The Return On Investment of SD-WAN

April 3, 2018

What is the ROI on SD-WAN projects? Most enterprises looking at SD-WAN as an MPLS alternative or offloading, with the hope of reducing their MPLS connectivity costs – hard costs savings. But, the complete SD-WAN ROI is mix of hard and soft components from increasing overall network capacity and availability and reducing the operational load of managing the network.

SD-WAN ROI driver: Reducing the costs of connectivity

This is a tricky SD-WAN ROI driver. Enterprises spend a fortune on a managed MPLS network. This network is often capacity constraint, because more capacity substantially increases overall costs. SD-WAN is promising to break that paradigm by augmenting or replacing MPLS with affordable Internet last mile connectivity.

Here is the key point: your network cost savings are directly related to how much MPLS can be replaced with Internet-based connectivity. The magnitude of the savings is related to the choice of Internet last mile. Symmetrical connection (also known as Direct Internet Access or DIA) offers guaranteed capacity, and offers a small discount relative to MPLS. An asymmetrical connection (such as xDSL or cable) is best effort capacity, and offers substantial discount compared to MPLS.

If you augment MPLS with Internet connectivity, you should expect no hard cost savings as part of the SD-WAN ROI. Simply put, the SD-WAN solution and the internet last mile connectivity that augments MPLS will increase the overall network spend. However, the cost per MBPS will drop, sometimes substantially.

If you are looking at SD-WAN as an MPLS alternative, and to replace your MPLS completely, you could see cost reduction that correlates to your choice of Internet last mile and geographical region. Fisher & Co, an automotive company, was able to reduce its connectivity costs by 70% by replacing their MPLS network with Cato Networks’ SLA-backed backbone and Internet last mile connectivity.

SD-WAN ROI driver: Reducing the costs of branch security

With legacy network architectures, enterprises typically backhauled Internet traffic from the branch to a regional datacenter, a hub, where a full network security stack inspected all traffic. This approach wasted precious MPLS capacity. Basically, Internet traffic became a driver to growing MPLS capacity, a big impact to IT budgets.

SD-WAN opens up the branch to the Internet. It is now possible to avoid internet backhauling and reserve MPLS capacity for data center app traffic. This is one potential area of upgrade cost avoidance. However, security must now move to the branch. While SD-WAN reduces backhauling, it is now necessary to add network security capabilities at the branch. SD-WAN appliances include basic firewalls but limited threat protection. Branch firewalls and UTMs offer more capabilities, but their capacity limits their inspection capabilities for CPU intensive operations such as SSL decryption, anti malware and IPS. Cloud-based security offers a scalable approach but still requires buying another point solution that offsets any potential cost savings from backhaul reduction.

Network and security convergence offers a way to tackle this tradeoff. Alewijnse, a dutch manufacturing company, was able to eliminate its MPLS network and apply enterprise grade security to all traffic using a single converged cloud service from Cato. Alewijnse indicated the cost savings from MPLS elimination was enough to fund the whole SD-WAN project. UMHS, a healthcare company, was able to eliminate both its MPLS network and branch security firewalls and move to a single cloud-based SD-WAN as a service.

SD-WAN ROI driver: Network Automation and Co-managed services

One of the most costly components of enterprise networking is the network management model. Legacy network management comes in two flavors: Do It Yourself (DIY) and a managed service. With DIY, network managers often use crude tools like Command Line Interfaces (CLIs) to manage router configurations. Since any network outage costs the business a lot of money, availability became paramount, making network changes very slow. Maintaining any kind of dynamic traffic routing or failover is very complex. To reduce this complexity, IT has outsourced the network management to a service provider which in turn, stopped the enterprise IT staff from making any network changes. Managed services are not only expensive but they also came with a built in delay for any network change – through the use of ticketing systems.

SD-WAN promises an improvement in network agility. For DIY enterprises, SD-WAN offers to automate network changes and increase network resiliency. However, it does add “one more box to manage”. For enterprises that prefer a managed service, a new co-managed model enables IT to make quick network changed through a self-service model, while the service provider maintains the SD-WAN service itself. In a co-managed model the customer doesn’t have to maintain the generic underlying infrastructure the underpins the service, and can focus on business-specific configurations.

Sun Rich, a food processing companies, was running a network with multiple MPLS provider, SD-WAN appliances, WAN optimization solutions and network security devices – all for a relatively small organization. Sun Rich was able to eliminate all these products and service and replace them with a single cloud-based SD-WAN service. Sun Rich also retained control over network and security changes through a self-service portal.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.