5 SD-WAN gotchas customers want to avoid
- 15 March, 2022 05:30
Software-defined WANs (SD-WAN) are becoming key components of modern IT infrastructures. Because they use a centralised control function to securely direct network traffic over the Internet, they can deliver benefits such as increased application performance, better user experience and lower costs.
SD-WAN technology simplifies the management and operation of a WAN by decoupling networking hardware from its control mechanism.
As organisations look to support a hybrid workforce and cloud-native network architectures, SD-WAN infrastructure has become an important technology for enabling flexible, agile, and optimised connectivity.
Not surprisingly, demand for SD-WAN is on the rise. The SD-WAN infrastructure market grew 27 per cent in 2021 compared with 2020, to reach $3.8 billion, according to research firm IDC. The market is forecast to grow at a 19 per cent compound annual growth rate over the next five years, reaching $7.1 billion by 2025.
Deploying this technology is not without challenges, however. Here are some of the potential issues that IT and network managers might confront.
1. Limited cost savings
Enterprises expecting to cash in on the expected financial benefits of SD-WAN might be a bit disappointed.
“Early SD-WAN marketing was all about moving to hybrid WAN to save money on expensive private/MPLS networks,” said Andrew Lerner, vice president at research firm Gartner covering enterprise networking with a focus on emerging technologies. “And SD-WAN products helped people move to hybrid WANs, lowering reliance on MPLS.”
However, the promised massive cost savings never materialised for most organisations, Lerner said. “Many folks supplemented their WANs with [Internet connectivity], and then left MPLS in.”
In many regions, business-class Internet “is not a ton cheaper,” he said. In addition, as organisations go to Internet connectivity versus MPLS, they often increase bandwidth, so cost per megabit might go down, but total cost rarely does, he said.
Then there’s the cost of products. “The early SD-WAN products were relatively inexpensive,” Lerner said. “They were lightweight, and one of the key differentiators versus traditional routers was cost.”
SD-WAN hardware appliances were coming in at $500 for the hardware and $100 per month per appliance for the software license, Lerner added.
“But in the past few years, hardware and software costs have risen for a number of reasons,” he outlined. It is now common to see hardware around $1,000 per site and licensing costs of $150 per month per appliance.
Forrester Research has found that the networking and security infrastructure and operations costs of SD-WAN actually rise over time, not decrease, said Andre Kindness, principal analyst at Forrester.
“During the initial rise of SD-WAN, many vendors marketed SD-WAN as a cost savings,” Kindness said.
“In particular, the vendors’ marketing material messaged large costs savings if companies shifted their connections from MPLS to Internet. There hasn’t been a large shift from MPLS to Internet. Instead, networking organisations kept MPLS links but now use Internet links as an active connection instead of back-up one.”
2. Operating SD-WAN in a vacuum
If enterprises operate their SD-WANs in an isolated manner, without integrating the technology with other systems such as security tools, they will miss out on some important capabilities.
“As the SD-WAN market matures, enterprises are increasingly looking beyond standalone SD-WAN platforms,” said Brandon Butler, research manager, enterprise networks, at IDC. “There are a variety of integrations that SD-WAN buyers can consider to ease operational management while enhancing security and performance.”
Two of the most common integrations are SD-WAN and security, and SD-WAN and LAN/WLAN, Butler said. With SD-WAN and security integrations, common security features such as intrusion detection and prevention, deep packet inspection, and SSL inspection are natively integrated into SD-WAN platforms.
Organisations can also leverage cloud-based security capabilities that integrate with the SD-WAN platform, known as secure access services edge (SASE) architectures.
Examples of SASE functions include cloud-hosted firewall as a service, cloud access security broker, and secure Web/Internet gateway. “These may be offered directly by the SD-WAN vendor or by a third-party partner,” Butler said.
