SD-WAN at its core helps enterprises achieve dynamic alignment among business and IT strategy, application policy, and WAN configuration. In other words, it enables the WAN to provide the application experience (reliability, availability, performance), and application security demanded by business users, and the operational simplicity that IT and network admins yearn for in the current paradigm of rising IT complexity. We further explore these three key value drivers of SD-WAN adoption below:
- Seamless, secure cloud connectivity. In the absence of SD-WAN, connecting users securely to public cloud apps is complex and expensive. In most cases, enterprises haul cloud traffic emanating from the branch back to a central internet security point in the corporate datacenter over expensive MPLS links. This also has an impact on app performance for apps that may be leveraging the MPLS links. In cases where the enterprise accesses cloud apps directly from the branch (leveraging IPSec firewalls), in the absence of SD-WAN, the security paradigm is not ideal either. All cloud-bound traffic from a branch is transported over the same IPSec tunnel with no isolation for traffic originating from different business units or traffic intended for different public cloud segments. Application-specific network policy is then applied at either of the two endpoints.
A key use case/benefit of SD-WAN that has come to the fore in early deployment is segmentation of enterprise assets that can now be pervasively enabled on the WAN. With SD-WAN, mission critical traffic and assets can be partitioned and protected against vulnerabilities in other parts of the enterprise. This use case appears to be especially popular in verticals such as retail, healthcare, and financial.
While end-to-end application traffic isolation in the WAN is a key benefit of SD-WAN, the security benefits do not end there. SD-WAN can also protect application traffic from threats within the enterprise and from outside by leveraging a full stack of security solutions included in SD-WAN such as next-gen Firewalls, IPS, URL filtering, malware protection, and cloud security. This full stack of security solutions can enable policy-based layer 3-7 protection for all traffic on the WAN irrespective of destination — the cloud or the corporate datacenter. Application traffic emanating to the cloud straight from the branch can now be secured using a secure internet or cloud gateway. Users, applications, and their data at the branch edge can be protected by the stack of security solutions incorporated into the SD-WAN on-premises appliance, vCPE, or router, which typically includes next-gen firewall, intrusion protection, malware protection, and URL filtering.
- Application experience. SD-WAN enables the enterprise to identify and set up application specific policies and SLA criteria around attributes such as latency, jitter, and loss. A key benefit of using SD-WAN is that it enables dynamic policy-based routing for all application traffic at the branch. Depending on policy defined at the SD-WAN controller and on conditions prevailing on the network links at a branch, application traffic is routed in real time over the most optimal path to deliver the attributes of bandwidth/latency performance, security, or availability for all branch application traffic. With SD-WAN, applications and their users can now be isolated from network brownouts and outages with app-aware policies. If a specific link carrying application traffic goes down, the traffic is automatically routed over another link to preserve the SLA. If a broadband link shows unacceptable packet loss, mission-critical application traffic is automatically routed over a more reliable broadband or MPLS link to ensure the application SLA is not compromised. User experience is thus maximized while ensuring the security posture is not compromised. This feature has helped optimize the performance of a significant number of third-party apps at the branch and hence improve the application experience of users of those apps.
- Operational simplicity. With SD-WAN in deployment, new WAN locations / sites and new WAN segments can be provisioned much faster and application policy can be applied to each site and segment. Not only can WAN sites and segments be provisioned faster but different WAN topologies can be created per segment. A specific WAN segment at a branch needs to connect to other branches — this topology can be specified in the application policy for the segment. If WAN traffic on a segment needs to be restricted from being routed to another branch, this can be specified in application policy and implemented at an enterprise level. Importantly, business partners can be provided secure access to specific business segments on the WAN and restricted from others.
Business Value of SD-WAN Deployment
The early SD-WAN value proposition and ROI has been largely centered around WAN operating expense reduction by enabling an enterprise to substitute expensive MPLS with cheaper broadband connectivity options. However, more recent mature deployments of SD-WAN have unearthed significantly higher business value from the operational simplicity entailed in SD-WAN deployments, improved application experience, and the greater scalability and flexibility that SD-WAN has bestowed on the network. Specifically, IDC research suggests that enterprises who have deployed SD-WAN report the following:
- Requiring less IT staff time to manage and secure WANs through centralized software defined automation and segmentation, helping further optimize the cost of running WANs
- Providing higher-performing and more reliable business applications, enabling higher employee productivity levels
- Instilling business operations with greater scalability and flexibility, helping address more business opportunities and thereby increase revenue
- Increasing performance while lowering connectivity costs by increasing bandwidth even as they reduce overall connectivity costs
Longer-term, IDC views the following as critical for sustaining SD-WAN’s ROI and business value:
- Pathway toward a software-defined branch. In the longer term, IDC sees the SD-WAN as a first step toward a software-defined branch. In this vision, IDC views SD-WAN as a broader platform for several virtual network functions at the branch edge. This model involves the hosting of several network functions that today are deployed as individual appliances on a common hardware platform in a virtual CPE model. The model confers several benefits to the enterprise. While the short-term business benefit may be lower technology acquisition costs, the long-term business case rests on the advantages that accrue from the simplicity, flexibility, and agility that the virtual CPE model gives the enterprise or the service provider delivering the network service.
- Use of machine learning (ML), artificial intelligence (AI), and intent-based networking systems (IBNS) for dynamic policy optimization. SD-WAN in its current form does a great job of optimizing the WAN for a set of application-specific policies. The application policy is, however, ©2019 IDC 7 a snapshot in time, and it represents what is best for applications and users given current network conditions at that specific point in time. In IDC’s view, a great opportunity exists for vendors and enterprises to optimize the network based on policy that is dynamic and changes with time. IDC believes the use of ML/AI techniques and associated IBNS philosophies offers the potential to make SD-WAN a driver of a self-learning, self-healing WAN that is also secure and path-optimized based on a dynamic application policy.
The SD-WAN market — given its attractiveness — is highly competitive. There is a lot of hype around technology promise and vendor capabilities, which is not healthy for the market in the short term. Vendors such as Cisco have their work cut out for them in terms of making themselves heard and ensuring that their capabilities are fully understood by enterprises in the market.
IDC believes that the SD-WAN market has passed the hype phase and entered a period where early implementations have begun to deliver tangible benefits. To the extent that Cisco can execute on evolving requirements in a dynamic marketplace and address the challenges described in this paper, the company has a significant opportunity for success as this market becomes mainstream over the next few years.