Is your business considering managed SD WAN services?
Service providers have made various managed WAN services available over the years. When a company is looking at outsourcing components of their WAN, there are usually one or more business drivers behind it. With SD WAN vendors suggesting SD WAN is a wires only unmanaged technology, many IT teams are asking how to balance an MSP requirements with software WAN services.
One driver is in reducing capital expenditure (CAPEX) spending by having the managed WAN provider furnish the business with the required WAN routers for the service. Another component could be managing and maintaining the WAN infrastructure, which could include both the circuits themselves along with the monitoring and configuration changes necessary to keep the WAN operational as the business needs change.
In 2019, major SD WAN players have been identified and have mature offerings that can add stability and resiliency to your organisation’s WAN, along with new features that were either previously unavailable or were much more difficult and costly to implement due to requiring multiple hardware appliances and complicated routing policies. This maturity in SD WAN is demonstrated by a shift in the market away from traditional standalone appliances with separate dedicated functions into systems supporting software-defined network connectivity.
In the past, it was not uncommon for each WAN circuit to terminate on a dedicated router, with Internet and VPN connectivity being handled by separate physical appliances. With SD WAN systems such as Cisco Meraki and Cisco Viptela, multiple devices can be replaced with a single or pair (for high availability) of appliances, which can be physical or virtual, that include all the functionality you need.
With SD WAN, the underlying network architecture does not necessarily change much from previous iterations. One of the enticements of using software WAN services is the possibility to use commodity broadband Internet circuits as part of your WAN infrastructure. However, depending on your company’s specific needs, broadband Internet might not meet your requirements, especially when dealing with very high volumes of traffic or when you have applications that require a specific maximum latency or jitter tolerance.
This is why traditional MPLS-based technologies like Virtual Leased Lines (VLLs, pseudowires), Virtual Private LAN Service (VPLS), and MPLS Layer 3 VPN are still important and potentially even a critical requirement. Platforms like Meraki and Viptela are designed to work with these kinds of private circuits and take advantage of any features they may have such as quality of service (QoS) marking and multicast processing. One of the major advantages of using SD WAN is that all links, whether private or public, can be used simultaneously. The appropriate link will be chosen based on both policy and performance requirements.
For many organisations, transitioning to SD WAN presents the opportunity to cost-effectively use multiple means of connectivity at each location. Large businesses, in particular, can realise a potentially significant reduction in operational expenditures (OPEX) by migrating to a managed WAN service that includes the SD WAN platform, configuration, management, monitoring, and perhaps most important, circuit procurement and provisioning. Each of these functions potentially requires a full-time staff to handle, whereas a managed WAN provider can take care of these details for you and let you concentrate on your core business.
Some businesses may be hesitant to let a third-party completely handle all aspects of WAN operations without oversight. With managed SD WAN, it is very common for the enterprise to still maintain a level of company control as agreed upon with the provider. Your company should have access to the monitoring and reporting features included with the platform, but you may also have an agreement in place where your business is able to make certain changes without requiring intervention from the managed services provider (MSP).
For example, major architectural changes typically require assistance from the MSP, but smaller policy-level changes could be carried out by the customer. If you decide to roll out a new enterprise-wide application and need to adjust existing network policies to support the new software, it is common for the business to make those changes rather than the MSP, though the MSP will be there to offer guidance and assistance if necessary.
Another positive aspect of managed services is that the MSP functions as a proxy between you and the various vendors involved including the platform vendor and individual circuit providers, and can potentially even provide remote support such as inside wiring technicians for your locations. These ongoing operational aspects are a large part of the appeal of contracting with an MSP.
If your company uses public cloud services or is considering migrating some of your workloads at some point, a managed WAN service can be an important consideration as well. In the past, the WAN dealt primarily with private connectivity between locations at the edge of your network. Increasingly, businesses are finding it more cost-effective to utilise public cloud resources rather than manage and maintain their own data centre hardware.
A managed WAN provider can assist with connecting your network to the public cloud as well. This includes managing the security aspects and establishing cloud connectivity as part of the managed SD WAN solution. Microsoft Azure and Amazon AWS both have agreements with various providers to provide private connectivity into the respective cloud environments. For companies that are new to working with cloud resources like Azure and AWS, there are new security aspects that must be correctly handled that are often overlooked. Your MSP can help you work through these challenges and ensure your WAN remains secure as you migrate into the public cloud.
WANs of all sizes have a need for intelligent reporting that includes trending data such as bandwidth utilisation and problem reporting. Previously, this level of reporting required expensive third-party tools. While these tools still have their place, particularly in very large environments, most SD WAN platforms including Meraki and Viptela have intelligent reporting built-in and do not require extra third-party software. With this built-in reporting, you can quickly assess both the overall state of the network as well as the performance of individual locations and their associated links.
In addition to reporting, different alerts can be set up when various thresholds are passed, such as a particular link using more bandwidth than normal or seeing an increase in delay or jitter. It is also possible to easily dissect your network traffic and see which applications are using the most data. This can additionally be important for security assessment because you can detect abnormal traffic patterns.
