Top 10 Things you Should Know About SD-WAN as Reported by CloudGenix

What is SD-WAN?

Software-defined wide area networking (SD-WAN) is a way of connecting remote sites, regional locations, and data centers over a wide area network (WAN). 

So, what is SD-WAN?  SD-WAN is considered an evolution of traditional WAN and offers the following benefits:

  • Traditional WAN typically requires configuration and management of complex VPN tunnels. SD-WAN automates this process
  • Traditional WAN has issues mixing different WAN circuit types in the same location. SD-WAN allows you to mix these (i.e. MPLS and broadband)
  • Traditional WAN relies on complicated routing protocols. SD-WAN does not
  • Traditional WAN often requires configuration of each device separately. SD-WAN generally uses a common, centralized controller for configuration

Businesses migrate from a traditional WAN to SD-WAN to:

  • Leverage broadband for better performance and lower cost than MPLS
  • Improve high availability in the branch office
  • Integrate cloud applications into their workforce
  • Simplify IT operations by moving to a top-down policy model
  • Reduce branch office cost including hardware, management, and maintenance

Can SD-WAN replace MPLS?

Multiprotocol Label Switching (MPLS) networks are typically private lines provided by a service provider to connect multiple locations for a business over a dedicated, reliable, and private wide area network (WAN).  While MPLS is dedicated and reliable, it is often more expensive and less performant than a business Internet circuit.  Business Internet has become a popular WAN circuit as it is generally an order of magnitude higher in performance while being a fraction of the cost and nearly as reliable as MPLS.

Can software-defined wide area networking (SD-WAN) help you replace MPLS?  Potentially yes!  Many businesses already have a substantial investment in MPLS and enjoy its reliability.  However, performance is often a limiting factor with MPLS, and legacy WAN routers have a difficult time providing load-balancing and high availability over both Business Internet and MPLS in the same location.

Most businesses will migrate from traditional WAN to SD-WAN to better support load-balancing and high availability in the branch using Business Internet alongside MPLS.  This helps speed up adoption of cloud applications (like Office 365, Salesforce) while also adding bandwidth to the remote location.  Since SD-WAN automatically establishes secure VPN tunnels between sites, many businesses have decreased their investment in MPLS to reduce cost, and some have even migrated away from MPLS completely.

In short, SD-WAN gives you an opportunity to have WAN circuit flexibility in the remote office and the ability to choose the right circuits with the right price and performance metrics based on the needs of each location.

Do I need both SD-WAN and VPN?

Is a separate virtual private network (VPN) required when deploying software-defined wide area networking (SD-WAN)?

Typically, no!  VPNs are designed to securely connect sites and uses encryption to maintain secrecy of the application data exchanged.  Traditional wide area networking (WAN) devices including packet routers and firewalls often require complex configuration to establish tunnels – virtual interfaces with encryption and other security features designed to protect data secrecy – to transmit data amongst sites.  The process is often cumbersome, time-intensive, and error-prone.

Virtually every SD-WAN solution helps to simplify this process by either automatically establishing secure tunnels amongst sites or reducing the number of steps required to do so.

CloudGenix AppFabric makes it even easier and more secure than traditional networking and legacy SD-WAN by not only automatically establishing a secure fabric of connectivity, but using advanced security capabilities to meet the needs of the world’s most demanding businesses.

What is “Secure SD-WAN”?

Software-defined wide area networking (SD-WAN) can radically improve your wide area network (WAN) architecture; many businesses wonder what security looks like once SD-WAN is deployed and how to best secure their network.  Having direct control over which WAN links an application can use in the branch creates the immediate concern of being able to control and secure those applications from within the branch without having complex, costly security devices in every location.

With SD-WAN, you can deploy physical or virtual firewalls in the branch office, or, take advantage of cloud security solutions which help eliminate extra hardware in the branch office and associated management complexity.  Policies can be defined that demand that traffic traverse the firewall in the branch or the cloud security platform.  This allows you to secure your business while enjoying the benefits of SD-WAN, and enjoy a consistent security and threat prevention perimeter for all sites.

CloudGenix takes this a step farther by including an application-aware zone-based firewall in the device deployed in the branch.  Better yet, with the app-level controls in AppFabric, CloudGenix gives you complete control over which applications use a cloud security platform, yielding better economics.  CloudGenix has partnered with best-in-class cloud security platforms to provide secure SD-WAN, also known as SSD-WAN.

How do you configure SD-WAN?

Software-defined wide area networking (SD-WAN) is fundamentally different than traditional wide area networking (WAN).  In traditional WAN, you have to configure routers and other networking devices at each location, along with a series of packet-centric features and routing protocols to ensure connectivity amongst your sites.

With SD-WAN, devices are managed by a centralized controller, which is responsible for propagating configuration changes to all devices in the network and collecting monitoring statistics.

The typical workflow for configuring SD-WAN is:

  • Pre-configure branch devices to be able to access the network
  • Configure data center devices to access the network
  • Login to the controller, and assign devices to sites
  • Define your application policies

And voila!  The configuration automatically propagates throughout the network. This is far simpler than traditional WAN which often requires one or more devices in each site.

CloudGenix AppFabric makes it even easier by aligning the definition of WAN policy with business policy. This means that, when your CIO says “Office 365 and voice calls should have gold service”, the policy you implement is exactly that – not a mish-mash of esoteric networking rules, access control lists, policy routes, and complicated QoS configurations.

So how do you implement SD-WAN?

Software-defined wide area networking (SD-WAN) provides many benefits over traditional wide area networking (WAN) architectures, leading businesses to wonder how they would go about implementing SD-WAN.

