Robert Sturt is Managing Director of Netify, an SD-WAN, SASE security & connectivity marketplace where you can compare and shortlist vendors.
As more business operations move to the cloud, the question of implementing an SD-WAN architecture for your organization looms larger. A traditional WAN can start to crack as users, their applications and devices become more distributed.
No wonder then that the global SD-WAN market is forecasted to exceed $30 billion in 2026, a CAGR (2020 – 2026) of 60 percent. The field of SD-WAN vendors is crowded. Not all offer the same scope of services and advantages. In fact, many vendors are similar in respect to high level benefits. With this said, the following five features are typically an initial way to identify solutions that may fit your needs.
1. Next-Generation SASE Security
Not all SD-WAN vendors provide true Next-Gen security features. There are a number of vendors with built-in SASE security which includes IPS (Intrusion Protection System), anti-malware, threat protection and Zero Trust. The alternative is to select vendors that offer SD-WAN only or SD-WAN and SASE security via partners with API access.
Does the distribution and complexity of your organization’s operations need a Next-Gen firewall with intrusion protection or to combine network and security into a SASE model? If your organization needs or wants to break out of locality-based connectivity and services, then it’s worthwhile to work with an SD-WAN vendor that provides built-in SASE SD-WAN security.
Also consider how committed you are to your existing suite of security tools and vendors. If those are relationships you want to continue, then look for an SD-WAN solution vendor that can integrate with your current security platform via APIs. Your other option is to look for an SD-WAN model that provides network and security services in an all-in-one suite.
2. Cloud Access And Path Selection
The main issue here is whether you want your cloud vendor or SD-WAN service to select the path your traffic takes.
Some SD-WAN solutions are tightly integrated with major cloud vendors, like AWS or Azure. If your company is already connected to a major cloud vendor, you may prefer to work with an SD-WAN that is too, as it optimizes private paths for its own traffic.
If your company’s network isn’t tightly integrated with a major cloud vendor, then a cloud vendor’s hard-wired path may not be optimal for your traffic. In this case, you might prefer your SD-WAN to make path selection decisions. The SD-WAN will look at the best connection that’s local to the cloud resource needing access.
Evaluate how SD-WAN solutions connect to the cloud and how their capability aligns with your organization’s distribution of cloud resources. If you have data centers with a dedicated, private cloud connection, they may not totally benefit from SD-WAN technology. SD-WAN path selection makes sense where its path selection optimization techniques align to the locations of your company’s cloud assets.
3. Private Backbone vs. End-To-End Internet
Some SD-WAN solutions offer VPN access into their private internet backbone. If you’re a global organization with cloud resource locations that mirror the private network, you can get speed and reliability assurances through your SLA with the vendor.
Others have a network of public gateways, but the considerations are the same. If their POP locations align with your organization’s cloud resources locations, then that SD-WAN vendor could be a preferable option.
SD-WAN services that rely on public gateways still use technology to optimize their traffic. If you’re a company with national branch office locations, then the “trust the internet” approach may be your best option.
Regardless of framework, always insist on getting a proof of concept when you’re evaluating the SD-WAN vendor.
4. Managed SD-WAN Services
With SD-WAN architectures which follow the CNaC (Cloud Native Carrier), you no longer have to choose between DIY, co-managed, or fully managed services. If your SD-WAN vendor has got complete control over your entire technology stack, then they should be able to offer you a blend of all three.
If the vendor doesn’t have control over the complete technology stack, back-end support may still run on a legacy, ticketing system. That means 72-hour turnaround to implement a network change and that just doesn’t work in an SD-WAN world. You need to investigate their support processes to make sure they’re not going to defeat the agility benefits you expect with an SD-WAN.
If you want underlay and overlay managed under one SD WAN vendor contract, then you probably want to go with a full-service SD-WAN system integrator. If you want to retain control and avoid service provider lock-in, engaging a CNaC based SD-WAN vendor provides the visibility you need with the best of all worlds across DIY through to full managed SD WAN services.
5. SD-WAN Underlay
How does your organization connect to the internet? Is your cloud footprint wide enough that having different local ISPs makes sense to optimize access for your cloud resources? Or do you want to commit to a single ISP backbone? As with the path selection and internet gateway issues, the answer to your organization’s underlay question is largely one of its unique distribution of cloud assets.
When answering this question, think about immediate and mid-term cloud migration plans so you don’t get locked into an SD-WAN underlay choice that doesn’t work for your cloud presence two years from now.
You can contract SD-WAN services directly from a major ISP service provider with SD-WAN services but note some agility is often lost (as mentioned earlier). With this said, if your organization wants a single provider, end-to-end solution, this may be a good option.
Due Diligence Is A Requirement
The comprehensive nature of an SD-WAN architecture is one reason it’s so valuable in increasing network agility and security. The challenge then is ensuring that your SD-WAN vendor has the specific feature set that aligns with your organization’s unique requirements and layout. Working with a vendor selection partner can help you navigate the crowded SD-WAN landscape and range of services goes a long way to maximize your company’s investment in an SD-WAN vendor.