In this article, we review the top features of 5 managed SD WAN vendors and discuss the different trade-offs involved with a fully managed service versus the DIY option to WAN management. In the UK, we’ve traditionally opted for managed services when procuring Wide Area Network (WAN) services. This is in contrast to the US, where the majority of businesses opt for agile network capability via wires only DIY solutions.
With this said, SD WAN services are offering up somewhat of a dilemma as IT Managers are considering their resources in respect of DIY SD WAN. Does software-based networking mean businesses are positioned to remove the cost of managed services?
Who are the top/best managed SD WAN vendors and MSPs?
Note: The table below covers a small subset of managed SD WAN vendors and service providers.
|Primary line of business||WAN as a service||Carrier||Aggregator||SD WAN vendor||SD WAN vendor|
|SD WAN technology||Own technology||Fortinet||Cisco Viptela, Silver Peak||Own technology||Versa Classic, Versa Titan|
|Sold standalone||Can be sold with the Aryaka backbone as overlay to existing circuits||Fortinet is sold with Masergy backbone as an overlay to customer circuits, Silver Peak can be sold as OTT (Over the top)||All services can be sold stand-alone appliances or NFV||Yes||Yes|
|SD WAN management||Fully managed, co-managed||Full managed||Fully managed, co-managed||DIY, Co-managed and managed via partners||Versa Titan is self service, Versa Classic as fully managed and self service|
|SD WAN architecture||29 Global PoPs connected to the Aryaka private IP backbone, regional site to site traffic does not need to use the IP backbone||47 metro area PoPs connected via global IP backbone||Leverages VeloClouds federated gateways for cloud & SaaS traffic. Also able to use Aryaka global PoPs||Edge based||Edge based|
What managed SD WAN service does Aryaka offer?
Aryaka offers a comparative solution to MPLS VPN services by offering customers VPN access into their local Global private based POPs. The Aryaka managed service encompasses connectivity with local loop SLAs based on 99.99% uptime guarantee. The typical SD WAN marketplace solution offers overlay with a set of features, Aryaka offer their purpose built managed underlay network with proprietary TCP proxies to provide improve application performance.
What managed SD WAN services does Masergy offer?
The history of Masergy surrounds one of the finest core MPLS networks provisioned between the worlds global financial locations offering excellent application support. Their managed SD WAN proposition is based around the Fortinet and Silver Peak appliances and NFV installations - Silver Peak can be sold as stand-alone appliances. Masergy are also recognised for the unified communications service offering, contact centre and managed security solutions.
What managed SD WAN services does Expereo offer?
Expereo offer managed network services aligned to Silver Peak and Viptella. The Expereo differentiator surrounds their Internet global aggregation connectivity services which spans pricing for 200+ available countries across 3000+ Internet access providers from Ethernet and Broadband to 4G & 5G. In addition, Expereo offer professional services with local smart hands, rack and stack, cabling and global site survey capability.
What managed SD WAN services does Oracle offer?
One of the original innovators within the Software-defined WAN sector via Talari (2007), Oracle are now offering their 7th generation SD WAN platform. With 500+ customers and over 9000 site deployments, managed service options exist across both physical, virtual and cloud nodes. The Oracle capability is able to meet application issues with sub-second failover, intelligent link aggregation, packet replication and multisource QoS with support for voice and video.
What managed SD WAN services does Versa offer?
With significant funding rom Sequoia Capital and Mayfield , Versa Titan offers cloud managed secure SD WAN with optional Wi-Fi, 4G/5G and NGFW (Next Generation Firewall). Versa is known for their focus on the mid-market and SME space with a solution which could potentially install within minutes. The Versa solution is known for their comprehensive network management application statistics which provide significant insights into the performance of business apps.
What services can be included within managed SD WAN?
- An IP based overlay network using encryption and authentication technology end to end.
- Independence from the underlay network, i.e. select your best fit ISP, MPLS or VPLS provider.
- Assurance of performance cross SD WAN tunnels.
- Packet forwarding based on the application.
- Uptime high availability using multiple WAN circuits.
- Per-session or per-packet based forwarding via configured policy.
- Automation of configuration via zero-touch deployment, orchestration and centralised management
- Consolodation of features including WAN optimisation, Security (NGFW), path selection for Cloud apps.
- Diversity using support for multiple links such as Ethernet, Broadband, 4G and 5G.
Moving toward an SD WAN as a Service consumption model
Over time, the service provider sector is trending toward consumption models, similar to cloud-based applications, where IT infrastructure technologies are purchased and maintained as a service. This is in contrast to the traditional model where you buy the equipment and other resources up front and have access to all of their licensed capabilities in perpetuity.
