8 SD WAN points to consider when selecting a provider/vendor
1. Understanding the challenge
One of the biggest challenges facing you when deploying an SD WAN solution is choosing the platform vendor that can meet your specific needs. While all SD WAN platforms support the use of multiple WAN links, some platforms are better with integrated WAN optimisations, some work better with wireless 4G/5G links, some have tighter security integrations, and more. If you have a very large enterprise, a smaller or lesser-known vendor may have trouble supplying the number of SD WAN edges required for your deployment, or their platform may not be as mature as some of the more established SD WAN players.
Another challenge is considering the expertise level required to install and operate the platform. Products like Cisco Meraki are geared toward simplified operations and are generally much easier to work with than more involved platforms. However, the trade-off is that more complicated platforms typically offer more advanced features to serve very specific environments and requirements. If you are purchasing SD WAN as part of a managed service, this becomes less of an issue.
Learn how the Netify IT decision making portal helps UK, US & Global business conduct WAN comparison in minutes.
2. Public vs Private WAN services
One of the most common and exciting reasons for SD WAN deployment is it makes using commodity public Internet circuits for transport much more feasible. However, experience has shown that there is still a need for private WAN services such as MPLS when you have more exacting needs. For example, if you have a lot of users that make use of latency-sensitive applications such as voice over IP (VoIP), your users will generally receive a better quality of experience (QoE) if the VoIP traffic is sent over an MPLS link while the public Internet link is used for bulk data like file transfers.
Similarly, if you need to transfer large amounts of data between locations, such as between a headquarters office and a data centre, private WAN links still offer higher performance than public Internet links. Some SD WAN platforms require Internet connectivity (such as Cisco Meraki), while others can be self-hosted and operate entirely over private WAN services.
3. Building a statement of requirements
Key to any successful SD WAN deployment is understanding the applications used across your network and their associated traffic patterns. For instance, if you do voice paging across your network, you might have a requirement for multicast across the VPN which only a few SD WAN solutions support. If you require some of your network traffic to receive preferential treatment through quality of service (QoS), you might require private WAN links that natively support those features end-to-end. If you plan on working with a managed services provider (MSP), you should make sure they can meet your service level agreement (SLA) requirements.
4. Security integrations
Highly-secure environments may require an SD WAN vendor that supports integrations with your preferred security platform, or otherwise includes native security functions that meet your needs. Some SD WAN products are add-ons to existing security solutions, while most SD WAN platforms have different levels of security built-in.
For instance, nearly all platforms use traditional IPsec tunnels to securely encrypt traffic between locations, but some platforms offer more enhanced features like filtering and firewalling along with controlled access through role-based access control (RBAC). While most SD WAN vendors offer at least a minimal amount of security features, some include support for integrations with more well-known security products which could be important if you already use those particular products in your environment.
5. Cloud integration
Businesses are continuing to edge their way into various public cloud environments due to their dramatic reduction in capital expenditures (CAPEX) for IT infrastructure and elastic offerings. Some SD WAN vendors offer virtualised edge devices that are ready to be activated within different public cloud vendors like Amazon AWS, Microsoft Azure, and Google GCP. Having a virtualised SD WAN edge gateway running in the cloud allows your on-premises network to seamlessly participate in cloud services.
Likewise, many service providers have established relationships with public cloud providers and offer private integrations for network traffic backhaul. This has the benefit of data privacy as well as improved performance because your network is connected to the cloud environment through the single service provider. Many companies that use public cloud resources choose to use the private link to the cloud as their primary data path and use the Internet for a backup.
One of the potentially hidden benefits of SD WAN is built-in reporting. Some SD WAN vendors do this better than others. If you don’t already have a third-party network monitoring and reporting tool in place, which is common for smaller networks, the reporting built into the SD WAN platform may be an eye opener regarding different trends within your network.
Likewise, even if you do already have reporting through a third-party tool, it is not uncommon for the SD WAN vendor to provide additional details within the platform, or to present items in a different and potentially more meaningful way. Many monitoring platforms produce reports on network traffic, but frequently SD WAN reports on link quality as well. This information can be a gold mine for evaluating troubled circuits and helping to maintain the SLA.
7. Diversity and application performance
One of the most significant architectural components of SD WAN is the ability to use multiple WAN link simultaneously in a much easier, more seamless way than was done in the past. Different vendors handle this in different ways. Some do per-packet load distribution across the links, while others distribute per application flow. This is frequently tied to application policies set within the SD WAN platform, such as voice traffic should always traverse the path with the lowest latency, even if it isn’t the fastest link with regard to bandwidth.
Many SD WAN vendors let you define very granular policies that include options such as specifying individual applications, individual users or destinations, time of day, and more. A well-defined policy improves application performance and the users’ QoE.
9. Managed vs DIY and Cost
There are two traditional approaches to deploying SD WAN: managed services or do it yourself. There are different costs associated with each approach. With DIY, you are responsible for all facets of the SD WAN deployment, including platform selection and purchasing, design, configuration, management, operations, and more. With managed services, your MSP can evaluate your needs and help you decide on the most appropriate SD WAN platform and then take care of the rest.
One of the trade-offs is control. With DIY, you fully control all aspects. With an MSP, you could be completely hands-off or have a contracted level of control, though the MSP will always have ultimate control over the SD WAN environment. Depending on the size of your deployment and the expertise level of your staff, DIY vs. Managed Services represents a trade-off in costs as well. Managed services typically rely on the operational expenditures (OPEX) pricing model, just like cloud providers, where there is little if any upfront costs. MSPs also have expert-level technical staff to serve your needs and are recommended if you’re not sure how to approach choosing and deploying SD WAN in your network.
About Jedadiah Casey
Senior Network Engineer for 5 years General IT/sysadmin experience 10 years prior Bachelor of Science degree in Information Systems Certifications: Cisco CCNP Routing & Switching, CCDP Network Design, CCNA Routing & Switching, CCNA Wireless, CCNA Industrial, CCNA Service Provider Certified Wireless Network Professional CWNA VMware VCP-DCV Juniper JNCIA Working toward Cisco CCIE R&S, first lab attempt was June 2018.