The Importance of Network Services in the Age of Remote Work

The Importance of Network Services in the Age of Remote Work

The landscape of work has undergone a remarkable transformation in recent years, with remote work becoming an integral part of the professional world. This shift has highlighted the crucial role that network services play in ensuring the success and efficiency of remote work setups. As we navigate the complexities of a digital age, the reliability, security, and accessibility of network services have emerged as fundamental pillars supporting the modern workforce.

1. Reliable Connectivity:

In the age of remote work, a stable and high-speed internet connection is no longer a luxury but a necessity. Network services provide the backbone for seamless communication, collaboration, and data sharing. From virtual meetings to cloud-based applications, the ability to connect reliably enables remote employees to perform their tasks without the limitations of traditional office spaces.

2. Enhanced Collaboration:

Collaboration lies at the heart of productive remote work, and network services facilitate this collaboration by enabling real-time communication and sharing of resources. Video conferencing, instant messaging, and file-sharing platforms rely on strong network infrastructure to ensure that team members can work together despite physical distances. The ability to collaborate effectively enhances creativity, innovation, and teamwork, fostering a sense of unity among remote teams.

3. Data Security and Privacy:

With the rise of remote work, concerns about data security and privacy have intensified. Network services play a critical role in safeguarding sensitive information by implementing encryption, firewalls, and other cybersecurity measures. Ensuring that remote employees can securely access company resources, databases, and applications requires a robust network infrastructure that shields against potential cyber threats.

4. Flexibility and Accessibility:

Remote work empowers employees to balance their professional and personal lives, and network services are pivotal in enabling this flexibility. Cloud-based services allow remote workers to access files and applications from any location, making it easier to stay productive while traveling or working from home. The accessibility offered by network services promotes a healthy work-life balance, ultimately leading to increased job satisfaction and employee retention.

5. Scalability and Adaptability:

The demands on network services have evolved rapidly with the surge in remote work. Businesses need network solutions that are scalable and adaptable to accommodate changes in workload and user numbers. The ability to adjust network capacity ensures that remote teams can continue to function optimally, even during peak usage periods. This scalability also future-proofs businesses against evolving technological needs.

6. Challenges and Solutions:

While network services offer immense benefits, they also present challenges. Network outages, bandwidth limitations, and cybersecurity threats can disrupt remote work operations. To mitigate these challenges, businesses must invest in redundant network setups, regular maintenance, and cybersecurity training for employees. Collaboration with reliable network service providers can help address these concerns effectively.

In the age of remote work, network services have proven to be a linchpin for successful and efficient operations. They provide the foundation for reliable connectivity, enhanced collaboration, data security, flexibility, and scalability. As businesses continue to embrace remote work as a permanent part of their operations, the importance of robust and dependable network services cannot be overstated. By recognising and investing in the critical role that network services play, organisations can ensure that their remote teams thrive in an interconnected and digitally empowered world.

What is next after SD-WAN?

What is next after SD-WAN?

Oreta surveyed several leading IT specialists with the question ‘SD-WAN, what’s next?’ and uncovered that the answer varied dependent on where the business is in their network transformation journey.The responses included:

  1. SD-WAN optimisation
  2. Extension of the edge security to rest of network
  3. Secure Access Services Edge (SASE) and Zero Trust
  4. Data Loss Prevention (DLP)

Let’s unpick these answer’s but before we do what is the problem we are trying to solve?

The Australian Cyber Security Centre received over 76,000 cybercrime reports last financial year. This equates to one report every 7 minutes. A 25 per cent increase in the number of publicly reported software vulnerabilities and a rise in the average cost per cybercrime report to over $39,000 for small business, $88,000 for medium business, and over $62,000 for large business, this is an average increase of 14 per cent.

The Financial Review published an article in Nov 2022 with statistics from the Office of the Australian Information Commissioner reporting that:

  • In the first half of 2022 there were 396 data breaches in companies with revenue of more than $3Million.
  • 63 per cent of data breaches were due to a malicious or criminal attack.
  • 33 per cent were due to human error.

As a result of the recent breaches the Australian Government has introduced new legislation increasing the maximum penalties for companies that experience repeated privacy breaches. The penalties have been increased to the greater of $50 million, three times the value of any benefit obtained through the misuse of information, or 30 per cent of the company’s adjusted turnover in the period.

What is your organisation doing to protect your employees, customer data and ultimately your brand, as the threat landscape gets greater, increasing the risk of a security breach. The question changes from if to when. It is crucial that your organisation stays ahead and focuses on what is next.

