience for enterprise users. If you couldn’t afford it, the only other alternative was the unpredictable public Internet.

SD-WAN promises to reduce MPLS costs by leveraging inexpensive, Internet connections. In regional scenarios, and especially in the developed world, the Internet is pretty reliable over the short haul.  But replacing MPLS with Internet connectivity can be challenging in a global context. Customers require SLA-backed connectivity to ensure consistent network service. This calls for a classic hybrid WAN configuration where MPLS must be kept as a production transport. For mobile users, MPLS or SD-WAN appliances aren’t  an option, yet mobile users have the same global optimization needs. Look into solutions that extend the SD-WAN fabric to mobile users globally.

Bottom line: SD-WAN appliances rely on at least one consistent and predictable transport. To eliminate the cost of MPLS in the global context, look for an affordable MPLS alternative and ways to apply SD-WAN for mobile access.

Securely extending the enterprise WAN to the cloud

Over the past few years, enterprises started migrating some of their applications to cloud datacenters like Amazon AWS and Microsoft Azure. This change, along with the use of cloud applications like Office 365, has impacted the traffic patterns of the enterprise network. Instead of going from the branch to the datacenter, often over dedicated MPLS links, an increasing share of the traffic is destined to the cloud. Branch-to-datacenter backhaul is wasting MPLS capacity and adds latency because the traffic that reaches the datacenter ultimately needs to reach the Internet.

By incorporating Internet based connectivity in the branch using SD-WAN, it is possible to exit Internet- and cloud-bound traffic at the branch and avoid backhauling. It is important to note that this architecture must address security at the branch as it was previously addressed in the datacenter. Basic firewalls included with most SD-WAN appliances provide very limited security and threat protection. Full blown next generation firewalls in each location create an appliance sprawl and a management headache. To address these challenges, Firewall as a Service (FWaaS) solutions can be considered to secure Internet access without the need to deploy physical security appliances alongside SD-WAN appliances.

Furthermore, optimizing cloud access from the branch is not a trivial matter. Even for regional companies, cloud datacenters and cloud applications may be far away from some or all of the business locations. Cloud traffic is not optimized with MPLS-based designs that are focused on branch to physical datacenter connectivity, and direct Internet access at the branch is using the unmanaged public Internet to reach the cloud. Alternative approaches, such as cloud networks, are optimized to address cloud traffic. They place themselves in close proximity to both customer locations and cloud destinations and use private SLA-backed backbones to optimize end-to-end performance.

Bottom line: SD-WAN deployments are often driven by need to extend the business into the cloud. IT teams should be aware of the security and performance implications and verify the proposed SD-WAN designs address them.

Summary

If you are in the market for SD-WAN technology, all of these use cases are likely on your roadmap. Better network resilience and capacity, secure and optimized cloud integration, and high performance global connectivity are all major business drivers. Thinking how to address them holistically will ensure high business impact for your WAN transformation project.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.