Hello, ladies and gentlemen, and welcome to the BCM One On-Demand webinar on software-defined wide-area network or SD-WAN. My name is Andrew D’Elia, and I am Manager of Sales Engineering here at BCM One. Today, we’re gonna talk about all the hype surrounding SD-WAN as a networking solution. How SD-WAN works, how to find the right solution for you and your organization, how to streamline the management of SD-WAN to make it simple and cost-effective as possible.
So let’s start with a little bit of current state of networking. Businesses have become more reliant on WAN connectivity with the centralization of applications, the transition of services to the cloud, and the increased use of collaboration tools. What businesses have been doing is they have been deploying expensive MPLS networks to meet their application and business requirements. The reason we choose MPLS is because MPLS has the ability to provide priority to critical applications by using QoS to meet the SLAs.
But the issue is all the other non-critical traffic is routed over that same high-cost link. This happens because in traditional networking, it uses destination-based routing. All traffic going to the same destination would take the same path. And just remember, routing is hop by hop and is also two-way. So if businesses that are using MPLS required any type of higher availability, we would go ahead and design a backup path. Traditionally, this backup path is IPsec VPN. And it is only used in a backup manner, and would sit dormant until the primary path was out of service. This technology and topology has served businesses well over time, but as businesses demand more and more bandwidth, the costs continue to rise, making this topology unattractive.
Enter SD-WAN. Gartner Incorporated, the world’s leading IT research company, estimates that by 2019, 30% of all enterprises will be using SD-WAN technology. Why? Well, the drivers include lower total cost of ownership, better use of bandwidth, increased availability, carrier-agnostic approach, security, easy and fast deployment, application visibility and control, and last but not least, flexibility. Giving businesses a choice beyond just straight up MPLS and IPsec backup.
How SD-WAN works. The three main promises of SD-WAN are reduced cost, increased simplicity, and application control. But how does this all come together and actually work? Well, at its core, SD-WAN is an overlay VPN technology. It leverages secure VPN tunnels over any transport in a full-meshed any to any topology. Well, that transport can be MPLS, direct internet access, broadband internet, DSL, 3G, 4GLTE, you name it. And also, it could be from any ISP, making it carrier-agnostic. This meshed environment that is created is very similar to MPLS or even DMVPN.
So what’s the difference, you ask? Well, what SD-WAN brings into the mix is application-aware routing, as well as real-time circuit monitoring. By bringing these two things together, SD-WAN is able to route by application type, as well as circuit performance. This adds much more flexibility over traditional destination-based routing. Now with SD-WAN, you can truly match your application requirements with circuit performance.
So let’s throw an example out there. SD-WAN has the ability to identify e-mail traffic. We all know e-mail traffic is very important to businesses, but it’s not necessarily time-sensitive. So SD-WAN will choose the lowest-cost link. And that’s where e-mail traffic will flow.
So let’s say that lower-cost link has some major delay on it and will throw in some packet loss. Well, SD-WAN’s real-time circuit monitoring will recognize that that circuit is not performing with the e-mail SLA, or within the e-mail SLA. And what it will do is it will switch the e-mail traffic or the e-mail application flow over to a higher-cost link or even just another link. And it will leave the traffic on that link until the lower-cost link is back into a performance metric that matches the original e-mail SLA. And then once that happens, the traffic will switch back to the lower-cost link and things will continue to operate in a normalized fashion.
So what you could see here is that traditional backup paths on the lower-cost circuits are truly no longer than just that. This is truly an active, active scenario, something that we’ve been striving to do in a destination-based routing topology. So this adds a tremendous amount of flexibility to organizations where they could now get the most use out of all the bandwidth available at the location.
So another key to SD-WAN is the centralized controller. This is the brains of the operation. It provides a bird’s-eye view to all the available paths and pushes that down to the SD-WAN appliances. These appliances can either be hardware-based or they could be virtual, and you could spin up a VM and run the SD-WAN software on that device.
So the centralized controller allows for zero-touch deployments as well, which speeds and simplifies the installation process. The SD-WAN software also automatically creates all of the secure tunnels, once again, that create that full-mesh topology, which further reduces the complexity to the end user.
