SD-WAN stands for Software Defined Wide Area Networking. It’s a combination of Software Defined Networking (SDN), which was created for use in cloud datacenters, and Wide Area Networking (WAN) which is the network outside of your office (e.g. the Internet, or site-to-site networks like MPLS and Metro Ethernet).
Network engineers would love to strictly define SD-WAN, but marketing departments have turned it into an Umbrella Term, like Cloud. There are many types of cloud services, like SaaS, PaaS, Public, Private, and Hybrid Cloud; and similarly there are multiple categories of offerings that come with an SD-WAN label. This guide will help you decipher the choices and shed some light on the decision-making process.
How do you make 15-year old router and firewall technology look appealing? Add a cloud-based web management interface and market it as SD-WAN! That’s essentially what you’re getting with this category. You buy a network appliance to connect your ISP circuits into, and instead of logging into an interface on the actual device to configure it, you now log into the vendor’s shiny new cloud-hosted management dashboard.
Most “real” SD-WAN offerings fall in to this category. They are meant as a lower cost tool to displace MPLS for site-to-site connections. At their core, these devices and services provide site-to-site VPNs, just like standard firewalls or routers.
So the question becomes: what’s the difference between these SD-WAN solutions and standard network edge devices like firewalls? Well, there’s nothing significant at first glance. They boast of cloud-based management (as noted above), plus other existing networking hardware features like application or user based security and routing policies, or WAN-optimization features like compression or TCP optimization.
But there is a major differentiator, and that is awareness of and adaptation to quality issues on the network paths between sites. Traditional firewalls and routers don’t monitor for or adapt to issues like 3% packet loss or 70ms jitter. These performance issues that affect real-time applications can now be identified and resolved through SD-WAN. Buyer beware: how this detection and adaptation works differs greatly by vendor, with varying results.
One big factor you’ll want to consider when looking at this category is that you’re now trusting your network security to your SD-WAN vendor. Since they’re providing the site-to-site VPNs, all of your private traffic is now touching their equipment, un-encrypted. That brings up some questions:
If you choose one of these devices or services, be sure you feel good about the answers to those questions.
Bigleaf is the leader in this category, providing optimization for access to the cloud, and for remote access to on-site resources. Public-cloud and other Internet-based applications are the most difficult to optimize connectivity for, because traditionally there is so little visibility and control to the public cloud. Unlike site-to-site VPNs, which are relatively simple to set up and monitor, connections to cloud services like VoIP and SaaS involve a lot more complexity.
To optimize Internet-based applications like Cloud, you first need visibility. Bigleaf monitors each Internet connection from your office to the core of the Internet 10 times per second, across the exact same paths that all of your data travels. This end-to-end monitoring typically covers over 98% of the path from your office to your Cloud applications.
You then need control. Bigleaf routes all of your traffic via our redundant Gateway Clusters in the core of the Internet. We collocate these in datacenters called “Carrier Hotels”. These locations are the major Internet peering points in each region, ensuring you have the lowest possible latency. Because we route all your traffic through these Gateway Clusters we have 100% control of the routing and QoS prioritization of your traffic. This dedicated network architecture is core to our success in optimizing Cloud-based applications.
Of course you also need the best possible network security. There are many vendors that have spent hundreds of millions of dollars building advanced network security offerings, and you’re probably already using them. With Bigleaf, you can keep using your best-of-breed security solutions, and still get cutting-edge SD-WAN benefits for your traffic! Bigleaf drops-in between your firewall and your ISP connections, optimizing traffic while your firewall handles security and VPNs. Bigleaf creates a stable, reliable, and adaptive foundation for both cloud-based applications and site-to-site VPN traffic.
While there can be many considerations to end up at the right vendor, the decision of which category is pretty simple. Here’s an infographic with some basic questions to help you choose:
While SD-WAN can be confusing, I hope this guide has made the options clear and oriented you in the right direction. If you have any questions please don’t hesitate to contact us, we would be glad to discuss which option might be best for your environment.