For SD-WAN and LAN/WLAN integration, some SD-WAN vendors offer integrations across the WAN and enterprise campus LAN/WLAN, Butler said. “These integrations can ease SD-WAN initial deployments and ongoing management by having centralised application policies across the WAN and LAN/WLAN,” he said.
3. Implementation and performance struggles
SD-WAN has been hailed as easier to implement, Lerner said, due to central management and orchestration and zero-touch provisioning (ZTP), a method of setting up a device that automatically configures the device using a network switch feature.
“SD-WAN products are a dramatic improvement over traditional routers,” Lerner said. “But they still require careful implementation and planning. And very few organisations actually implement using ZTP. Most organisations stage and/or have very controlled deliberate rollouts.”
Most SD-WAN projects get held up for one reason or another and end up being delayed for long periods of time, Kindness said. For example, “networking teams haven’t taken all the facets of security into account, or the amount of security services that need to [be] re-architected,” he added.
While SD-WAN products have encrypted tunnels to protect data in transit, security teams looking to adopt the zero-trust security model need to figure out which security services will need to be adopted, Kindness said.
SD-WANs can also have reliability issues, according to the Markets and Markers report.
“SD-WAN is an advanced technology, but some networking experts suggest [another] form of transmission is still needed for reliable quality of service,” it stated. For example, to ensure quality of service (QoS) with real-time traffic, enterprises should keep an MPLS link parallel to the broadband link.
“Though SD-WAN is used to improve QoS, it alone cannot guarantee QoS,” the report stated. “SD-WAN can detect packet loss and jitter and choose the best path for the packet, however if all paths are bad, SD-WAN cannot guarantee quality of service.”
Part of the problem with reliability and performance is that many organisations “put the cart before the horse,” Kindness said.
“SD-WAN’s core value is to improve experiences with applications used by employees and customers at remote site,” he said. “Most networking organisations don’t have a good grasp on the amount and types of application traffic going in and out of the remote sites.”
They want to use SD-WAN systems or services to help their organisations figure out the applications and then optimise them, Kindness said. “No two SD-WAN solutions are the same and will optimise certain types of traffic better than other types,” he said. “This means networking professionals might be choosing a solution that isn’t best for their company.”
4. Lack of visibility/analytics
Visibility and analytics are critically important for SD-WAN deployments, Butler said. “Having insights into the health of WAN links, the performance of the SD-WAN, and insights into user and application traffic for assurance and capacity planning are among the leading use cases for SD-WAN visibility and analytics,” he said.
It's essential for enabling increased automation, security, and assurance capabilities, Butler added. “Many SD-WAN platforms have integrated visibility and analytics platforms, but customers can also work with third-party tools to provide enhanced visibility and analytics,” he said.
Visibility is especially important for security. “As cyber attackers are trying to find sophisticated methods to attack networks, organisations with sensitive data traffic have a valid concern about network security,” the Markets and Markets report noted.
“For organisations with highly sensitive data traffic, [the built-in] security capabilities of SD-WAN appliances they are using might be insufficient.”
There are multiple options for SD-WAN security, the report documented, but some organisations “get confused” about what kind of exact set-up they need to ensure optimum security.
5. Failure to future-proof
When considering an SD-WAN strategy, organisations need to be looking ahead and consider public or private 5G for their SD-WANs. If not, they could be stuck in the past while the latest wireless capabilities pass them by.
“One of the core tenets of SD-WAN is the ability to centrally manage multiple WAN links,” Butler said.
“In the past, organisations have used MPLS plus broadband, or dual broadband links. As 5G continues to roll out, organisations are increasingly looking to use public or private 5G in SD-WAN. Many SD-WAN vendors have begun offering integrated 5G routers in SD-WAN gateways.”
Cellular connectivity can be an attractive option for backup, Butler said, or in the future for primary SD-WAN connectivity.
“One of the chief advantages of cellular connectivity is the speed at which it can be deployed,” he added. As organisations are thinking about building out next-generation SD-WAN deployments, they need to consider how a 5G cellular router can help future-proof their investments, he said.