Answering the Top Questions About SASE Asked by IT Professionals
SD-WAN is one of the hottest technologies in the networking space. Being “hot”, though, doesn’t mean that SD-WAN has a solid business case to support it. How can IT executives justify the investment in this technology? In short, SD-WAN promises to have a positive business impact in the following areas:
- Improve network capacity, availability, and agility to maximize end user productivity
- Optimize global connectivity for fixed and mobile users to support global growth
- Enable strategic IT initiatives such as cloud infrastructure and applications migration
Improves WAN capacity, availability, and agility
The network is the foundation of the business. Historically, MPLS was the default WAN choice to maximize uptime and ensure predictable network behavior. But, MPLS was expensive and subject to capacity and availability constraints.
SD-WAN enables locations to use multiple WAN transports concurrently including MPLS, cable, xDSL, or LTE, and dynamically route traffic based on transport quality and application needs.
SD-WAN enables the business to boost overall capacity by aggregating all transports and reduce cost by utilizing affordable Internet services. Agility is also improved, because IT can deploy new sites quickly with available transports and not wait for the lengthy rollout of premium services, such as MPLS.
SD-WAN maximizes end user productivity by boosting the WAN’s capacity and resiliency. SD-WAN also supports quick alignment of the enterprise network with emerging business needs such as onboarding of new locations and users.
Optimizes global connectivity for fixed and mobile users
Organizations often use global carrier MPLS for consistent network experience for their remote locations. The only other option available to lower costs is to use the inconsistent and unpredictable public Internet. Mobile users can’t leverage MPLS-connected locations on the road, and have to accept service levels provided by the Internet.
As discussed before, SD-WAN enables businesses to use inexpensive, last-mile Internet connections within the WAN. For regional businesses, and especially in the developed world, the Internet is pretty reliable over short distances, but using the public Internet can be a challenge in a global context. IT organizations must use predictable, global connectivity to ensure consistent service levels.
In a classic hybrid WAN setup, MPLS provides this consistency while the Internet adds capacity at lower cost. To reduce costs even further, affordable MPLS alternatives, such as SLA-backed cloud networks, can ultimately replace MPLS services. Mobile users remain an afterthought, even for SD-WAN, and can’t benefit from either legacy MPLS or SD-WAN appliances. Yet, these users have the same needs for optimal global access. Only a subset of SD-WAN solutions can extend their fabrics to mobile users globally.
Global connectivity requires a consistent and predictable transport. To reduce or eliminate the cost of MPLS in a global context, SD-WAN solutions must incorporate an affordable MPLS alternative that ideally can extend to branch locations and mobile users.
Enables strategic IT initiatives
Many enterprises are migrating, or considering the migration of, all or parts of their applications to cloud datacenters, such as Amazon AWS and Microsoft Azure. This change, alongside the use of public cloud applications, such as Office 365, makes legacy network designs obsolete.
Instead of focusing network planning on the branch to datacenter routes using dedicated MPLS connections, network architects must address the increased share of traffic going to the cloud. Wasteful backhauling, also known as the Trombone Effect, is saturating MPLS links and adds latency because the traffic goes to the datacenter only to be securely sent to the Internet. Sending Internet traffic directly from the branch makes more sense.
Direct Internet access in the branch, using SD-WAN, enables Internet- and cloud-bound traffic to directly exit the branch without backhauling. There is a cost to this optimization, as security now has to be applied at the branch. Simple firewalls incorporated into SD-WAN appliances have limited inspection and threat protection capabilities; and a full blown security stack in every branch creates appliance sprawl and increases complexity.
Firewall as a Service (FWaaS) is an emerging technology that enables IT to secure Internet traffic at the branch without deploying physical appliances alongside SD-WAN appliances.
Security is one consideration. Optimizing cloud access from the branch is another. Even the branch offices of regional companies often need to access distant cloud resources. MPLS was designed for branch-to-physical datacenter connectivity not branch-to-cloud. Alternative approaches, such as cloud networks, can optimally support cloud traffic by extending the network fabric to both customer locations and cloud destinations, and by using private SLA-backed backbones to optimize performance.
SD-WAN can support strategic cloud migration initiatives by securing and optimizing traffic between business locations, mobile users, and cloud resources. Appropriate SD-WAN architectures, built for secure and optimized cloud connectivity, should be evaluated.
SD-WAN is a strategic WAN transformation initiative. Better network availability, capacity, and agility, high performance global connectivity, and secure and optimized cloud integration, are all major business impact drivers. Addressing them holistically will ensure a high return on investment in the SD-WAN solution.
Gur Shatz is co-founder and CTO of Cato Networks. Prior to Cato Networks, he was the co-founder and CEO of Incapsula Inc., a cloud-based web applications security and acceleration company. Before Incaspula, Gur was director of product development, VP of engineering and products at Imperva, a web application security and data security company. Gur holds a BSc in computer science from Tel Aviv College.