The Software Defined WAN (SD-WAN or SDWAN) defined as a program which simplifies branch networks and optimizes the performance of applications on the Internet and hybrid WAN. SD-WAN originate from software-defined networks, which unlink network-based software services from the underlying hardware.
SD-WAN and SDN are the small brothers of the networks defined by software. They are related, both are defined by software, but while SDN is intended for internal data centers in a headquarters. SD-WAN takes those similar software-defined concepts and decoupling the plane of control from the data plane to the WAN. “SDN is architecture, while SD-WAN is a technology that you can buy,” explains Andrew Lerner, an analyst at Gartner.
Managing a WAN through the software provides useful benefits. Any problem is notified and can manage all your WAN through a single interface. Recently, making changes to the network configurations in the branches would have required the creation and installation of manual configurations and probably a technician on the site to do so. If a company decided to extend the teleconference to its branches, for example, the predefined bandwidth allocations would have to be restructured. It may be necessary to acquire more bandwidth, then program it and install it at each location in the branch.
Much technology that makes up SD WAN is not new, the concept is formed by the “package” that makes it up, according to Gartner has four characteristics:
Many companies have complex infrastructure in their branches, consisting of routers, WAN route controllers, WAN optimizers, firewalls, and other components. It is expensive to buy and maintain and complex to administer.
Lerner estimates that an SD-WAN can be up to two and a half times less expensive than a traditional WAN architecture. It is estimated that a WAN of 250 branches in three years costs 1.28 $ 5,000 in a traditional WAN architecture and only 452,500 with an SD-WAN deployment. The ability to use routers is the biggest savings, along with staffing and a small decrease in router maintenance and support.
This ease of deployment, central administration, and reduced costs make SD-WAN an attractive option for many companies.
But if SD-WAN is so good, why is not it more ubiquitous? Many organizations have ASICs built as they control their WANs and LANs, which have long refresh cycles. Network engineers are also traditionally reluctant to drastic changes.
Software-Defined WAN (SD-WAN) has many benefits; below are the major benefits businesses has experienced after using SD-WAN:
SD-WAN (Software-Defined Wide Area Network) is the answer to the reduction of costs compared to the traditional networks of the MPLS (MultiProtocol Label Switching) operators, being able to achieve a reduction of up to 48% in the interconnections between offices or branches.
The benefits of SD-WAN are already a reality, and this is contrasted by Gartner, in its report where it is estimated that by 2019 it will be implemented in 30% of companies, in 2016 only 1% enjoy it.
So, what does it give us?
MPLS networks generally offer highly reliable packet delivery. Internet links, on the other hand, often fail.
To compensate for this fact, many organizations that move completely to the SD-WAN choose to request multiple Internet links from different providers to maintain the availability of “four nines” (99.99 percent) in the case of failure of the link.
The availability of applications and their performance depends, to a large extent, on the capacity of the network. The arrival of software-defined WANs has accelerated this capacity, but a new concern has also opened up that should not be dismissed by any company that is thinking about its Digital Transformation, and that is security.
Organizations have raised their awareness of this problem and seek security in every one of the technologies that they implement in their organization, and it cannot be less in their SD-WAN networks.
Businesses are seeing how their business models change thanks to the use of innovative technologies. Today, 92% of companies, according to an IDC survey, consider Digital Transformation as one of the keys to their strategy.
This transformation involves reconsidering how business is done, but also in how those businesses are executed. Applications, connectivity, have become key to developing daily activity, and therefore, all means must be put in place to guarantee users. Regardless of, where they are located, that they will be able to work with their data, their business applications, Quickly and safely.
“It is necessary to understand the possibilities of the third platform: cloud, big data, mobility and social,” explains Ricardo Malhado, Senior Research Analyst of IDC, in the webinar “SD-WAN, how to guarantee your security?”.
Session in the who assured that, with this, “companies can minimize risk, increase connectivity, create new services, access information in real time regardless of location, create products based on data. And all with the social component that is changing the way of collaborating, between employees and clients.
It is in the third platform where is the global spending on ICT, and in the accelerators of innovation: robotics, IoT, cognitive systems, and augmented reality “.
However, there are also challenges: “each pillar of the third platform is a factor of exposure to risk.” According to an IDC survey on business communications in which participants were asked about the main IT or network risk in the next two years, security was the most mentioned.
