Choosing the Right SD-WAN Vendor for Your Organization
SD-WAN adoption is growing at a rapid rate. Enterprises have realized the benefits of SD-WAN, and there’s no shortage of vendors willing to meet the demand. However, there is significant variety in the features and benefits of the various SD-WAN solutions. To help you sort through them and identify the SD-WAN vendor right for you, we’ve compiled this list of criteria. Without further ado, let’s take a look…
Global/regional MPLS replacement
Ever since Gartner declared SD-WAN was killing MPLS (Multiprotocol Label Switching), there’s been a clear winner in the MPLS vs SD-WAN debate. However, not all SD-WAN solutions can serve as an MPLS replacement. An underlying global private network is a must for any true MPLS replacement. The public Internet is too unpredictable with too much latency, particularly across trans-oceanic routes and in under developed Internet regions, to replace global MPLS. A global private backbone will have PoPs, SLA-backed capacity, and WAN optimizations that provide performance and reliability that meet or exceed what MPLS delivers at a lower cost. Further, SD-WAN solutions decrease provisioning times (often from months/weeks to days/hours) and increase operational agility relative to MPLS.
Delivery of secure, direct Internet access at branch offices
Many SD-WAN solutions are implemented to avoid costly MPLS backhauling for Internet-bound traffic. However, with the myriad of Internet-borne threats that exist today, direct Internet access must be protected to maintain a strong security posture. If this is your goal, look for a vendor that provides security solutions integrated with the network infrastructure. SD-WAN providers with private network backbones can deliver secure network access by creating secure tunnels from the PoP nearest to your branch.
Protects your WAN from network-based threats
Malware and ransomware can cripple a business. With WAN traffic becoming more dynamic than ever, securing it effectively is more complex than ever. For the modern enterprise, direct Internet access from various endpoints is now the norm. This means enterprises must protect on-premises, mobile, and cloud assets against countless threats over a wide variety of attack surfaces. Technologies like IPS (Intrusion Protection System), SWG (Secure Web Gateway), and NGFW (next-generation firewall) can go a long way in mitigating these threats. However, the challenge is doing so effectively and in a way that makes business sense.
Backhauling traffic to a single location for security auditing and analysis isn’t practical or performant. Deploying individual appliances at each physical location often isn’t a scalable solution either. This is because deploying multiple security appliances at each physical location is costly and can lead to oversights. It also leads to increased opex as a result of the required provisioning and maintenance.
The solution to these challenges is a WAN architecture that builds security into the underlying network fabric.
It’s also important to look at how features are implemented when considering a solution. For example, many SD-WANs don’t offer packet inspection. For those that do, the sophistication and depth of inspection varies. For example, some only inspect site-to-Internet traffic, but not site-to-site traffic. For enterprises looking to reduce malware dwell time and lateral movement, the latter can be just as important as the former.
SD-WAN Vendors
Evaluation Wizard
WAN performance optimization
Services like videoconferencing, VoIP, and telepresence all demand low-latency, high-performance connectivity. But Internet routing oftens translates into high latency and unpredictability, and last-mile Internet connection often experiences significant packet loss. WAN optimization techniques such as TCP optimization, Quality of Service (QoS), dynamic path selection, and packet duplication, can help mitigate the likelihood the network becomes a roadblock to performance. Similarly, proactive network monitoring and the ability to account for single points of failure are an important part of keeping any WAN solution up and running.
Connects cloud datacenters to your WAN
IaaS (Infrastructure as a Service) platforms are an important part of many modern WANs. As a result, enterprises need to be able to securely connect on-premises and cloud datacenters. Oftentimes, enterprises pay premiums for services such as Azure ExpressRoute or AWS DirectConnect. With the right WAN architecture, enterprises can achieve optimized cloud connectivity without paying extra for these premium services. This becomes possible when WAN PoPs share a footprint with IaaS providers.
Secures and optimizes access to cloud datacenters
When evaluating based on integration with platforms like Azure and AWS, it is also important to consider how the SD-WAN vendor is securing and optimizing those connections. Protecting cloud assets requires deploying additional security solutions in the cloud, fragementing your view of security infrastructure. Incorporating cloud security as part of SD-WAN security will preserve your visibility and make security policy management easier. Additionally, the geographic distance between PoPs and traffic optimization techniques used for cloud-bound traffic can have a drastic impact on performance.
Secures and optimizes access to cloud applications
As a result of the ubiquity of mission-critical SaaS (Software as a Service) apps such as Office 365, user-education has become an important part of security posture. Web-based threats and social engineering are now a regular occurance and users must be aware of common-sense steps to protect themselves. However, to provide defense-in-depth and improve network security, enterprises need to be able to filter out known malicious URLs and provide robust Layer 7 protection.
From a performance perspective, the benefit of reduced geographic distance is enhanced when an PoP shares a datacenter footprint with SaaS providers. Similarly, the same performance optimizations that benefit IaaS solutions can enhance SaaS connectivity.
Connects and secures mobile/remote employees to WAN, Internet, and the cloud
Connecting mobile and remote employees to the WAN securely without sacrificing performance is a common problem facing enterprises today. Often enterprises must choose between performance issues with site-to-site VPN or allow remote users to connect directly to cloud resources and sacrifice performance. Network architectures that enable mobile users to easily connect to a secure WAN backbone eliminate these challenges and bring performance and security to the remote workforce.
Unifies and simplifies network and security management
Integrating networking and security helps ensure a holistic approach to securing the WAN, but simplifying management is important as well. The less complex management is, the less room for error. Additionally, by spending less time on network and security management, you can focus more resources on key business functions. Look to demo management interfaces and read case studies and reviews before making a decision on this point.
Manage, monitor and configure the network by yourself
Dependence upon a vendor for change management can significantly reduce organizational agility. The ability to self-manage the network from a simple control panel is important. It can be the difference between waiting minutes for a change and waiting days. Additionally, monitoring and network visibility help you stay proactive about network security and establish performance baselines across the WAN. If you prefer a fully-managed deployment model, determine if it is possible to purchase a managed service agreement that enables you to make changes when/if needed.
Making a decision
There’s never a one-size-fits all answer as to the best SD-WAN solution for every network. When you evaluate vendors across these data points, you can make an informed decision based upon your business needs. Using the above parameters to guide your decision-making process will allow you to look past marketing fluff and focus on what really matters.
To get started finding the right SD-WAN vendor for your needs, consider taking this interactive quiz: