What are the business benefits of SD-WAN deployment? SD-WAN stands for a Software-Defined Wide Area Network. It simplifies network management. It reduces the cost of the network infrastructure. It provides better network governance. And it is easier to manage the previous generation Hybrid Networking.
With 50% of the data in networks now being delivered to the cloud, it doesn’t make sense for traffic to be carried over expensive MPLS connections just to be sent to the Internet. Reductions in network cost using hybrid networking delivered less critical traffic via secured VPN on the Internet. But this simply reduces the overall cost for the solution, it does nothing for complexity. It still results in 3x the payment to deliver the traffic to the cloud. (Once to leave the source, once at the central hub, and a third time to be delivered to the cloud.)
SD-WAN uses a virtualised overlay which links sites; defines and uses multiple traffic paths between them; delivers intelligent quality of service at an application level; improves speed of deployment for new locations; and delivers better governance of the network infrastructure. Deploying SD-WAN within a network allows customers to reduce costs, improve delivery times and application service levels.
Microsoft Office 365, Salesforce and applications hosted in the cloud (via Amazon AWS, Microsoft Azure or IBM bluemix) are increasing. Whit business applications in the data centre, it made sense carrying the traffic to a central location. With the dispersed nature of the cloud, this principle no longer holds. Optimising traffic to the cloud means the opportunity for reductions in network cost.
The business benefits of SD-WAN:
Lower Network Costs (reduction of 3x in cost per bit)
Lowering network costs uses the Internet to directly connect cloud based applications. A local internet connection means it is possible to use a VPN to carry traffic between sites. Using the internet in this way drives savings in network infrastructure costs.
The Internet is approximately 5x – 13x cheaper for the same bandwidth connection, than an MPLS service. Reduce the bandwidth of the MPLS connection, typically by 50%, it is now delivering just traffic that needs an SLA. If you have resilience using a second backup MPLS connection, remove this and use the Internet to provide the backup.
You can get twice the bandwidth into your network for less than 60% of the price you pay for currently; and an improvement of more than 3x the cost per bit overall. When analysts such as Gartner says that cost reductions can be achieved by using the Internet, this is what they mean.
And if you use WAN Optimization, then bandwidth and cost can be reduced even more. (Though typically, WAN Optimization is normally a redeployment of technology already used by most customers.)
Improved delivery times for deployment and change
Traditionally new sites have been limited by the speed of deployment of the network. Links to the MPLS typically arrive with lead times of 90+ days. Instead, with SD-WAN a site could be brought up within a day to the Internet via ADSL or cable, or instantly with an LTE connection. This will quickly provide for the initial connectivity requirements. As more robust connectivity is delivered, these can be linked into the site, increasing bandwidth and resilience.
Some marketplaces, such as retail, have a very high degree of churn in the sites. The ability to get a store up and functioning quickly improves profitability of the location. (There is less dead time when the store is costing rent, but not making sales). These stores also have a very similar equipment deployment. These same drivers can also be applied to other businesses with the same benefits.
The ability to roll changes out to thousands of sites improves the delivery of change within the network. Each change imposes a level of risk in the network, because of the opportunity for keyboard error. The fact that the change is made to a template, and then applied to devices minimises that change risk. Changes to one or thousands of devices are implemented at the same time. The impact of changes can also be rolled-back at the same speed. This allows the move to a DevOps mode of network implementation. Changes can be quickly tested in a small segment of the network. Once proved, these are then applied to the whole network. Change occurs in small incremental steps.
Application Service Levels
SD-WAN moves the level of control in the network from the delivery of packets to the delivery of applications. Business requirements define Application Service levels. These provide the thresholds that a network must meet for an application to function.
The SD-WAN environment has an in-built understanding of applications, and be able to discriminate their different types and behaviours. Understanding which Application Service Levels support an application flow requires differentiation. It needs to differentiate flows for Skype for Business, or Drive, or email alongside traffic for Office 365. The same Microsoft cloud hosts these applications, but an SD-WAN must distinguish them.
Measurements in the network are not now just about bandwidth consumption; but what application is consuming the bandwidth, what is the end-user experience like; using measurements of jitter, packet-loss and round-trip times at an application flow level. The data flowing across the network generates these measurements. Synthetic probes generate measurements when there is no traffic flowing.
Policies define Application Service Levels. A policy sets how critical the application is to the business. This is used to support choices of paths (secure or public links), and behaviour when links fail. Changes to policies alter the behaviour across the network. Adding a new site automatically applies the existing policies to it.
Flexible traffic routing and built in resilience
SD-WAN platforms understand applications and their performance requirements. They understand the performance between various paths between two sites. This means they can automatically move traffic from path to another should it no longer meet the requirements needed.
Anomalies against the application service levels and the normal behaviour of these applications triggers events. This can generate changes in the traffic routing; adjustments in the prioritisation of one application over another. The system raises alerts for human assistance when the automatic changes don’t normalize the application service levels.
So rather than just reacting on a hard up/down signal on the various links, changes in behaviour across links, such as increase in jitter or packet loss can trigger an action to move applications to an alternate path if that provides better performance. Traffic uses multiple paths when routes exist between sites; provided they have behaviours that meet the applications requirements.
