Contact sales
Contact sales

Feb 4, 2022

SD-WAN…ins and outs

Employees are more dispersed than ever, and most corporate applications are SaaS and therefore accessed directly from the cloud.

This is a world that traditional hub and spoke networks were not designed for. It is no longer practical for all user traffic to go through a corporate data centre and onto the internet via a centralised firewall.

SD-WANs can deliver a better user experience at a far lower cost. But they are not as simple to set up and manage as the hype would have you believe.

But what exactly is an SD-WAN and do you need one? What kind of performance and savings can you expect if you set it up in-house? And what are the pros and cons of getting a Managed Service Provider to set up and run the SD-WAN for you?

Hub and spoke… not so woke.

Corporate networks were typically set up on a hub and spoke topography. This made sense when all applications were hosted at the corporate data centre, and all the employees worked in a few large offices that have dedicated connectivity.

The hub and spoke network was also relatively simple to secure, as all traffic goes in and out through one centralised firewall. But we’re in the 2020s and more corporate apps, like Salesforce, Office365, Zoom, and Teams, are hosted in the cloud rather than in the data centre. For remote employees to go the long way round, via a central hub to access SaaS applications in the cloud, doesn’t make sense. It leads to a poor user experience, which inevitably leads to those users going directly to the corporate cloud apps via their own unsecured networks.

Setting up dedicated connectivity for each remote employee is prohibitively expensive and time-consuming. It costs between ten to fifty times more to install dedicated lines than broadband, and the installation lead times are measured in months rather than days.

Smiling man with laptop on desk

SD-WANs can deliver a better user experience at a far lower cost. But they are not as simple to set up and manage as the hype would have you believe.

Lady sat with laptop on lap smiling

SD-WAN: Sat-Nav for data traffic

SD-WAN gets on just fine with common or garden networks and is pretty unique in its ability to use multiple connections – say fixed broadband and mobile data –  simultaneously. The secret sauce here is Application Performance Routing (APR). A good analogy for APR is the way Sat-Nav will automatically redirect you down a new route if the road you’re on has congestion up ahead. APR can analyse the pathways for data in the same way, and redirect traffic over the quickest or most streamlined route.

APR has an extra layer of intelligence so it can recognise the individual applications being used. Say an employee is using an application like VOIP, which doesn’t need lots of bandwidth per se, but is very intolerant of varying delay, or jitter. APR automatically directs VOIP down the route with consistent delay, like a road that you drove down at a steady 30mph rather than accelerating and breaking between 20mph and 70mph.

It’s as if your Sat-Nav could automatically tell that you are cycling rather than in your car, and direct you through the park. Or the Sat-Nav could tell if you are driving an electric vehicle and only direct you down a route with enough high speed chargers.

APR means all applications go down the most suitable paths,  which optimises the user experience.

An SD-WAN is a decentralised network with multiple connections to the cloud.

Now you know what an SD-WAN is and why it’s so useful, you could just go ahead and implement it yourselves.

Simples.

The problem is that only the biggest organisations have the required expertise in-house to ‘S-DIY-WAN’.

Most IT departments don’t fully understand the traffic patterns of the applications on their networks. This makes it very difficult to configure the deep application recognition required for APR.

So typically IT departments play safe and end up with an SD-WAN that is massively over-specified. They adopt a position where every app has a gigabyte of bandwidth and only 10 milliseconds of latency. The performance of the applications is brilliant, but the SD-WAN is as costly as the hub and spoke network would have been.

Decentralised security on SD-WAN

Network security is a massive consideration as cyber-crime and data breaches increase exponentially. The impact of a security breach is hugely costly and reputationally damaging.

Another big difference between SD-WANs and hub and spoke networks, is that the data security is decentralised. Rather than having one firewall in the corporate data centre, SD-WANs secure the data in transit. This is done by embedding the security throughout the network, deploying solutions that include integrated firewalls and associated unified threat management.

These functions are virtualised to keep up with evolving security threats and to control the cost of updating and upgrading security elements. Security can still be centrally managed and updated through software that grants granular visibility into the network.

But the security embedded in the SD-WAN takes expertise and extra resource to configure and manage properly. Martin Saunders, Product Director at Highlight*, a company that optimises network performance, notes “to get the security right you really have to balance the ease of use with the control. You still need an experienced set of security experts who know what is the right security policy for that business and its users.”

You may have to admit a bit of vulnerability yourself. After such a tumultuous period as the pandemic, when so much has changed in such a short time, it is no wonder that we don’t have all the answers.

Managed SD-WAN

If you don’t have the knowledge and people already in place, a managed SD-WAN service is an option. Lots of Managed Service Providers (MSPs) come equipped with enough basic know-how, but historically it has been difficult for businesses to define, assess and manage an excellent experience for their users.

This is particularly true when you were locked into one big contract with a giant telco, whose customer service might generously be described as ‘arms length’. Bear in mind also that an SD-WAN combines lots of different networks – it might pay you to shop around – so it gives your MSP the challenge of managing multiple suppliers.

A good first step in assessing an MSP is to get that supplier to do an audit of your existing network. They should build up an understanding of how your network is being used on a day to day basis. Challenge them to demonstrate the expertise to measure its performance and detail the application traffic and user experience. And they ought to be able to explain how they’ll help you manage that experience.

They may even tell you you don’t need an SD-WAN after all. But if they do implement one, they will be able to specify it precisely, avoiding the pitfalls of over-engineering the networking or badly defining the cyber security. You will also be able to gauge the SD-WAN’s performance against that of the old network. This will give a foundational context to measure and optimise the SD-WAN.

Transparency and vulnerability

Another thing a trustworthy supplier will do is share all the meaningful statistics on service performance with you. They should have the honesty and transparency to let you see the same network information as they see. Saunders says that suppliers “build trust with clients by being open about problems on the networks and what they are doing to fix them.”

He feels that suppliers should show vulnerability; that they don’t always get everything right the first time and that the service will evolve and improve over time. He uses the mobile company Giffgaff as an example of this vulnerability. Giffgaff sends a text at the end of the month to say this is how much data the customer used, and this is how much they are paying for. If they are paying for too much Giffgaff actually suggests the contract is adjusted so the customer gets better value.

What’s next?

If you are considering SD-WAN it is worth taking Martin Saunders advice and start by doing an audit of your current network. The audit should enable you to understand how well the network is performing, the application traffic patterns, and what the user experience is really like. This understanding will help you make informed choices – or at least ask a better questions – and shield you from getting sucked into the current hype around SD-WANs.

It may be worth getting your internal team to do this to see if you have the expertise in-house. You could even get some external MSPs to audit the network so you can compare and contrast the results. If you do choose to use an MSP this is a good way of vetting them.

If those MSPs have the competence, transparency and maybe even vulnerability, you will know if you are moving in the right direction. Maybe you conclude that you don’t need an SD-WAN after all. Or a hybrid between MPLS and SD-WAN fits your current circumstances, while also giving you the scope to evolve the network as business needs change.

*Highlight are technology partners with Gamma. The Highlight monitoring and management tool, integrated within the Gamma SD-WAN, provides visibility to customers of application and network performance, with built-in diagnostic, reporting and alert capabilities.

Smiling lady shaking hands