Historically, the internet was a best-effort amalgam of networks. It wasn’t secure or reliable enough to meet business needs. And it certainly didn’t perform well enough to support latency-sensitive or bandwidth-intensive business applications. Now, SD-WAN offers a way to overcome performance, reliability and security objections in deploying business broadband — and it’s offering big channel partner opportunities.
We sat down with Robert McBride, Head of Product Marketing, Versa Networks, to discuss the details of deployment, and how channel partners and enterprises can ensure a smooth implementation for this technology.
ChannelVision: What are the main pain points that SD-WAN solves for enterprises?
Versa’s RM: Cloud is perhaps the biggest driving force behind the aggressive uptick in SD-WAN. Productivity and application clouds are best accessed directly from the internet. But we also see an increase in site-to-site connectivity beyond just SaaS-delivered applications. These private and public applications and services are also more bandwidth-intensive, real-time and media-rich. Enterprises are becoming more distributed, and the concept of the enterprise edge is radically changing.
The legacy approach of MPLS-only or non-software-defined hybrid connectivity is ill-suited to address the demands of the enterprise in today’s multi-cloud world. Why? Because of the centralized access and higher-cost-per-bit associated with MPLS-only, and the added management complexity of legacy hybrid-WAN architectures. This creates a roadblock for an enterprise to ensure the best quality of application experience while not drastically increasing IT budgets and IT operational overhead.
SD-WAN provides the enterprise with an application-SLA-driven infrastructure that facilitates the ability to consume and increase available bandwidth, automate secure connectivity between sites and simplify network operations, across the entire enterprise WAN estate.
In other words, SD-WAN allows for an enterprise to more easily take advantage of alternative forms of WAN transport, while delivering an automated infrastructure ensuring application experience, embedded security and reducing IT management and operations.
CV: While the promise and the premise of the technology are good, the devil is always in the details. What are some best practices for ensuring that the transition from MPLS to SD-WAN goes smoothly?
Versa’s RM: There are a lot of SD-WAN solutions in the market today, so first up would be to really analyze how they wish to consume this new method of secure and intelligent connectivity. Can they build, deploy and operate it themselves? Should they deploy and operate it themselves but have the control and management hosted elsewhere? Should they look to a managed service provider (MSP) to offload this from their IT organization? It boils down to deciding between a hosted, on-premises/do-it-yourself solution, or a completely managed solution.
They will need to really look into the various SD-WAN offerings and see how they can handle their existing routing and networking infrastructure. MPLS will not go away on day one, or at all, so how does the solution provide an off-ramp and on-ramp between the old-network and new? Can each site access this seamlessly? Does the solution funnel the traffic to a single gateway, creating a potential bottleneck and point of failure?
There is so much more we can discuss on this specific point but let’s end with applications and services. Take stock of the applications and services and how they need to connect. What kind of network or micro-segmentation is needed? Do they require hub-and-spoke, full-mesh or partial-mesh topologies? What are the business needs related to SLAs for corporate, mission-critical, customer and consumer applications and services? This forces a conversation with your SD-WAN provider on how flexible the solution is to meet your business and user needs while also making sure compliancy, security and resiliency needs are met.
CV: What about security? What data handling considerations are at play for the transition?
Versa’s RM: It goes without saying that security is crucial. SD-WAN brings to the enterprise a common encrypted network that provides secure connectivity for their business applications and services. However, secure connectivity is only part of handling security. The enterprise needs to have complete application, user, device and location security – full contextual awareness. To that point, the SD-WAN solution should either be native or layered and provide for advanced security like next-generation firewall, DDOS protection, anti-malware and anti-virus, user-access-control and micro-segmentation of the network at the edge.
Enterprise IT will also need to get their security teams involved early. The move to a distributed internet access architecture changes the point-of-ingress for potential attack vectors, and the security posture completely changes. They need to analyze how they will need to secure site-to-site connectivity and secure enterprise assets and data. Query the vendors on how they integrate security, like next-generation firewall or unified threat management. Do they provide it natively? Does the SD-WAN solution need a separate vendor offering to handle security either on-premises or as-a-service? How do they integrate and interoperate? Multi-vendor and as-a-service versions can add additional cost and overhead.
CV: Is it possible for SD-WAN to be a “simple” implementation?
Versa’s MB: Honestly, yes, but it depends on the how complete the SD-WAN solution is. Consuming the technology as a managed service will ultimately lead to a “simpler” implementation for enterprise IT; however, not all enterprises will consume this as a managed service nor as a hosted option. So, simplicity then becomes contingent on the inherent automation and unified centralized management that the SD-WAN solution provides. Being able to templatize and automate the deployment of both networking and security is critical to simplifying implementation. But having a single unified console for handling networking and security policies, configuration and provisioning greatly reduces the complexities of implementation. Having to manage multiple-vendor solutions or multiple management and operational tools to deal with implementation increases complexity, not reduces it, thus not simplifying implementation.
So, going beyond the zero-touch provisioning and automated application intelligence of SD-WAN, simplicity is delivered by how complete the solution is to integrate networking and security into a unified SD-WAN platform for the entire enterprise estate.
CV: What does 2018 hold in terms of the evolution of this industry segment (consolidation, technical advancement, etc.?
Versa’s MB: 2018 should be exciting. Automation is going to drive further advancements in the segment, specifically with machine learning and artificial intelligence. The network will become even more intelligent, to safeguard against threats and be even more self-healing and resilient. Large-scale deployments will increase rapidly, and the boundary of the edge will be disrupted even further than it is today.