Protection of critical applications ensures the business continues. When paths fail, they switch to alternate available options. When congested, the network prioritises them above other traffic. Applications deliver successfully against the policies, no matter the behaviour of the network.
This is the power of managing the network at an application level, with SD-WAN.
Better governance
The SD-WAN network needs to have a better level of monitoring than a traditional network. It operates on an application level, rather than a packet level; and links sites, rather than routers together. It collects a lot of data from all the traffic flows in flight across the network. Reports and graphs present this data back to both operational and service management staff.
Just implementing a technology because it is new is not appropriate, it should also be able to demonstrate real business benefits in cost reduction, speed of deployment and change, and delivery of application service levels.
Value requires capturing metrics such as line costs, as well as utilisation, and application performance. Some of these metrics are not directly accessible to the SD-WAN platform. Capturing the metrics at the start is essential to showing the value. Continuously monitoring them through the life of the SD-WAN deployment maintains the value.
The challenges for SD-WAN:
So what are the main challenges for SD-WAN? What prevents prospects and customers taking advantage of all that goodness offered in business benefit?
Distributed Security Perimeter
Being able to manage a distributed security perimeter does increase the exposed attack surface of an organization. Managing a larger distributed security perimeter may need changes to an organizations security processes. If they already have SIEM and SOC solutions in place, then this is not so much of a cultural change, but more a case of plugging new technologies into an existing infrastructure.
Minimizing the security risk could include adding a Web Security Platform ensures that the content of these is secure. Integrating a cloud-hosted platform, such as zScaler, means you don’t need to manage additional devices at the edge. The web security platform implements a security policy for the sites based on the applications in use. Inspection, protection and management of the Internet traffic occurs.
Policy Definition
The use of policies to drive the application performance in an SD-WAN environment can customers concern. Understanding all the applications that they have and the requirements to set agreed business priorities for these is challenging.
Application analysis
Customers may not want to start application analysis due to the depth and breath of their application portfolio. SD-WAN growth favours the SME market space currently because of the range of deployed applications. Identification of the applications in an SME is easier as there are smaller group of critical applications. Larger organizations like banks may be dealing with more than 30,000 applications. The fear is that they need to understand and set policies for each of these.
This is typically not the case, with most SD-WAN solutions are able to provide a default behaviour across the network. Remember, this is for the client-side traffic, inside applications can be more complex. So the number of policies needed can be radically simplified for SD-WAN compared to SDN environments.
Performance metric setting
What is the most appropriate performance levels for an application? As I stated earlier, the key client-side delivery flows are much simpler than those within the application itself.
Standards determine the performance metrics for some applications. Quality measurement of a Voice over IP (VoIP) call is against thresholds for delay, round-trip, jitter and bandwidth consumption measurements. Applications that standardise on HTTPS to carry the data have well known behaviours.
The behaviours of an IoT device recording temperatures is different to one recording a picture of each widget on a production line. It really is only those critical bespoke applications that the customer uses that will need to be classified. Identifying and modelling these applications is part of the deployment process minimises the risk to the business.
Business process optimization
SD-WANs deliver an agile network infrastructure. Zero-touch deployment means no field-engineers on-site. The network changes behaviours of applications within the network automatically. This scares some prospects from deploying SD-WAN because of the agility, particularly in environments (like healthcare and finance) where compliance is a concern.
You lose the power to quickly adapt if changes require human authorisation at multiple steps, from acceptance of change to activation of the change later. You lose the flexibility of having the network perform automatically if all changes require documentation and approval. But customers need to understand the current state of the network; determining why application delivery is over specific paths, tracking changes to policy and configuration and to show control of the environment.
Mitigating these concerns
All concerns should be addressed before an SD-WAN deployment. Delay in deploying SD-WAN solutions occurs when there are security and migration concerns. Business processes, however, are the reason why many do not achieve the full benefits they offer.
Working with a partner that understands SD-WAN helps mitigate the concerns. The process of implementing an SD-WAN needs to look at all the elements, and ensure that business processes, implementation, operation and management are in place. Good partners look beyond the technology and help the business adapt to take full advantage of the benefits.
On the security side, what if they don’t have SIEM and a SOC and the latest security operations processes? What if they are using lots of proprietary tool sets to manage their security assets and infrastructure? These are indicators of the levels of maturity in the organisations approach to security. A partner should help them manage the changes in security risks as they move applications into the cloud from the fortress data centres of yesterday.
Similarly an experienced partner delivers the application analysis and performance metric setting elements. They use consultants that have a deep understanding of application flows across the network, and that understand applications and network interaction.
Finally, consultancy around business processes optimization delivers the full power of SD-WAN. Delivering automatically the business application service levels. Minimizing the amount of human intervention in the process loop. Delivering processes to build confidence in the automatic control of the applications. Monitoring and analysing the network to prove it is always positively optimizing the environment for critical business flows.
SD-WAN makes your life simpler, shapes the network to meet the business needs, reduces the cost of the infrastructure, simplifies network management and provides better network governance. SD-WAN has real business benefits. Can you afford not to take advantage of them?