Practically no IT conference these days is complete without a discussion of SD-WAN. Supporters of the technology stress its ability to manage all kinds of different things — from global networks to cafe refrigerators. However, it has yet to conquer all hearts and minds. Despite being a decade old, the technology has many engineers still wondering if it’s just another marketing ploy. Today, we unpack what SD-WAN is, who needs it and why, plus why the world’s leading research agencies predict an imminent mass transition to SD-WAN networks.
What is SD-WAN?
Without going deep into the technical details, SD-WAN (standing for software-defined wide area network) is a solution for building distributed networks, which consists of routers and an intelligent management system (an SD-WAN Controller and Orchestrator). Routers are installed directly at the different regional branches of the company, while the control system is located at some central point such as the data center or head office. Technologically, all SD-WAN components can be spaced at any distance from each other — as long as there’s connectivity between them; for example, via internet channels. The management system makes it possible to build secure tunnels among all branches, configure security policies and data transfer through these tunnels, as well as exercise centralized control over the entire network.
How does SD-WAN differ from VPN?
In traditional networks, each router represents an independent decision-making point, which is configured by the network administrator. But during data transfer, the router is guided only by its configuration and the data it receives directly from neighboring routers. This means that the router in one branch has no idea what’s going on in other branches, or which communication channel is the best to use. And this often results in suboptimal routing, poor-quality packet transmission, and sometimes even data loss. For end users, each router’s decisions often translate into connectivity issues, slow-performing applications, or downtime of corporate resources — problems that get addressed by the centralized control system. The SD-WAN controller studies the situation across the entire network in real time, and automatically adjusts the router configurations. With the help of the SD-WAN controller, the optimal route for transmitting traffic for each individual application can be found. For example, voice and video calls, plus data from CRM systems, can be routed through the fastest and most reliable routers, and non-work-related viewing of TV shows and social media posts through lower quality routes.
Can SD-WAN increase network security?
Network security is one of SD-WAN’s inherent attributes. Many vendors even bill their products as “Secure SD-WAN” to emphasize the integration of security tools, although this is more of a marketing ploy since the feature set is fairly uniform across the board.
An SD-WAN router itself is already a small firewall that can inspect traffic in real time, identify which applications are in use, and deploy application-specific security and routing policies. Meanwhile, the SD-WAN Controller maintains the integrity of security policies across the entire network, promptly introduces new rules for data transfer, and provides real-time statistics on downloads and changes in the quality parameters of communication channels.
So, for example, if there are too many said TV shows and social media posts, the administrator can ban them for all company branches, or just specific users, in just a few minutes.
Will SD-WAN allow you to leave behind MPLS channels?
The main advantage of centralized controllers is the ability to measure the quality of all communication channels in real time and direct application traffic along those routes with the lowest latency or packet loss. If the quality of the communication channel suddenly deteriorates, the SD-WAN Controller can automatically enable packet duplication or redundant encoding of information in the router to save data for business-critical applications.
These features potentially allow you to stop leasing MPLS lines and switch to less expensive internet channels, including LTE. In addition, with smart SD-WAN routers, there can be several communication channels running simultaneously, so instead of an MPLS channel, you can use several LTE connections and aggregate their bandwidth.
Will SD-WAN replace network engineers?
To talk of engineers being squeezed out by network automation would be premature, because, if not every router, then at least the SD-WAN controller needs expert oversight. At the same time, the SD-WAN controller will help cut the number of routine operations and simple human errors. In addition, the introduction of SD-WAN will make connecting a new regional office faster and minimize travel expenses. Each SD-WAN router has support for automatically connecting to the controller and receiving the configuration (zero-touch provisioning). To configure a device in an SD-WAN network, you just have to connect it to the communication channels in any way — such as installing a SIM card. All control connections are encrypted, and two-step verification is supported to prevent unauthorized devices from connecting.
How are SD-WAN and SASE related?
Proposed by Gartner in 2019, the concept of SASE (secure access service edge) broadly refers to an integrated approach to secure network connectivity. The SASE framework includes a number of products, one of which is SD-WAN. In the minimal implementation, SASE consists of a next-generation firewall (NGFW), cloud-based firewall-as-a-service (FWaaS) and a secure web gateway (SWG), while SD-WAN represents the transport technology for granular data transfer between these systems. In broader terms, SASE also includes a cloud access secure broker (CASB) and a zero trust network agent (ZTNA) for endpoints, including for remote working.
Should I migrate to SD-WAN today?
There’s no universal solution for all corporate networks. Each network is individual in its own way, although many of us like to describe our own as “typical”. But SD-WAN certainly offers a number of advantages that will be in demand in most modern networks. These are:
- Centralized management of all routers in the network
- Real-time control of channel quality
- Traffic routing as per application requirements
- Flexible load balancing across all communication channels
- Network-wide integrity of security policies
- Automated router configuration
Kaspersky has just announced the release of its new product, Kaspersky SD-WAN. You can learn more about this solution on its official web page.