Enterprise organisations all have one thing in common – a growing need for secure connectivity to their customers and the cloud hosted applications, tools and resources they need to compete. But their IT network requirements are evolving: security threats continue to rise; demand for bandwidth is increasing; and the shift to cloud is driving the complexity of the WAN.
Historically, managed service providers have met these needs with a portfolio of WAN connectivity services. However, as the needs of the enterprise have evolved, the managed service needs of IT organisations are expanding. They want greater network flexibility and agility, more visibility into network performance and security, the ability to monitor and adjust application traffic flows and to deploy and manage branch sites remotely.
Furthermore, they want to do all of this through a single pane of glass, covering wired and wireless networks.
By choosing the right SD-WAN solution, service providers will be able to deliver a platform for managed services that can scale all the way down to meet the needs of their smallest enterprise customers and all the way up to meet the needs of their largest, multi-national organisations. But what are the key considerations for enterprises before deploying a solution?
Prioritise integrated security
While some basic SD-WAN solutions offer the ability to integrate third party security solutions, oftentimes these solutions are not fully integrated into the SD-WAN environment.
This leaves the end-user with two solutions to manage, often through different management portals. This is referred to as a “bolt-on” integration approach, in which security is looked upon as an afterthought.
On the other hand, full featured SD-WAN solutions provide integrated next-generation firewall-based solutions. This provides robust security for SD-WAN endpoints and the network itself, including both the WAN and LAN sides of the CPE demarcation. These solutions typically offer integration with advanced security capabilities such as UTM and ATP.
Hardware and interoperability
While the SD-WAN controller is software, SD-WAN solutions still require hardware or software endpoints for connectivity.
Again, we find that not all vendor endpoints are created equal. Some leverage OEM or white box hardware for their solutions, which often are limited in scale, and don’t provide the ability to add additional features, capabilities, or services.
Similarly, some solutions are prohibitively restricted to a particular vendor or ecosystem.
As such, it is helpful to leverage a solution that supports a broad range of device types to cover all of needs with one solution that supports the same features and policies. Ideally the vendor should leverage a template approach that replicates the same template across every endpoint. It’s critical to select a vendor who can support cloud endpoints with virtual software-based endpoints, who can support remote locations wherever they may be through whatever connection options are available, so a broader support for network interfaces is important, including 4G/LTE, and a vendor whose hardware is secure.
Open standards and scalability
As well as generally being interoperable, open standards-based solutions provide greater customisation of the solution itself and are often more flexible and agile to deploy, use and manage. The better SD-WAN solutions on the market have open APIs and leverage standard routing protocols. This is important, because these solutions can integrate other network functions into the SD-WAN environment, which provide the ability to integrate more of the WAN/LAN network functionality into the SD-WAN management portal, which provides a single pane of glass configuration and management, which ultimately helps automate and simplify more of the WAN.
Not only should a solution be open, it should also be scalable. Most SD-WAN solutions support 10M-1G connections with a few hundred endpoints. However, for larger network requirements, enterprise organisations should look for vendors who can support 10,000 or more endpoints, can scale from virtual software-based endpoints to larger NGFW endpoints, and for solutions that can support 100Gbps of throughput. These advanced SD-WAN solutions provide greater capacity, versatility and support for business growth and to ensure that the SD-WAN solution will be able to support endpoints in all regions and all scenarios.
Reliability and redundancy
When evaluating SD-WAN solutions for redundancy, look for solutions that have controllers that are horizontally scalable and highly available. It is important to select solutions that provide geographically redundant controller clusters. Most SD-WAN solutions use a gateway device to communicate between the controller and the CPE endpoints. Additional devices may be used as hubs, which are used to connect CPE devices together. It is important to select solutions that support redundant hubs and gateways.
It’s also important to understand that the better solutions will provide support for active/backup path configurations as well as active/active. If the active link goes down either the traffic is diverted to the backup path, or in the case of active/active, it is redistributed across the other active paths. Finally, some enterprise organisations will require redundant CPE device support as well. Therefore, a truly scalable and reliable solution will offer CPE that can be configured in a dual CPE cluster with active failover support.
The bottom line
There are a number of vendors who say they offer the right mix of these SD-WAN capabilities, but it’s currently caveat emptor when it comes to ensuring the solutions meet the strongest definition of the phrase.
As a prime example, not all SD-WAN solutions are highly available, horizontally scalable, multi-tenant, provide role-based access control, or are fully redundant so it’s important to weigh all these factors before investing in a solution. By striking the right balance between integrated security, interoperability, scalability and reliability, MSPs will be well positioned to meet their evolving enterprise customer IT needs.
