As organizations substantially increase their reliance on cloud-based services and applications, they require faster, and more flexible and secure wide-area network (WAN) structures. Most businesses can no longer afford the costs and performance issues associated with traditional hardware-based WANs that route all traffic through a central hub.
The Software-Defined Wide-Area Network, or SD-WAN, was introduced specifically to address bandwidth, performance and scalability limitations of hardware-based WANs. By virtualizing endpoints, and prioritizing and optimizing connections, SD-WAN provides a robust, highly-scalable and cost-effective alternative to traditional WANs.
The use of SD-WANs was already on the rise prior to the pandemic, but the increase in videoconferencing and use of cloud applications accompanying remote employees further drove adoption. Indeed, a 2020 survey of IT professionals indicates that 60% had already implemented SD-WAN or were in the process of doing so.
This article provides an overview of how SD-WAN differs from existing WAN paradigms, and the benefits an organization can realize from implementation of SD-WAN.
SD-WAN Architecture and Operation
SD-WAN is a virtual network overlay that is not reliant on underlying hardware such as routers. SD-WAN uses software to manage connectivity and services between company data centers and remote network functions, such as branches or third-party cloud services and applications, or, in many cases, with cloud-based data centers. With a modern SD-WAN system, the control plane is decoupled from the data plane, allowing for optimization of network traffic across multiple paths and elimination of unnecessary returns through a central hub as in a traditional WAN.
In its simplest form, an SD-WAN consists of an Edge, a Controller and an Orchestrator. An SD-WAN Edge is a network endpoint, e.g. a branch or a cloud service. While Edges can be virtual or physical network functions, for cloud-based connections, an Edge is typically virtual. Meanwhile, the Controller provides centralized management of SD-WAN Edges and monitors quality of service for each edge connection. The Orchestrator provides centralized policy management and fulfillment, as well as traffic management.
In the workplace in particular, it is essential that cloud services are readily accessible. According to cloud computing expert Barbara Ericson of Cloud Defense, “It doesn’t matter if the computational resources for a company or business are located halfway around the world. If the company has access to those cloud servers, they should be able to complete all the same objectives they need without a significant delay.”
Benefits of SD-WAN
SD-WAN offers a number of benefits that, in combination, make SD-WAN a preferred choice over traditional WAN implementations.
1) SD-WAN allows for multiple connection types and dynamic path selection
Connections between the SD-WAN Edge and the SD-WAN controller can take many forms, including traditional multiprotocol label switching (MPLS) connections, broadband or cellular connections. Ability to control multiple connections is one of the primary benefits of SD-WAN over traditional WANs that rely solely on higher-cost MPLS connections.
SD-WAN applies central policies to determine the best path for a particular connection. SD-WAN takes into account the priorities for a particular connection, along with issues such as latency and jitter on available connections.
Dynamic path selection enhances quality of service by directing mission critical applications to the most robust connections, while also ensuring that those applications receive priority over less crucial applications. Applications requiring high bandwidth (again, videoconferencing is a good example) receive necessary resources to function properly.
2) SD-WAN is cheaper than traditional WANs
SD-WAN offers several cost benefits over traditional WANs. SD-WAN limits hardware and personnel requirements for the network. With centralized control and virtualized edges in an SD-WAN, there is less need for IT teams to configure and maintain additional hardware at the branches.
SD-WAN also provides cost benefits by limiting the need for costly network connections. In particular, using dynamic path selection, SD-WAN optimizes traffic distribution between more costly MPLS connections and lower cost broadband connections. As a result, SD-WAN is cheaper than traditional WANs that rely exclusively on MPLS.
3) SD-WAN enhances application performance and user experience
SD-WAN directs traffic based on application priority, for example giving mission critical applications priority over general Internet access. SD-WAN can assess the performance of various routes in real-time and assign resources accordingly, whether just a single branch or a complex multi-cloud network is involved. This eliminates many network congestion issues of traditional WANs, enhancing performance of priority applications.
4) SD-WAN enhances scalability
SD-WAN is more easily scalable than traditional WANs due to virtualization of the edges. Expanding the number of endpoints or services in a traditional WAN can require substantial hardware investments.
In contrast, SD-WAN allows an organization to add branches, applications and services simply and cost-effectively. SD-WAN also effectively deals with scaling in multi-cloud environments.
5) SD-WAN enhances network security
Companies that began meaningful and long-term remote working arrangements understand the security implications of adding a substantial number of connections to company data centers. These security risks are complicated by the introduction of third-party cloud-based resources such as Office365. SD-WAN provides greater end-to-end visibility of the network, allowing security professionals to better identify vulnerabilities and secure the network.
All network connections are potential risks for hacking, whether due to poor firewall implementation, poor VPN setup, poor authentication protocols, or other issues. SD-WAN allows companies to minimize security risks by partitioning company assets and setting up segregated regions each subject to internal company security policies. Network segmentation also helps contain damage in the event of a breach.
As a side benefit, because of the virtualization of many of the components of SD-WAN, they are easier to recreate in the event of an adverse event, and therefore simplify disaster recovery planning.
Challenges for SD-WAN Implementation
While SD-WAN offers a number of advantages over traditional WAN implementations, it does not come without its own issues. First of all, SD-WAN is not simply a drop-in implementation. Expertise is a prerequisite for a successful implementation. As such, organizations considering SD-WAN should investigate whether they should use an experienced SD-WAN vendor to guide implementation.
Security is also a valid concern because SD-WAN networks typically involve less secure Internet paths. Absent proper setup of security protocols and monitoring of the network, there is a significant danger of attack. Again, use of experienced security professionals or SD-WAN vendors may assist an organization to properly design security processes for the SD-WAN.
Finally, it may not always be simple to achieve cost savings with an SD-WAN, depending on whether the organization continues to require high usage of MPLS circuits. But even when cost savings are less than expected, SD-WAN offers other benefits that justify its usage.
SD-WAN and Edge Computing
Companies facing the challenges of a growing remote workforce, and the associated issues of maintaining and securing a profusion of edge devices that interact frequently with third-party service providers, can benefit the most from implementing SD-WAN. Organizations should consider enlisting the services of specialists to ensure the most effective SD-WAN implementation.