SD-WAN optimisation

Today’s branch office users are consuming more bandwidth as they collaborate online, increasing the use of Software-as-a-Service (SaaS) and cloud services, and other bandwidth-intensive applications. SD-WAN solutions have come into their prime providing local breakout to the Internet for quicker access to the SaaS and Cloud based services. SD-WAN can provide performance benefits for your users accessing these services, via policy-based network-wide application performance, visibility, and control. Although some SD-WAN solutions boast of network optimisation such as Dynamic Multi-Path Optimization (DMPO), SD-WAN alone does not replace the requirement for continuous optimisation.

To ensure your users have a good digital end user experience your organisation needs to take advantage of your SD-WAN deployment by optimising the applications being accessed. Most solutions will provide a level of automated optimisation and traffic routing, however what is important to one business may not be as important to another. One business may rely heavily on video conferencing while another business may be dependent on productivity tools. This is where optimisation of your network comes to play, ensuring that the SDWAN solution is placing the correct priority on your specific critical business applications.

Secure Access Services Edge (SASE)

SASE is a term that Gartner brought to market to bundle several security capabilities into a security framework to fortify access to applications and data no matter where the user is located (office, branch, remote). A key concept with SASE being cloud based SaaS service is the flexibility and agility that it can bring. The security aspects of SASE, “Security Services Edge” (SSE), secures access to the web, cloud services, and private applications. Gartner breaks SSE down to “Capabilities include access control, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration.”

Some of the key concepts within SSE include:

  1. Zero Trust Network Access (ZTNA)
  2. Secure Web Gateway (SWG)
  3. Cloud Access Security Broker (CASB)

Zero Trust Network Access (ZTNA)

After several roundtables with leading security experts, Oreta re-quotes Zero trust as:

“The name can be misleading, after all, it is not that we don’t trust the entity (our staff) in question. You usually do. It’s the level of trust you provision for the entity that matters. In this case you grant only the permissions needed for the entity to perform the role.”

  1. Fortinet definition of Zero Trust: It’s no longer safe to assume that just because a device is connected to the network, it should have access to everything. Fortinet Zero Trust Access solutions provides continuous verification of all users and devices as they access corporate applications and data.
  2. Netskope definition of ZTNA: ZTNA creates a new security framework, based on the zero-trust security model, for connecting users with enterprise resources. Private applications connect to the ZTNA broker via application gateways. When a user connects, the cloud based ZTNA broker verifies the user’s identity and security posture before connecting users to the authorised applications. Because ZTNA only grants application-specific access, not network access, it eliminates unauthorised lateral movement. With ZTNA, there is no inbound connectivity to the enterprise network and the resources remain hidden from discovery, reducing the digital attack surface.
  3. Palo Alto Networks definition of ZTNA as: Zero Trust Network Access (ZTNA) is a category of technologies that provides secure remote access to applications and services based on defined access control policies. ZTNA solutions default to deny, providing only the access to services the user has been explicitly granted. With ZTNA, access is established after the user has been authenticated to the ZTNA service. The ZTNA service then provisions access to the application on the user’s behalf through a secure, encrypted tunnel. This provides an added layer of protection for corporate applications and services by shielding otherwise publicly visible IP addresses.

The commonality between these providers is the least privilege and continuous verification of the user to maintain a real time security posture. Turning on the technology is simple; the challenging step is understanding your organisations data and being able to apply role-based access to specific data classification types.

Secure Web Gateway (SWG)

“A secure web gateway (SWG) protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies. Instead of connecting directly to a website, a user accesses the SWG, which is then responsible for connecting the user to the desired website and performing functions such as URL filtering, web visibility, malicious content inspection, web access controls and other security measures.” (Palo Alto)

65,660 malicious sites were taken down by The Australian Cyber Security Centre last financial year according to ACSC Annual Cyber Threat Report, July 2021 to June 2022. With a high percentage of the work force now working remotely it becomes increasingly difficult to protect mobile users from threats and makes it more important than ever to deploy an SWG.

An SWG solution offers a combination of security capabilities, including web filtering, DNS security, inline CASB, antivirus, antimalware, anti-botnet, SSL inspection, and data loss prevention and controls application use for all users on any device at any location. It is also important that as you select these tools you consider solutions that provide AI-Powered real-time threat intelligence to mitigate these threats.

In addition to protecting your organisation from malicious attacks it is important to consider the loss of digital assets. With the growing adoption of collaboration tools the chances of your staff accidently (or deliberately) leaking data from your organisations systems increases. A well implemented Data Loss Protection (DLP) tool reduces this risk by ensuring your organisations data and IP is maintained within the confines of your organisations systems, whether in the cloud or on-premises.

