SD-WAN

Does your network need SD-WAN?

We explain what SD-WAN is, and how it can help protect your company.

Anna Komsha
October 4, 2023

Practically no IT conference these days is complete without a discussion of SD-WAN. Supporters of the technology stress its ability to manage all kinds of different things — from global networks to cafe refrigerators. However, it has yet to conquer all hearts and minds. Despite being a decade old, the technology has many engineers still wondering if it’s just another marketing ploy. Today, we unpack what SD-WAN is, who needs it and why, plus why the world’s leading research agencies predict an imminent mass transition to SD-WAN networks.

What is SD-WAN?

Without going deep into the technical details, SD-WAN (standing for software-defined wide area network) is a solution for building distributed networks, which consists of routers and an intelligent management system (an SD-WAN Controller and Orchestrator). Routers are installed directly at the different regional branches of the company, while the control system is located at some central point such as the data center or head office. Technologically, all SD-WAN components can be spaced at any distance from each other — as long as there’s connectivity between them; for example, via internet channels. The management system makes it possible to build secure tunnels among all branches, configure security policies and data transfer through these tunnels, as well as exercise centralized control over the entire network.

How does SD-WAN differ from VPN?

In traditional networks, each router represents an independent decision-making point, which is configured by the network administrator. But during data transfer, the router is guided only by its configuration and the data it receives directly from neighboring routers. This means that the router in one branch has no idea what’s going on in other branches, or which communication channel is the best to use. And this often results in suboptimal routing, poor-quality packet transmission, and sometimes even data loss. For end users, each router’s decisions often translate into connectivity issues, slow-performing applications, or downtime of corporate resources — problems that get addressed by the centralized control system. The SD-WAN controller studies the situation across the entire network in real time, and automatically adjusts the router configurations. With the help of the SD-WAN controller, the optimal route for transmitting traffic for each individual application can be found. For example, voice and video calls, plus data from CRM systems, can be routed through the fastest and most reliable routers, and non-work-related viewing of TV shows and social media posts through lower quality routes.

Can SD-WAN increase network security?

Network security is one of SD-WAN’s inherent attributes. Many vendors even bill their products as “Secure SD-WAN” to emphasize the integration of security tools, although this is more of a marketing ploy since the feature set is fairly uniform across the board.

An SD-WAN router itself is already a small firewall that can inspect traffic in real time, identify which applications are in use, and deploy application-specific security and routing policies. Meanwhile, the SD-WAN Controller maintains the integrity of security policies across the entire network, promptly introduces new rules for data transfer, and provides real-time statistics on downloads and changes in the quality parameters of communication channels.

So, for example, if there are too many said TV shows and social media posts, the administrator can ban them for all company branches, or just specific users, in just a few minutes.

Will SD-WAN allow you to leave behind MPLS channels?

The main advantage of centralized controllers is the ability to measure the quality of all communication channels in real time and direct application traffic along those routes with the lowest latency or packet loss. If the quality of the communication channel suddenly deteriorates, the SD-WAN Controller can automatically enable packet duplication or redundant encoding of information in the router to save data for business-critical applications.

These features potentially allow you to stop leasing MPLS lines and switch to less expensive internet channels, including LTE. In addition, with smart SD-WAN routers, there can be several communication channels running simultaneously, so instead of an MPLS channel, you can use several LTE connections and aggregate their bandwidth.

Will SD-WAN replace network engineers?

To talk of engineers being squeezed out by network automation would be premature, because, if not every router, then at least the SD-WAN controller needs expert oversight. At the same time, the SD-WAN controller will help cut the number of routine operations and simple human errors. In addition, the introduction of SD-WAN will make connecting a new regional office faster and minimize travel expenses. Each SD-WAN router has support for automatically connecting to the controller and receiving the configuration (zero-touch provisioning). To configure a device in an SD-WAN network, you just have to connect it to the communication channels in any way — such as installing a SIM card. All control connections are encrypted, and two-step verification is supported to prevent unauthorized devices from connecting.

How are SD-WAN and SASE related?

Proposed by Gartner in 2019, the concept of SASE (secure access service edge) broadly refers to an integrated approach to secure network connectivity. The SASE framework includes a number of products, one of which is SD-WAN. In the minimal implementation, SASE consists of a next-generation firewall (NGFW), cloud-based firewall-as-a-service (FWaaS) and a secure web gateway (SWG), while SD-WAN represents the transport technology for granular data transfer between these systems. In broader terms, SASE also includes a cloud access secure broker (CASB) and a zero trust network agent (ZTNA) for endpoints, including for remote working.

Should I migrate to SD-WAN today?

There’s no universal solution for all corporate networks. Each network is individual in its own way, although many of us like to describe our own as “typical”. But SD-WAN certainly offers a number of advantages that will be in demand in most modern networks. These are:

Centralized management of all routers in the network
Real-time control of channel quality
Traffic routing as per application requirements
Flexible load balancing across all communication channels
Network-wide integrity of security policies
Automated router configuration

Kaspersky has just announced the release of its new product, Kaspersky SD-WAN. You can learn more about this solution on its official web page.

Windows driver compatibility and security issues — how to stay safe

Microsoft getting to grips with drivers. Now it’s your turn!

We take a look at drivers: why we need them, the threats they pose, and how to keep your computer secure.

Privacy & Kids

Does your network need SD-WAN?

What is SD-WAN?

How does SD-WAN differ from VPN?

Can SD-WAN increase network security?

Will SD-WAN allow you to leave behind MPLS channels?

Will SD-WAN replace network engineers?

How are SD-WAN and SASE related?

Should I migrate to SD-WAN today?

How spammers exploit hijacked corporate domains

Why a thin client is better than a workstation?

Microsoft getting to grips with drivers. Now it’s your turn!

Tips

Advertisers sharing data about you with… intelligence agencies

Residential proxies: understanding the risks for organizations

Watch the (verified) birdie, or new ways to recognize fakes

Switching to Kaspersky: a step-by-step migration guide

Sign up to receive our headlines in your inbox

Home Solutions

Small Business Products

Medium Business Products

Enterprise Solutions

Securelist

Eugene Personal Blog

Encyclopedia