So let’s say your organization is opening a new office. In a traditional world, you would have to order a router, ship it to your main location, configure it, ship it to your branch site that you’re opening, and power it up, connect it, and you’re off and running. Well, with the SD-WAN, what you do is whether you’re running a hardware appliance or even a virtual appliance, you would have the license either installed on a VM or a hardware appliance, and you ship directly to the location. You’re bypassing dropping it at the main location and doing the configuration. Your configuration is pushed to the new device or the virtual device from your cloud controller. Once it’s pushed, the location is ready to rock and roll and start performing for you. So once again, speeds the installation process and reduces the complexity.
How does your organization take advantage of this SD-WAN technology? Well, here at BCM One, we have added SD-WAN as a networking tool in our toolkit. SD-WAN is now an option just as internet is, MPLS, DMVPN, and other technologies. But before we can select an actual networking topology or even technology, what we have to understand is what’s important to your business? What applications is your organization using? How do they impact your business? What are the flows? And what’s your overall business strategy?
So we like to start at the planning phase, then move into the designing phase. So should SD-WAN be a fit for your organization based on the planning and the design phases, we are commonly seeing three types of deployments for SD-WAN solutions.
The first type is a single internet SD-WAN. This solution replaces your MPLS with a single lower-cost internet connection, as well as SD-WAN. This topology just provides a secure and full-mesh connectivity between all of your locations. Single internet SD-WAN is an ideal solution for companies looking to reduce overall circuit and administration costs. But these locations do not have strict application SLAs or availability requirements. So very simple, very straightforward in the sense of just a single-circuit with an SD-WAN appliance added.
The second type that we see is dual-internet SD-WAN. Now, this solution we’re seeing is replacing higher-cost MPLS circuits and IPsec backups. This is a very common replacement strategy for your widely deployed MPLS and IPsec backup solution. This topology allows for greater availability, as opposed to the Type I with the single internet; this is dual-internet. So giving us more availability and redundancy. It allows for active-active circuits. You may also hear opt for maybe a higher-grade internet, maybe a business class or a direct internet access circuit. And you may pair that with a lower-cost broadband or maybe even a DSL. This solution provides greater availability because it is dual circuits, and it significantly reduces the cost because you’re replacing those high-cost MPLS circuits.
The third type that we see out there is what we call the hybrid, MPLS, and internet SD-WAN. This as well replaces your MPLS and IPsec backup. But this topology, once again, allows for greater availability and redundancy, gives you that active-active look and feel. It also allows for SLAs. That QoS still provides and allows QoS markings. So it makes it ideal for a solution where organizations have business-critical applications with strict SLAs. This solution reduces your reliance upon MPLS because you’re moving some of your non-critical application traffic to those lower-cost links. So now, you’re able to keep control of your bandwidth on your higher-cost links. Maybe you’re not having to continuously increase the bandwidth on your MPLS. You may just wind up moving more and more applications, your non-critical applications off of that, or even your less-critical applications off of that and over the other available paths, the lower-cost paths within the SD-WAN.
What makes SD-WAN an attractive option for businesses? Well, number one, SD-WAN is transport and carrier-agnostic. Businesses are now able to choose any transport from any provider on a per-location basis. This allows businesses to acquire more bandwidth for a lower cost, getting best of breed services for a particular location.
Now this is a bit different from the old technologies, especially when it comes to MPLS, where you build a private MPLS network from a single service provider. Now, this service provider would either use their own facilities to get into your building, or they would lease it from another provider. Now, we’ve all, in that world, had a location or a few locations that were hard to reach, which made them very costly, right? That was just the nature of that private topology and using the MPLS providers in order to reach and connect all your buildings together. Now with SD-WAN, that goes out the window. If you have a location that was hard to get and was costly on MPLS, and just in general, MPLS is more costly because of QoS mechanisms. But there are certain locations or certain areas in the country, and even across the globe that it’s extremely expensive to get MPLS services into a building.
Well, here with SD-WAN, we could just order whatever transport and services are available, and we’ll say native to that location, and leverage that, and overlay SD-WAN on top of that transport, creating that full-mesh environment for all of your locations.
The second thing SD-WAN brings is intelligent path control. Intelligent path control is the ability to steer application flows to the best path at that moment in time. This enables an end user to have a great application experience. So whichever path is running or performing at a better SLA…of course, based on application type, that is the path that that application is gonna go over.
Now, the internet has become more and more reliable over time. But it still remains a best effort service when it comes to QoS. Having the ability to intelligently adapt to changes in service levels on these internet circuits is what makes SD-WAN extremely flexible.
