While there are numerous features associated with SD WAN comparison, evaluation of the top/best leaders is typically focused on four main topics. In the majority of cases, clients are considering the move from MPLS to SD WAN with the intent of increasing agility by leveraging public cloud access. As we’ve written about previously, SD WAN leaders vary in respect of their cloud optimisation capability. Alongside path optimisation, features such as next-generation security, management, and quality of service feature highly during initial vendor discussions.
In this article, we’ll discuss the key areas typically on the mind of IT teams engaging Netify for vendor-leader comparison.
Cloud and path optimisation
SD WAN solutions are typically split into two distinct categories. SD WAN capability with private core backbone access SD WAN supported with end-to-end Internet underlay. The viewpoint when discussing solutions that offer private core backbone connectivity often differs when evaluating leaders across national vs global Enterprise requirements. When the network architecture spans global locations, IT teams often lean toward SD WAN vendors with private backbone access to improve service levels when accessing AWS, Azure, and Google. In contrast, national deployments (e.g. UK, US, etc.) do not benefit to the same extent from private core network transport. In fact, some view private PoP access when architecting national requirements as detrimental to application performance. As the Enterprise is becoming ever more distributed, there’s the fundamental need to secure users and nodes but also to ensure the traffic transits via the most optimal route when accessing their cloud data resources.
When comparing SD WAN leaders, the vendor capability will either include native SASE capability or their solution will involve partnerships with leading security providers. Most of our conversations and meetings these days always begin with a conversation about security and how using an Internet-based SD WAN solution will meet the demands of the mobile workforce.
Where possible, there is a trend to consolidate both the WAN capability and security into one vendor solution. The route your IT team will follow is normally based on whether there are specific security needs requiring niche products outside of an SD WAN solution and/or any existing contractual commitments.
What about SASE?
SASE describes a combination of security features designed to meet the demands of branch-offices and users as they access resources across the Internet. The SASE concept recognises that SD WAN is positioned to provide end to end security rather than the Enterprise needing to buy individual components in a silo approach.
Some of the SASE features are listed below:
- SWG (Secure Web Gateway) - An SWG offers protection to users by applying policy enforcement which may consist of blocking access or protecting against unauthorised data transfer.
- CASB (Cloud Access Security Broker) - CASB security brokers are designed to help the Enterprise extend security controls to the cloud. Aspects such as visibility, compliance, security and threat protection are covered by CASB capability.
- FWaaS - Next-generation Firewall features facilitate cloud installation, which removes the need for physical hardware where required. One of the key tenants is simplified management of Firewall features which no longer requires on-premise resource.
- ZTNA (Zero Trust Network Access) - ZTNA applies zero trust by requiring all users to authenticate their access
MPLS VPN has been the staple of networking for a couple of decades or more. I appreciate the following statement is a generalisation - in the UK, we often opted for fully managed services vs the US where DIY appears to be the standard approach. As we look to adopt SD WAN as a direct replacement, business requirements are trending toward DIY or co-managed options to re-gain control of their network infrastructure.
In recent articles, I’ve read the requirements for fully managed SD WAN are growing, representing a huge vendor opportunity. In our practice here at Netify, we actually work on a good mix of DIY, Co-Managed and Fully Managed services.
All vendors vary in respect of their portal capability, but it is fair to say every SD WAN solution is offering some form of cloud-based management interface. In order to evaluate a leader, we recommend a complete demonstration of each aspect to understand the expertise and resource required to deploy and manage their respective WAN.
Orchestration with zero-touch deployment are staples of the SD WAN proposition to meet the demands of quick and easy installation. In theory, businesses require an Internet connection and some form of device or client to get up and running in minutes. How simple and straightforward the solution is to deploy in the real word is fundamentally down to the interface.
The below screen shot shows a typical SD WAN portal interface. Outside of an RFP approach and vendor demonstrations, proof of concept is the only way to evaluate capability vs your IT requirements.
SD WAN QoS (Quality of Service)
There’s always speculation surrounding how applications will perform across the Internet. This concern is typically generated as we transition away from the end to end QoS properties of private based MPLS to public connectivity. As a reminder, MPLS will typically offer three main QoS settings to deliver delay sensitive, mission critical and best effort traffic.
If SD WAN cannot offer end to end QoS, how can your business meet the needs of application traffic across the Internet?
FEC (Forward Error Correction) and packet duplication are one of the methods directly compared to EF (Expedited Forwarding) MPLS QoS. With packet duplication and error correction, an alternative link can be put in place to duplicate the packets. When an error occurs on the primary path, voice calls do not fail because the alternative link delivers the packet without the fault/error from the primary.
One evolving area is dynamic session networking which will allow SD WAN to intelligently manage the network performance. In the current SD WAN vendor world, all sessions are treated the same and therefore all voice traffic is essentially equal.
Overall, SD WAN offers granular control of application traffic which is configurable based on comprehensive reporting. In addition, SD WAN has more effective control of connected links when packet loss or high latency is encountered.
Procurement of Software-WAN is somewhat speculation with regards to capability which is due to the massive amount of hype and marketing associated with each vendor solution. While an RFP and demonstrations will help gain a basic understanding, buyers should look toward POC (Proof of Concept) to gain real insights into leader capability.