SD-WAN, or software-defined wide area networking, is an exciting technology that brings tremendous benefits to organizations that embrace it as it leapfrogs the traditional WAN solutions it replaces. WANs allow organizations to extend their computer networks over large distances, connecting remote branch offices to data centers and each other, while delivering applications and services. As a result, it can lead to challenges such as network congestion, packet delay variation, packet loss, and outages.
SD-WAN solutions, such as VMware SD-WAN by VeloCloud, address these network problems, and bring even more value to the company deploying them. At branch locations, routers can be either replaced with newer hardware devices or replaced with virtualized appliances that can control application-level policies and offer a software overlay that runs on one or multiple WAN transport links. In this manner, commodity Internet links can replace dedicated circuits. SD-WAN products are flexible enough to be placed in small remote and branch offices, larger offices, corporate data centers, and in the cloud.
Management takes place via a centralized management console which can set policies and prioritize traffic. The SD-WAN takes into account these policies, and real-time network conditions as well as the availability of network bandwidth to route traffic. This helps ensure that application performance is optimized. For service providers, this could mean to meet service level agreements. These agreements, typically between a broadband provider and an organization, determine service levels that must be provided and penalties that may apply if service dips below a predetermined threshold.
A properly working SD-WAN can ensure important applications like video conferencing sessions are prioritized over non-essential applications such as YouTube, music streaming, or less-essential business applications which vary by company. Application policies can be applied across the network or vary by branch. SD-WAN solutions allow granular management of the network to ensure business needs are met.
Here are the top 7 benefits of SD-WAN:
1) Increased Application Performance
Studies have shown ISPs do not deliver consistent levels of internet service. Even when utilizing bandwidth links as high as 200 Mbps, a link does not deliver the expected performance required by real-time applications up to 17% of the time. During business hours, the number rises to 25%. Using SD-WAN and multiple links, organizations can achieve acceptable enterprise-quality service of over 99% over multiple links or even a single link. In other words, a drop from an unacceptable performance 25% of the time to less than 1% of the time. By using the intelligence built into a platform like VMware SD-WAN, you can ensure that traffic is utilizing the links most efficiently so all users can benefit from better application access, whether the applications are located on-premises or in the cloud.
2) Business Continuity
Using multiple internet links and continuously monitoring WAN links enables SD-WAN to be an important part of a business continuity/disaster recovery (BCDR) solution. Over time, more applications are migrating to the cloud, meaning access to the internet is required to keep a business running. In addition, many BCDR solutions backup on-premises IT data to the cloud – allowing the cloud copy to be utilized in case of catastrophic hardware failure or a ransomware infection which could debilitate local servers and computers. Cloud versions of applications can be utilized while local systems are being scrubbed of malware. In the case of a disaster scenario at a physical location, workers can be instructed to migrate to a second location or even work from home. It is essential to have sufficient internet performance in such situations and SD-WAN provides the scalable deployment and connectivity to ensure the business can continue operating in the most adverse of circumstances.
The latest SD-WAN solutions implement many technology measures to ensure that the platform/infrastructure is secure, and the users and application/data are protected.
Advanced Encryption Standard (AES) encrypts sensitive data and brings additional security because it uses a key expansion process in which the initial key is used to come up with a series of new keys called round keys. These round keys are generated over multiple rounds of modification, each of which makes it harder to break the encryption.
IPSec provides mutual authentication between agents and the negotiation of cryptographic keys during a session. Typically used in VPNs, it supports network-level peer authentication, Data Origin Authentication, data integrity, data encryption as well as replay protection.
A next-generation firewall (NGFW) can be added as an SD-WAN service. In this manner, an NGFW can be deployed as a Virtual Network Function (VNF) on an edge appliance to address the network security needs. An NGFW with intrusion protection system (IPS) capability can be configured to block network and application-layer vulnerability exploits, buffer overflows, DoS attacks, and port scans. Antivirus/Anti-spyware protection blocks millions of malware variants, including those hidden within compressed files or web traffic (compressed HTTP/HTTPS) as well as known PDF viruses. Threat prevention capabilities go beyond simply blocking malicious content to include the control of specific file types by policy, as well as inspecting traffic for specific content to prevent data loss. What this means to the organization is as their network scales, it can do so while utilizing cybersecurity best practices.
4) Digital Transformation
(DX) has numerous definitions but can generally be described as using newer computing models and technologies to allow an organization to run more effectively. Often the use of cloud computing, AI, and machine learning are described as important DX enablers. DX requires great amounts of bandwidth to be utilized throughout the network – whether it is involved in crunching big data applications or running them from one or even numerous clouds. This dramatic increase in bandwidth need is coupled with low-latency requirements making SD-WAN an essential to enable DX. It is important to note that an organization cannot effectively just upgrade applications without first looking at how to handle the dramatic changes needed in the wide area network.
Organizations continue to grapple with the numerous challenges they face. For example, there is an explosion of devices being deployed inside of various organizations. This is referred to as the Internet of Things or IoT. These can be sensors, cameras, smart speakers, etc.
Thanks to IoT, farms are becoming smart as they deploy sensors in the ground to monitor the level of water being fed to crops. This helps reduce water consumption which saves money while simultaneously ensuring farms have greater yield.
Cities are becoming smarter – sensors in the streets and control systems reduce the amount of time people spend looking for parking spaces – a major source of traffic. These interconnections between devices, algorithms, cars and more allow smart cities to ensure residents have more of their needs met.
Connected real estate utilizes sensors to know where people are in the building – such as alerting the elevator to come to your floor when your car enters a level in the parking garage and parks. They can also optimize heating and cooling to conserve energy. Buildings are getting operating systems so they can communicate with cities and the people who enter them.
Factories are becoming smart by deploying sensors throughout to monitor production speed and quality. This is often referred to as the industrial IoT or the IIoT. This is typically thought of as “where information technology (IT) intersects with operational technology (OT).” The latter refers to industrial control systems – which typically are proprietary.
IIoT provides organizations with greater system integration in terms of automation and optimization, as well as better visibility of the supply chain and logistics. There is such a tremendous productivity boost as a result of IIoT that it is referred to as Industry 4.0 or the new industrial revolution.
All of these sensors, cameras, and processing of data means lots of traffic will be sent in all directions with rapid shifts in the demands of the network depending on circumstances that can change moment by moment.
SD-WAN offers optimized and aggregated bandwidth for this traffic based upon predetermined quality levels guided by numerous parameters. It is also possible for SD-WAN at the edge to act as a host to enable edge computing, and to process IoT data locally if needed and only sends the data to the data center or cloud if needed. Security remains intact as these deployments grow as next-generation security capabilities can be deployed in an automated, transparent manner without manual, operational complexities.
6) Branch Modernization
Retailers are dealing with online competition by embracing technology. Many offer free Wi-Fi or provide it in exchange for an email address or access to a social media account. They then can market to consumers in a targeted fashion after they leave the store. Retailers are also updating applications in these locations as they embrace digital transformation. Some are installing IoT devices – like sensors cameras – to ensure these locations are running optimally. Sensors connected to refrigerators and freezers ensure inventory doesn’t go bad and potentially cause food poisoning. In every case, more traffic is being generated on the network and much of it is real-time, meaning it must get to its destination almost instantly. SD-WAN allows this to happen using broadband links as well as satellite and others to ensure the branch is always connected and traffic is being transmitted optimally. Again, edge computing with SD-WAN can help tremendously here as well.
7) Enables SASE
Industry analyst, Gartner, coined the term “Secure Access Service Edge” (SASE) to describe a cybersecurity model for cloud-based networking. A SASE solution combines the capabilities of a WAN with comprehensive security functions, such as secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and Zero Trust network access (ZTNA) to facilitate secure network access in cloud and mobile environments.
According to Gartner, “SASE capabilities are delivered as a service-based upon the identity of the entity, real-time context, enterprise security/compliance policies, and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems, or edge computing locations.”
The analyst firm says, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.”
One of the goals of a SASE solution is to provide users on any device or network, in any geographical location, the ability to enjoy secure connectivity, all while providing a single-pane-of-glass view of the entire network. In this manner, organizations can more rapidly identify users and devices while applying networking access and security policies.
Other benefits of a SASE solution include:
- Increased performance – As corporate data is globally accessible and connecting to needed resources is simplified.
- Lower costs – As reduced complexity is realized via converged networking and security services through one vendor or a tightly integrated solution with multiple ecosystem partners.
- Flexibility – As security services such as credential theft prevention, DNS security, web-filtering, and other services can be delivered from the cloud.
SD-WAN is an incredible innovation as it improves much of the technology used by organizations in all industries for decades. Branch offices, company headquarters, and even remote workers can leverage it to enjoy more secure, reliable, and cost-effective communications – all while enabling the organization to digitally transform itself to become more efficient and productive.