“The concept of security perimeter has disappeared, the attack surface increases, the number of threats that are launched daily increases. Also, we assist in the professionalization of hacking and offer itself as a service: criminals who act as open source communities, share the threats collaboratively.
It is a global phenomenon that is increasingly difficult to combat. It changes the notion of business priorities. ”
The IDC numbers confirm the change in priorities, which is noticeable in just one year. “In 2016, the priorities of technological investment did not include security or virtualization of the network. In 2017 they were concerns within the top 5, “says Machado.
The greatest concern for the security of the network is due to an “urgent context regarding the need to be compliant with GDPR. While the investment in network virtualization is because companies realize that Networks are a barrier to achieving your business objectives.
Companies want to innovate, generate new services, new business models, reduce costs, be more agile. Networks are increasingly complex and expensive to monitor. Also, their security is more complex and difficult to scale. ”
We start today a series of deliveries in which we will give you some keys to deploy a secure SD-WAN architecture. Keys that take into account aspects such as security, deployment, or how to segment applications for better control.
What is most interesting when deploying any architecture, whatever the type? Safety. It is a premium condition above all things, so it is vital to give it the attention it deserves.
So, in the case of SD-WAN, how can you not dedicate a few minutes before performing the desired deployment with this technology?
Because what is clear is that moving from a traditional WAN architecture to another defined by software (SD-WAN) results in an improvement in security. Especially in an environment where business agility is required for remote sites to run quickly.
A key value of SD-WAN is that it unifies secure connectivity in all transports without losing their independence. Therefore, it is not necessary to use or provide a different security mechanism for different types of transport or to depend on the transport provider for your secure network.
Also, another aspect to keep in mind: the network overlay can support a wide variety of security capabilities. That said, here are the main requirements that should be in each SD-WAN security checklist.
And in the face of these investment needs and priorities, budgets are not shared equally. As IDC said in the session, it does for Digital Transformation, to migrate to public cloud services.
But all this requires increasing the connectivity, bandwidth, and performance of critical applications that run through these networks: “it is a continuous act of balancing to respond to these needs when the budget does not grow.”
SD-WAN can perform a deep recognition of applications, which allows very granular control over how specific traffic is routed
Most companies today need for segmentation to isolate different types of traffic for regulatory reasons. For example, PCI data, or to provide their network segments to different business groups. Companies can address these needs in the same way that a service provider would use virtual routing and forwarding (VRF).
An SD-WAN solution will incorporate basic security features. Such as, a next generation Layer 7 firewall in edge devices, but it will not necessarily be a first-class security solution. However, additional security services can be inserted in multiple locations as needed to provide all the security capabilities and business needs.
Before the arrival of the SD-WAN, there was the switching of multiprotocol labels, better known as MPLS. Multiprotocol tag switching is a way to ensure reliable connections for real-time applications by establishing predetermined and highly efficient routes once a packet enters the network.
Each of these technologies presents its pros and cons. Compilation of the most significant advantages and disadvantages of each you can decide which network traffic protocol technology is most convenient for your company.
One of the most important characteristics of MPLS is the reliable delivery of packages. Packages that transport real-time traffic, such as voice over IP (VoIP) or video, can be easily assigned to low-latency routes throughout the network, something difficult with conventional routing. It makes the experience for the end user optimal.
The MPLS works similarly to switches and routers, located between layers 2 and 3. It uses technology to send packets and labels to make decisions about data forwarding. The label is imposed between layer 2 (data link) and layer 3 (network) headers. It makes the MPLS reliability possible by virtually isolating the packets.
Also, MPLS providers can assign a higher priority to certain network traffic. These benefits provide a sense of traffic predictability within the network. Network routes are predetermined, so packets travel only along the routes they are routed. It allows for better performance, better bandwidth utilization, and a reduction in network congestion.
On the other hand, although the MPLS network is considered secure, it does not provide encryption. And, if implemented incorrectly, can open the network to vulnerabilities.
It is undeniable that SD-WAN offers many more advantages over MPLS. Companies are looking for alternatives to MPLS due to their high cost, limited bandwidth, extended waiting time, and extended contract terms. And Internet links are an attractive option.
The Internet WAN offers large amounts of bandwidth for lower costs, more favorable terms and is often available immediately. And, using Talari’s SD-WAN solution, Internet links are delivered better than MPLS-QoS.