SD-WAN (Software-Defined Wide-Area Network) allows for a new way to manage WAN connections such as broadband internet, 4G, LTE, or MPLS. It connects networks of all sizes from SMB to enterprise — including branch offices and data centres — over large geographic distances.
Customers no longer need to invest in expensive, proprietary technology to get the connectivity they need. SD-WAN allows customers to a range of technologies to deliver higher values of service.
SD-WAN essentially virtualises the network and abstracts much of the complexity from the customer. It is now possible to use lower-cost links for backup (think NBN or 4G) as opposed to paying for different path point to point connections. All the management of these links are centralised, and traffic can be routed via the most appropriate path. This approach can significantly assist organisations who are looking to deploy into Hybrid and Multi-cloud environments.
Getting your design right
While many SD-WAN solutions may make it sound simple to deploy and manage, it is crucial not to miss the design phase of your overall network requirement. Understanding traffic flows, firewall rules, application dependencies and system performance needs to bring any SD-WAN project to a halt. It is also crucial to build a level of future-proofing into your design. Incorrect sizing of the equipment to meet your future business needs is a very typical issue that hits many organisations. SD-WAN allows you to scale your network bandwidth needs, but it needs to have the capacity itself for the number of users going through it, especially for things like remote VPN and FW throughput.
How can we help?
Oreta has multiple in-house resources that can assist you in understanding and transforming your network to meet your changing business requirements. Many of our resources are certified with our industry partners and are technically adept at working across several WAN technologies, routing and deploying SD-WAN.
We have a profound understanding of our partners SD-WAN applications, including VMware by Velocloud and Cisco’s full Cisco SD-WAN stack, from small to medium business products (Meraki) to large scale enterprise (Viptela). Also, we have a strong background in integrating connectivity options from Telstra, Equinix, AWS, Azure and Google Cloud Platform (GCP).
Oreta can tailor your SD-WAN solutions, using the lowest cost links while giving you the highest levels of service and security.
If you would like more information, please get in touch with us here.
Software-Defined Wide Area Network (SD-WAN) is changing the way we think of networking today. SD-WAN’s networking infrastructure is bridging the gap between the needs of today and the requirements of the future. But, how much do we know about it, how can it transform an organisation’s IT ecosystem, and what are the benefits? Here our Network Architects share their insights and answer some of these commonly asked questions.
What is SD-WAN?
SD-WAN is a new approach to deploying and managing enterprise WAN. It is entirely software managed (software-defined). It is an overlay technology which makes the customer network agnostic of the underlying infrastructure. It allows customers to manage their network independently of a service provider, which is unlike the existing MPLS.
What makes up SD-WAN?
There are three critical components in SD-WAN. First, the orchestrator or online portal, where all setup configurations and policies are defined. Secondly, there are branch or site gateways, which could be hardware or software appliances. Thirdly, depending on how agnostic the vendor is, there are cloud gateways or a gateway serviced by a selected vendor.
There are five key reasons why organisations should invest in SD-WAN, including:
It can replace enterprises existing WAN or supplement it with additional capacity and resiliency levels.
It can reduce the need for a WAN service and OPEX costs for enterprises, thereby allowing them to use inexpensive Internet circuits.
It allows enterprises to become ISP independent. In other words, enterprises can choose any internet service provider, even a mix of multiple providers.
Enterprises can quickly roll out new branches using standard policy and self-managed setup of SD-WAN.
There is no tromboning of traffic in the network, and all SaaS and Internet traffic egress locally, while an enterprises security posture remains the same.
What are the benefits of deploying SD-WAN?
If organisations have the right architecture, SD-WAN can be seamlessly integrated, regardless of the service or configuration of it’s supporting network vendor, and reap many benefits including;
Service provider Independence.
Low operational and recurring costs.
Reduced roll out time for any add move changes.
How can SD-WAN integrate into an existing IT environment?
To achieve a smooth transition to SD-WAN without it affecting the performance of its current IT environment, there are several pre-engagement activities which need to be completed. Below is the checklist which all organisations should follow;
Audit the current setup topology and bandwidths of individual links.
Understand the current routing design.
List the critical applications and their traffic flow, delay tolerance and other network parameters. Also, it involves application to application traffic. Benchmarking of current metrics would be needed.
Tabulate user-profiles and users at each branch location.
Lastly, a physical audit may be needed to understand the cabling setup, rack layouts and other physical aspects.
How can Oreta help?
As a service provider, Oreta can complement an organisation’s smooth deployment of SD-WAN by
Conducting a workshop, which focuses on;
conducting a Network Audit
Developing an IT strategy and
Outline increased usage of cloud infrastructure and other SaaS applications
Providing an independent options paper for vendor selection.
Planning migration, building and deployment of your SD-WAN roadmap.
Designing a validation test for excellent tuning parameters and as a proof of concept.
Our skillset includes;
LAN / WAN understanding.
Incumbent routing protocol knowledge like OSPF and BGP.
Understanding of the cloud-based infrastructure.
Managed services team with experience of SDWAN deployment management.
For more information for the layman, one of our major partners, VeloCloud, has recently published a book ‘SD-WAN for Dummies’. It’s a great read and makes SD-WAN sound like a breeze. Here’s the link which can answer more of your pressing questions – Software Defined WAN eBook
Are you looking to migrate to cloud? Are you experiencing bandwidth constraint with your existing wide area network (WAN) infrastructure? Is your organisation’s IT landscape evolving rapidly? If so, have you considered transforming to a software-defined WAN (SD-WAN) solution? In this blog, we highlight why the industry is seeing an increased interest in SD-WAN over MPLS and why your organisation should consider shifting today.
What is the difference between MPLS and SD-WAN?
Before we get ahead of ourselves, let’s have a look at MPLS, a traditional WAN technique, and SD-WAN, a new way organisations are managing their network at the edge.
Multiprotocol Label Switching (MPLS) has been a popular WAN technology used traditionally in telecommunications environments. Organisations are provided with private connections between their data centres and offices. The technique carries data across the network via fixed competent routes. It is ideal for time-sensitive traffic from voice to video to email-based applications.
SD-WAN reduces the dependency on MPLS by leveraging local break out points to the internet and utilising cloud technology to manage WAN infrastructure. Network traffic is logically and efficiently routed over ISPs of the customers’ choice from each endpoint. It provides secure connections between an organisation’s data centre and offices over various network technologies, such as NBN and 4G, instead of requiring a purpose-built network.
What are the pros and cons of both?
SD-WAN – The Advantages
Many businesses have replaced their MPLS network with SD-WAN. The areas of difference relate to cost, security, and performance. Some of the following advantages are very clear, others less apparent depending on the situation:
More Cost-Effective. SD-WAN offers optimal user experience while eliminating the need for expensive VPNs. SD-WAN provides higher-speed options for multi-point connectivity. By using distributed, private data traffic exchange and control points, such as broadband, DSL and 4G LTE, at lower cost users have more secure, local access to the services that they need – whether from the network or the cloud.
Improve SaaS application performance. SD-WAN can recognise applications and adapt bandwidth and other services accordingly. It can initiate multiple parallel connections and balance the data flow between them. SD-WAN can also create new connections should there be a need to increase the bandwidth and ensure time-sensitive applications are not compromised, For example, SaaS application traffic can be routed directly via local internet breakout to reduce bandwidth drainage issues and hefty costs relating to contention and backhauling to a data centre for processing and redistribution.
Simplified QoS. SD-WAN provides real-time traffic monitoring. Organisations can prioritise essential applications, such a video conferencing and focused emails, across the WAN and divert business-critical traffic during periods of network disruption at every location. SD-WAN can also be upgraded by adding new links – generally without changes to the WAN infrastructure or network.
Central Management. SD-WAN orchestration allows the organisation’s network to be managed and monitored via a centralised dashboard. It reduces management overhead and simplifies network operations while providing complete visibility and control over traffic routing.
Unified security. It is deceptive to think that MPLS provides a secured and managed link between branch offices and data centre through the ISP’s internal backbone. Traffic still needs to be inspected for malware and other exploits, which requires deploying a firewall and additional security functions. SD-WAN can unify secure connectivity by integrating security, policy and orchestration via a single management platform. Organisations can benefit from end-to-end encryption across the entire network. By embedding a wide array of security tools – including firewall, anti-virus and anti-malware, SD-WAN enables data to be secure during transit and provides in-depth inspection of the traffic.
More protection. MPLS is an option available to any SD-WAN solution. When there are cases where MPLS is much less expensive, or when concerns about security or reliability are more important than cost differences, SD-WAN can run over an MPLS connection to provide more protection and functionality than an MPLS solution alone. SD-WAN provides a more significant amount of flexibility, more granular traffic control, integrated security, and the ability to leverage multiple connection strategies – such as MPLS and public internet -using the same SD-WAN deployment.
SD-WAN – The Drawbacks
Not suitable for all organisations. It’s not great for organisations where all business applications are located on premise as there is limited benefit to channel all traffic from the edge out to the internet and then back down from the internet to the Head Office.
Possible Local Site Outage. Occasionally, when using SD-WAN, there is a chance of data packet loss and internet uplinks failing. However, this can be offset by organisations choosing an ISP which can offer consistent reliability in their internet connections and ensure that there are multiple services connected e.g. NBN and 4G to ensure reliability.
MPLS – The Advantages
Although we have listed the many advantages of deploying SD-WAN, MPLS could be considered a better choice, for reasons stated below:
High QoS. MPLS excels at keeping a business’s most crucial traffic flowing. It is ideal for businesses which use virtual applications such as VoIP, video conferencing or virtual desktops. This technique works without compromising the quality or signal.
It is reliable. MPLS uses packet-forwarding technology and labels to make data forwarding decisions. The traffic is specially labelled to assist with identifying what data is critical and enabling data forwarding rules to be established, which is particularly important when there are many users on the shared network.
MPLS – The Drawbacks
The advantages of MPLS include scalability, improved performance, reduced congestion. However; it also comes with several drawbacks, including:
Its bandwidth is expensive. An MPLS service must be purchased from and configured by a telco provider which is far more expensive than running data over the internet. We are in a world where organisations are churning through content that requires a high level of bandwidth, from videos to virtual reality. It can also become very costly when organisations need to increase the bandwidth for their MPLS network when compared to other technologies such as public internet connections.
It is inflexible. It can take up to a few months to provision new services. MPLS connections tend to be rigid, fixed connections that can’t easily adapt to the sort of interconnectivity between branch offices that today’s dynamic networks require. They also don’t provide support for things like application recognition or sophisticated bandwidth management for latency-sensitive applications.
It is complex to deploy and manage. Although an ISP manages MPLS, organisations still need skillsets and resources to maintain the integration of their internal network with MPLS and ensure consistent policies apply across the MPLS network as new sites come online and new services are requested.
Visibility is limited. MPLS offers limited visibility about the network. A separate solution is often required to achieve that level of visibility required.
Poor performance. From a performance perspective, MPLS provides a reliable, fixed level of bandwidth. With a continuously expanding volume of data being generated by modern networks and devices, many organisations are leasing MPLS connections to manage increased workloads. However, the organisations are encountering the risk of constrained connectivity, particularly as the connection cannot understand the nature of the traffic and adjust accordingly. Also, while all traffic needs bandwidth to function, some applications – such as voice and video – have latency requirements that require continuous monitoring. When several applications are running through the same connection tunnel, latency-sensitive traffic needs to be prioritised, which requires application recognition, traffic shaping, load-balancing and prioritisation of different connections. MPLS is not capable of doing this.
SD-WAN Pros Cost effective Improved SaaS performance Simplified QoS Centralised SaaS service for administration Carrier agnostic Unified security Not dependent wholly on MPLS More protection
MPLS Pros Guaranteed performance for real-time traffic Reliable connection when deploy with redundant paths.
SD-WAN Cons Relies on the public internet Requires the right skillset
MPLS Cons Predetermined routes need to be configured by Telco. Bandwidth can become expensive Complex to manage Visibility is limited Performance degradation with increased traffic Difficult to source single global provider Doesn’t support direct access to the cloud from the edge.
What’s best for my business?
What’s best for my business- is a difficult question to answer. Selecting the right solution depends on what environment you’re working in, where your business applications are hosted, where your users are connecting from and what the specific needs of your business are. Each technology has a different role to play; finding the balance is key. MPLS functions in a predictable way, thus guaranteeing time-sensitive traffic is delivered on time at the trade off to lack of flexibility and increased costs. From cost and agility to the ease of use and scalability, an organisation cannot underestimate the benefits of SD-WAN. If organisations are using more advanced cloud-based applications and workflows become more complex, the more flexible and dynamic connectivity they require. SD-WAN is the clear winner.
When should organisations shift from MPLS to SD-WAN?
Organisations should consider deploying SD-WAN when;
They want to upgrade their bandwidth.
They are looking after a more flexible arrangement as they come out of contract with their ISP
They are looking at using more cloud-based services
They want to improve their security, agility and visibility within their network
They are looking at improving application performance
Flexible working is touted to be the way of the future, with managers who were once unsure of the positives of working from home now experiencing for the first time just how well they and their teams are managing to get by.
This has given many businesses reason to consider allowing staff to work flexibly (mixing up their work week with time at home and in the office), while others plan on doing away with offices altogether, given the increased productivity they’ve experienced since early March, paired with the cost savings and improved wellbeing of their staff.
However, in the rush to get everyone WFH ready when Covid-19 hit, some businesses didn’t look at their current and future networking needs.
Is your current network fit for purpose?
Many businesses had to improvise with their networking at the beginning on Covid-19 in Australia, so if you felt the strain in the early days of full-time WFH, you’re not alone.
And with a considerable proportion of the workforce expecting to work from home some (or all) of the time in the future, it makes sense to check in and ensure your network is suited to the increase in remotely located staff while still serving the business’ needs at any physical locations.
Optimising bandwidth, performance and application usage in all locations will be key, and while stopgap solutions may have done the job during the worst of the pandemic, scalability and security are also important considerations for the long term.
Need to find out if your network architecture suits your current and future needs. We can help!
Including remote users in network monitoring
Monitoring is key in determining your networking needs to begin with, and once the architecture has been built out, ensuring it’s working optimally.
The vast number of people working outside of the office has tested IT teams, especially those who have traditionally focussed on on-premise networks and have been in control of all aspects of the technology. Troubleshooting issues with an employee’s WiFi and personal devices is a new challenge, so being able to view entire networks, including employee endpoints, allows IT teams to troubleshoot issues before they become larger problems.
For example, to do this, endpoint agents can be added to devices – be it company provided or BYOD – to monitor how the device performs and how the network it is connected to is working.
Security-conscious users will be pleased to know that this form of monitoring looks only at things like WiFi speed and application connections, not the actual data contained within programs. But this does raise an interesting point about how privacy may be traded (in some cases) in return for more flexible working arrangements.
Balancing internal networking and external facing systems
For employees who are able to work within the business’ physical location, their access to wired networks won’t need to change. But those who choose to work from other locations will need to access company networks another way.
Users on internal networks will be able to use company intranets and shared drives as usual, while VPNs (virtual private networks) are recommended to be used by remote workers to connect to company networks as they allow the user’s device to behave as it would if they were in the office.
VPNs allow only trusted users to communicate through them, increasing your security even when some elements are out of your control, and allow for remote access from your IT team, which helps with solving technical issues from a distance.
If you’re looking for a solution beyond VPNs, there are options such as VDI (virtual desktop) that may suit your business. Users see a virtual desktop (which sits within a centralised server) with an array of applications they can use. The benefits include allowing users to customise their desktop, and as each machine still acts separately, this allows additional security benefits for businesses or individuals who deal with confidential information on a regular basis.
And of course, the prevalence of SaaS products such as Office 365, Salesforce and many others means that users can login via a browser, so if you can ensure users have access to stable internet at home, they can work in much the same way as they would in the office.
Need a network strategy? Contact us today to discuss your individual needs.
Businesses that invest in SDWAN reap many benefits – easy to set up and manage, rapid rollout, cost optimisation, improved connectivity – however, there is one difficult decision businesses need to make when they choose an SDWAN solution, who will manage and monitor the network infrastructure. Will the solution be self-managed or fully managed? This decision can be somewhat easy from some businesses; however, for others, it will require more consideration and planning.
Deciding should be made forthright. Businesses need to ask themselves whether they have the internal capability of meeting the service level agreements (SLA), hardware and software patching and updates, installation, and configuration, and supporting the SDWAN and underlay network connections. If a business does not have the required resources and skills in-house, it is strongly advised that it considers having its network fully managed by a managed SDWAN service provider.Be rewarded. Choose Oreta as your MSP
Why should a business consider a managed SDWAN service provider?
If your business has multiple branches and you would like an SD-WAN solution to be rolled out seamlessly, with a guaranteed service level agreement (SLAs), no compatibility issues, reduced and controlled management overheads, regular updates to infrastructure, then your business should consider a managed SD-WAN service.
Implementing and managing your SDWAN solution internally often requires increasing your resources and lengthening the amount of time it will take before you start to see the benefits. It could be very costly, and there is a risk of high turnover during the rollout of the project.
With managed SD-WAN services, the provider will supply all the hardware, software, networking infrastructure needed to deliver the right level of service – for example, connectivity for X number of branches – with appropriate service-level agreements (SLAs) for uptime and performance. This will certainly help you taking control of costs on implementation and management while achieving great outcomes.
Many service providers will focus on providing an end-to-end service, from installation, troubleshooting, monitoring, and optimising the SD-WAN units across each of your business’s workplaces, which in turn will free your IT team up to focus on the applications which will generate business growth.
What if your business decides to implement SD-WAN internally?
If your business has a highly skilled IT team that is guaranteed to be with you for the entire life of the project, can make informed decisions on architecture, has a flexible installation timeframe and budget, which can factor in unforeseen costs, then completing the project internally might be the most appropriate way forward. However, to take full advantage of the technology and capitalise on the solution, there may still be a need to develop new skill sets.
A well-structured vendor-selection process and a clearly defined pilot are critical when choosing which SD-WAN solution (e.g. Velocloud, Cisco Meraki, Cisco Viptela) will best fit the business’s specific needs and continuing to educate the IT team. During the pilot, businesses should use the time to identify operational challenges and how the organisation will best adapt to the changes, and how the solution will best address the real pain points (e.g. improving application performance).
Warning – If your business chooses to self-manage its SD-WAN and doesn’t have a strong internal networking capability, here’s a health warning. The benefits of SDWAN are widely publicised (i.e. zero-touch set-up; centralised control and rapid reconfiguration; reduction in engineering effort; easy optimisation of application traffic management enabled through smart technology and a ready repository of ready-made rules and application policies; all supported by unparalleled performance, visibility, and analytics). While much of this may be true, businesses should still very carefully assess whether they do have the skills and knowledge to self-manage from end to end. It just not that simple, and many things can still go wrong, at a cost. Is it worth the risk?
In addition to the abovementioned benefits, a managed SD-WAN service can offer businesses value-added conveniences that are beyond just an end-to-end service, including advisory, assessment, design, implementation of an SDWAN solution.
These services can help businesses manage the different stages of an entire solution cycle, from developing the strategy, vendor/solution selection and evaluation, architecture and design, and implementation. Each of these steps demands a highly skilled team and intensive effort, both of which are beyond a business’s internal IT team. And yet each step is necessary to ensure the right solution is implemented and it delivers the outcome that aligns best with your business strategies.
Yes, we want to work with a managed SD-WAN service provider. How do we choose the right one?
Select a capable managed service provider (MSP) with whom you can work with – is it the right fit?
Consider any gaps in the offer, which could influence the success of the solution.
Identify the key objectives of your SDWAN project to help your decisions on budget and cost control.
Define the responsibilities between your IT team and the MSP so that there is no stone left unturned. Ensure that both parties have a clear understanding of the service, operational, and commercial impact of these responsibilities.
Develop a view of your end-state network architecture- what are your business’s medium to long-term goals?
Maintain some competitive tension but leave things open for ongoing collaboration.