When IT teams consider their options across SD WAN deployments, direct Internet access is a fundamental component that will impact uptime and application performance across latency and jitter.
Three main SD WAN architecture options typically make up the majority of deployments. In this article, we'll discuss:
- Separating out the underlay (DIA, MPLS, VPLS) from the overlay (SD WAN, SASE)
- Selecting a traditional telco service provider to deliver the end to end solution
- Research an SD WAN integrators to resellers to bring everything together
“As a companion to this article, choose between our SD WAN vendor assessment quiz or use the full comparison tool. They're both free to use and created for IT teams.”
Visit the SD WAN quick assessment page now, receive instant vendor recommendations. Start the SD WAN vendor quick assessment →
Create your free login to Netify. Start filtering features, comparing vendors side-by-side and view their focus areas. Login to access the comparison tool →
While traditional MPLS WAN deployments were typically procured from service providers, SD WAN solutions over direct Internet access mean businesses are free to choose their underlay in isolation to overlay managed services. There are several reasons for architecting your SD WAN solution in this way which include cost savings and the freedom to select based on hub, branch office or user needs.
Private MPLS required buying the network from one service provider which more often than not also provided the managed Cisco router resulting in a known issue referred to as 'vendor lock-in'. Vendor lock-in occurs when contracts do not co-terminate which means migrating away from the service provider is difficult as certain branch site cancellations incur early termination penalties.
In addition, the service provider may offer good backbone network performance but poor managed services (or vis versa). In this instance, the desired outcome might be to retain the network but remove the managed routers - note that contracts will often not facilitate such a change.
Enterprises are benefiting from the freedom to architect their WAN based on several factors which include:
- Selecting the best performing DIA connection per location which also identifies local cost savings (your apps could perform differently as traffic traverse multiple ISP's)
- Selecting a single public IP backbone provider in isolation to the managed services
- Creation of global DIA regions based on leading international service providers
IT teams will need to evaluate each vendor considering how their respective SD WAN use case requirements report on network performance to identify issues with packet loss, high latency and any network downtime.
You may have read about CNaC (Cloud Native Architecture) which describes (in reference to Software WAN) solutions that are built around a single technology stack. Cato Networks is a good example of a vendor that delivers SD WAN with end-to-end support without 3rd party services.
The CNaC business outcome delivers DIY, Co-Managed or fully managed SD WAN from a single vendor product. In other words, IT teams no longer need to choose between which level of service and support they require. CNaC intelligence and solution orchestration is cloud-based, which means any branch site or remote user can be activated over any Internet connection from 4G and 5G to Broadband and Ethernet leased lines. Lastly, SD WAN vendors often support 3rd party direct Internet services as a component of the overall solution.
While the vendor does not own the contact, the outcome means there is a single contact point when issues occur. In simple terms, lack of ownership across all elements of the solution. When buying from a traditional service provider or reseller, all elements are often included from project management to physically installing the kit on-site. Global services require knowledge with regards to in-country restrictions and import/export laws.
Also, there is the time of day differences to consider, which will mean your IT team will need to provide International support based on the individual site business needs. You'll often hear the need to deliver solutions with a single point of contact. If this describes your organisational needs, buying SD WAN overlay and underlay separately is not possible.
Service providers and integrators partner with Gartner rated SD WAN vendors to offer an end to end solution with DIA connectivity for data and local Internet access, support and delivery under a single contract and invoice. For many businesses, the traditional telco path is their default option due to the ease of buying services.
Direct Internet Access vs Broadband
DIA is the common term for Internet leased lines that offer symmetrical circuit speeds of 10Gbps, 1Gbps and 100Mbps. DIA circuits typically offer robust SLA's (Service Level Agreements) which cover latency, jitter, uptime and delivery timescales. In contrast, Broadband links do not offer the same symmetric performance, uptime, bandwidth and support SLA's. The majority of business Broadband does not offer robust fix times and is notably less reliable vs Ethernet leased lines.
With the above said, Broadband does offer cost savings and an ideal solution for remote users or branch sites where uptime is not critically important. An example use case is retail where the business may require IP connectivity across hundreds of branch sites.
Benefits of a Direct Internet Access strategy vs MPLS
The adoption of SD WAN has become the default choice for most organisations, from small and medium business to large global Enterprises.
For most IT teams, SD WAN is needed to meet the demands of a distributed global remote workforce needing to access their SaaS apps. Simply put, our application traffic is sent to/from public cloud data centres or via the cloud providers own infrastructure. Layer on BYOD (Bring your own device) and multiple hardware platforms from PC through to tablets and even watches, the Internet is the only way to connect these devices. SD WAN delivery and orchestration are made simpler by using cloud servers, which results in faster and more simplified deployment.
How to request Direct Internet Access pricing
The Netify pricing team have created an SD WAN tool to enable your business to set budgets across overlay and underlay. As of writing this article, the tool only supports Versa for SD WAN overlay but 5 service providers are supported for connectivity requirements.
How to add Direct Internet Access security
Security is now the number one comparison area when evaluating SD WAN providers vs your own business policies. Gartner created their SASE (Secure Access Service Edge) framework to identify the key areas IT teams must consider when securing DIA.
- URL filtering
- SSL interception
- Advanced threat protection
- DDOS/WAF as a service DNS security
- CASB (Cloud Access Security Broker)
- FWaaS ZTNA (Zero Trust Network Access)
What Direct Internet Access bandwidth is available?
An overview of SASE security can be found here. As companies migrate to SD WAN direct Internet access for new sites and from private layer 3 MPLS and layer 2 VPLS, comparing DIA service providers is an essential component of the project. The Internet is now the preferred connection type for the majority of IT teams, with users accessing public cloud applications from almost any location, including home and office. If your IT team has decided to buy SD WAN overlay