Cloud Access Security Broker (CASB)

As organisations adopt SaaS applications, they are increasing their threat landscape with data being stored in multiple third-party systems that in effect businesses have limited control over. The risks this exposes your organisation to cannot be dismissed and includes:

  1. Data and IP being exposed or lost either accidentally, deliberately or via exfiltration.
  2. Exposure to vulnerabilities and malware attacks.
  3. Risk of non-compliance with regulations and data privacy laws such as the European Union General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard ([PCI-DSS], ISO-27001, the Sarbanes-Oxley Act [SOX], the Health Insurance Portability and Accountability Act [HIPAA], and others.
  4. Business service downtime when a security breach is reported.

CASB services are designed to reduce this risk via real time API integration. This short video from Travis Pinto at Netskope is a 3-minute clip that provides a succinct description on where CAB and SWG are heading.

In Summary

Each vendor has their own custom SASE / SSE services and in the current marketplace there are several vendors that have been on an acquisition journey to broaden out their security portfolio. For example:

  1. Security first focal point and built out their SD-WAN portfolio: e.g., Fortinet, FortiGate, FortiSASE.
  2. Security first focal point and acquired their SD-WAN solution: e.g., Palo Alto with Prisma CASB and CloudGenix SD-WAN.
  3. Technology company acquiring both SD-WAN and the security services:
    e.g., VMware purchased Velo for the VMware SD-WAN, Airwatch and Carbon Black for end point and use a third-party API based connector for Cloud Web Security.
  4. Best of breed CASB security providers who integrate to SDWAN providers:
    E.G. Netskope and Zscaler.

Each vendor will bring a different solution on the SASE services they can provide. The examples above raises the question as to whether as an organisation you go with one vendor for all services or take a best of breed approach.

How and who can implement SSE for my business?

Oreta’s security advisory team can work with your CISO and BAU teams to review your existing security posture against defined Security frameworks SASE developed by Gartner and industry standards Essential Eight. Where there are gaps, Oreta can design and implement solutions to reduce your risk by leveraging industry leaders in security (SentinelOne, Palo Alto Networks, Fortinet, Netskope, Check Point).

Contact us now.


SD-WAN; Battle of the Titans

SD-WAN; Battle of the Titans

Awareness of Software-Define Wide Area Networking (SD-WAN) is growing. More and more companies are looking toward the next generation of WAN technology. And, the battle between the geniuses of SD-WAN technology, Cisco and VMware, is heating up.

In this article, we compare SD-WAN solutions, discuss the benefits of each, and outline which solution may be best for your business depending on your requirements. 


SD-WAN – Biggest Trend In Enterprise Networking Today 

For those of you who are still fresh to the game, let’s quickly explain what SD-WAN is and why more and more companies are investing in it.  

SD-WAN is the most significant trend in enterprise networking today. Demand is accelerating as companies look to increase agility, achieve high performance, and secure connections to cloud applications. SD-WAN uses software to control the connectivity, management, and services between data centres and remote branches.

The five main features of SD-WAN include the ability to;

  • combine multiple connection types, from MPLS to broadband to LTE, serving one location into a single pool of capacity available for all applications and services,
  • centrally define and manage policies and network traffic without requiring manual configuration at each device,
  • set up a simple interface for managing WAN which supports zero-touch provisioning at a branch or site,
  • support VPNs and other third-party services, such as WAN optimisation controllers, firewalls, and web gateways,
  • customise bandwidth and connectivity to meet the needs of specific network services, locations, or users.

As a Gartner report recently mentioned, SDWAN is a key technology helping enterprises transform their networks from “fragile to agile”. SD-WAN can help companies overcome many of the challenges they experience with legacy WAN, empowering their IT to work smarter, faster, and at a lower cost through network automation, traffic programming, and policy development.


Cisco SD-WAN vs VMware’s Velocloud

Now that we’ve defined what SD-WAN is let’s look at the differences between the two top contenders in the market; Cisco SD-WAN and Velocloud by VMware.   

Before we start, we would like to emphasise that there is no definite answer to which vendor offers the best SD-WAN solution for your business. There are many variables you need to consider before you decide what is the best solution for your business. You need to take the time to understand each of their strengths and whether they complement your business objectives. In this article, we aim to help you make a more informed procurement decision.


What is Cisco SD-WAN?

In summary, Cisco SD-WAN is a highly adaptable solution allowing each site to have different control policies at a control plane level or data plane level.


What is Velocloud by VMware?

 Velocloud offers out-of-the-box configurations making deployment fast and simple. Whilst SD-WAN components can also be customised, the solution is designed to allow DIY management with pre-configured policies. It is a critical component of the Virtual Cloud Network. 

