What You Don’t Need from an SD-WAN Vendor

June 6, 2018

IT organizations are becoming increasingly aware of the benefits of software-defined wide area networking (SD-WAN). According to a July 2017 report from market-research firm IDC, SD-WAN adoption is seeing “remarkable growth” as companies look to streamline their WAN infrastructure and move toward more cloud-based applications. The IDC report estimates that worldwide SD-WAN infrastructure and services revenues will see a compound annual growth rate (CAGR) of 69.6% and reach $8.05 billion in 2021. IDC has determined much of the growth in SD-WAN adoption is from companies looking for ways to reduce the number of physical devices required to support applications as well as lower the cost of maintaining technology deployed in remote locations.

With multiple vendors entering the SD-WAN market offering a myriad of features and choices, organizations need to sift through the options to determine what features are really necessary.

What You Don’t Need

Security is a vital piece of WAN infrastructure that must be addressed. Most SD-WAN vendors provide basic security features such as encryption, layer 2 access control, and possibly some basic firewall functionality. But those basic features are not enough, so SD-WAN vendors have developed security partnerships. By using service insertion or service chaining, separate security services such as firewalls and IPS are inserted into the data flow. This provides the additional security needed, but also creates extra complexity, cost, and administration of these external devices. Preferably, look for a solution with full security integrated into the SD-WAN.

One of the advanced features of SD-WAN can measure the real-time transport quality (latency and packet loss) and use Policy-Based Routing (PBR) to route application-specific traffic over the most appropriate transport. Applications are grouped into classes, such as voice/video, business-critical, or best effort. When it comes to this feature, what you don’t need are dozens of these classes. Generally around 3-5 is enough.

Deploying a new site for SD-WAN requires an SD-WAN gateway be deployed on-site. When deciding between deploying a physical appliance or virtual appliance, a physical appliance is preferred and most commonly used for connecting offices. Virtual appliances require something to be deployed, managed, and scaled (just like a physical appliance), however its performance is subject to the underlying hardware. Where physical hardware cannot be deployed, such as connecting the cloud, agentless deployment is best.

What You Should Focus on Instead

There are four main features you’ll want to look for in an SD-WAN solution.

  1. SD WAN Provider Has Its Own Backbone

A provider with their own backbone presents several advantages for the customer. Unlike unmanaged Internet connections, a provider-owned backbone provides an MPLS-like SLA-backed latency but at an affordable cost. Ideally, this backbone should be comprised of multiple tier-1 carriers with multi-gigabit links.

  1. Security Converged into the SD-WAN

Rather than having the burden of managing separate physical or virtual security devices in multiple locations, an SD-WAN vendor that offers converged security can provide a solution that enforces a comprehensive security policy on both WAN and Internet-bound traffic, for all users in both fixed locations and mobile. An integrated solution provides full visibility of traffic, a unified security policy, and a simplified life-cycle management.

  1. Network Optimization

A WAN connection consists of the last mile, which is between the edge site and the local ISP, and the middle mile, which connects the two last miles. Traditional SD-WAN appliances, if they perform WAN optimization, treat all segments the same. To get the most benefit, a vendor should treat the segment types differently, by applying optimization techniques according to characteristics of the last and middle miles. Some last mile optimizations to look for are packet loss compensation, enhanced link capacity and resiliency, latency mitigation and throughput maximization, and application QoS.

Middle mile optimizations should include SLA-backed transports, dynamic path selection, and optimal global routing. In addition, cloud traffic can be optimized with shared Internet Exchange Points (IXPs). SD-WAN vendors that co-locate PoPs in data centers directly connected to the IXPs of the leading IaaS providers such as Amazon AWS, Microsoft Azure, and Google Cloud can optimize traffic via the shortest and fastest path.

  1. Cloud Deployments and Mobile Workers

Migrating parts of a data center to the cloud can fragment access controls and security policies. This separation complicates policy management and limits overall visibility. Securing and optimizing mobile user traffic is an additional challenge. An SD-WAN vendor that can provide a global backbone connecting all physical locations, cloud, and mobile workers can optimize routing and reduce latency to key applications like Office 365, and enforce application-aware security policies on all access. Customers can seamlessly extend corporate access control and security policies to cloud resources, enabling easy and optimized access for mobile users and branch locations to all applications and data anywhere.

Bottom Line

If you’re not using SD-WAN yet, according to industry growth estimates, you are likely going to be using it in the future. An SD-WAN provider such as Cato Networks can provide a solution to meet the needs of global organizations who rely on data and applications in the cloud and are driven by a mobile workforce.

 

To learn more, subscribe to Cato Network’s blog.

Dave Greenfield

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.