WAN connectivity is based on service contracts, and it is common for larger organisations to have contracts with a few different providers for redundancy. Migrating from one provider to another, which typically occurs toward the end of a contract, has traditionally been a very involved process as hardware configurations may need to change at the various points of connectivity. SD WAN is making this process much easier since the networking now exists in the SD WAN overlay connectivity which does not care what kind of underlay connectivity it uses. This means you can easily switch service providers without changing your overlay network settings.
Likewise, when opening or moving to a new physical location, frequently one of the components that has the longest lead time is getting new circuits installed. SD WAN coupled with wireless 4G / 5G connectivity might provide an acceptable level of performance temporarily until your permanent circuits are installed. This lets your business be more agile, which can be particularly important for companies that have retail offices with frequent moves or openings. Once again, because the SD WAN service does not care what you are using for underlay connectivity, you are able to maintain the same network configuration no matter how you connect.
When you have a large network of any kind, you must carefully consider the overall architecture. This is especially important if your enterprise has a global reach. SD WAN includes built-in enhancements such as Forward Error Correction (FEC) and per-packet load distribution across multiple links to make the most out of the connectivity you have in place, but you must still consider propagation delay (the time it takes for data to go from one end of the connection to the other) when you are working with networks that cover very large distances. Companies that only have a national or more regional presence need not be as concerned with this. If your network applications are latency-sensitive, you may have to design the network so that particular resources are closer to the users. For example, you would not want your global Voice over IP (VoIP) traffic to have only a single exit point across the entire network.
Another major consideration with global networks is the cost of connectivity. There are very few service providers who have a truly global reach, and most have partnerships in place with smaller ISPs in order to provide you with end-to-end connectivity. When you purchase a managed WAN service, the MSP will be the one to coordinate the end-to-end connectivity across the different carrier networks. Most global networks are designed so that local and national connectivity meets at a central point within the region, and then the central points are connected together across the globe to form a high-speed backbone. While SD WAN helps make regional connectivity easier, you still need a solid backbone design for very large networks.
SD WAN also improves overall network reliability and resiliency when used with multiple different kinds of physical connections. Carrier diversity is not a new concept, but software WAN services make it easier to achieve this. The idea is to have different kinds of circuits from multiple service providers for your most critical locations so that a failure in one carrier should not affect your connectivity through another carrier. With a managed WAN service utilising, your MSP can take care of ensuring diverse connectivity.
For locations that must have as little downtime as possible, larger SD WAN appliances have the ability to utilise high availability (HA) features. For instance, it is common to have two appliances deployed in a synchronised HA pair so that network traffic is not lost if one of the appliances goes down. This could be due to hardware failure, software failure, or normal maintenance such as a software upgrade. HA can also be used by a single appliance with active and standby links. This is often done with smaller locations where a wireline circuit acts as the primary means of connectivity, and a wireless 4G / 5G connection remains in standby unless the primary circuit fails or begins to degrade, such as with a sudden increase in packet loss.
When evaluating SD WAN through an MSP, there are two primary controller hosting models available: the MSP or third-party contractor hosts the controller, or your enterprise hosts it, typically in a well-connected environment such as a datacentre. The controller is the heart of any SD WAN platform as it provides the monitoring and configuration management aspects of the entire SD WAN solution. When the SD WAN edge devices at your location cannot reach the controller, they cannot be monitored, and they must continue to operate on their last known configuration. This is why it is imperative for the controller to always be reachable from all locations.
With the MSP-hosted option, the MSP retains full control over the entire platform and provides you with the contracted level of access. When you choose the self-hosted option, your business maintains the ultimate level of control over the entire system, though you become responsible for the controller’s availability. Typically, the MSP will then offer services to help manage and maintain the SD WAN platform while you are under contract.
When your organisation has made the decision to explore SD WAN through an MSP, you must carefully evaluate your needs and come up with a statement of requirements that will ultimately generate a Request For Proposal (RFP) document. Every MSP and each SD WAN platform and vendor have their individual strengths and weaknesses. Determine what your current and potential future network needs are, along with hard requirements and features that would be nice to have. This helps narrow down the process of finding a solution. Examples of requirements could be a 24/7 staffed Network Operations Centre (NOC) from your MSP along with an appropriate escalation process defined for issues encountered. You might request that any circuits provided must meet minimum bandwidth requirements or you may have a maximum circuit cost preference.
A good MSP will work with you to guide the proper solution for your specific needs. The MSP should make you feel that they understand what you’re looking to gain out of the service, and what kind of business relationship you wish to establish. Some companies have technical staff that are more knowledgeable or more “hands-on” oriented and intend to look to the MSP only when issues arise. Other businesses desire to have the MSP handle as much of the ongoing operations as possible with managing the WAN. The MSP you choose should understand the level of involvement you need them to have and be willing to work with you to ensure you managed WAN keeps running smoothly and quickly addresses issues as they occur.
About Jedadiah Casey
Senior Network Engineer for 5 years General IT/sysadmin experience 10 years prior Bachelor of Science degree in Information Systems Certifications: Cisco CCNP Routing & Switching, CCDP Network Design, CCNA Routing & Switching, CCNA Wireless, CCNA Industrial, CCNA Service Provider Certified Wireless Network Professional CWNA VMware VCP-DCV Juniper JNCIA Working toward Cisco CCIE R&S, first lab attempt was June 2018.