What Are The Eight Main Differences?


Difference 1 – Dynamic Path Selection 

SD-WAN can select the most appropriate path or channel the network traffic will use, enabling cloud applications to leverage various options. By choosing the best approach, SD-WAN can maximise the use of circuits such as 4G/5G, Broadband, and Ethernet, thus increasing uptime and bandwidth. 

Cisco SD-WAN Dynamic Path Selection – Cisco SD-WAN can help direct route traffic to the best-performing link by establishing route prefixes, metrics, link-state information, and route removals.

Based on SLA requirements, network traffic is recognised, and a policy is chartered to the traffic application. Identifying specific traffic applications requires the use of layers within the packets (e.g. ports, protocols). These packets, otherwise known as Viptela BFD’s (Bidirectional Forwarding Protocol), are used to screen the path’s characteristics and detect whether other paths need to be used due to possible latency.

Velocloud Dynamic Path Selection – Velocloud offers a Dynamic Multipath Optimisation feature that is very similar to Cisco SD-WAN’s BFD in the way that it can sense application characteristics. The feature includes link checking and detection of a specific provider. It allows automatic configuration deployment based on link properties, routing, and quality of service. 


Difference 2 – Quality of Service (QoS)

SD-WAN makes QoS much more effective than MPLS. It removes the end-to-end benefit of an MPLS VPN and replaces it with a host of link preferences, out-of-the-box configuration templates, and pre-classification of link characteristics. 

Cisco SD-WAN Quality of Service is similar to MPLS without the end-to-end characteristics of private network traffic flow. The Viptela capability allows ingress and egress interface direction toward vEdge routers in the network. With SD-WAN, Cisco SD-WAN can determine which links to use and applies a QoS capability depending on their characteristics.

Velocloud Quality of Service provides application traffic WAN settings across approximately 2,500 traffic sources. The advantage is an out-of-the-box ability to automate QoS and assist any one of those particular sources. SD-WAN builds application profile awareness, making it easier to outline QoS and bandwidth allocations. 


Difference 3 – Link Steering and Remediation

Link Steering and Remediation occurs either per session or per packet. It is one of the key benefits of SD-WAN. It enables connections to link to traverse over WAN links, adjust link preferences, and create robust failover. 

Cisco SD-wAN Link Steering and Remediation (Cloud OnRamp for SaaS) enables applications to choose their preferred connection, depending on the destination or if it is a Cloud application. If applications experience packet loss, increased latency, or complete outage, links can be steered to a new destination. Link performance is calculated by ranking, from 0 – 10, how well an application’s requirements are being met. A cloud interface manages the configuration and continuous changes to the Viptela platform.

VeloCloud Link Steering and Remediation – Velocloud’s SD-WAN solution can dynamically monitor traffic by censoring both the WAN edge and cloud application performance. With SD-WAN, a standard branch has two or more connections that require dynamic per packet switching for path optimisation.    

Detecting traffic performance issues is done with link analysis. From here, the results provide information as to whether link switching is required and packets automatically routed. 


Difference 4 – Application Performance Monitoring 

Application Performance Monitoring is one of the critical deliverables of any SD-WAN solution. It provides network management engineers and IT teams the ability to observe issues and trends over time, which, in turn, helps them make strategic decisions regarding their network.

Cisco SD-WAN Application Performance Monitoring – The network’s performance, individual circuits, carriers, tunnel and individual application data points are assessed using a single dashboard, known as Viptela VAnalytics. For example, Network managers can instantly detect which applications are using the most bandwidth, as well as any unusual behaviour that requires immediate attention.

Velocloud Application Performance Monitoring –  Velocloud provides insight into the performance across voice, video, and mission-critical data applications by calculating a WAN quality score. The monitoring tool provides a thorough assessment of application behaviour on single links and indicates where enhancements and changes are required.


Difference 5 – Security 

Security – SD-WAN vendors often need a different device to ensure security is factored in. Whether or not your SD-WAN service supports Next-Gen firewall functionality depends on your vendor’s offering and your internal security strategy. 

Cisco SD-WAN Security – Cisco SD-WAN provides stateful firewall capability, which in some ways is like the customary world of standard Firewalls (e.g. not Next-Gen firewalls).

Velocloud Security –  Velocloud provides in-built context-aware (e.g., application, device, user) with Next-Gen Firewall. With SD-WAN, data can be micro-managed and mico-applications can be directed with proximate security. 


Difference 6 – Network Function Virtualisation (NFV)

 Network Function Virtualisation (NFV) segregates network functions from hardware to design a virtualised machine that operates on cloud-based commands, resulting in a flexible, cost-effective infrastructure. 

