Silver Peak Q&A: Achieving Effective SD-WAN Deployment

Geographically distributed enterprises are embracing SD-WANs at an accelerating pace. Why? Because SD-WANs not only save money, they help businesses make money by increasing business productivity.

As more and more enterprise applications migrate to the cloud, backhauling that traffic from the branch to headquarters doesn’t make sense. End users often find their business apps run faster over their home internet service or even on their mobile device.

Historically, the internet was a best-effort amalgam of networks. It wasn’t secure or reliable enough to meet business needs. And it certainly didn’t perform well enough to support latency-sensitive or bandwidth-intensive business applications. Now, SD-WAN offers a way to overcome performance, reliability and security objections in deploying business broadband.

With internet access redefining the economics of networking, the segment is skyrocketing, as are channel partner opportunities. We sat down with Silver Peak Systems founder and CEO, David Hughes, to discuss the use cases and benefits of SD-WAN, and important considerations for achieving seamless deployments.

ChannelVision: What are the main points that SD-WAN solves for enterprises?

David Hughes: The primary catalyst for SD-WAN is the migration of applications and workloads to the cloud. The traditional MPLS WAN, developed in the late 1990s, focused on branch-to-data-center traffic flows. Today, the majority of enterprise WAN traffic is traveling between branch offices and the cloud. Backhauling this cloud-destined traffic across MPLS and through the traditional data center drives up costs, impairs application performance and negatively impacts business productivity.

SD-WAN also enables an enterprise to embrace high-speed broadband internet connectivity, and provide a more reliable and consistent experience for end-users in the branch, regardless of whether the applications are hosted in the cloud or in the data center.

And finally, SD-WAN addresses the decades of technical debt that the legacy branch router has accumulated. While revolutionary when it was introduced in the 1980s, the device-by-device, command-line interface (CLI)-driven paradigm of the traditional branch router is incurring ongoing operational burdens and hampering business agility in an automated, cloud-driven world. An SD-WAN can replace painstaking and error-prone device-by-device configurations with automated, central orchestration.

By focusing on users and applications, an application-driven SD-WAN can translate high-level business intent into action, delivering a more consistent and superior end user experience, all while simplifying IT operations and dramatically lowering WAN costs.

CV: While the promise and the premise of the technology are good, the devil is always in the details. What are some best practices for ensuring that the transition from MPLS to SD-WAN goes smoothly?

DH: First, it’s important to note that an SD-WAN gives an enterprise the freedom and flexibility to combine multiple kinds of transport, including broadband internet, LTE wireless, and of course, MPLS. This facilitates a smooth transition to an SD-WAN without needing to replace MPLS outright, or all-at-once. Many enterprises are choosing to use an SD-WAN to augment MPLS with direct internet connectivity at existing sites, at a pace that suits their own unique requirements, and eventually, when they choose, the MPLS links can be retired. In many cases, these same enterprises are adopting dual broadband connectivity for new sites. This caps their MPLS spend while they reap the benefits of internet connectivity. In order to facilitate a smooth transition, SD-WAN edge devices should ideally support BGP routing, which is commonly used at the edge of conventional MPLS networks.

It is also important to select an SD-WAN solution that is able to match the enterprise’s application availability and performance goals. Some basic SD-WAN solutions are limited to dynamically selecting one of the available paths based on network measurements. However, at times, neither path may meet an application’s QoS objectives, and then the application is going to be impacted. Because of this, SD-WAN solutions with rudimentary path selection tend to be very reliant on retaining at least one MPLS link in the mix.

More advanced solutions, like the Silver Peak Unity EdgeConnect SD-WAN solution, allow enterprises to leverage multiple paths in parallel and use advanced error correcting techniques to deliver application availability and QoS that exceeds any of the underlying transport paths.

CV: What about security? What data handling considerations are at play for the transition?

DH: Security should be top of mind when implementing an SD-WAN. First, the SD-WAN solution should offer edge-to-edge 256-bit AES encryption, eliminating any possibility of observation or interference by a third party, even when the traffic is travelling over a “private” MPLS network. Second, it should support segmentation or isolation of applications, so that credit-card data, internet of things (IoT) telemetry and business applications can all be carried separately across the WAN, with network-wide security policies automatically and independently enforced for each application group.

Traditionally, IT has been forced into an all-or-nothing decision when considering internet breakout at the branch: Either backhaul everything to a firewall in the data-center, or place firewalls at every branch location and break out traffic locally. For most enterprises, both alternatives require making a compromise.

An SD-WAN solution with adaptive internet breakout can enable other scenarios, including using a built-in stateful firewall, service chaining to co-resident firewall VNFs, and service chaining to cloud-based firewall services. Most importantly, the enterprise should be able to specify different policies for different classes of traffic – perhaps breaking out trusted business applications locally, sending employee’s non-business browsing traffic through a cloud firewall, and directing the most suspicious traffic to a full multivendor security stack. An SD-WAN solution should orchestrate this seamlessly and dynamically, keeping track of the evolving mix of cloud applications and the ever-changing delivery methods for services like Office 365.

CV: Is it possible for SD-WAN to be a ‘simple’ implementation?

DH: Absolutely. With a centrally orchestrated and managed SD-WAN solution, enterprise IT organizations are freed from the burden of traditional WAN routers that consume valuable IT resources and require manual device-by-device configuration at each location via an antiquated CLI. In contrast, an application-driven SD-WAN architecture is centrally orchestrated and managed, enabling network operators to configure the network to perform in accordance with application requirements and business intent. While there may be some detailed planning required upfront for a successful rollout, once the first two or three sites are deployed, subsequent sites can be deployed rapidly, with every location operating in accordance with centrally defined business requirements. Ongoing management, administration and troubleshooting can be performed centrally, freeing IT resources to focus on more strategic business initiatives.

CV: What hidden challenges exist that enterprises may not have thought about when it comes to getting the most from their SD-WAN deployment?

DH: Enterprises need to be aware that while SD-WAN is a foundational technology that can accelerate ongoing migration to cloud-based applications, any deployment must be considered in the broader context of the WAN edge. Enterprises should take advantage of SD-WAN initiatives to assess their overall branch architecture. They will likely determine that for many locations they no longer need to deploy traditional routers, and, in most cases, they can also eliminate traditional branch security and acceleration appliances. Conventional branch infrastructure, and all the associated operational overhead, can be replaced with a simple centrally managed WAN edge device. However, to achieve this degree of simplification, the selected vendor must support traditional BGP and OSPF routing protocols and edge service functions like DHCP and DHCP relay, WAN optimization, stateful firewall functionality and advanced application classification to support adaptive internet breakout.

CV: What do you think 2018 holds on the consolidation/market growth front?

DH: First, as alluded to in the previous answer, SD-WAN is a foundational enabling technology, but not necessarily a standalone product category. Most enterprises will elect to deploy an SD-WAN via a centrally orchestrated WAN edge solution, effectively retiring traditional routers. As enterprise adoption of more comprehensive orchestrated WAN edge solutions takes hold, the market will grow dramatically, though at the cost of traditional branch routers. Startup vendors that offer basic SD-WAN products will increasingly seek to be acquired by larger organizations, and we have already seen this begin to happen through acquisitions in 2017.

At Silver Peak, we are excited about our independent growth path, the breadth and maturity of our application-driven Unity EdgeConnect solution and the clear opportunity in front of us to become the leader of this new WAN edge market.