There’s a lot of talk about SD-WAN and the benefits it can deliver. If you’re a multi-site business with growing bandwidth needs, lesson #1 in SD-WAN 101 is that SD-WAN enables you to manage bandwidth more efficiently across all your locations. By decoupling the networking hardware from its control mechanism—that’s the SD, or software-defined, piece of the acronym—SD-WAN simplifies the management and operation of your WAN and enables you to dynamically share bandwidth across your connection points and centralize policy management and security.
We want to demystify this sometimes-misunderstood new technology, so here’s our handy SD-WAN 101 Guide for those considering this network option.
In the simplest terms, here’s how SD-WAN works. First, it identifies and classifies the application traffic being sent. Then, it checks circuit performance and matches it to the application SLAs (service level agreements). Finally, it selects the path and transmits the traffic.
For example, let’s say Internet path A is experiencing high latency and packet loss, which is not ideal for real-time applications such as voice or video. How annoying—not to mention time-wasting—is it to get your entire team (or worse, your customer), on a conference call and have it drop because of a connectivity blip? To combat that, the SD-WAN appliance will move the critical traffic over to path B, then once path A is restored, move it back.
But did you know there are different types of SD-WAN? In all SD-WAN scenarios, each location will have an SD-WAN appliance, also called an SD-WAN edge device, and you manage the SD-WAN policies. The different options relate to the SD-WAN controller, which is the device that manages the traffic flows.
There’s an on-premises controller, cloud controller, and gateway controller. If you’re thinking about SD-WAN for your organization—whether you’re considering replacing multiprotocol label switching (MPLS) connectivity with SD-WAN or want to take a hybrid approach—you need to understand the differences.
On-Premises SD-WAN Controller
In this architecture, as the name implies, you install the SD-WAN controller on-premises to perform traffic shaping in real time. The controller is only connected to your company’s other sites, making it a highly secure option. It gives you control, but you have to maintain the controller environment, including the storage, VM, etc. And if you want high availability for the controller, it can be complex to set up in an on-prem scenario. This might be an appropriate option if your company hosts all applications on-prem—no cloud deployments—and you have the IT resources to manage it.
Cloud SD-WAN Controller
In this scenario, the controller is hosted by the SD-WAN supplier, simplifying maintenance for your team. Just like with on-prem, branch-to-branch communication happens at your main site, but this option delivers high availability and increased reliability and performance of your cloud applications.
Gateway SD-WAN Controller
In this option, a virtual SD-WAN gateway sits outside your main site in a cloud environment, which means branch-to-branch communication happens in the cloud, easing the traffic on your main site’s networks. Additionally, the gateway can have multiple connections for different transports—Internet, MPLS, LTE, etc.—to support a hybrid WAN that spans a diverse communications infrastructure.
SD-WAN 101: Some Common Queries
There may be a lot of queries about this remarkable technology, and no SD-WAN 101 would be complete without some FAQs, so here are a few answers:
Is SD-WAN Difficult, Expensive or Time Consuming to Install?
It’s actually remarkably quick and straightforward (usually) to install a secure SD-WAN network. There are only three main components: the customer premise equipment (CPE), an aggregator, and an SD-WAN controller. The CPE is the hardware and software which contains the servers, routers, and any firewalls you want on-premises.
The aggregator is a component that combines disparate SD-WAN data channels in order to incorporate extra capacity during times of high demand. This is sometimes called “link load balancing”. With this component, traffic is spread more evenly, and latency and packet loss incidents are reduced. The controller is the software that regulates access, according to the policies you have set with regards to security, authentication, priority, and other variables.
These components are easy to install and maintain, and comparatively inexpensive.
What Security Features can SD-Wan Incorporate?
Anything you can think of. Require your users to generate one-time passcodes with a VPN device? That can be arranged. Want to use a cutting-edge firewall? No problem. Perhaps you’d like to add a layer of security by incorporating biometrics such as facial recognition or MFA (multi-factor authentication)? Protocols and systems for all of these options (and many more) are already worked out and ready to slot into place.
One option you might consider (it’s fast becoming a default for those truly serious about security) is SASE (Secure Access Service Edge). This is an enhanced security architecture, available for use with SD-WAN, which runs your security checks in the cloud and incorporates such features as Zero Trust Network Access (ZTNA), encryption/decryption and Firewall as a Service (FWaaS). SASE is becoming essential if you’re opting for the cloud controller version of SD-WAN.
What Benefits are There in Choosing the Cloud Controller Option?
If you use a lot of cloud-based apps because your workforce is highly distributed or working remotely, then choosing a cloud controller makes sense. Doing so ensures everyone can get online wherever they may be, whether using a 5G connection, wireless broadband or even DSL.
How Flexible are SD-WAN Architectures?
As flexible as an Olympic gymnast! Basically, you can design and order whatever set-up you like, fully optimized for your specific use case. You’ll be able to define the level of aggregation, security, prioritization, throughput, cloud access and controller type you want.
Remember that SD-WANs are not reliant on legacy MPLS, which telcos can price at a premium. Your employees can access the network on their mobile devices via 5G or wireless broadband, and it can still incorporate whatever security protocols you like.
Better still, you’re not reliant on the old hub and spoke model, where the hub data center can struggle with surges that limit access (for instance during emergencies or times of increased public access).
What about Control and Management Functions?
These are fully centralized, with either your in-house IT department or a third-party provider monitoring the network, handling upgrades, policy changes, security patches, maintenance, and troubleshooting. To help, control place software has been created to provide full network transparency to key employees at all times.
New policies, connections, and security features can all be handled from a unified, localized control center, providing fewer points of network access, and further enhancing security.
What Sort of Devices Do SD-WAN Networks Run On?
Since the SD part of SD-WAN replaces physical hardware with Virtualized Network Functions (VNFs), the physical architecture is minimal. A single U rack device for each brand office should suffice to run the network. It’s highly scalable too, able to be quickly installed in each new location you define.
Are There Any Significant Downsides to SD-WAN?
Not many, if we’re honest. Since security is handled offsite, you may have a few urgent calls to make if there is a cyberattack, but as we’ve outlined, you can add additional layers of security.
IT departments more used to data centers and humming server rooms might need a little upskilling if they are unfamiliar with SD-WAN technology, but it’s relatively straightforward to master.
You’ll want to ensure you partner with a reliable and supportive SD-WAN management partner so that you get the training, support, and maintenance you need. Make sure you go through your “must-haves” thoroughly before you sign your provisioning and support contracts.
The Right SD-WAN Solution for You
If you’re still not sure which SD-WAN approach is best for your company, BCM One can help. We’re SD-WAN agnostic, so our priority is meeting your needs, not pushing a specific technology. We’ve carefully vetted and have strategic partnerships with various SD-WAN providers across all three different types to accommodate different business and technical requirements. Contact us today to learn more.