In the age of virtualization, evolving cloud architectures, and business application innovation, enterprises are rapidly transforming their networks to efficiently accommodate these trends. In this new environment their existing network has been rendered slow, costly, and complex, with limited reach and scale.
Enterprises endeavor to take their network and transform it into an on-demand, automated, and simplified network with limitless reach and scale ready to offer services beyond just connectivity. This is where the power of SD-WAN comes in, provided it's implemented according to five key success factors.
1. Essential SD-WAN Technology
In today's offerings, we often see a network that's broken into two technology silos: one for the WAN and another for the data center. This creates an inefficiency that greatly reduces overall network agility and performance, not to mention compromises end-to-end security.
The cornerstone of success starts with an SD-WAN solution that offers a single end-to-end governance model, which allows the enterprise to have a single point of control across the enterprise's entire network, including not only the WAN and branch offices but also the private data centers and the public clouds where more and more applications are being hosted.
The SD-WAN solution should provide end-to-end micro-segmentation and a set of built-in network and security services at each branch such as IPSec, URL filtering, and per-application flow visibility as well as NAT, DHCP, and QoS that can be configured from a single user-friendly interface. All this must be delivered at scale with resiliency schemes as required by the enterprise.
2. Key Operational Tools
It's essential to have real-time application level visibility with historical archival and reporting of flow analytics across the entire network. With this type of insight, the network can be audited for capacity planning purposes while understanding key traffic trends.
Additionally, having immediate insight into the traffic can be useful in understanding how to best program the network to maximize network resource usage. Each application will have its own SLA requirements, for example, and the network can be programmed to route certain applications across the optimal path. This is a key factor that unlocks and guarantees better application performance for business-critical applications over broadband connections or even 4G/LTE connectivity.
Having the capability to correlate the underlay transport network (e.g. MPLS link) to the overlay SD-WAN VPN when identifying network faults is also essential in an enterprise's arsenal of assurance tools. This allows the enterprise to identify precisely how a specific fault impacts the overall network and end-to-end user experience. In addition, and especially when you are operating at scale, having inventory management tools and health monitoring capabilities are very important.
The last essential operational capability involves security. With hundreds and thousands of application flows traversing the network, it's important to leverage application-level visibility to first understand flow behavior. Furthermore, to protect the network, it is not feasible to manually program per-application security measures; this cannot scale. For this reason, it's essential to leverage software-defined principles to offer software-defined security that can provide per-application level security during a flow's lifetime across the entire network. It's also essential to continuously monitor the network to detect anomalous traffic or threats and respond in real-time without manual intervention.
3. Business Continuity
Philosophically speaking, SD-WAN is not about replacing an existing MPLS WAN, but rather, it's about augmenting or enhancing its existing value. MPLS transport typically represents a highly available transport link, which will always be required; SD-WAN technology, meanwhile, is designed to enhance its value and efficiency.
Practically speaking, an enterprise may not swap out its entire WAN as part of its network transformation. Instead, the business will likely start migrating a specific region or start with small greenfield SD-WAN sites in certain regions, then growing its network over time. There will be a period of time where legacy brownfield parts of the WAN and legacy branch locations will need to co-exist with newer greenfield SD-WAN paths and branch sites. Operationally, new greenfield SD-WAN sites must be backwards compatible with the existing legacy brownfield sites for an indefinite period of time, while still delivering the agility and automation promises of SD-WAN. The right SD-WAN solution must be built to accommodate this compatibility.
4. Business Case
The right SD-WAN solution -- purpose-built with the aforementioned factors in place -- will offer both service providers and enterprises much more than a new connectivity model. With an end-to-end network governance model, coupled with having insight into and control of each application flow, the right SD-WAN solution is ideally suited to provide the infrastructure and tools for the oncoming flood of value-added services (VASs). This will generate more revenue for the service provider, while providing the essential VASs for the enterprise in a more efficient and cost-effective manner.
Some services that offer core requirements -- IPSec, NAT, DHCP, URL filtering, etc. -- should already by embedded within the SD-WAN software itself. Other services, such as best-in-breed next-generation firewall and WAN optimization, will need to be either remotely hosted in a data center or public cloud or locally hosted in the branch and on the customer premises equipment (CPE). For remotely hosted services, service chains can easily be defined from the SD-WAN point of control ensuring that each application flow receives the proper service. For locally hosted services, the local SD-WAN appliance, which is an open x86-based uCPE hardware, should have the ability to onboard these third-party virtual network functions (VNFs) in an easy way that resembles installing third-party applications on any smartphone. The SD-WAN should abstract away the complexity of the management and orchestration of these VNFs across their entire lifecycle and provide a seamless experience of inserting these services regardless of who provided them.
5. The Right Partner
What is often overlooked, but cannot be overstated, is the importance of having the right partner for the transformational journey of implementing SD-WAN. For some enterprises, selecting a partner that offers a variety of deployment options that mitigate risk while expediting its go-live plans is as important as choosing the right solution. Being able to choose the right mix of public and private hosting, or even a managed service offer, dramatically increases your chances of success.
For large service providers and multi-national enterprises working with a partner with a pedigree of offering innovative technology to meet ever-increasing scale and bandwidth needs is key. Further, it's crucial to work with a partner with a proven 24x7x365, "follow the sun," global technical support organization. A partner with proven global experience of providing professional services is important to offer the help needed to customize, deploy, and complement the capabilities of the enterprise or service provider.
Finally, a partner that has a robust and dependable supply chain and procurement capability is integral to be able to fulfill global requests promptly and reliably.
Conclusion
Transforming enterprise networks is a journey that is best taken with the right SD-WAN technology partner. Many elements need to be considered beyond just core SD-WAN capabilities, such as the network governance model, operational tools, business continuity, and support for value-added services. This technology should be purpose-built from the ground up with the idea of connecting users to their applications, regardless of location of users or where the applications are hosted.
Related content:
