Virtualization Technology News and Information
Four Key Elements to SD-WAN Deployment Success

By Jay Botelho, Senior Director, Product Management at LiveAction

The demand for Software Defined Wide Area Network (SD-WAN) technologies continues to grow, driven in part by the rise of hybrid and remote work. In fact, MEF expects SD-WAN to hit double digit revenue growth in 2022. As organizations increasingly looking to SD-WAN to improve performance, reduced cost, and provide a more dynamic and secure network, NetOps teams need to take a hard look at tools, skills and priorities. To help do that, I'd like to explore four key elements to consider when managing, deploying, or upgrading an SD-WAN.

First is visibility. One of the major benefits of SD-WAN is the ability to combine multiple technologies such as MPLS and business broadband connection from different ISPs. This adds capacity, performance and resiliency to any WAN. Although it can bring added complexity as organizations juggle multiple ISP relationships to procure and manage connectivity. Is splitting traffic between multiple ISPs the right move? If so, what's the best way to determine the allocation? Beyond that, organizations must also manage SLAs, monitor for outages or slowdowns, reroute traffic as needed, and more. 

For example, imagine that network traffic is split between two ISPs, one for web traffic and the other for all web hosted productivity apps such as email, CRM and ERP. This works well until one ISP goes down, in which case you'd need to reroute all traffic to the other. That's when traffic prioritization issues can cascade into poor connectivity that degrades user experiences and hurts productivity. These types of circumstances are why you must be capable of properly visualizing, classifying, and prioritizing traffic across all ISPs.

Second is security. Although SD-WAN links tend to be a perfect match for VPN technology, the data flow will often traverse across the public Internet, which requires that organizations enforce security best practices and processes. As more users are working remotely, access from the public Internet and connections to hosted services and applications are more exposed to potential security threats.

This path can allow adversaries to avoid most of the security controls IT departments often rely on, such as firewall rules and any IDS/IPS that has been deployed - thus making corporate data protection subject to individual employees' security practices.

Most staff lack high-quality IDS/IPS on their home networks, making them more vulnerable to phishing attempts and various malware attacks. In most cases, the lack of close IT control puts corporate data directly at risk. Meaning it's essential to deploy some form of endpoint security on each user's system that can secure user applications and enforce centrally defined security rules to allow for monitoring and security policy enforcement. This endpoint control should be integrated with the network monitoring platform to allow for a unified management approach.

Third is policy-based management. The rise of cloud-based applications means connectivity starts to become a critical factor in determining overall application performance. An organization will struggle to effectively manage application performance without traffic prioritization, which is virtually impossible to enforce once traffic hits the public Internet. With a hub and spoke architecture, an organization can contract for a big pipe, and average many users across that pipe to ensure consistent performance at a reasonable cost per user. But as organizations start to embrace hybrid working with increased remote users and locations, it's difficult to manage remote Internet connections and guarantee performance.

For example, imagine an employee that needs to transfer massive video, CAD, or database files regularly. This could be a 100GB and even when the employee is working at the office, and assuming a 1Gbps Internet connection, transferring a 100GB file could consume the network for more than 13 minutes. However, with remote working most residential networks will rarely have more than 100bps, so it's easy to see how a single large transfer could bottleneck a poorly managed SD-WAN setup. To counter this, organizations need to set policies within the SD-WAN management engines that make automated decisions based on scenarios such as large file transfers or the priority of a user or task. This can enact upload rate limits for large files - or move traffic from a priority leased line circuit to a lower cost and performance DSL-based connection for non-critical tasks such as social media or viewing content from YouTube.

Finally managing ISPs. Even with the benefits of being able to use multiple ISPs, the issue of inconsistent quality can arise. In each city, ISPs may provide more bandwidth to business parks than residential areas and the maximum bandwidth available may depend on the postcode in which a site is located. The maximum available connection speeds and the demand in the neighborhood can both limit bandwidth. As users, and therefore the network, become increasingly distributed, controlling user experiences will become extremely challenging. This means that gaining metrics around SD-WAN is vital. To this end, Flow-based network analysis can help perform real-time network topology mapping for devices, interfaces, applications, VPNs, and users. It can also help establish critical baselines for SD-WAN deployments, such as site-to-site traffic types and paths, application behaviors and consumption patterns. This type of granular insight is essential to get to grips with SD-WAN and enabling the concept to deliver to its full potential.

SD-WAN is proving to be an incredibly powerful tool for improved performance at lower costs, and combining multiple technologies for added capacity, performance and resiliency. Despite the obvious benefits, SD-WAN must be deployed and managed correctly for optimal ease of use and ROI. If you're looking to implement SD-WAN, first ensure that you can set up proper visualizing, classifying and prioritizing traffic across all ISPs, apply advanced endpoint security and administer a strong policy-based management for cloud-based applications and overall connectivity. Taking these steps before deployment and during the use of SD-WAN will ensure optimal user experience for everyone.



Jay Botelho 

Jay Botelho is Director of Engineering at LiveAction. Jay has worked in the technology industry for over 25 years as an engineer and product manager, specializing in wireless networking. He holds a BSEE from Tufts University and an MSEE from Santa Clara University, both in electrical engineering.

Published Tuesday, November 15, 2022 7:32 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>