Jun 29, 2017
SD-WAN is gaining tremendous traction among enterprises owing to the benefits it offers—cost savings from efficient use of low-cost Internet and wireless links, centralized control and management, network agility, speed to deployment of new sites, and optimized cloud connectivity—to list a few. While the DIY model provides enterprise IT managers unprecedented flexibility and control over their WAN, a managed SD-WAN service may be better suited for businesses that prefer a turn-key service due to factors discussed in my previous blog.
If your organization has made the choice to go the managed SD-WAN service route, here are five things (in no particular order) to consider while evaluating a managed SD-WAN service provider.
The initial premise and catalyst behind an SD-WAN is to efficiently use any combination of public and private network services to dramatically lower WAN connectivity costs. Meaning, instead of using an Internet or a wireless link in a passive mode as a back-up link to a MPLS link, the SD-WAN solution should enable enterprises to use both these services in an active-active mode. Therefore, a managed SD-WAN service provider should be able to support a variety of WAN services – MPLS, Ethernet, Internet, Wireless and others, across a global footprint, backed by service level agreements (SLA) for both in region and out of region footprints, regardless of the underlying network. SLAs for network availability, latency, packet loss and jitter are highly critical in a hybrid network as the performance guarantees are not the same as an MPLS-based WAN. Furthermore, SLAs that extend to SD-WAN CPE is a key consideration given the repair or replacement time of CPE is critical to ensure continued operations of SD-WAN locations.
Most enterprises evaluating an SD-WAN solution already have some form of private WAN services – either MPLS or Ethernet—in place. The ability to prioritize traffic (voice over data, for example) over private links and ensure quality-of-service across applications, and have access to application performance monitoring tools and analytics are foundational reasons enterprises swear by MPLS and Ethernet. Application-aware routing—the ability for the SD-WAN CPE to choose the most optimal network path, in terms of bandwidth and quality of service that best suits an application requirement—is a key feature of an SD-WAN solution.
Two valuable features that enable intelligent, on-demand application-aware routing are path conditioning and dynamic path control (DPC). Path conditioning overcomes the adverse effects of dropped and out-of-order packets on best-effort Internet links to provide performance comparable to private networks. The DPC feature provides real-time traffic steering over any broadband or MPLS link based on company-defined business intent policies. In the event of an outage or brownout, DPC automatically fails-over to the secondary connection in under a second, ensuring uninterrupted service to end-users. As your organization transitions to an SD-WAN, which at a minimum includes a combination of MPLS and Internet links, the managed service provider should be able to support the two features discussed above, and extend monitoring and visibility tools to their managed SD-WAN services.
Network security is of critical importance in any SD-WAN deployment, especially if it relies on best-effort Internet links alongside private networks. It is important for a managed SD-WAN service to offer a flexible approach to network security integration. While there are managed service providers that have chosen to leverage SD-WAN vendors that have collaborated with multiple security vendors to integrate and validate them with their solution, there could be scenarios wherein your organization would like to use a different security solution. It is imperative that the managed service provider demonstrates expertise and the flexibility across a wide range of security solutions to support service insertion and service chaining. Service chaining with micro-segmentation offers the ability to add network functions such as security and WAN optimization at specific regional locations. SD-WAN controllers can define policies for chosen traffic to pass through the service chained network functions to meet both the security and performance requirements of certain applications. For example, traffic to private clouds should pass through a regional firewall for filtering, and a WAN optimization appliance to overcome latency issues over distance.
The characteristics described above are all important in an SD-WAN deployment. However, enterprise SD-WAN requirements vary across business sizes and verticals and even within the same company across applications and locations. For example, a simple overlay could be sufficient to ensure high-speed access to and from retail locations to their cloud-based inventory system; but the retail outlet surveillance monitoring systems may require additional security mechanisms to ensure tamper-proof operations. Additionally, the point-of-sale terminals may require optimized and secure links to ensure compliance with PCI mandates. The managed SD-WAN service provider your organization selects should be able to offer tiered services that support a variety (low, high and mission-critical) of premises-based and cloud-based enterprise applications. Tiered services offerings include additional non-disruptive software services such as WAN optimization-as-a-service or analytics-as-a-service that provide additional performance and visbility benefits for enterprise customers.
Choosing a managed SD-WAN service yields several key benefits as described in my previous blog post. However, for enterprises that elect to deploy a managed SD-WAN service over a DIY model, it is imperative they understand what “managed” SD-WAN really means. Will the managed service provider deploy and manage the solution end-to-end (CPE, networks, SLAs, routing policies, etc.) or can the IT managers have some level of control or visibility over the service if they prefer to? As the SD-WAN market is still relatively new, the managed services wrapped around it are still evolving. Nevertheless, insisting on a co-managed option will ensure your organization continues to retain visibility and control over certain features of the solution, while still taking advantage of the managed services capabilities of the provider.
As SD-WAN gains traction in the market, SD-WAN managed service providers are broadening their vendor partnerships to include solutions that cater to different segments of the market. For example, a low-cost CPE-centric basic SD-WAN solution vs. an advanced feature-rich solution that addresses a wide range of enterprise application requirements including service chaining to network security services, WAN optimization or optimized connectivity to SaaS services. Therefore, it’s critical for enterprises to carefully consider, compare and contrast the various solutions the managed SD-WAN provider offers to ensure they select the most optimal solution for their organization. Silver Peak has established partnerships with a series of service providers, globally—China Telecom, Hyundai HCN, Masergy, and Cygate that can cater to your individual global managed SD-WAN service needs.