Since virtually every business already has remote locations with legacy WAN infrastructure in place (routers), SD-WAN is often implemented in a non-disruptive way that first augments the existing legacy WAN hardware.  Once the business is comfortable with SD-WAN, the legacy WAN hardware can be removed.

An example of such an implementation is as follows:

  • Business decides to deploy SD-WAN
  • A small pilot is performed in some number of sites. Devices are shipped to each of those sites
  • The SD-WAN devices are deployed in-line between the WAN router and the LAN switch
  • Once the business is comfortable with the SD-WAN solution, legacy WAN gear is removed

From there, a staged roll-out plan is often defined to migrate each location from legacy WAN to SD-WAN.

SD-WAN can help businesses improve application performance, integrate the cloud, reduce branch and WAN hardware and operational costs, and enable new levels of agility and automation that were previously not possible.

So how does SD-WAN work? You know, the details…

Software-defined wide area networking (SD-WAN) is a transformative new way of building and  managing a wide area network (WAN).  Traditional WANs involved a series of packet-centric devices including routers to provide connectivity amongst sites.  Often, these devices are managed and monitored discretely using complex, archaic configuration interfaces such as command line interfaces (CLIs).  Further, traditional WANs were often coupled with separate security configurations for firewall functionality (protecting the perimeter of the site) and virtual private networking (VPN), which enabled encrypted communication and data secrecy.  

SD-WAN upends this model by using devices that are configured, managed, and monitored centrally through a controller.  This controller acts as the central source of truth for the network, and is responsible for distributing configuration changes throughout the network to each device.  SD-WAN is considered “software-defined” because these solutions often have programmatic interfaces for configuration, management, and monitoring, as opposed to legacy CLIs and protocols.

SD-WAN solutions simplify configuration, management, and monitoring by providing a single interface for the network through the controller.  With SD-WAN, you no longer have to perform these functions discretely at each device.  And, when you need to see what’s happening on the network, you have a single pane of glass to do it.

SD-WAN solutions often include security capabilities built in, such as a firewall, and virtually all of them establish VPN connections amongst sites automatically.

CloudGenix AppFabric goes a step beyond by aligning business policies with WAN policy and application-centricity to provide the best possible user experience, easiest integration of the cloud, and the best economics and simplicity.

So, when should I use SD-WAN?

Software-defined wide area networking (SD-WAN) has upended the traditional wide area networking (WAN) model and many businesses are asking when to use SD-WAN.

SD-WAN is beneficial for a number of use cases, including:

    I want to add bandwidth capacity to my branch offices using business Internet

    I want to reduce my dependency on MPLS to reduce my WAN cost

    I want to integrate SaaS applications and cloud platforms such as Office 365, AWS, Azure

    I want to embrace digital transformation through video, kiosks, and other techniques

    I want to simplify WAN management and provide better alignment to business policy

    I want to reduce branch office hardware and devices to simplify manageability

    I want to shift to a cloud-centric cloud security and threat prevention model

CloudGenix AppFabric provides best-in-class SD-WAN with application-centricity and automation.  This means that your business policy and WAN policy are uniquely aligned, leading to the best possible user experience with applications and the simplest configuration, management, and monitoring workflows.

Does SD-WAN make broadband good enough?

Software-defined wide area networking (SD-WAN), and in particular CloudGenix AppFabric, continually monitors the health and performance of both WAN links and the applications using your network. Several metrics from the network are collected (bandwidth, latency, loss, jitter, reachability) and also from the applications (transaction times, response times, CODECs, success and failure rates).

All of these metrics are analyzed in real time to make decisions about which WAN link is the best fit for each given flow. As conditions change within the network or the application, AppFabric automatically steers flows to the best possible WAN link from the list you’ve deemed appropriate.

You can specify multiple primary paths and also multiple backup paths.

In this way, SD-WAN can absolutely make broadband good enough for business for remote locations, bank branches, retail stores, and other environments where multiple WAN links exist. Many businesses use AppFabric to add direct Internet to each location to help offload MPLS while reliably adding capacity, load-balancing, and failover.

What else can SD-WAN do?

By now you might be thinking “Ok, it sounds like AppFabric is the right solution for me. What ELSE can it do?” I’m glad you asked! In addition to using metrics from both WAN links as well as the applications on your network to drive routing decisions, AppFabric also displays this information in an intuitive cloud-delivered dashboard packed full of actionable analytics.

By now you might be thinking “Ok, it sounds like AppFabric is the right solution for me. What ELSE can it do?” I’m glad you asked! In addition to using metrics from both WAN links as well as the applications on your network to drive routing decisions, AppFabric also displays this information in an intuitive cloud-delivered dashboard packed full of actionable analytics.

    Want to see how your networks are performing over time? We have you covered.

    Want a breakdown of each application’s performance and why an application may be slow? We have you covered.

    Want to turn back the clock and look at network activity from some period in the past? We have you covered.

Most businesses find that once they have deployed CloudGenix AppFabric, they no longer need dedicated network performance monitoring or application performance monitoring for their remote sites. It’s literally built right into the cloud-delivered controller, with no additional management systems, storage, or backup required.

We take it a step further, though. In addition to allowing you the best possible user experience for each app, confident adoption of the cloud, integration of direct Internet, and the best possible economics for the branch and WAN, AppFabric also gives you new levels of agility and automation through programmability:

    Script against our API platform to automate deployment of sites

    Retrieve health, performance stats, events, alarms, and audit logs from our API

    Reduce human intervention in monitoring and managing events

We would love to chat with you and discuss how Cloudgenix’s AppFabric can help you on your journey! To speak with a Lifeboat Sales Representative today, click here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.