The third thing is application visibility and optimization. SD-WAN provides network administrators the capability to monitor and report on hundreds of applications running over their network. They are now able to have control over individual application flows independently, and create policies to ensure these applications are optimized.
In comparison to older technologies, application control and even further, individual application flows, were not easily achieved of identifying those and having different path control over each one of those applications. It was extremely difficult in traditional networking. We could do, in traditional networking, could have been all of your applications going over this one path. But now, picking out individual applications and treating individual applications differently when it comes to path selection and also now visibility and then optimizing that traffic to ensure the application experience is the best possible for your end users.
Some SD-WANs are also offering application acceleration and caching solutions, which further enhance application performances. Having this type of control is possible on SD-WAN, and the neat thing is, it all happens with just a few clicks.
The fourth item, secure connectivity. Businesses require their data in motion and data at rest to be secure. To meet these requirements, what they’ve been doing is deploying MPLSs and private networks, because they offer a certain level of security.
As we all know, security is very important to organizations, and it always needs to be considered. SD-WANs do employ the latest encryption technologies on their overlay tunnels. That’s allowing businesses to deploy these and still maintain that level of security that they were getting on MPLS and private networks that they deployed.
And while we’re on the topic of security, some SD-WANs have added security functionality. They built firewall functions like zone-based firewalls, next-generation firewall features, and some even allow for service chaining. So whatever your organization’s requirements when it comes to security, there could be an SD-WAN solution that would meet your needs.
The fifth item is centralized management. No more logging into individual devices and scripting configurations. No more shipping the devices to the HQ location to be preconfigured and tested before then shipping it to the final destination at that location. SD-WANs have zero or low-touch deployments. What you do is you add all the information into that centralized controller we talked about for this new location, and you just have the SD-WAN appliance shipped directly to that final destination. You plug it in. The configuration will be pushed down to the device once it’s online and registered with the controller, making changes to your environment. Whether it’s a few locations, an individual location, or your entire enterprise; all your devices are in that single portal. All you do is make a change to the policy, maybe create a new policy, and you just push it to the devices that need that change. Once again, this is all done in just a few clicks in the controllers. Some controllers are more user-friendly than some other ones. But they all have that same idea behind it where it’s that…once again, the centralized management of all your devices in a single pane of glass and having that low-touch deployment. That is what makes SD-WAN flexible. And this is why businesses and the industry see value in SD-WANs.
So not only does BCM One guide our clients through the planning and design phases, but we also guide our clients through the deployment and management phase. So with SD-WAN, should be that selected technology for our clients based on their business requirements, we will go through the deployment phase. This process includes the selection of the SD-WAN provider, of course, and the deployment.
One thing that we are finding with clients is once we do select an SD-WAN provider, that’s kind of the easy part, if you will. We match up business requirements to the SD-WAN offerings. But it’s now…clients have to source many new circuits. So if we’re going into a topology where we are replacing high-cost MPLS links, now it becomes a little bit complicated. Because now, clients have to source and manage all of these additional WAN links from multiple carriers or ISPs.
This becomes very cumbersome. How does a client’s IT staff manage the procurement, the implementation, the installation, and also the day two management of all of these different suppliers? Well, BCM One has been doing just that for a very long time. We’ve been in business managing providers for 25 years. So we have a lot of experience managing suppliers, project managing, delivery of circuits, and also the day two support of those WAN circuits as well.
So we couple that with…bundling that with our SD-WAN providers. And we create a full solution and to the client. Now, most clients when they have an SD-WAN solution, they want to manage the SD-WAN themselves after, of course, the deployment phase. They want to manage the SD-WAN because it gives them the flexibility and the control over their application flows. We do firmly believe clients should have the control over their SD-WAN.
So we have two different flavors, right? One is where we give control to the SD-WAN provider. And they call…the client will call into BCM One and request a change, right? These changes, of course, take some time. But there’s also the other flavor where the client can manage their own SD-WAN on the day two side of things. So BCM One will pull all the components together; the SD-WAN supplier, the WAN circuit suppliers, build a solution, design the solution, deploy the solution, and we can even manage the underlay. The underlay being those WAN circuits. We could do proactive monitoring on those circuits. Should those circuits have any type of fault, BCM One’s NOC is proactively monitoring them and we’ll react and dispatch the supplier for those circuits. And we will be there until it is remediated.
So here, we’re kind of recreating that whole look and feel that clients are used to, but now, with the new solution of SD-WAN. That is the BCM One benefit and that is how your organization can take advantage of this technology.