SD-WAN has shifted from peripheral technology to the mainstream. SD-WAN benefits are so compelling that Gartner predicts that by 2018, more than 40% of WAN edge infrastructure refresh initiatives will be based on SD-WAN appliances from SD-WAN vendors or vCPE versus traditional routers (up from less than 2% today). According to IDC’s Worldwide SD-WAN Forecast, SD-WAN vendors are expected to see a 69% compound annual growth rate in sales over the next five years, reaching $8.05 billion in 2021.
“SD-WAN is the most significant infrastructure transformation since the introduction of virtualization,” says Shlomo Kramer, co-founder, and CEO of Cato Networks, a provider of cloud-based and secure global SD-WAN. “It transforms how we think about office-to-office communications, Internet access, the cloud, our security architecture, and mobility. When else have we seen a technology with such profound impact?”
Clearly, plenty of people are getting excited about SD-WAN benefits. There are also plenty of reasons already discussed for that excitement. Here’s my “ultimate” list of SD-WAN benefits, including a few you probably haven’t considered.
Align Your Business and Your WAN
For too long, our networks haven’t reflected our business priorities. Business-critical applications were starved for bandwidth while YouTube and, worse, BItTorrent, got treated like royalty. Sales calls were garbled while file transfers chugged along. SD-WAN allows us to make order of this WAN “mess” and align our backbones to our business priorities.
This means more than just allocating bandwidth by the application’s importance to the business. Even with traditional wide area networks, we’ve been able to do that with the right edge equipment. With the SD-WAN, we can also align the uptime and network performance characteristics of available data services to the importance of a site.
Business-critical locations, such as a datacenter, can be connected by active/active, dual-homed fiber connections, managed and monitored 24×7 by an external provider. Less critical locations, such as small offices, can be connected with a single xDSL connection for significant cost savings. Temporary teams, such as those put together for disaster situations or when onboarding new clients, can be set up with 4G/LTE and mobile clients for connecting into the SD-WAN. Yet despite their different forms of connectivity, all locations remain governed by a common set of routing and security policies.
By aligning the WAN’s usage, configuration, and availability characteristics to business needs, we’re able to maximize our WAN budgets and dramatically improve our return on investment (ROI) from SD-WANs.
Get Better Application Performance
Applications vary in their network requirements. Voice is sensitive to packet loss and jitter; bulk data transfer requires throughput. Web applications have their own needs. IP routing, particularly as it’s implemented on the Internet, doesn’t respect those differences – it selects the same optimum route for each application. As a result, some applications may starve while others thrive.
SD-WAN lets you be smarter about how you pick your routes. SD-WAN appliances monitor latency and loss metrics of the paths to all other SD-WAN appliances. Then, they match application requirements and business priority onto those metrics, selecting the optimum path for a given application. The upshot: companies can reach peak performance across any provided transport.
Build a WAN Without MPLS
For decades, wide area networks were built solely on the backbones of MPLS circuits. While MPLS provides SLA-backed reliability and high availability, it’s also relatively expensive and inflexible. It can take months to wait for a single circuit to be installed at a branch location, or for a carrier to respond to a change request. That kind of bureaucratic delay might have been acceptable a decade ago, but it’s simply too restrictive for today’s business environment. The dream for many companies, then, is to be MPLS-free.
SD-WAN does allow companies to use the Internet to replace MPLS, but this isn’t appropriate for all applications. Loss-sensitive applications, for example, will underperform over time when traversing the open Internet. These applications still need some sort of SLA-backed backbone, such as that provided by SD-WAN as a Service. With a private, affordable backbone, SD-WAN as a Service can replace a global MPLS deployment and still provide significant cost savings and networking flexibility.
Create a Holistic WAN Security Posture
Security is top of mind for every enterprise today. The traditional approach to implementing security has been to use discrete products deployed in technology siloes. Network teams maintained their firewalls. Branch offices deployed VPNs. Cloud applications prompted the use of cloud-based tools like a CASB (cloud access security broker).
With the right SD-WAN, security can be deployed in a holistic manner to protect all resources on the network. Data center and branch locations, mobile users and cloud resources can connect into one network, the SD-WAN, which is protected by one holistic security policy and one set of security tools. This greatly simplifies how security is imposed and managed, and at the same time it is more complete and thus much more effective.
Get High Availability Beyond the Data Center
High availability (HA) was once thought of as strictly a data center feature. HA refers to systems that are durable and likely to operate continuously without failure for a long time. MPLS has been the traditional means of delivering high uptime, especially when redundant circuits are installed, but SD-WAN has made it possible to instill HA at branch locations at a reasonable cost.
There are several considerations for building high availability with an SD-WAN configuration. First, there must be redundant SD-WAN appliances (i.e., edge devices) at the branch so that if one fails, the other immediately takes over the load, and operations can continue without interruption. Next, those SD-WAN appliances can connect to redundant access lines such that, if one line fails, traffic can failover to another.
Thinking about redundancy in the Internet access layer, there can be redundant connections on just one of the SD- WAN devices or on both devices. It’s all a function of just how much redundancy the organization wants to build into the system. By adding circuits in a load balanced configuration with redundant components for high availability, uptime is increased with each additional circuit. Availability can be further assured by building diverse routing into the network configuration. An organization can use SD-WAN and build these aspects of redundancy to match or even exceed the uptime and availability of MPLS circuits at a lower cost.
Prevent Data Breaches that Exploit Lateral Movement
Many networks today put up perimeter defenses but allow users to move within the network freely. People – whether legitimate users or someone using stolen credentials – can then access resources they aren’t authorized to use. SD-WAN segments the network with Layer 3 tunnels (called “segments” or “overlays”) that prevent users from seeing and accessing unauthorized resources in other overlays.
Malware is also known to move laterally through the network to spread its havoc. To stop the lateral movement of malware, the SD-WAN must be inherently secure, inspecting every packet between locations through the use of next-generation firewall, intrusion prevention systems, and advanced threat protection within the SD-WAN overlay. Some, though not all, SD-WANs can deliver this advanced level of security, which many security experts consider a critical measure to prevent data breaches.
- Why the real benefits of SD-WAN have very little to do with cost reductions
- How SD-WAN can help bring you closer to your business — and why that matters
- The true impact Internet and SD-WAN can have on legacy MPLS networks
- What SD-WAN can do for the availability of your datacenter even without an expensive, telco service