Many enterprises are considering implementing SD-WAN as a way to reduce costs and improve connectivity—but the devil is always in the details. To examine the reality behind SD-WAN implementations, we are showcasing a series of spotlight Q&As about the technology.
This week’s Spotlight features Ramesh Prabagaran, senior director of product management at Cisco, responsible for the Viptela division of the company, which specializes in SD-WAN.
ChannelVision: What are the main pain points that SD-WAN solves for enterprises?
Ramesh Prabagaran: Enterprises have two acute pain points: They need higher bandwidth at lower cost, and they’re looking for ease of WAN operations. Also, with changing traffic patterns and applications moving to the cloud, internet and cloud access are critically important for the enterprise. The traditional means of connecting branches to data centers and exiting to the internet/cloud from there is horrible for application- and user-experience.
CV: While the promise and the premise of the technology are good, the devil is always in the details. What are some best practices for ensuring that the transition from MPLS to SD-WAN goes smoothly?
RP: Enterprises fall into two transformational categories: They want to augment MPLS with internet/LTE, or they want to replace it altogether. Since we have gone through the transition with a few hundred customers, we always ask them to follow a phased approach:
- Embark on a transport strategy – determine what they need at each site (MPLS, Internet, 4G/LTE) and the criticality of each site;
- Then profile applications and usage to determine what level of SLA they need;
- Design and architect the network – have a blueprint that provides resiliency and predictability;
- Ensure traditional and SD-WAN network can communicate with each other as before – this is important and one where we see a lot of customers struggle;
- Invest in creating an organizational structure and team profile that embraces “software defined” concepts – programmability, ease of operations, automation, cloud consumption etc.;
- Create roles and access controls – otherwise a lot of good things or a lot of bad things can happen with a single push of a button;
- Look carefully at Day-0 (preparation, design), Day-1 (bring-up) and Day-N (troubleshooting, visibility, alarming/reporting and operations;
- Have a feedback loop so that customers can really see what SD-WAN really offers in their environment – do this across 10 to 20 sites before rolling out to the next few thousands.
CV: What about security? What data handling considerations are at play for the transition?
RP: Security and SD-WAN go hand-in-hand fundamentally because of internet access, changes to network architecture for Layer 4 and Layer 7 services and so on. High-order questions start with do you want appliance-based security, or cloud-based/managed security. This is important to get right. Next is around the segmentation architecture for the network – How much of a blast radius can you accommodate? After that is the “inside network” security architecture, i.e., how can you protect hosts that are deep inside the network. Again, a systematic approach will yield the best results.
CV: Is it possible for SD-WAN to be a “simple” implementation?
RP: Yes, fundamentally the premise of SD-WAN is it has to be simple; but simple does not mean simplistic. Retail and restaurants are high-scale, but networks tend to be relatively simple; on the other hand, manufacturing, high tech, financial and healthcare networks tend to be generally complex. But implementations can start simple, with hybrid networking, direct internet access, segmentation for guest-Wi-Fi, cloud-controlled and -delivered operations, plus security architecture. Then add on-ramps to the cloud for application-based SLAs, application optimization and so on – the list can go on. But the complexity does not need to increase exponentially.
CV: What hidden challenges exist that enterprises may not have thought about when it comes to getting the most from their SD-WAN deployment?
RP: See above phased approach. If you skip steps or want to go implement without proper design/architecture and associated tooling, then SD-WAN will not deliver on its promise. Some go too deep on application experience or virtualization, without thinking of the fundamentals. This is where rollouts take months instead of hours.
CV: Other thoughts?
RP: Hundreds of customers have started the SD-WAN journey already. It’s no longer a technology in its infancy – there are mature implementations out there. Invest in diligence – find the right solution for your environment, start small and grow rapidly. Be open to changes along the way as SD-WAN is a fundamentally different way of building networks.