What is SD WAN

1. What is SD WAN?

2. SD WAN Benefits

3. SD WAN Security

4. Cost Of SD WAN

5. Implementing SD WAN

6. SD WAN Consulting

7. What is Managed SD WAN

What is SD WAN?

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture. This architecture allows enterprises to utilise combinations of different transport services – including MPLS, LTE and broadband internet services with the aim of secure connectivity for users to applications.

The traditional model of routing traffic from branch offices to the data centre for robust security inspection is no longer optimal. The reason being is wasted bandwidth and the additional latency, ultimately impairing application performance. It can make a huge difference to your business utilising a better way to send traffic directly over the internet from branch locations to trusted SaaS and cloud-based applications without neglecting compliance with enterprise security mandates.

So what is SD WAN used for? It makes sure you have a consistent application performance and resiliency, automates traffic steering in an application-driven manner based on business intent, improves network security, and simplifies the WAN architecture. It uses a control function that is centralised to guide traffic securely and intelligently across the WAN and straight to trusted SaaS and IaaS providers. The benefit of this is increasing application performance and the delivery of a high-quality user experience, which increases business productivity for staff, agility and reduces IT costs.

SD WAN Benefits

SD WAN benefits can transform online performance, communication, collaboration, and application use within an organisation. They are implemented to support connectivity between multiple branches and can be used across offices, shops, warehouses and other working environments with easy implementation and ongoing management.

SD WAN is centrally managed and cloud-based which is particularly useful for companies that use applications that are hosted in the in the cloud. This enhances scalability opportunities and makes automated deployment possible. It can be used across thousands of endpoints in a seamlessly. As well as improving and optimising the deployment process, it also creates a better framework for ongoing analysis.

SD WAN Security is another priority for modern businesses to consider and we will discuss this a bit more later in this guide. The implementation of a SD WAN removes the need for data to keep traveling back to the data centers as the security features are present at each endpoint. The data encryption and advanced threat intelligence systems ensure that users, devices, and applications remain safe at all times.

One of the main SD WAN benefits are those that improve the user experience for customers or staff. The network is greatly improved for several reasons as systems are deployed to actively divert users when traffic-related issues arise. It can save valuable time and prevent huge levels of stress for both your staff and customers.

One of the other key benefits revolve around what is the cost of SD WAN in terms of value for money and is a cost-effective upgrade for many reasons. The function and scalability are naturally key features, but licensing should not be overlooked either. Meanwhile, it offers the opportunity to lose expensive MPLS connections in favour of VPNs and other economic broadband services, but we will look into cost a bit later on in this guide.

Another of the core benefits is the ability to incorporate the popular Office 365, Salesforce, and major SaaS applications in addition to optimised workflows such as AWS and Azure. The responsive performance helps reporting and allows adjustments to be made without any problems creating a smooth operational flow.

SD WAN Security

Maybe more so than any other network in your business, equal focus is needed on networking and the components of SD WAN security.

SD WAN security needs to consider the multiple traffic flows that can interface with the network. Each site probably handles critical business applications, provides access to cloud services, manages common web browsing and receives internet traffic generated by visitors and guests. All of which have different security needs, and enterprises must also consider how to secure the SD WAN infrastructure itself.

Security is therefore an essential aspect to build in. In our experience when enterprises start to research security, they often are not sure where to start. Our team can help plan, source, implement and even manage your SD WAN security solutions, but for now let’s begin by sharing some steps to secure SD WAN infrastructure.

Infrastructure Security

One of the most important factors for any new switch or router being added to the network is that the device has undergone a secure device onboarding process for your SD WAN. It’s imperative, due to the fact that hardware can reside in shared space or a service providers rack, that you eliminate the chance of rogue devices seemingly looking like a legitimate part of your network. Especially when you are not sure of the physical security and access requirements. The potential pitfall would be access to all traffic flowing across your network.
Another security consideration is to make sure your hardware vendor of choice blocks new devices from joining your network until they are authenticated. Authentication can take place in multiple ways such as a registration or serial number or a security token. If your network is likely to be dynamic with frequent infrastructure changes, make sure the authentication method doesn’t cause logistical problems.

Data Plane Security

When thinking of SD WAN security considerations one of the first thoughts is the data plane which carries the user traffic and needs to be encrypted. There are a few encryption methods which may be utilised including Secure Sockets Layer, Transport Layer Security or IPsec VPN tunnels.
Vendors will include different methods for encryption and key exchanges. It’s worth noting that shorter key rotation intervals are inherently more secure because they reduce the time a hacker has available to use a key, so always check those intervals with your vendors.

Control Plan Security

The control plane security is also just as an important SD WAN security consideration. In essence this is the messaging path among your network’s control elements which reside in the routers and switching devices used in creating your SD WAN architecture.
Critically, you need to encrypt this traffic too ensuring an attacker can’t intercept, hack or compromise the management and configuration functions of your network. In the main vendors encrypt the control plane but check as not all do.
Once you feel settled with your SD WAN security considerations, the next step is to investigate at least basic firewall functionality. Best practice features would include malware protection and other higher-layer functions.

Advanced SD WAN functionality for SASE

Secure Access Service Edge, or SASE, was a term that Gartner promoted in 2019. The solution is designed to be a more secure and flexible way to perform advanced security inspection directly in the cloud. This is instead of backhauling application traffic to a data centre before forwarding it to the cloud.

