What is Software-Defined Wide Area Network (SD-WAN or SDWAN)?

Introducing a Software-Defined WAN (SD-WAN)

The Software Defined WAN (SD-WAN or SDWAN) defined as a program which simplifies branch networks and optimizes the performance of applications on the Internet and hybrid WAN. SD-WAN originate from software-defined networks, which unlink network-based software services from the underlying hardware.

SD-WAN and SDN are the small brothers of the networks defined by software. They are related, both are defined by software, but while SDN is intended for internal data centers in a headquarters. SD-WAN takes those similar software-defined concepts and decoupling the plane of control from the data plane to the WAN. “SDN is architecture, while SD-WAN is a technology that you can buy,” explains Andrew Lerner, an analyst at Gartner.

One of the main features of SD-WAN is its ability to manage multiple types of connections – from MPLS to broadband to LTE.

Managing a WAN through the software provides useful benefits. Any problem is notified and can manage all your WAN through a single interface. Recently, making changes to the network configurations in the branches would have required the creation and installation of manual configurations and probably a technician on the site to do so. If a company decided to extend the teleconference to its branches, for example, the predefined bandwidth allocations would have to be restructured. It may be necessary to acquire more bandwidth, then program it and install it at each location in the branch.

What features does SD-WAN (SDWAN) have?

Much technology that makes up SD WAN is not new, the concept is formed by the “package” that makes it up, according to Gartner has four characteristics:

  1. It must support multiple types of connection: MPLS, Internet, LTE, etc.
  2. You can make a selection of dynamic routes: Allows load balancing through WAN connections.
  3. It provides a simple interface for running the WAN: It must support “zero-touch” provisioning in a branch office and in a way as simple as configuring a home Wi-Fi connection.
  4. It must support VPN, third-party services such as WAN optimization controllers, security services such as firewalls, perimeter gateways, etc.

SD-WAN (SDWAN) Business Drivers

SD-WAN (SDWAN) Business Drivers
SD-WAN (SDWAN) Business Drivers

Many companies have complex infrastructure in their branches, consisting of routers, WAN route controllers, WAN optimizers, firewalls, and other components. It is expensive to buy and maintain and complex to administer.

Lerner estimates that an SD-WAN can be up to two and a half times less expensive than a traditional WAN architecture. It is estimated that a WAN of 250 branches in three years costs 1.28 $ 5,000 in a traditional WAN architecture and only 452,500 with an SD-WAN deployment. The ability to use routers is the biggest savings, along with staffing and a small decrease in router maintenance and support.

This ease of deployment, central administration, and reduced costs make SD-WAN an attractive option for many companies.

But if SD-WAN is so good, why is not it more ubiquitous? Many organizations have ASICs built as they control their WANs and LANs, which have long refresh cycles. Network engineers are also traditionally reluctant to drastic changes.

Software-Defined WAN (SD-WAN) Benefits:

Software-Defined WAN (SD-WAN) has many benefits; below are the major benefits businesses has experienced after using SD-WAN:

  1. Power the agility for the business, given the rapid deployment of WAN services to remote offices, without the need to send IT personnel.
  2. Elasticity in the bandwidth, since it can be added or reduced easily depending on the needs of the business.
  3. It facilitates the saving of the bandwidth and promotes that the connection to the Internet is available easily, quickly deployable and with much lower costs than the equivalent in MPLS networks.
  4. SD-WAN offers the reliability and security benefits of WAN services at the “Internet price.”
  5. It provides an architecture optimized for cloud the above because it eliminates the inconveniences and traditional penalties of MPLS networks and equates the security, performance, and connectivity between the office and the cloud, which considerably improves the experience of users in remote offices when they are using SaaS or cloud-based applications.
  6. It facilitates the migration to hybrid networks. Most distributed organizations have MPLS deployed in remote offices. Companies can deploy SD-WAN solutions without changing existing networks.
  7. It allows the automation of traffic management when prioritizing traffic. The key is to provide network managers with easy-to-use tools for prioritizing features that automate changes in traffic flows based on actual network conditions.

Customer Focus 1: SD-WAN Cost

SD-WAN (Software-Defined Wide Area Network) is the answer to the reduction of costs compared to the traditional networks of the MPLS (MultiProtocol Label Switching) operators, being able to achieve a reduction of up to 48% in the interconnections between offices or branches.

The benefits of SD-WAN are already a reality, and this is contrasted by Gartner, in its report where it is estimated that by 2019 it will be implemented in 30% of companies, in 2016 only 1% enjoy it.

So, what does it give us?

  1.     It gives greater bandwidth at a lower cost. SD-WAN unite MPLS and multiple low-cost broadband routes in a hybrid cloud.
  2.     Greater reliability in critical applications such as VDI, application virtualization, VoIP, video conferencing, video surveillance, intercom, ERP, and CRM compared to others.
  3.     Simplified administration. The deployment of SD-WAN is very fast, and its administration is simpler to be centralized and not depend on the support in each delegation.

Customer Focus 2: SD-WAN(SDWAN) Reliability

MPLS networks generally offer highly reliable packet delivery. Internet links, on the other hand, often fail.

To compensate for this fact, many organizations that move completely to the SD-WAN choose to request multiple Internet links from different providers to maintain the availability of “four nines” (99.99 percent) in the case of failure of the link.

Customer Focus 3: Security

SD-WAN Security
SD-WAN Security

The availability of applications and their performance depends, to a large extent, on the capacity of the network. The arrival of software-defined WANs has accelerated this capacity, but a new concern has also opened up that should not be dismissed by any company that is thinking about its Digital Transformation, and that is security.

Organizations have raised their awareness of this problem and seek security in every one of the technologies that they implement in their organization, and it cannot be less in their SD-WAN networks.