Cisco SD-WAN Network Function – Cisco SD-WAN’s VEdge Cloud virtualises the technology from a physical VEdge capability and creates a Virtualised Machine (VM). With VEdge Cloud, a Virtual Network Function can create a Virtual CPE (vCPE) deployment within a company’s head office or branch location.  

Velocloud Network Function – VMware Edge hardware supports Velocloud’s capability to virtualise. The technology is listed as VMware SD-WAN Gateway and is available with service chaining support which is seamlessly delivered by partners such as Zscaler and Websense. 


Difference 7 – Zero-Touch Deployment 

A major benefit of SD-WAN is fast deployment. It can quickly start an internet connection without fundamentally having to physically connect to any hardware. 

Cisco SD-WAN Zero-Touch Deployment – Any Viptela device with internet connectivity is efficient at ‘zero provisionings’. Cisco SD-WAN needs a DHCP address from the network to get public DNS information. When booting, the vEdge router will connect to 

Velocloud Zero-Touch Deployment – When connecting to the internet, Velocloud devices will auto-connect, authenticate and receive the appropriate configuration. The benefits of Velocloud’s Zero-Touch include deployment simplification and network migration.


Difference 8 – Automation and Orchestration 

 SD-WAN service providers need Software WAN orchestration to control, manage and deliver the end customer service. It often requires an SDN controller with virtualisation software that can automate the provisioning process. 

Cisco SD-WAN Automation and Orchestration – Cisco SD-WAN provides a robust and true orchestration of SD-WAN services via its initial point of authentication. Distribution lists of their components, including VSmarts and VManage, are all supported across the deployment. The vBond Orchestrator delivers the SD-WAN capability by authenticating and authorising the Cisco SD-WAN elements into the network. Cisco vBond Orchestrator endorses the data points (i.e. Cisco VSmart Controllers and vEdge routers) in the network and coordinates how they will connect. 

Velocloud Automation & Orchestration – Velocloud Orchestrator delivers Velocloud configuration across all aspects of the network. When devices connect to the internet and zero-touch deployment is active, VMware SD-WAN Edge appliances can auto-connect by following customised configuration instructions. Integration with existing networks can also be achieved, including support for the OSPF routing protocol. 


Here’s a summary of the main differences between the SD-WAN solutions;

Cisco SD-WAN

VMware – Velocloud

An open solution is known for its flexibility and ease of deployment

Fast deployment

Functions on-premises or in the cloud

Three versions: internet only, hybrid SD-WAN, and on-premises

“Zero Touch” deployment

“Zero Touch” deployment

Policy provisioning via vSmart controller

Policy provisioning via VeloCloud Orchestrator

Number of applications supported: 3,000

Number of applications supported: 2,200

Unidirectional measurement and steering – No

Unidirectional measurement and steering – Yes

Network Performance Measurement: (passive) Proprietary

Network Performance Measurement: (active) BFD

Forward Error Control (for packet loss): No

Forward Error Control (for packet loss): Yes

Data Encryption: Yes

Data Encryption: Yes


 What Else Do You Need To Know About VMware’s VeloCloud?

 With Velocloud by VMware, it does not matter whether companies use MPLS or not; they can leverage wireless broadband internet or wired broadband internet. The solution has a performance indicator called VeloCloud Quality Score, which gives IT managers visibility regarding how the solution is operating.  

 Velocloud provides a robust Cloud Gateway-centric approach to SD-WAN, providing a continuous solution that reaches into multi-cloud, data centres and other application hosting solutions. The approach is not only considered forward-thinking but cutting edge.  

What Else Do You Need To Know About Cisco SD-WAN?

Wich Cisco SD-WAN, companies can implement and manage this SD-WAN solution entirely within the cloud. Its open architecture makes it ideal for working in conjunction with IPFIX interfaces, Syslog, Netconf, SNMP, and REST APIs. SD-WAN forwarders work in sync with the central policy controller.


 What Is The Right SD-WAN Solution For You?

 IT departments are looking at more different ways to deliver secure and efficient cloud connectivity in the current business climate, a challenge that SD-WAN can solve. As a result, SD-WAN will be vital in managing networking, cloud connectivity and security in the future. 

 The common consensus by IT and networking managers is that SD-WAN is making their lives easier. They are reaping the benefits of improved security capabilities, better bandwidth management, improved application performance in the cloud, improved network orchestration and automation and greater visibility into the network. 


