ChannelVision Magazine

resiliency and predictability; 4. Ensure traditional and SD-WAN network can communicate with each other as before – this is im- portant and one where we see a lot of customers struggle; 5. Invest in creating an organiza- tional structure and team profile that embraces “software defined” concepts – programmability, ease of operations, automation, cloud consumption etc.; 6. Create roles and access controls – otherwise a lot of good things or a lot of bad things can happen with a single push of a button; 7. Look carefully at Day-0 (prepara- tion, design), Day-1 (bring-up) and Day-N (troubleshooting, visibility, alarming/reporting and operations); 8. Have a feedback loop so that customers can really see what SD- WAN offers in their environment – do this across 10 to 20 sites before rolling out to the next few thousand. CV: What about security? What data handling considerations are at play for the transition? Silver Peak’s DH: Security should be top of mind when implementing an SD-WAN. First, the SD-WAN solution should offer edge-to-edge 256-bit AES encryption, eliminating any pos- sibility of observation or interference by a third party, even when the traffic is travelling over a “private” MPLS network. Second, it should support segmentation or isolation of ap- plications, so that credit-card data, internet of things (IoT) telemetry and business applications can all be car- ried separately across the WAN, with network-wide security policies auto- matically and independently enforced for each application group. Traditionally, IT has been forced into an all-or-nothing decision when considering internet breakout at the branch: Either backhaul everything to a firewall in the data center, or place firewalls at every branch location and break out traffic locally. For most enterprises, both alternatives require making a compromise. An SD-WAN solution with adaptive internet breakout can enable other scenarios, including using a built-in stateful firewall, service chaining to co-resident firewall VNFs, and ser- vice chaining to cloud-based firewall services. Most importantly, the en- terprise should be able to specify dif- ferent policies for different classes of traffic – perhaps breaking out trusted business applications locally, sending employee’s non-business browsing traffic through a cloud firewall, and directing the most suspicious traffic to a full multivendor security stack. An SD-WAN solution should orchestrate this seamlessly and dynamically, keeping track of the evolving mix of cloud applications and the ever- changing delivery methods for ser- vices like Office 365. virtual reality 28 Channel Vision | January - February, 2018