Since SD-WAN technology arrived on the scene some five years ago, enterprises have been leveraging it to create more flexible, agile, and scalable networks. Now they’re asking, “What’s next?” and “What else can you do for me?”
SD-WAN providers and industry experts are looking at a couple of paths forward, and some “SD-WAN 2.0” products are already available.
A Look at SD-WAN’s Rise
Before understanding where SD-WAN is heading, it’s important to look back.
From a technical perspective, SD-WAN is a major departure from traditional Multi-Protocol Label Switching (MPLS) networks, which “were never really designed to have users and their applications connected via the cloud,” said Ian Whiting, president of field operations for Silver Peak, one of the earliest vendors in this market.
SD-WAN differs from MPLs in that it “separates management of policy and behavior from the individual edge devices,” explained John Burke, CIO and principal research analyst for Nemertes Research. With the ability to assign bandwidth on an application basis, enterprises could begin thinking about getting rid of inflexible and pricey private circuits and begin using much less costly broadband Internet access.
Indeed, the initial buzz around SD-WAN “started because of a very strong economic argument,” Whiting said. When an enterprise took a “small sip of SD-WAN,” it realized that it “tasted pretty good,” and would accelerate deployment to more sites, he said. Burke agreed: “[Enterprises] are looking to bump bandwidth up dramatically, especially to cloud providers, and want SD-WAN to make that possible with little or no increase in spending.”
Besides centralized management, SD-WAN brings load balancing, zero-touch deployment, and other improvements to the table, Burke added.
Security at the Edge: SASE Makes Its Case
With edge security top of mind for so many enterprises, combining security and SD-WAN seems like a natural next step. Gartner introduced this idea, which it called the secure access service edge (SAS), in its
July “2019 Hype Cycle” report. SASE combines security functions with WAN capabilities, allowing solutions to identify malware or malicious activities that affects WAN traffic in real-time, according to this Gartner blog post.
Another SASE benefit is that enterprises can use "security components that are required instead of the entire security stack" and can provide more dynamic responses to security threats/issues, explained Sorell Slayer, an independent security consultant, in
this No Jitter article. Providers like Cato Networks, Palo Alto Networks, and others already have SASE products available and are trying to capture this segment of the market.
"With respect to SASE, well, it is really about more than access," Burke said. Instead of SASE, Nemertes uses the term “Enterprise Secure Cloud Access and Policy Enforcement (ESCAPE),” he described as the “natural evolutionary convergence where the next iteration of the remote-access VPN and tools like cloud access security brokers come together.”
SASE isn’t the only approach. Some SD-WAN vendors, Silver Peak included, are incorporating edge security into their products through technology partnerships with security vendors like Zscaler and Check Point, Whiting said. While not an all-in-one SASE solution, this approach makes SD-WAN the primary transport for delivering security applications and services, Whiting said.
Is the Future Automated?
Automation might be another path for SD-WAN to take, as there’s much work to be done in making the edge of a network "more intuitive and responsive to the needs of a business,” Whiting said. AI and, machine learning functions will become more commonplace. A “self-driving edge network,” would be able to correct network issues that occur without IT professionals needing to configure fixes manually, said he explained. For IT professionals, this can be an even bigger game-changer than what SD-WAN is currently providing, further lessening the manual, tedious work and freeing up their time for more strategic work, Whiting said.
Full automation might be a “matter of taste and trust” and will be a while in coming – five to seven years in the future, Burke said. SD-WAN management will become “steadily more automated” over time; SD-WAN is today already “way more automated than legacy WANs,” he added.
Looking to the Future, Sorting Out the Options
SD-WAN's future also might be in a service called SD-Branch, which allows for tighter controls of an in-branch infrastructure, including wired LANs, Wi-Fi networks, and security, according to Zeus Kerravala, ZK Research founder and principal analyst, in
this No Jitter article. Unlike a traditional SD-WAN service, SD-Branch covers the entire stack and not just an overlay, explained Kerravala.
With all these SD-WAN options and more on the way, enterprise IT professionals might feel overwhelmed when it comes to deciding on a solution and then transitioning to it. To start, Burke said: "The biggest decision is whether to go DIY with an overlay solution or get a managed solution, and if managed, a managed overlay or something incorporating provider cloud services as well."
With an overlay solution, enterprises can swap a new provider in and phase an old one out with no outage or cutover windows. However, this lessens but doesn't entirely erase the need for ongoing management or maintenance, Burke said. With a managed service solution, the provider takes care of implementation and management, but the tradeoff comes with less control over the service and a greater reliance on the provider, Burke explained.
As is the case with many IT decisions, there is no right or wrong answer — what works for one enterprise might not be right for another. To get a firsthand account of SD-WAN success stories, join me in an
end user panel discussion at Enterprise Connect 2020, where we’ll be discussing the challenges of SD-WAN implementation, how enterprises are leveraging SD-WAN in their cloud pursuits, and the current offerings on the market today. We hope to see you there!