SASE combines SD WAN with necessary cloud-delivered security functions, otherwise known as Security Service Edge (SSE). SSE defines the set of security services that help deliver on the security vision of SASE.

The focus for SASE is to deliver the best end-user experience for cloud-hosted applications without opening up opportunities to compromise security. SD WAN on its own will not achieve SASE so advanced networking capabilities are imperative that can:

• Identify application traffic on the first packet and granularly steer it to enforce both QoS and security policies as defined by business intent
• Keep cloud application definitions and TCP/IP address ranges up to date, automatically, every day
• Automate orchestration between the SD WAN and cloud-delivered security services from a single console to make it easy
• Automatically failover to a secondary cloud security enforcement point to avoid any application interruption
• Automatically reconfigure secure connections to cloud security enforcement points if a newer, closer location to the branch becomes available
• Enable customers to adopt cloud security services—and their SASE implementations—at their own pace
• And most importantly, provide the freedom of choice to deploy new security innovations as they become available from any vendor to easily address unknown future threats

There is a lot to consider, but you are always welcome to have a chat with our team who can guide you.

Cost of SD WAN

The cost of SD WAN architecture needs to take into account a number of variables, all of which can contribute to some financial benefit. Like any new solution it’s the norm to have to justify the cost of SD WAN with a business case by calculating the potential return-on-investment. This calculation would be based on the time it takes for savings to exceed the cost of deploying and maintaining the solution.

Most importantly buyers need to think about the reputation and credibility of the providers they choose. You want to utilise some of the best-in-class technical requirements such as reach, latency, jitter, and other factors to do this project once and do it right. The technology provider’s service-level agreements (SLA) should also be closely scrutinised, so you feel safe and supported.

How Much Does the Cost of SD WAN Vary?

Every SD WAN solution is individual and has different requirements for hardware. You can expect to reduce your cost of equipment by updating traditional infrastructure to SD WAN. The fewer your needs, obviously the less hardware investment needed. The less hardware needed; the less maintenance that needs to be performed on hardware to keep it working well.

Another key consideration for your cost is whether your organisation will adopt a do-it-yourself model of management, or work with experts like our team at Vissensa to provide a managed SD WAN service.

Working with a managed service provider such as us, will relieve some of the burden of hiring and training an internal team, as well as give you more options for installation services, maintenance, upgrades, monitoring, and troubleshooting. It will appear to introduce additional costs but will ensure you are supported with best-in-class expertise and support should anything go wrong. When you factor in the cost of training, the hiring process, overpayment for features you do not need and loss of staff time, longer term you will likely save money with your cost of SD WAN by choosing a managed service.

Implementing SD WAN

When first considering implementing SD WAN the first step is to identify where you have shortcomings as that will help to establish the must-have from the nice-to-have features in your architecture. One of the best ways to identify these would be to utilise an incident management tool to identify where your issues lie be it bandwidth, security or hardware failures. It now time to compare and review different vendors based on your needs. It’s a big project and is where partnering with consultants like us can be really helpful as our team utilise and have relationships with the leading vendors and can quickly understand the right ones for your needs.

With the time, cost and effort that will go into implementing SD WAN you will want to ensure hardware and software support is good and timely in case of any issues. You can ask for details about their operation’s support process and try to get insight into the expertise of their team members.
Alternatively partnering with consultants like us you could utilise a manged service which will monitor and stay on top of any issues. The benefits mean expanding your staff size and expertise without the added cost, time and training.

Absolute best practice would mean to now look at a proof of concept (POC) in a development or restricted environment to ensure everything is working to your needs before it goes live. If you are utilising a consulting partner like Vissensa, we tend to do all the testing for you on your behalf before moving live.

It’s now time for implementation strategy. You could deploy in a small group and validate results before the full-blown implementation or alternatively deploy in less critical sites to get feedback and implement the learning in future deployments but ideally, it’s a staged approach.

SD WAN Consulting

As alluded to in implementing SD WAN above, there is a lot to research, test and plan which can be especially daunting if it’s not your team’s specific skill set. Our team of SD WAN Consulting experts have implemented solutions both in previous roles and during their time at Vissensa, so bring considerable industry knowledge and experience to your project. We also have relationships with all the top vendors whilst remaining independent, so you can be sure that the solution is right for your business needs.

Our SD WAN Consulting follows a full strategy from Identify, Plan, Implement through to Maintain, which means we can be with you at the very start of your journey or get involved further down the line. We can also offer a fully managed service which means you have the peace of mind that experts will be monitoring, patching and managing your solution so all you need to do is use it.

What is Managed SD WAN

The best way to explain what is Managed SD WAN is to describe who would benefit the most from it. Organisations who do not have huge IT infrastructure teams but already have many IT responsibilities will certainly find Managed SD WAN from expert partners the way to go. It helps extend your team without the need for extensive hiring and saves money. Not only that but you will have the expertise on tap as and when you need it always monitoring you network.

One of the other key benefits of a managed service is that your hardware and software partner relationships, SLA’s, patches and support can be managed for you which cuts down on the time spent with back-and-forth conversations. Your billing can be consolidated by your Managed service provider and something which can have many moving parts can actually been treated as a whole.

In addition, the relationships that a Managed service provider such as ourselves can offer with integration to network services offering bundles of different broadband connections is a big advantage to find the quickest and best routes. The same can be said for integration with public cloud services such as AWS and Microsoft Azure.