How the Netify SD WAN assessment compares vendors?
We created the SD WAN assessment to help IT teams understand which Software-WAN vendors and providers are a good fit vs high level business needs. The idea behind creating the assessment is to help build a shortlist of solutions which deliver against fundamental basic business-level benefits and end-user experience.
How does the assessment work?
We ask a series of questions designed to clarify the following points:
- Understand which vendors meet your high level features
- Understand which vendors reach your branch-office locations
- Which vendors offer WAN edge vs NFV (Network Function Virtualisation)
- Which vendors operate as appliance only, appliance and network connectivity, or own private IP backbone
- What is the estimated latency between locations (we estimate latency between key locations within the assessment results)
- Which vendors offer next generation security
- Which vendors offer path selection
- Which vendors offer SD WAN optimisation
When businesses begin their initial solution investigation, the typical question asked is:
- “Which SD WAN providers are top or best?".
The question is fairly difficult to answer outside of simply listing every single SD WAN benefit across leading vendors because requirements are always different for each organisation.
Without completing some kind of assessment, IT teams risk their time and productivity by going through the sales process with solution vendors and providers that are not aligned to the most basic requirements. The result is frustration but more importantly, wasted time.
The buzz around SD WAN technology is significant with each solution marketing features (offering substantial benefits) from next-generation security to broadband transformation. With features and benefits marketing leading the conversation, other more basic requirements are often not discussed until the sales process is someway down the line.
SD WAN is typically procured as:
- Vendor only appliance-based solution
- Bundled connectivity via one of the large telco service providers
- An SD vendor with their own private IP backbone with local VPN access to the closest PoP (Point of Presence)
Below. Netify estimates latency between locations for SD WAN application performance prediction as part of your assessment results.
How Netify designed our SD WAN solution readiness assessment?
Within the next section of this learning centre article, we’ll discuss some of the questions we ask within the assessment and why. Please note that we are continuously updating the assessment, which may result in some of these questions not appearing on the live page.
Below. An example question from the Netify SD WAN assessment.
How well does your business understand the SD WAN market?
While our initial question may appear over-simplistic, we gain an insight into your responses across the rest of the assessment. When organisations are just starting in their quest to learn more about SD WAN benefits, their feature requests are often based on what is perceived to be of use rather than an exact business need. At the opposite end of the scale, businesses which are some way into their SD WAN investigations will often respond with more experience surrounding features.
What are your primary SD WAN solution objectives?
An assessment of which areas you feel would be most beneficial allows our team to identify providers with a specific feature set for shortlisting purposes. At this stage, we would not necessarily disregard any provider unless they fail on multiple requirement areas. Within assessment answers, we often find at least three vendors that are worth considering even when their capability may be weak in certain interest areas.
How to compare with traditional private MPLS or VPLS WAN services?
You will no doubt read that MPLS is finished as a technology. The fact remains that layer 3 MPLS and layer 2 VPLS both have a part to play in good hybrid WAN solution architecture. It is true that certain vendors such as Cisco Meraki are not particularly easy to deploy across private WAN services, but a good percentage of vendors offer support for private WAN connectivity.
In simple terms, MPLS is private which, in the world of public cloud access, has moved from a benefit to a negative in the space of a few years. With this said, an MPLS port within the right data centre does offer back to back connectivity with SaaS, IaaS and PaaS cloud providers so in many ways IT teams need to consider carefully their options during the network architecture assessment phase. Within the SD WAN assessment, if hybrid WAN services with MPLS are required we’ll ensure vendors with a capability to integrate both public and private are highlighted.
MPLS offers a distinct difference vs public IP backbone connectivity across end to end QoS (Quality of Service) and the ability to deploy an SLA (Service Level Agreement).
Is there an intent to keep connectivity at certain sites?
One of the benefits of SD WAN is the capability to integrate into existing connectivity, even a hybrid of private MPLS/VPLS with the right solution vendor features. If your business is currently using the Internet at selected branch offices (including Ethernet, Broadband, 4G and 5G) SD WAN offers an overlay approach to begin leveraging any circuit via path selection technology.
Which regions require SD WAN deployment?
The reach of vendors and connectivity providers is significant across two key areas. The first is the deployment and ongoing support in respect of in-country employees. Assessing providers against their staff reach is nothing new, and certainly something the enterprise should continue to evaluate. Where SD WAN solution startups are concerned, their staff are often centred on a particular region - even the most established providers usually do not provide reach within every location.
Connectivity (whether Internet or MPLS) must to be assessed from the perspective of network performance, i.e. latency and jitter but also NOC (Network Operation Centre) SLA data points. The Internet (or Public IP if you make use of a single backbone) is challenging to assess in respect of network performance. With this said, most providers will offer latency performance guarantees between core PoP locations. Netify can approximate latency between regions where required and across data centre cloud providers and international city locations. (AWS, Microsoft Azure & Google Cloud)
Below. Netify researchers assessing data centre availability and ISO accreditations.
Support must be considered in terms of how reactive the provider is when an outage or network degradation occurs. MPLS VPN is a known quantity; there’s an expectation when dealing with support that network engineers offer good service levels across troubleshooting.
How to realise SD WAN cost savings using the Internet?
With cost savings beginning the rush toward SD WAN adoption, businesses are looking to realise reduction vs costly MPLS WAN connectivity. In the UK, there isn’t a huge difference when comparing MPLS vs Internet from a cost perspective. However, the US market is different, here MPLS is much higher when compared to the same bandwidth Internet circuits.