 About Oreta

At Oreta, we ensure that all our customers network right. We have deep skills in understanding and designing networks to advise your company on the right SD-WAN solution to meet your needs and continuously focus on adopting new technologies that will further enhance our customers’ outcomes.

Transforming with SD-WAN

Transforming with SD-WAN

What is SD-WAN?

SD-WAN (Software-Defined Wide-Area Network) allows for a new way to manage WAN connections such as broadband internet, 4G, LTE, or MPLS. It connects networks of all sizes from SMB to enterprise — including branch offices and data centres — over large geographic distances. 

Customers no longer need to invest in expensive, proprietary technology to get the connectivity they need. SD-WAN allows customers to a range of technologies to deliver higher values of service.

SD-WAN essentially virtualises the network and abstracts much of the complexity from the customer. It is now possible to use lower-cost links for backup (think NBN or 4G) as opposed to paying for different path point to point connections. All the management of these links are centralised, and traffic can be routed via the most appropriate path. This approach can significantly assist organisations who are looking to deploy into Hybrid and Multi-cloud environments.

Getting your design right

While many SD-WAN solutions may make it sound simple to deploy and manage, it is crucial not to miss the design phase of your overall network requirement. Understanding traffic flows, firewall rules, application dependencies and system performance needs to bring any SD-WAN project to a halt. It is also crucial to build a level of future-proofing into your design. Incorrect sizing of the equipment to meet your future business needs is a very typical issue that hits many organisations. SD-WAN allows you to scale your network bandwidth needs, but it needs to have the capacity itself for the number of users going through it, especially for things like remote VPN and FW throughput.

How can we help?

Oreta has multiple in-house resources that can assist you in understanding and transforming your network to meet your changing business requirements. Many of our resources are certified with our industry partners and are technically adept at working across several WAN technologies, routing and deploying SD-WAN. 

We have a profound understanding of our partners SD-WAN applications, including VMware by Velocloud and Cisco’s full Cisco SD-WAN stack, from small to medium business products (Meraki) to large scale enterprise (Viptela). Also, we have a strong background in integrating connectivity options from Telstra, Equinix, AWS, Azure and Google Cloud Platform (GCP).

Oreta can tailor your SD-WAN solutions, using the lowest cost links while giving you the highest levels of service and security. 

If you would like more information, please get in touch with us here.

SD-WAN- Making networking easier

SD-WAN- Making networking easier

Software-Defined Wide Area Network (SD-WAN) is changing the way we think of networking today. SD-WAN’s networking infrastructure is bridging the gap between the needs of today and the requirements of the future. But, how much do we know about it, how can it transform an organisation’s IT ecosystem, and what are the benefits? Here our Network Architects share their insights and answer some of these commonly asked questions.

What is SD-WAN?

SD-WAN is a new approach to deploying and managing enterprise WAN. It is entirely software managed (software-defined). It is an overlay technology which makes the customer network agnostic of the underlying infrastructure. It allows customers to manage their network independently of a service provider, which is unlike the existing MPLS.

What makes up SD-WAN?

There are three critical components in SD-WAN. First, the orchestrator or online portal, where all setup configurations and policies are defined. Secondly, there are branch or site gateways, which could be hardware or software appliances. Thirdly, depending on how agnostic the vendor is, there are cloud gateways or a gateway serviced by a selected vendor.


There are five key reasons why organisations should invest in SD-WAN, including:

  • It can replace enterprises existing WAN or supplement it with additional capacity and resiliency levels.
  • It can reduce the need for a WAN service and OPEX costs for enterprises, thereby allowing them to use inexpensive Internet circuits.
  • It allows enterprises to become ISP independent. In other words, enterprises can choose any internet service provider, even a mix of multiple providers.
  • Enterprises can quickly roll out new branches using standard policy and self-managed setup of SD-WAN.
  • There is no tromboning of traffic in the network, and all SaaS and Internet traffic egress locally, while an enterprises security posture remains the same.

What are the benefits of deploying SD-WAN?

If organisations have the right architecture, SD-WAN can be seamlessly integrated, regardless of the service or configuration of it’s supporting network vendor, and reap many benefits including;

  • Service provider Independence.
  • Low operational and recurring costs.
  • Reduced roll out time for any add move changes.
  • Application-aware network.

How can SD-WAN integrate into an existing IT environment?

To achieve a smooth transition to SD-WAN without it affecting the performance of its current IT environment, there are several pre-engagement activities which need to be completed. Below is the checklist which all organisations should follow;

  • Audit the current setup topology and bandwidths of individual links.
  • Understand the current routing design.
  • List the critical applications and their traffic flow, delay tolerance and other network parameters. Also, it involves application to application traffic. Benchmarking of current metrics would be needed.
  • Tabulate user-profiles and users at each branch location.
  • Lastly, a physical audit may be needed to understand the cabling setup, rack layouts and other physical aspects.

