There are a couple of things to keep in mind when implementing SD-WAN. A step-by-step approach has proven helpful in practice. Companies also need to decide whether to set up the SD-WAN themselves or access it as managed service.
A Software Defined WAN (Wide Area Network) offers companies many advantages. An SD-WAN can be controlled centrally via a controller in the cloud or data centre, and automates the configuration and monitoring. An optimum configuration improves the performance and availability of the network and reduces costs. It permanently monitors all the available WAN connections and always selects the best and fastest path for the appropriate network traffic, depending on the data’s priority.
The impulse for installing SD-WAN is generally ageing network components or the expiration of contracts with a provider. Implementation in a step-by-step approach is generally recommended. Companies should start with a proof of concept and testing at one location to check the SD-WAN performance and functions and to identify challenges for configuration. If this pilot project is successful, companies can then roll out SD-WAN to other locations.
Self-build or managed SD-WAN?
First of all, the IT department needs to decide whether to install the new network infrastructure themselves, or to access it from a provider as a managed service. It may well be that in-house operation is cheaper than managed SD-WAN. As the central control element, the SD-WAN controller runs either on premises, in the public cloud or as a service in a provider’s infrastructure. In view of the many SD-WAN options – and the many providers – a DIY approach requires expert staff who understand the complexity involved. If these internal specialists are not available, then outsourcing to a provider is a more sensible choice.
Here, companies should keep several points in mind. First of all, the SD-WAN provider should guarantee a high level of future security and a stable, flexible architecture which can be adapted individually. Their product must be open to integrating external solutions supporting current and planned future hardware interfaces in the company, as well as virtualised security functions such as firewalls, VPN, IPS (Intrusion Prevention System) or Data Loss Prevention (DLP). On top of this comes encryption, clear definition and control of access rights, as well as a redundant controller.
For the software functions, companies should especially consider the guidelines and configuration manager, monitoring of the connection quality and utilisation of the network bandwidth for automated load balancing. The provider’s solution should also prioritise time-critical data traffic over less urgent applications (Quality of Service).
Technology and implementation
The next step is selection of the technology at the relevant locations. Traditionally, the equipment consists of multiple devices; generally a router and controllers for the firewall, optimisation and wireless LAN. But thanks to SD-WAN and virtual device platforms, this stack can often be reduced to a single unit. Another important consideration is broadband options, which vary from location to location. Sometimes only one carrier is available at a site (e.g. in rural areas). If a distant site is rather less important, replacing the dedicated line or MPLS connection with SD-WAN and two or more inexpensive broadband connections is recommended. Here companies must thoroughly check the broadband options at individual locations before deciding to use SD-WAN.
As previously mentioned, companies should take a step-by-step approach to introducing SD-WAN. Here are the most important points:
- Create transparency The basis for SD-WAN implementation is an overview of the network. This involves analysing the data traffic for patterns to determine the actual broadband requirement, the number and type of cloud applications used, the multimedia data transferred, and an estimation as to how these applications may develop in the future.
- Network technology decisions It is not necessary to start with a clean slate for SD-WAN and completely replace existing infrastructure. A hybrid WAN architecture is possible. With a software upgrade, existing routers can frequently be used as an SD-WAN appliance. The controller is the heart of a SD-WAN solution, which, depending on the application scenario, can be operated on premises, in the public cloud or at an external provider. Furthermore, companies can replace the routers in the subsidiaries with an SD-WAN appliance or a virtual router, as well as virtualising the firewalls, Virtual Private Networks (VPNs) and security and management tools.
- Local internet-breakouts relieve the pressure on MPLS The majority of companies generally use MPLS to link their headquarters with their other sites. Due to the increase in cloud use, the proportion of internet traffic in the WAN is also rising, and with it the load on MPLS networks. To save bandwidth and shorten answering times, it makes sense to relieve pressure on the MPLS and to guide the data traffic at the relevant locations directly into the internet via local internet breakouts. This is also cheaper than purchasing additional MPLS bandwidth.
- Analysis and optimisation As data traffic in the WAN is changing permanently, companies must constantly monitor, adapt and optimise their network.
Despite all the advantages offered by SD-WAN, companies should not underestimate the costs for hardware, software and services. The aim is for the investments to amortise within three years. This means a detailed cost calculation is absolutely essential. As prices for the relatively new SD-WAN technology are still rather high, waiting until the solutions become less expensive is recommended.