In the main, cost savings are achieved by leveraging the Internet rather than reducing WAN edge costs. With the adoption of DIY SD WAN, there are also headline cost reductions as managed service costs are reduced. We would exercise caution since your IT team will be responsible for managing the SD WAN service, which of course incurs time and resource cost to the business.
Include multiple carriers
SD WAN designs often involve multiple carriers to provide flexibility and lower cost. The use of numerous connectivity carriers positions businesses to avoid network lock-in, which is typically associated with private network carriers.
In recent years, the standard approach (at least within the UK, not so much the US) was to buy managed WAN services from the connectivity provider. In short, businesses would leverage Cisco or Juniper WAN edge technology with telco connectivity capabilities purchased from the telco. This approach is a significant benefit to the provider (rather than the organisation) since both connectivity and WAN edge are tied contractually together, i.e. network locked.
SD WAN agility positions business to separate the vendor appliance from connectivity. The benefit is that network costs to be reviewed and staggered contract end dates do not create an impact.
There is also an initial benefit since SD WAN offers business agility when migrating services over from an existing provider. If your network site contracts all expire on different dates, adding an SD WAN appliance to sites which expire early means migration is able to take place outside of waiting for the entire WAN contract to finish.
How will SD WAN help deliver stable application performance?
Assessing your applications against vendors means evaluating path selection, packet loss and degregation response. With each vendor offering similar capability, the analysis often revolves around cloud services path selection and technologies such as error correction.
Regardless of SD WAN features, the underlying network connectivity must perform across roundtrip latency, jitter and uptime. The majority of applications used by Enterprise today are accessed remotely, traffic could originate from anywhere at any given time. User productivity is based on access to cloud applications which means the technology must exist to help improve and sense poor network connections.
Applications can be prioritised - SD WAN is capable of packet steering and will make the most of whatever available connections are presented. If Broadband offers relatively slow performance in comparison to 4G (and 5G), low priority traffic can be sent via Broadband to save data costs.
Traffic steering around congestion - while SD WAN does not offer the end to end QoS properties of MPLS VPN, the technology is able to monitor the health of any given network link against latency, packet loss and dropped packets. Software-WAN can be deployed to recognise network performance issues and react accordingly by sending traffic across an alternative WAN circuit.
Add WAN optimisation - optimising the WAN is designed to reduce the packets sent across the WAN circuit and/or enhance inefficient applications (commonly known as chatty applications).
Should you consider a single next-generation security SD WAN vendor?
Next-Generation Security Firewall (NGFW) conversations are often driven by the capability of Software-WAN to consolidate network capability into a centralised function. Security is now the number one assessment area of focus as businesses realise the need to secure their network over and above the basics of application performance. From an SD WAN assessment point of view, the intent is to assess which vendors offer single platform next-generation security capability vs SD WAN solutions which require 3rd party integration.Next-generation firewall security encompasses:
- Integrated intrusion protection
- Content filtering
- Automation and orchestration
- Machine learning for vulnerabilities and cyber threat assessment
- Application and user control
- Advanced malware detection (Sandboxing)
- Multiple layers of cyber threat assessment
Are you interested in fully managed, co-managed or DIY SD WAN?
There’s a significant shift from managed services through to IT teams looking to leverage the GUI management approach of SD WAN. While the Software-based WAN is now certainly far easier to manage vs the command-line days of routers, there remains a level of expertise required to deploy network elements, services and security correctly. When considering assessment results, there is a need to understand whether initial configuration professional services advice is required or ongoing co-managed/fully managed services. There’s a cost reduction associated with self managed DIY SD WAN but the on flip side, your business will pay in terms of network engineering resource time and the requirement to monitor services.
Are you open to procuring SD WAN vendor appliance outside of your connectivity?
The WAN infrastructure migration challenge is real and continues to require significant project resource from provider selection to deployment. In the traditional world of MPLS, the managed service is tied to the connectivity (for the most part) - we mentioned this earlier. Software-WAN is essentially de-coupling connectivity from vendor capability meaning businesses often end up managing multiple providers and billing streams. If your business requires single billing and management of all aspects of the solution, there is the option to engage single service providers and SD WAN integrators (hint, Netify helps here).
How is the SD WAN service deployed?
While underlay and overlay may sound more aligned to carpet fitters than network engineers, both are components of SD WAN architecture. Underlay is the ‘underlying’ connectivity, ie. Internet, MPLS or VPLS (as examples). Underlay consideration is important because the classic MPLS single provider/vendor solution means that connectivity problems are fired directly into your service provider. Whereas when an issue occurs across multiple ISP backbones, where does the problem actually exist? An SD WAN overlay mitigates against this issue by offering alternative paths until the issue is fixed. In short, SD WAN doesn’t really care about the underlay (WAN links) in as much as the technology will use whatever circuit is presented. The overlay is the actual SD WAN service which is separating the applications from physical connectivity.
SD WAN deployment offers ZTP (Zero Touch Deployment) allowing IT teams to deploy hardware with no configuration, the site plugs in the device, configuration is downloaded from the management server.
We'd welcome feedback and additions to our SD WAN assessment, let us know if you have any specific questions or additional areas you would like Netify to consider.
About Robert Sturt
Robert is the Managing Director of Netify, a Network Union brand. With experience working across WAN services since 1998, Robert brings a wealth of experience based on hard won knowledge. A writer for Techtarget.com and an experienced business strategist, Robert can bring a tonne of value to your project.