The great appeal of the SD WAN solution consumption model for business managers is that it becomes easier to move potentially unpredictable capital expenditures (CAPEX) into more stable operational expenditures (OPEX). Likewise, it is easier with the consumption model to purchase only what you need and gracefully expand later.
This is known as elasticity. The traditional DIY approach to purchasing and operating your own IT infrastructure requires upfront investments in physical customer premises hardware. It also requires technical expertise to maintain the WAN infrastructure.
By moving to a managed services model, you have the opportunity to reduce upfront costs and potentially lower requirements for in-house expert-level technical staffing. When it comes to an initial deployment of SD WAN services, frequently the most expensive and time-consuming portion involves replacing legacy WAN solution routing equipment at each location with new devices that support the SD WAN platform.
Some recent network services equipment may become SD WAN enabled with software upgrades, as is the case with Cisco Meraki MX appliances and more recent Cisco ISR/ASR routers capable of running Cisco IOS-XE code. But if your existing equipment is more than five years old, chances are greater that it will need replacing to support SD WAN. With the DIY approach, this can represent a very large expense in both hard and soft costs for the business.
With a managed services provider, the SD WAN hardware may be included as part of your monthly spend rather than requiring the large initial investment. When you subscribe to services from public cloud providers such as Amazon AWS , Microsoft Azure , and Google GCP , the elastic consumption model allows you to easily purchase more resource capacity as it becomes necessary.
Similarly, the SD WAN managed services approach lets you easily upgrade your SD WAN capabilities when the necessity arises. A common example is when experiencing rapid growth within your business.
When you run out of processing capacity in your WAN, you will need to acquire larger routers, which is another CAPEX purchase when using the DIY model. With the managed services approach, you can acquire the larger routers or SD WAN appliances and simply have your contract adjusted accordingly while only incurring the incrementally lesser OPEX costs instead.
Is the SD WAN market predominately a DIY approach?
Larger organisations frequently have teams dedicated to managing the underlay networking infrastructure. This is because the design, configuration, and ongoing operations and maintenance often require expert-level knowledge.
Some businesses outsource the knowledge needed for initial design and configuration of complex infrastructures and then perform ongoing operations with in-house talent. SD WAN is frequently marketed toward a DIY approach because once the initial design and configurations have been performed, ongoing operations become radically simplified when compared to the traditional text command-line interface (CLI) model.
This is because all SD WAN products are designed with a simplified cloud services style web-based interface that makes it easy to maintain the system. The web-based graphical user interface (GUI) model usually has configuration defaults and best practices already defined. Likewise, many of the more advanced implementation details (affectionately known as “nerd knobs”) are hidden away. When an SD WAN platform is acquired using the managed services approach, the MSP takes care of the design and configuration.
Depending on the expertise level of your in-house staff, this aspect alone may make using an MSP worth it as your company begins to take advantage of what SD WAN can do for you. An MSP will also have teams dedicated to design and implementation who have had experience with different businesses magnitudes and their associated technology needs. Most SD WAN platforms additionally offer the best of both worlds where the MSP can still perform the initial design and setup, but let the customer participate in ongoing operations.
This includes both monitoring and management in the form of making business policy changes without requiring involvement from the MSP. For example, your business may deploy a new company-wide application and decide to provide preferential treatment to the network traffic generated by the new software. With the hybrid managed SD WAN model, you could be granted the ability to make those kinds of changes without waiting for the MSP to do them for you.
Another common example with a managed services deployment is having an enterprise account with read-only access into the platform. This is useful for performing your own monitoring via cloud-based services and associated portal gateways.
Your company’s help desk or network operations centre (NOC) can keep an eye on the overall state of the WAN and contact individual locations when issues arise. Having this view into the system is also useful for trend analysis, such as physical links that consistently exhibit poor performance or deciding when it is time to upgrade the bandwidth of a particular connection. SD WAN makes these kinds of operations easy whether using the MSP or DIY approach.
What are the risks with a DIY approach?
Choosing to deploy and manage an Software Defined environment yourself is certainly possible, and many organisations have done so. However, as with all things, there are certain risks and trade-offs that must be considered before jumping down this path. Most of these considerations are based on the size of your business and the expertise level of your staff.
With the traditional wires only approach, your business purchases the SD WAN platform and the underlying physical connections independently. Smaller organisations may have an easier time with this type of deployment because there are fewer circuits to manage and the overall network design will most likely be simpler as well. When your company grows in size, different network designs and operations must be considered as the overall environment grows accordingly in complexity.