How can Oreta help?

As a service provider, Oreta can complement an organisation’s  smooth deployment of SD-WAN by

  • Conducting a workshop, which focuses on;
    • conducting a Network Audit
    • Developing an IT strategy and
    • Outline increased usage of cloud infrastructure and other SaaS applications
  • Providing an independent options paper for vendor selection.
  • Planning migration, building and deployment of your SD-WAN roadmap.
  • Designing a validation test for excellent tuning parameters and as a proof of concept.

Our skillset includes;

  • LAN / WAN understanding.
  • Incumbent routing protocol knowledge like OSPF and BGP.
  • Understanding of the cloud-based infrastructure.
  • Managed services team with experience of SDWAN deployment management.


For more information for the layman, one of our major partners, VeloCloud, has recently published a book ‘SD-WAN for Dummies’. It’s a great read and makes SD-WAN sound like a breeze. Here’s the link which can answer more of your pressing questions – Software Defined WAN eBook

SD-WAN vs MPLS? What’s best for your business

SD-WAN vs MPLS? What’s best for your business

Are you looking to migrate to cloud? Are you experiencing bandwidth constraint with your existing wide area network (WAN) infrastructure? Is your organisation’s IT landscape evolving rapidly? If so, have you considered transforming to a software-defined WAN (SD-WAN) solution? In this blog, we highlight why the industry is seeing an increased interest in SD-WAN over MPLS and why your organisation should consider shifting today.

What is the difference between MPLS and SD-WAN?

Before we get ahead of ourselves, let’s have a look at MPLS, a traditional WAN technique, and SD-WAN, a new way organisations are managing their network at the edge.

Multiprotocol Label Switching (MPLS) has been a popular WAN technology used traditionally in telecommunications environments. Organisations are provided with private connections between their data centres and offices. The technique carries data across the network via fixed competent routes. It is ideal for time-sensitive traffic from voice to video to email-based applications.

SD-WAN reduces the dependency on MPLS by leveraging local break out points to the internet and utilising cloud technology to manage WAN infrastructure. Network traffic is logically and efficiently routed over ISPs of the customers’ choice from each endpoint. It provides secure connections between an organisation’s data centre and offices over various network technologies, such as NBN and 4G, instead of requiring a purpose-built network.

What are the pros and cons of both?

SD-WAN – The Advantages

Many businesses have replaced their MPLS network with SD-WAN. The areas of difference relate to cost, security, and performance. Some of the following advantages are very clear, others less apparent depending on the situation:

More Cost-Effective. SD-WAN offers optimal user experience while eliminating the need for expensive VPNs. SD-WAN provides higher-speed options for multi-point connectivity. By using distributed, private data traffic exchange and control points, such as broadband, DSL and 4G LTE, at lower cost users have more secure, local access to the services that they need – whether from the network or the cloud.

Improve SaaS application performance. SD-WAN can recognise applications and adapt bandwidth and other services accordingly. It can initiate multiple parallel connections and balance the data flow between them. SD-WAN can also create new connections should there be a need to increase the bandwidth and ensure time-sensitive applications are not compromised, For example, SaaS application traffic can be routed directly via local internet breakout to reduce bandwidth drainage issues and hefty costs relating to contention and backhauling to a data centre for processing and redistribution.

Simplified QoS. SD-WAN provides real-time traffic monitoring. Organisations can prioritise essential applications, such a video conferencing and focused emails, across the WAN and divert business-critical traffic during periods of network disruption at every location. SD-WAN can also be upgraded by adding new links – generally without changes to the WAN infrastructure or network.

Central Management. SD-WAN orchestration allows the organisation’s network to be managed and monitored via a centralised dashboard. It reduces management overhead and simplifies network operations while providing complete visibility and control over traffic routing.

Unified security. It is deceptive to think that MPLS provides a secured and managed link between branch offices and data centre through the ISP’s internal backbone. Traffic still needs to be inspected for malware and other exploits, which requires deploying a firewall and additional security functions. SD-WAN can unify secure connectivity by integrating security, policy and orchestration via a single management platform. Organisations can benefit from end-to-end encryption across the entire network. By embedding a wide array of security tools – including firewall, anti-virus and anti-malware, SD-WAN enables data to be secure during transit and provides in-depth inspection of the traffic.

More protection. MPLS is an option available to any SD-WAN solution. When there are cases where MPLS is much less expensive, or when concerns about security or reliability are more important than cost differences, SD-WAN can run over an MPLS connection to provide more protection and functionality than an MPLS solution alone. SD-WAN provides a more significant amount of flexibility, more granular traffic control, integrated security, and the ability to leverage multiple connection strategies – such as MPLS and public internet -using the same SD-WAN deployment.

SD-WAN – The Drawbacks

Not suitable for all organisations. It’s not great for organisations where all business applications are located on premise as there is limited benefit to channel all traffic from the edge out to the internet and then back down from the internet to the Head Office.

Possible Local Site Outage. Occasionally, when using SD-WAN, there is a chance of data packet loss and internet uplinks failing. However, this can be offset by organisations choosing an ISP which can offer consistent reliability in their internet connections and ensure that there are multiple services connected e.g. NBN and 4G to ensure reliability.

MPLS – The Advantages

Although we have listed the many advantages of deploying SD-WAN, MPLS could be considered a better choice, for reasons stated below:

High QoS. MPLS excels at keeping a business’s most crucial traffic flowing. It is ideal for businesses which use virtual applications such as VoIP, video conferencing or virtual desktops. This technique works without compromising the quality or signal.

It is reliable. MPLS uses packet-forwarding technology and labels to make data forwarding decisions. The traffic is specially labelled to assist with identifying what data is critical and enabling data forwarding rules to be established, which is particularly important when there are many users on the shared network.

MPLS – The Drawbacks

The advantages of MPLS include scalability, improved performance, reduced congestion. However; it also comes with several drawbacks, including:

Its bandwidth is expensive. An MPLS service must be purchased from and configured by a telco provider which is far more expensive than running data over the internet. We are in a world where organisations are churning through content that requires a high level of bandwidth, from videos to virtual reality. It can also become very costly when organisations need to increase the bandwidth for their MPLS network when compared to other technologies such as public internet connections.

It is inflexible. It can take up to a few months to provision new services. MPLS connections tend to be rigid, fixed connections that can’t easily adapt to the sort of interconnectivity between branch offices that today’s dynamic networks require. They also don’t provide support for things like application recognition or sophisticated bandwidth management for latency-sensitive applications.

It is complex to deploy and manage. Although an ISP manages MPLS, organisations still need skillsets and resources to maintain the integration of their internal network with MPLS and ensure consistent policies apply across the MPLS network as new sites come online and new services are requested.

Visibility is limited. MPLS offers limited visibility about the network. A separate solution is often required to achieve that level of visibility required.

Poor performance. From a performance perspective, MPLS provides a reliable, fixed level of bandwidth. With a continuously expanding volume of data being generated by modern networks and devices, many organisations are leasing MPLS connections to manage increased workloads. However, the organisations are encountering the risk of constrained connectivity, particularly as the connection cannot understand the nature of the traffic and adjust accordingly. Also, while all traffic needs bandwidth to function, some applications – such as voice and video – have latency requirements that require continuous monitoring. When several applications are running through the same connection tunnel, latency-sensitive traffic needs to be prioritised, which requires application recognition, traffic shaping, load-balancing and prioritisation of different connections. MPLS is not capable of doing this.

Cost effective
Improved SaaS performance
Simplified QoS
Centralised SaaS service for administration
Carrier agnostic
Unified security
Not dependent wholly on MPLS
More protection
Guaranteed performance for real-time traffic
Reliable connection when deploy with redundant paths.
Relies on the public internet
Requires the right skillset
Predetermined routes need to be configured by Telco.
Bandwidth can become expensive
Complex to manage
Visibility is limited
Performance degradation with increased traffic
Difficult to source single global provider
Doesn’t support direct access to the cloud from the edge.

What’s best for my business?

What’s best for my business- is a difficult question to answer. Selecting the right solution depends on what environment you’re working in, where your business applications are hosted, where your users are connecting from and what the specific needs of your business are. Each technology has a different role to play; finding the balance is key. MPLS functions in a predictable way, thus guaranteeing time-sensitive traffic is delivered on time at the trade off to lack of flexibility and increased costs. From cost and agility to the ease of use and scalability, an organisation cannot underestimate the benefits of SD-WAN. If organisations are using more advanced cloud-based applications and workflows become more complex, the more flexible and dynamic connectivity they require. SD-WAN is the clear winner.

When should organisations shift from MPLS to SD-WAN?

Organisations should consider deploying SD-WAN when;

  • They want to upgrade their bandwidth.
  • They are looking after a more flexible arrangement as they come out of contract with their ISP
  • They are looking at using more cloud-based services
  • They want to improve their security, agility and visibility within their network
  • They are looking at improving application performance
  • They are identifying their reducing network costs