The Co-Managed SD-WAN: A Managed Infrastructure with Self-Service Capabilities for Agility

June 6, 2019

SD-WAN certainly provides companies with a lot of flexibility, and one aspect of that flexibility is how to manage the networking solution. There are various management models that differ in the degree of responsibility assumed by the enterprise or its chosen service provider in terms of infrastructure maintenance, continuous monitoring, and change management.

One management model is the Do it yourself (DIY) approach, which has long been popular with enterprises that purchase and deploy the SD-WAN appliances themselves. Typically, they have the in-house expertise to manage their existing wide area network and feel comfortable adapting to the new technologies of the SD-WAN. The enterprise assumes the responsibility for maintaining the underlying infrastructure such as the SD-WAN appliances, routers or data centers, as well as the ongoing monitoring of the SD-WAN and changes that must be made to the configuration. The DIY approach is resource-intensive and requires a high level of expertise within the enterprise.

At the opposite end of the spectrum is the management model of a fully managed service where the preferred provider is responsible for everything. It’s basically a turnkey solution where the managed service provider (MSP) maintains all the infrastructure, monitors the network for issues, and performs any move/add/change requests. This model is ideal for companies that don’t have the in-house expertise or that don’t want to retrain or re-skill their employees to manage the new networking approach. However, the enterprise is also highly dependent on the responsiveness of the MSP.

The Challenges of the DIY Approach

When a company opts to go the DIY route, it enjoys the freedom of choosing how things are done, including which SD-WAN appliances are used, what transports are utilized, and how everything is managed.

While choice is good, there are three common problems with DIY SD-WAN:

  1. When a variety of Internet connections are used, there is no carrier-grade backbone service that is fully backed with a service level agreement (SLA) to protect against latency and unpredictability. Internet connections are notoriously unpredictable and can fluctuate too much to sustain critical traffic such as voice and video.
  2. Along with the SD-WAN, security is also DIY. Security is often added to the solution via service-insertion or service-chaining. Branches that have their own direct connection to the Internet will require a full stack of security services, including next-generation firewall, intrusion detection/intrusion prevention, sandboxing, and so on. What’s more, patching, upgrades and capacity planning – now for many locations – needs to keep pace with increasing traffic loads and a growing threat landscape.
  3. Then, too, there are integration challenges. For example, the missing components that a service provider can provide, such as security services and an SLA-backed network backbone, are significant gaps in the solution. Moreover, SD-WAN appliances don’t address the needs of mobile users and are inherently unsuitable for native cloud applications. Bolting on such services and capabilities create integration challenges, even for a knowledgeable and skilled IT team.

The Challenges of Carrier-Managed SD-WAN

It might sound good to outsource SD-WAN management to an MSP and let them deal with everything, but that doesn’t mean there aren’t problems for the enterprise in this model:

  1. All that resource-intensive service has a cost associated with it, and it could be enough to offset the savings from using SD-WAN in the first place.
  2. There is certainly a loss of agility when the enterprise has to depend on a third party to do everything. The network and security services are managed by the MSP, and the customer must rely on the support services for adds/moves/changes. Even simple changes, like a firewall rule, could take days to be completed.
  3. Choosing the wrong MSP could put an enterprise in a bind. Not all service providers have a reputation for exceptional service, and making a commitment to one MSP could mean paying for a service that isn’t necessarily good service.

Sharing Management Responsibilities

Of course, there’s another way to go about this. The enterprise and the MSP can share the SD-WAN management responsibilities. This allows the enterprise to see the benefits of both appliance and managed SD-WAN solutions without the drawbacks.

In the co-managed services model, the enterprise can enjoy self-service for things like applications and security policies, while the service provider takes care of infrastructure maintenance. The two organizations also may choose to share the tasks of continuous monitoring of the network and the change management aspect of administration. Thus, either the enterprise or the service provider can fulfill move/add/change requests for networking services.

There is a flavor of the co-managed SD-WAN in which most SD-WAN and network security capabilities move from appliances on the customer premises into a core network in the cloud. The SD-WAN as-a-service provider maintains the underlying shared infrastructure – the servers, storage, network infrastructure, and software – and all are hosted on a carrier-grade network backed by strong SLAs. A full security stack is embedded within the network such that all traffic – from every location and every user – passes through security at all times.

Meanwhile, enterprises have the ability to modify, configure, and manage their SD-WAN as if they ran on their own dedicated equipment. Enterprises gain the best of both worlds of low-cost shared infrastructure and the flexibility and performance of dedicated devices. With a co-managed solution, security can scale as necessary, anywhere, eliminating the limitations of location-bound appliances. New features are instantly available to every site, user, or cloud resource connecting to the SD-WAN service with the customer in control of changes the business requires.

Technology has shifted, and businesses require an agile WAN infrastructure with the ability to roll out sites in days, not weeks or months. The WAN is transforming into a resource that connects mobile, SaaS, IaaS, and offices that require more than simple connectivity. Intelligence, reach, optimization, and security are attributes the WAN needs today, and a co-managed SD-WAN as a service solution brings all the advantages of SD-WAN into one solution.

Author

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.