How to Pick an SD-WAN Vendor
Early adopters of SD-WAN are looking to SD-WAN providers to improve their existing networking infrastructure to achieve business agility in response to rapid change, as well as provide an optimal end user experience around application and service delivery.
While many early adopters of SD-WAN may have piloted solutions with established networking providers and niche products, businesses increasingly have more software-defined networking vendor choices—from router-based refreshes to pure SD-WAN and SD-WAN with WAN optimization.
In its March 2017 Gartner Market Guide for WAN Edge Infrastructure, Gartner recommends that businesses should “prefer SD-WAN solutions or vCPE-based platforms when refreshing or replacing WAN-edge equipment, instead of just refreshing existing router-based platforms.”
As you look across this crowded space—at the SD-WAN vendors, the service providers, the range of solutions with marketing claims—how do you choose? What are the requirements and capabilities you need in a SD-WAN solution for maximum business agility?
Creating an enterprise-scale SD-WAN connectivity and orchestration fabric requires the ability to:
- Manage centrally
- Orchestrate globally
- Deploy remotely
- Make networks and more visible
- Secure your business
#1 – Manage centrally
Ease of management goes right to the core of why you want software-defined networking. Software-defined networking reduces the complexity of the underlying infrastructure—often the client-server model—with networking overlays. The goal is to hide the complexity of the underlay and get away, if possible, from tedious, error-prone CLI coding. So, almost by definition, a SD-WAN solution should be simple to use and manage.
The SD-WAN management console should provide a complete view of the connectivity fabric that unifies all enterprise networks, from the hybrid WAN at branch locations, into cloud infrastructure environments and even reaching to the end user with branch wireless and wired LAN networks.
There you should be able to design, deploy and change your deployments and orchestrate services such as WAN optimization and security using intuitive, cloud-centric workflows and business intent-based policies.
Intuitive, cloud-centric workflows should allow instant and elastic expansion of new network end-points without additional operational overhead, with zero-touch provisioning to remote locations and automated “single-click” expansion of connectivity and orchestration into cloud environments.
And business intent policies should be expressed in the language of business—apps, users, locations, performance SLAs, and security constraints—rather than rather than the technical aspects of routing, eliminating the need for technical translation, intermediation, and error-prone device-oriented configuration updates.
#2 – Orchestrate globally
For today’s hybrid enterprise, an effective SD-WAN solution must apply the power of software-defined and business policy-based orchestration across the entire connectivity fabric, spanning hybrid WANs, cloud networks, and branch wireless and wired LANs.
Your SD-WAN solution should deliver automatic provisioning of devices and services like WAN optimization based on your business policies and full mesh connections between clouds and distributed locations. The simplest, fastest solution is a one-click extension of the WAN to IaaS cloud locations in a secure and optimized fashion, with the delivery of secure SD-WAN gateways and WAN optimization fully automated.
Orchestration also should encompass SaaS apps whose performance can be impacted by physical distance, backhauling, congested bandwidth or the end user device. You will want to enable total management of SaaS applications from local breakout management, to latency mitigation, to visibility into end-user experience.
To accelerate the wide variety of enterprise apps in use, optimization must streamline any type of application, as well as address a wide variety of standards-based protocols such as CIFS, HTTPS, MAPI, NFS, and SQL, to reduce the number of network- and application-based transactions across the WAN for faster response times and end-to-end throughput.
While many claim WAN optimization, vendors may be only talking about simple data compression and not full-featured application streamlining to reduce application transactions or transport streamlining to reduce TCP round trips and data per trip. Sometimes vendors are capable of optimizing only legacy apps, or a small subset of apps, or simply the newer cloud apps. If you are an enterprise business with distributed branches, you have myriad types of apps and need a solution that can optimize more than a thousand of them over any network without you having to think about it. In addition, your SD-WAN solution should offer Quality of Service (QoS) to ensure that both inbound and outbound traffic is appropriately prioritized by business criticality.
For orchestration, your SD-WAN solution should deliver:
- Automated and secure connectivity to and between cloud networks and to branch networks
- Seamless integration with critical network services such as end-to-end visibility and WAN optimization
- Efficient management of local breakouts with the ability to select traffic directed to local breakouts vs. central breakouts vs. cloud-based security brokers
- Automated path control with the ability to path select based on application type, business priority, and path quality as determined by available bandwidth, latency, jitter, or packet loss
- End-to-end network segmentation with all aspects of the segmentation integrated into a single concept of “zones”
#3 – Deploy remotely
With cloud-based apps, every user is remote. Thus, the SD-WAN solution must have a connectivity and orchestration fabric from the central place of management to where ever users are located.
SD-WAN policy overlays should automatically integrate with existing routers, WAN optimization appliances, and other existing appliances for fast provisioning of unified, optimized networks. They should also enable simple, non-disruptive extension of SD-WAN to on-prem datacenters. In addition, Guest Wi-FI access should be simple to use with rapid, secure access through self-registration when guests or employees bring their own devices (BYOD).
Other criteria include:
- Zero-touch provisioning of new branch equipment without requiring skilled personnel at the branch locations
- Branch router overlay or replacement with the ability to operate in conjunction with or replace the Customer Premise Equipment (CPE) branch routing device with a “thin” branch device where core SD- WAN and routing capabilities are available on the same physical or virtual appliance
- Security via native firewall capability and ability to integrate with third-party CASB or on-prem firewalls
- Deployment options with appliances available in physical, virtual, and cloud-based form factors for flexibility to integrate with white box hardware/NFV deployments and into public/private cloud environments
- A complete software-defined networking solution spanning all endpoints including secure SD-WAN gateways in the branch, datacenter, and cloud, as well as wireless access points and wired LAN switches in remote business locations
#4 – Make networks and more visible
Visibility plays an important role in networking and software-defined networking in particular. Your SD-WAN solution needs integrated tools that give you visibility end to end—all the way from the end user to the cloud.
Path selection, for example, requires visibility into the app, the network, and the destination, since you need to select network paths and prioritize traffic by application, user, or location. You also need instant and perfect visibility into the quality of every available path, since use of Internet broadband as a transport for corporate connectivity can make app performance and end-user experience unpredictable. IT also has less visibility into the modern encrypted app and cloud and SaaS apps not controlled by IT.
Integrated visibility in your SD-WAN solution should provide usage and availability about your overall network, specific sites, servers, all applications, and users. With integrated visibility and reporting, you should be able to easily answer:
- What’s happening on my network? What was the behavior in the last hour, day, or week?
- Are there issues with uplinks? Which uplinks are handling the most traffic?
- Which applications are used most often?
- Who is using the network? What applications are they using?
- What’s happening at site X? How is the traffic flowing out of the site? Is it in line with the policies? What is the QoS priority of the traffic?
- What is the activity for a particular uplink? Are there any performance problems? What is affected?
With this information, you can make informed policy and deployment decisions, monitor and troubleshoot performance issues for large-scale software-defined infrastructure using detailed reports, and then plan for changes.
#5 – Secure your business
No business is immune to hacking. How can you respond to these cyber intrusions and challenges?
Any security approach for SD-WAN must include the following key ingredients:
Built-In security—Security should be part of the SD-WAN design—not added later to respond to security breaches. Centralized support for embedded security, firewalls, access points, and switches can help simplify and consolidate the overall management of equipment, especially at the branch and other distributed locations. In your new SD-WAN, not only should security be built-in, centralized and easily automated, it also must complement and integrate with third-party CASB or on-prem firewalls.
Policy-based approach to designing SD-WAN overlays and security over the overlays. Security rules should be part of the policy and should be easy to implement, deployed, managed, and changed universally throughout the system—without any command-line interface (CLI) configuration that is often prone to human error.
Service automation, including security—A centralized, secure, global management system based on a single global policy should automate services and be easily changed for rapid response to changing conditions or new needs.
Simplified and secure access—both guest and branch. User identity-based control can provide an easy and intuitive way to define network access. You should be able to identify users by name, roles, or job functions.
Visibility—with a unified at-a-glance view of your network topology, including registered and online appliances. Your SD-WAN solution also should provide continuous automatic monitoring of network events, site, and tunnel status, as well as provide report-based usage and availability data about your overall network, specific sites, servers, all applications, and users.
Today, moving to SD-WAN and cloud and choosing a SD-WAN vendor requires you to rethink the network, as well as consider and implement a large number of industry and vendor SD-WAN innovations, capabilities, and integrations in order to transform the complex into the simple, the manual into the automated, and the fragmented into a unified whole.
Riverbed’s SD-WAN product: SteelConnect
Riverbed SteelConnect is a complete SD-WAN solution for securely connecting users and business to the applications they need, wherever they reside—on a remote LAN/WLAN, in a data center, or in the cloud.
Want to Save with SD-WAN? Estimate your cost savings with Riverbed SteelConnect.