Different network-level optimisations must be made to keep performance high and to keep costs down. These network designs frequently require staff with expert-level skills. SD WAN attempts to simplify some of these operations through the use of GUI cloud applications and by implementing safe defaults, but networking staff with the requisite skills will understand the ramifications of performing the different available optimisations to give your users a better overall experience and increase your total value of the SD WAN deployment.
Expert-level staffing is included with the managed services deployment. When you attempt the DIY model without having appropriately-skilled staff in place, you potentially open yourself up to additional vulnerabilities such as security risks and potential downtime due to poor network designs across branch locations. Staff with lower skill levels may not even be aware of the various risks associated with making decisions across security policies associated with SD WAN deployments which could leave your business open to outside attackers. A poor network design may not have the required redundancy levels to keep your network operating smoothly when outages or misconfigurations occur.
On the opposite side of the spectrum, you may have very skilled networking staff, but the size of your business makes a DIY approach cost prohibitive. For example, if your company has hundreds or thousands of locations that all require equipment upgrades to take advantage of SD WAN, the upfront cost of replacing the equipment may be less palatable to you than with the managed services approach where the SD WAN edge devices are typically included as part of the service. Another risk of the DIY approach is that some SD WAN platforms are offered only to service providers and are unavailable to the general public.
This is becoming less of a consideration, though, as SD WAN platforms continue to mature with new features and more stable code. Chances are relatively slim that a platform offered only to service providers will have features unavailable with other vendors that do support a DIY deployment. But, with an MSP, you won’t have to give this any consideration at all.
What kinds of device and service consolidations are available with SD WAN?
The managed services approach to SD WAN has additional benefits with the option of device and service consolidation. For instance, most SD WAN vendors offer appliances with “branch in a box” functionality where multiple discrete devices are replaced with a single appliance that contains the required features. A typical legacy branch deployment may have a separate router, switch, wireless access point, and potentially a firewall. Depending on your needs and the size of the location, each of these devices can be replaced with a single SD WAN device that covers all of the features and presents a single point of management.
A lot of companies have centralised or regionalised Internet backhaul where all traffic to and from the general Internet passes through a main firewall cluster. Most SD WAN platforms have integrated firewalls that allow for localised Internet breakout where you still have site-to-site VPN traffic, but traffic destined to and from the Internet can be kept local to the branch based on policy. A common scenario is to have trusted whitelisted Internet sites use the local Internet connection, while all other Internet-bound traffic continues to traverse the central firewall for deeper inspection.
While localised Internet breakout can be done with the DIY approach, a distinct advantage of the managed servicesapproach is that the MSP can offer their own centralised firewall along with other public and private network services, such as private interconnections with major public cloud vendors. The MSP can offer regionalised gateways into these services which saves you money and increases the performance of your managed SD WAN environment.
How to ensure the connectivity underlay is included within the managed wrap?
One of the advantages of SD WAN vs MPLS deployments is the ability to select from whichever ISP is a good fit vs your branch offices. What is the cost of managed SD WAN? Most considerations in business ultimately come down to cost. Organisations continue to seek new ways to predict and stabilise ongoing expenses.
The DIY approach can work for businesses of all sizes, and so can managed services. However, managed services may be a better fit for all but the smallest and very largest companies. A very small company might not see an appreciable difference in what an MSP can offer because they are generally going to have smaller requirements including a simpler network design that is usually not too complicated.
On the other side, the very largest organisations might not see a lot of benefit from an MSP because chances are they already have a sufficient number of expert-level staff along with established vendor relationships. For just about everyone else, the managed services approach can represent cost savings through both CAPEX and OPEX as the SD WAN equipment is typically included as part of the service and often updated on a schedule. Likewise, the MSP will have a staff of engineers who can take your business requirements and create an appropriate network design for you.
The trade-off is that architectural level changes need to be worked out with the MSP which can take longer than the DIY approach, but with the MSP approach, you save by not necessarily needing to keep experts on staff. Finally, there is the cost of acquiring and managing the circuits themselves.
For larger companies with hundreds or thousands of sites, managing this many global SD WAN circuits is at least a full-time job unto itself. You save money and aggravation by offloading this management task to the MSP. Some MSPs even have agreements with various carriers that lower overall costs, which can then be passed on to you as the ultimate customer. A common example is an MSP’s ability to create a single pool of data across all of your individual 3G/4G/5G connections, which can be a substantial savings across many locations.