Have you heard about Software Defined Wide Area Networking? Most people who work in the networking business have read articles or heard the industry buzz. Gartner predicts SD-WAN will replace traditional routers so what do you need to know if you have remote offices? What are the unexpected items that will result in problems for your company if the devices are not deployed correctly?
Software defined everything is replacing areas traditionally held by hardware only vendors because of the flexibility it provides on making your infrastructure look and feel how your business needs it to. When you think about it, software has been replacing hardware for some time now. The smart phones we use today have replaced items like GPS, mobile phone, personal digital assistant (which itself replaced hardware), camera, video recorder, and the list goes on. Software defined has freed up many different solutions to expand and conform to fit the needs of the business instead of the business conforming to the hardware. SD-WAN is not any different. In it’s current state, SD-WAN allows companies to define on their own how the branch offices are connected and give themselves many choices on where and how to send their traffic. Additionally, since it is software defined, we can now deploy firewall protection, quality of service, dynamic route tables, etc. on one appliance where traditionally I would have multiple devices like a firewall in front of a router. It also permits the aggregation of multiple links into one large “Virtual” link. But with this flexibility comes increased complexity.
Many companies currently have one WAN circuit contract with their provider. Usually this involves MPLS or Metro-Ethernet links established and maintained by the provider. But, to take advantage of SD-WAN flexibility, the customer may wish to add direct internet access lines into their branch offices. What if their provider doesn’t have the best speed or even any offering in all their branch locations? What if the customer wants 4G LTE or Satellite as a backup? Can I get more than two internet connections? Managed service providers negotiate contracts and aggregate all the circuits on one bill, whether they are MPLS, 4G, Cable modem, DSL, or Satellite. This allows the customer to just get one bill monthly and ensure the new circuits are established and configured when a new branch is setup. This saves time arranging for and coordinating all the circuits as well as saving the accounting department time sorting through all the bills and making sure they are correct.
SD -WAN appliances are also security devices. If they are connected to the internet, this is a potential access point to the branch office. Because of this, security must be ensured, and the devices must be properly configured and patched. Most customers do not have the personnel or the expertise to keep up with this added workload. Now, instead of a single firewall in the data center or a second in the DR data center there are firewalls to be maintained in every branch office. Do they still want to back haul internet to the main data center? Would it be better to allow local internet access? If they do, how do they protect their users and monitor security? There are third party options available for these solutions, but which one is best? Having a valued partner in this area could also be very beneficial for the customers. A managed service should also include managing the security on the firewall and patching the appliances as needed and during an approved maintenance period.
Most of the SD-WAN manufacturers are working toward a simple provisioning model. Pre-staging of the configuration coupled with a call home first feature allow for the deployment of firmware and configurations from the main data center. This simplified management solution for deployment is very helpful. But what expertise is required to ensure the preparations have been done prior to shipping the appliance? One of the advantages of SD-WAN is that you do not need to wait for an MPLS circuit to be deployed to get a branch online, but what steps are required to ensure that the branch comes online as planned? Most managed providers have programs and capabilities in place to not only ensure the configuration is prepared correctly, but to also do test and turn up on circuits when the deployment is to be done. And what if something goes wrong? Companies would then have to send out one of their personnel to the branch to figure out what went wrong and what was needed to get it working. Arranging this could take days and has a large cost associated with sending the employee on site. Most managed providers have agreements in place with local providers. This allows them to dispatch a knowledgeable person on site quickly, without incurring a lot of travel expenses. This also minimizes the delays that would be caused by something not going as planned.
Do It Yourself is very popular when it comes to working on cars or making home improvements. But, in most cases, the job is completed faster and to a higher quality when someone who has experience and knowledge does the work. IT projects can be similar in that if projects are done by inexperienced personnel, they can take longer, not be completed fully, and have unexpected consequences in both cost and security. Utilizing a managed provider to deploy your SD-WAN can save money in the long run. And no one wants to have an oversight when it comes to security.