Evaluating SD-WAN Solutions – The First 4 Questions | Key to the Black Box #4
Businesses of today are experiencing a significant shift in work process, workforce, and environment. Companies are ramping up the pace at which they migrate data off-prem into the cloud. Workers are also moving off-prem at an increasing rate. To top it all off, the cost of internet services continue to drop every year, with higher bandwidth costing less. The culmination of all of this is that an organization’s WAN now needs to be more accessible, more distributed, more secure, and more reliable than ever before, but it also needs to cost less. SD-WAN is a term that many have heard can solve all of these issues, but the truth is that there is much more nuance to this technology.
If you want to ensure your company is getting the best service for the best price, then you have to consider each of the ways you might leverage SDWAN. With the nuance I just mentioned, that can be a daunting task, but we’ve written this guide specifically to help you navigate the muddy waters of SDWAN evaluation. As we continue to dig into how SDWAN might be able to solve the aforementioned concerns for your organization, we eventually need to address the specific differences between different SDWAN solutions and how those will impact your ability to achieve the outcomes you are seeking. Before we go any further, though, let’s make sure we’ve got good footing.
In the last segment, we discussed the business outcomes that SDWAN can provide. You must have those priorities ranked. It is possible to achieve all of the desired outcomes, but it’s not guaranteed. At some point, you may be required to sacrifice a particular outcome to achieve more important ones. Thus, only after you have clearly identified your business objectives, have a clear idea of what you want SDWAN to do for our organization (as discussed in the previous segment), and know which metrics you will use to measure the outcome, can we truly begin to look at the differences between SDWAN solutions. This framework will be the tool that allows you to put different SDWAN solutions on equal ground for comparison. It will be essential to the rest of this process. Once we have the highest level of decisions made, we can focus on the first layer of decisions that has to do directly with the technology itself. These are the 4 Key Decisions when shopping for an SDWAN solution. It’s worth noting that the following 4 Key Decisions are not listed in any specific order. You will have to define for yourself in which order you address these, but I encourage you to keep in mind that each of these decisions influences your options in the other three areas, so you may find yourself circling back and changing some answers.
Key Decision #1 – Cloud or Premise?
Regardless of which side you choose here, you will end up with either a physical or virtual device located at each premise facility. The real question here is whether each branch connects to a central cloud hub/gateway, or if the SDWAN solution creates an all-sites mesh network. A mesh network will provide a faster site-to-site experience, but is often limited in how well it can manage integrated cloud services. A cloud SDWAN is, unsurprisingly, positioned better to integrate with cloud services, while carrying the drawback that site-to-site communications may be slightly slower, due to having to first traverse to the core, and then be rerouted. The best-case scenarios are the SDWAN solutions that will route site-to-site traffic directly between sites, while all cloud-directed and meta-data/management traffic is routed to the cloud hub. Few solutions offer this level of flexibility.
Key Decision #2 – Bandwidth Aggregation or Load Balancing?
All SDWAN solutions will give you the ability to effectively utilize multiple bandwidth sources, especially from disparate providers. This is key to the Active/Active failover functionality. However, while all SDWAN solutions perform a version of this, any specific SDWAN solution will fall into one of two camps in terms of the mechanisms. Either they will perform a form of advanced load balancing or they will aggregate the bandwidth. Load balancing is a more static experience. Applications will be restricted to a single circuit and it’s current performance. Only when that circuit fails will the traffic then be routed to the alternate circuit. Of course, since this is after the interruption occurs, there is an immediate and noticeable interruption in service to the user. An aggregate solution, however, assigns packets to each circuit based on the intersection of the packet’s priority and the current performance ratings of each circuit. Higher priority packets not only get to go first, but they also get to ride the better performing circuit. Because packet direction is determined on a relatively real-time basis (note: check with the SDWAN provider on how often they are polling internet circuits for health/performance), these types of SDWAN solutions can move traffic between circuits at exceptional speed, effectively treating all available bandwidth as one single pool to use freely, and having proven to be able to keep an application as sensitive as a VOIP call up and running without any effect on the quality of the transmission.
Key Decision #3 – Security: In-Line, Onboard, or Cloud?
Security cannot be ignored in any network conversation, especially once we start talking about data that is going off-site, which could very well be all of it! The question here is: what sort of integration do you want between your SDWAN solution and (most commonly) your firewall solution? While numerous other security products can be integrated with SDWAN, they’re typically all 3rd party add-ons. However, when it comes to NextGen Firewall and UTM capabilities, some SDWAN solutions, like Meraki and Barracuda, start from the appliance side of the equation, and thus have stronger onboard capabilities. Solutions like VeloCloud have been working with firewall providers such as Cisco, Juniper, and Palo Alto to create virtualized plug-ins. Other solutions, like Cato Networks, are built around a cloud-hosted firewall, with each location having a private and protected connection to ensure all traffic is sanitized. To decide which of these models works best for you, you’ll need to assess the current state of your security appliance investments, and compare those costs against the benefits of moving to a cloud or “As-A-Service” security posture. There can be quite a bit of discovery and deliberation in this decision, so don’t let the size of this paragraph belie the investment that you might need to make. You may want to consider leveraging a consulting resource to help guide you through more complex decision trees such as this.
Key Decision #4 – As A Service or Owned?
Similar to the question just raised regarding security, would your organization benefit from CAPEX and amortizing hardware that you are responsible for, or would you benefit from a managed service OPEX model? The question may feel a bit loaded, but it needs to be addressed, as it will significantly alter the SDWAN solutions you can consider, and there are positives and negatives for each side. For example, if you own your SDWAN hardware, then you become responsible for creating and/or connecting to a cloud hub. However, As A Service options will be managed by a service provider, meaning there will be some degree of limitation on visibility and reconfigurations. When evaluating this decision, cost often becomes a focal point. If that holds true for you, be sure to include the cost of lost productivity due to outages (resolved by SDWAN’s resiliency), the cost of maintenance for any solution you would own, and the impact to the company when you’ve bought equipment but it ends up being either not enough to support your goals or, even worse, more than you really needed (As A Service models can allow you to scale both up and down on a per-unit level). Many businesses end up preferring a steady and predictable operating expense over an unpredictable and variable capital expense.
By addressing these four questions first in your SDWAN evaluation, you will narrow down the field of contenders to a manageable level, which helps you get your organization on the right track quicker. These questions are also a tactical bridge between your Business Objectives and the actual technologies that you’ll employ to achieve them. By starting at the highest level and narrowing your focus as you go, you will find it’s much easier to weed out the options that don’t align with your needs. However, if your cup already runneth over with your day-to-day responsibilities, you may not have the patience or time to address all of the aspects of a complete evaluation, but that doesn’t make it any less important. If you’d like to offload the burdensome parts of an SDWAN evaluation, the Comtel Group can help.