SD-WAN has made networking sexy again – and for good reason. Many CIOs view SD-WAN technologies as key to their cloud-first strategies. After all, it is known for optimizing WAN performance and connecting branch offices quickly and securely all while reducing costs. But, the market is flooded with SD-WAN products, all promising networking nirvana for the enterprise.
It is true that SD-WAN can make your network more agile with centralized control and management. But many SD-WAN products are sold as do-it-yourself devices requiring IT resources to configure and manage the solution before any real benefit is gained. While some large organizations might choose the DIY approach, there can be considerable implementation and system dependencies. For this reason, many enterprises choose to work with a managed service provider that has.
- Network engineering expertise
- SD-WAN integrated into a software-defined network platform
- 24x7 proactive network performance monitoring and ongoing support
If your organization is considering managed SD-WAN services, here are five things to consider when evaluating solutions.
Built-in features and services to enhance your security posture
When evaluating providers, it is critical to choose a secure SD-WAN solution engineered for enterprise-grade cybersecurity. Why? Because most SD-WAN devices themselves are not innately built to be secure. Ask these questions before you buy:
- Does your SD-WAN solution include an integrated, next-generation firewall with unified threat management (UTM)?
- Do you offer secure local internet breakouts, and if so, how?
- Does your SD-WAN hardware appliance include an integrated router and next-generation firewall, making it easy to directly and securely route traffic to the internet without stacking multiple devices at a given location?
While some providers will have IPSec tunneling and may even have next-gen firewalls built into their SD-WAN offering, others will go even further by:
- Incorporating security analytics into the network performance dashboard and customer portal – this is the mark of security tools embedded into the network fabric (not just bolted on as an aftermarket component) which enables real-time visibility
- Offering add-on managed security solutions and 24/7 monitoring services or even a complete managed detection and response solution – this takes the security monitoring workload off customer IT teams
- Ensuring their custom-built hardware is powered by leaders in the security industry
Flexible hybrid networking to lower your costs
A major catalyst behind SD-WAN adoption is to efficiently use any combination of public and private network connectivity to lower WAN connectivity costs and maximize WAN usage. These key capabilities enable cost-efficient connectivity and bandwidth utilization.
Access-agnostic service: SD-WAN services should be access agnostic, allowing customers to design any combination of public and private network connectivity. Additionally, SD-WAN should not lock you into any specific hardware vendor.
Active-active links: Being able to combine all your bandwidth is arguably the biggest selling point of SD-WAN. You can use all available connections, all the time. This is called an active-active or dual-active configuration. Instead of using a public broadband internet or a wireless link in a passive mode as back-up for a private link, an SD-WAN solution should let enterprises use both services in an active-active mode.
Service level agreements to improve the application user experience
A managed SD-WAN service provider should be able to support a variety of WAN services globally, offering connectivity options from broadband internet and wireless to private links. Service level agreements (SLAs) expose the differences in these services.
SLAs for network availability, latency, packet loss and jitter are critical in a hybrid network because performance guarantees are not the same as a private WAN. Further, SLAs that extend to SD-WAN customer premise equipment (CPE) is a key consideration. The time to repair or replace equipment is critical to ensure continued operations of SD-WAN locations.
SLAs and the quality of service are largely the results of the network service platform and the underlying architecture that supports your SD-WAN solution. It pays to understand whether it is a software-defined network. When SD-WAN edge devices are partnered with network services that are entirely software-defined, every element and component is accessible and flexible. This strategy multiplies IT agility and maximizes automation potential. Software-defined networks are also paving the way for the future, laying the groundwork needed for self-adjusting or intent-based networks.
When using direct internet access to providers like Amazon Web Services and others, cloud SLAs are an important consideration. These guarantee network performance right up until the moment the traffic is handed off to the cloud provider and help customers deliver a consistent application experience.
Dynamic traffic engineering to maximize your resource efficiency
Most enterprises that are evaluating an SD-WAN solution have some private links on their WAN. The ability to prioritize traffic (voice and video over IP, for example) over both public and private links and the ability to ensure quality-of-service across applications are essential. Thus, application performance monitoring tools and analytics are foundational elements of an agile, hybrid WAN solution.
Application-aware routing is a key feature and benefit. It enables the service to choose the optimal network path for bandwidth and quality of service based on particular application requirements. Two valuable features that enable intelligent, on-demand application-based routing are advanced error correction and dynamic application steering (DAP). Advanced error correction overcomes the adverse effects of dropped and out-of-order packets on internet links to provide performance comparable to private networks. DAP provides real-time traffic steering over any broadband or private link based on company-defined business intent policies. In the event of an outage or brownout, DAP automatically fails-over to the secondary connection in under one second, ensuring uninterrupted service to end users.
A fully managed service to enhance your productivity
Choosing a managed SD-WAN solution yields several key benefits over a DIY model, but it is important to ask a few questions of the provider to understand what 'managed' entails:
- Will the managed service provider deploy and manage the solution end-to-end including equipment management and proactive network monitoring on a 24/7 basis?
- Will you (the customer) have visibility and control over the solution or will you have to rely on the provider? A truly fully-managed solution should allow the customer to make changes to the network in multiple ways.
- Make change yourself via self-service controls available online
- Rely on the provider for administrative services via a team of professionals in the network operations center who provide proactive monitoring and assist with performance optimization
- Will you have dedicated resources to manage the implementation and ongoing service?
It is critical for enterprises to carefully consider, compare, and contrast the various solutions that managed SD-WAN providers offer to ensure they select the solution best suited for their needs.