Networking has become the main driver of IT development in organizations as the internet and cloud computing are increasingly integrated into their computing function. While the basics of the physical network, such as Ethernet and wireless technology, remain the backbones for network infrastructure, networks have become increasingly distributed and more complex. The increasing adoption of cloud architectures, the never-ending requirement for network speed and the integration of the Internet of Things (IoT) only promise to continue this trend. While the Wide Area Network (WAN) will remain the foundation of any IT infrastructure, the way it is implemented and managed will move to software-defined techniques to help address this issue.
SD-WAN (or Software Defined Wide Area Network) refers to implementing a WAN in software rather than through the physical configuration of its components: it represents a level of abstraction between the physical network (the hardware on which it runs) and the logical network (the way that the hardware communicates).
This provides several advantages for organizations including reducing the costs of transporting data through network connections by using them more efficiently, improving application performance, increased development agility, optimizing user experience when using software (especially in cloud-based applications) and simplifying administration by providing centralized, automated functions that offer highly flexible techniques for network visibility, device population and change control.
Introduction
A traditional WAN’s purpose was to connect users at a branch or campus level to applications hosted on servers in a central data center. This involved dedicated circuits that provided high security and reliable connectivity for users. The adoption of cloud solutions for business IT infrastructure and applications, and the consequent reliance on the internet, means that the central data center model is no longer as effective and results in a poor user experience mainly due to managing connection issues with outside networks.
As organizations adopt cloud-based applications across potentially multiple cloud providers, IT departments are seeing that WANs designed for a different era are not effective when dealing with the unprecedented explosion of traffic, data and connectivity issues that cloud adoption brings. It leads to network and management complexity, application-performance degradation and data vulnerability. The solution is to integrate the WAN into the wider network that exists in the cloud computing landscape and to more easily manage the result.
However, because cloud computing requires a organization to be open to the internet, it exposes major security threat and compliance issues. It is extremely difficult to protect the critical assets of a business when applications are accessed by a diverse range of users that can include employees, contractors, partners, vendors and guest users. Providing broadband access through the WAN exponentially complicates security requirements, creating challenges when balancing the needs of user access, security and security rule complexity.
SD-WAN addresses these problems by providing a centralized point of control for the entire network and the tools to manage it on a network-wide scale so that procedures and policies are pushed out across the entire network from the main administrator role.
How SD-WAN Works
SD-WAN is a form of Software-Defined Networking (SDN) that abstracts the hardware layer of a network, particularly its connectivity functions, by defining the connections in software. It leverages Multi-protocol Label Switching (MPLS), a routing technique in networks that directs data flows based on short path labels rather than entire network addresses, thus speeding traffic flows.
While MPLS was effective for fixed network pathways it is a technology that is difficult to modify easily. SD-WAN takes the notion of directing data packets a step further by routing data traffic along the most optimal pathways in the network based on a set of centralized policy rules. These rules can decide the best (and fastest) path for specific types of data packets including those that cross the internet boundary. It enables secure, flexible connectivity across all transport links and providers, including the cloud, and unifies the WAN communication backbone into one easily managed central network
In business terms, it means an administrator can manage multiple connections ranging from broadband to MPLS and even Long Term Evolution 4G (LTE 4G) and 5G, seamlessly. It takes the existing routers, switches and other hardware elements and through software creates a virtual network on which standardized applications and platforms are run. It also, significantly, provides a single, centralized administrative management function that includes security protocols. The advantage of an SD-WAN environment is that when the network needs to adapt, say when a new cloud provider or a branch is added, all that need be done is to add their details in the administrative control function and the remainder of the network adapts automatically.
Because SD-WAN provides a high level of control over data flows, it can segment and partition data packets depending on their importance to the business (based on the policy rules that are defined). This means that various types of data transport links (such as for voice, data and video) can be managed in a highly granular way allowing significant cost savings. This is called ‘dynamic path selection’ and means that priority traffic, such as a video conferencing call, is always prioritized over other, less time-sensitive data (such as a long-running backup, for example). Organizations that have in the past been unable to implement Voice over Internet Protocol (VoIP) due to poor bandwidth have found that adopting SD-WAN technologies allows them to implement it effectively because it can prioritize packet data flow for VoIP when required to ensure it works smoothly. This can also be applied to any high-demand applications that require responsive data flows. Users, for example, can be given prioritized bandwidth to improve their user experience and avoid application response lag. SD-WAN, when implemented well, can mean that an organization gets increased bandwidth at the same, or lower, cost without actually paying for increased capacity.
Benefits of Using SD-WAN
The principal benefits of implementing SD-WAN is the ability to change the network on the fly without having to send staff to manually change hardware settings in business locations (referred to as provisioning). New network elements, such as a new branch office, can be provisioned at the click of a button.
SD-WAN also allows an organization to save money on its connection costs and use its bandwidth more effectively. Because the network is implemented in software it is easy to add, delete or re-configure elements from a central control dashboard and to apply security policies across the whole business network consistently. SD-WAN provides deep visibility and control over the network. This means that it is inherently agile: adopting a new network topology is as easy as using a point-and click interface to view the network, make changes and roll them back if required.
SD-WAN benefits organizations by removing the need for expensive routing hardware by provisioning connectivity and services automatically from the cloud. It provides increased flexibility by allowing an organization to scale connectivity dynamically to reflect changes in demand. It can also allow businesses to switch between different data transport methods, such as cable or wireless networks, that connect the branch office and data center, on the fly; this enables them to mix and match transport protocols based on bandwidth availability and needs. It saves money by optimizing an organization’s connectivity between branch locations, the main office and the cloud, seamlessly.
Another administrative benefit is the ability to apply security policies across the entire business function whether applications are run locally or in the cloud. Customers can, for example, set up secure zones wherever required and then direct traffic flows through secure connections to meet security policies. This simplifies the process of incorporating different security policies for cloud applications and vendors. Mission-critical or highly secure traffic can be partitioned so that it is protected against vulnerabilities present in other areas of the network. The ability to have visibility and control of the security function at a central level is one of the main benefits of this technology and has become critical for organizations seeking to meet compliance and regulatory requirements in complex computing environments.
SD-WAN also helps organizations close the skills acquisition problem as finding experienced personnel for network management roles remains a critical issue. SD-WAN technology allows a centralized network control function where experienced staff can be located to manage and control the network without having to employ additional network engineers for each remote site when implementing network changes or require duplicate personnel for other functions.
Conclusion
SD-WAN allows a organization to abstract its overall IT function into an easy-to-implement and visualize network virtual overlay without concern for how the underlying network hardware and software is maintained. This enables centralized control over the entire network including varying security controls for different parts of the network. It provides significant advantages including improved traffic management and bandwidth usage, agile application development, the ability to use network automation and the flexibility to change the network structure quickly and seamlessly.
SD-WAN allows organizations to have an overall view of their network and the tools to make it function more efficiently, flexibly and dynamically while also consuming fewer network resources. It is a technology that is best suited to businesses that have multiple locations and heavy traffic. While it does require a significant initial investment, in the long-term the savings potential is high, particularly in terms of management as networks continue to grow in complexity due to the need to interact with the internet, cloud providers and other networks.