Businesses are seeing how their business models change thanks to the use of innovative technologies. Today, 92% of companies, according to an IDC survey, consider Digital Transformation as one of the keys to their strategy.

This transformation involves reconsidering how business is done, but also in how those businesses are executed. Applications, connectivity, have become key to developing daily activity, and therefore, all means must be put in place to guarantee users. Regardless of, where they are located, that they will be able to work with their data, their business applications, Quickly and safely.

“It is necessary to understand the possibilities of the third platform: cloud, big data, mobility and social,” explains Ricardo Malhado, Senior Research Analyst of IDC, in the webinar “SD-WAN, how to guarantee your security?”.

Session in the who assured that, with this, “companies can minimize risk, increase connectivity, create new services, access information in real time regardless of location, create products based on data. And all with the social component that is changing the way of collaborating, between employees and clients.

SD-WAN Security

It is in the third platform where is the global spending on ICT, and in the accelerators of innovation: robotics, IoT, cognitive systems, and augmented reality “.

However, there are also challenges: “each pillar of the third platform is a factor of exposure to risk.” According to an IDC survey on business communications in which participants were asked about the main IT or network risk in the next two years, security was the most mentioned.

“The concept of security perimeter has disappeared, the attack surface increases, the number of threats that are launched daily increases. Also, we assist in the professionalization of hacking and offer itself as a service: criminals who act as open source communities, share the threats collaboratively.

It is a global phenomenon that is increasingly difficult to combat. It changes the notion of business priorities. ”

The IDC numbers confirm the change in priorities, which is noticeable in just one year. “In 2016, the priorities of technological investment did not include security or virtualization of the network. In 2017 they were concerns within the top 5, “says Machado.

The greatest concern for the security of the network is due to an “urgent context regarding the need to be compliant with GDPR. While the investment in network virtualization is because companies realize that Networks are a barrier to achieving your business objectives.

Companies want to innovate, generate new services, new business models, reduce costs, be more agile. Networks are increasingly complex and expensive to monitor. Also, their security is more complex and difficult to scale. ”

Keys to building a secure SD-WAN architecture

We start today a series of deliveries in which we will give you some keys to deploy a secure SD-WAN architecture. Keys that take into account aspects such as security, deployment, or how to segment applications for better control.

What is most interesting when deploying any architecture, whatever the type? Safety. It is a premium condition above all things, so it is vital to give it the attention it deserves.

So, in the case of SD-WAN, how can you not dedicate a few minutes before performing the desired deployment with this technology?

Because what is clear is that moving from a traditional WAN architecture to another defined by software (SD-WAN) results in an improvement in security. Especially in an environment where business agility is required for remote sites to run quickly.

Key Value of SD-WAN

A key value of SD-WAN is that it unifies secure connectivity in all transports without losing their independence. Therefore, it is not necessary to use or provide a different security mechanism for different types of transport or to depend on the transport provider for your secure network.

Also, another aspect to keep in mind: the network overlay can support a wide variety of security capabilities. That said, here are the main requirements that should be in each SD-WAN security checklist.

And in the face of these investment needs and priorities, budgets are not shared equally. As IDC said in the session, it does for Digital Transformation, to migrate to public cloud services.

But all this requires increasing the connectivity, bandwidth, and performance of critical applications that run through these networks: “it is a continuous act of balancing to respond to these needs when the budget does not grow.”

Segmentation

SD-WAN can perform a deep recognition of applications, which allows very granular control over how specific traffic is routed

Most companies today need for segmentation to isolate different types of traffic for regulatory reasons. For example, PCI data, or to provide their network segments to different business groups. Companies can address these needs in the same way that a service provider would use virtual routing and forwarding (VRF).

Secure insertion of services

An SD-WAN solution will incorporate basic security features. Such as, a next generation Layer 7 firewall in edge devices, but it will not necessarily be a first-class security solution. However, additional security services can be inserted in multiple locations as needed to provide all the security capabilities and business needs.

SD-WAN vs. MPLS, what technology to choose?

Before the arrival of the SD-WAN, there was the switching of multiprotocol labels, better known as MPLS. Multiprotocol tag switching is a way to ensure reliable connections for real-time applications by establishing predetermined and highly efficient routes once a packet enters the network.

Each of these technologies presents its pros and cons. Compilation of the most significant advantages and disadvantages of each you can decide which network traffic protocol technology is most convenient for your company.

The advantages and disadvantages of MPLS

One of the most important characteristics of MPLS is the reliable delivery of packages. Packages that transport real-time traffic, such as voice over IP (VoIP) or video, can be easily assigned to low-latency routes throughout the network, something difficult with conventional routing. It makes the experience for the end user optimal.

The MPLS works similarly to switches and routers, located between layers 2 and 3. It uses technology to send packets and labels to make decisions about data forwarding. The label is imposed between layer 2 (data link) and layer 3 (network) headers. It makes the MPLS reliability possible by virtually isolating the packets.

Also, MPLS providers can assign a higher priority to certain network traffic. These benefits provide a sense of traffic predictability within the network. Network routes are predetermined, so packets travel only along the routes they are routed. It allows for better performance, better bandwidth utilization, and a reduction in network congestion.

On the other hand, although the MPLS network is considered secure, it does not provide encryption. And, if implemented incorrectly, can open the network to vulnerabilities.

It is undeniable that SD-WAN offers many more advantages over MPLS. Companies are looking for alternatives to MPLS due to their high cost, limited bandwidth, extended waiting time, and extended contract terms. And Internet links are an attractive option.

The Internet WAN offers large amounts of bandwidth for lower costs, more favorable terms and is often available immediately. And, using Talari’s SD-WAN solution, Internet links are delivered better than MPLS-QoS.