Software-defined WAN is a feature-rich technology with the ability to consolidate networking, security, reporting and management into one platform. Most vendor marketing presents SD-WAN as a self-managed, do-it-yourself technology, but potential users should be aware of inherent SD-WAN challenges and deployment risk factors.
The challenge of security
The first challenge associated with SD-WAN is security. The ability to deploy hardware and virtualized instances with security polices accessed via a GUI sounds appealing, but the risks are significant.
IT teams have been deploying IPsec VPNs over the internet for years, so they're familiar with the simple VPN security that comes with SD-WAN. However, one of the key benefits of SD-WAN is its granular security policies. This is where IT teams should be cautious. Traditional edge security is changing as companies transition to cloud networking, company data moves from data center locations and the mobile workforce grows. The edge is no longer the perimeter.
The challenge with SD-WAN is to ensure each security feature is deployed and configured correctly based on the specific requirements of each individual business. For example, distributed denial-of-service protection is better provisioned as a cloud-based capability because it stops the attack by redirecting traffic to avoid an outage.
Another example is integrated unified threat management (UTM), which is a key part of the SD-WAN decision-making process. IT teams face the critical challenge of deploying services based on their business needs, so make sure your team possesses the expertise to understand and deliver the right security policies to ensure it deploys UTM correctly and without risk.
The challenge of network connectivity selection
One of the core tenets of SD-WAN is the reduction of total cost of ownership. While cost reduction may appear simple at first, the issue of SD-WAN design and network connectivity poses a significant risk.
IT procurement teams sometimes misunderstand the value proposition of SD-WAN. With any connection, pay attention to fundamental network performance factors, like latency, jitter and support in outage conditions. Where costs decrease, IT should ask questions about support staff expertise and service-level agreements (SLAs).
Network resiliency also plays a part in design as SD-WAN vendors focus on the SD-WAN technology rather than the underlying connectivity. I've seen numerous designs that include dual providers to maximize uptime, but the providers aren't diverse from each other, which results in common points within the network infrastructure. While IT teams can achieve cost savings with SD-WAN, they should pay attention to the design, rather than rely on vendor marketing about network uptime. This will help teams avoid outages that can ultimately increase business costs.
Global enterprises face another SD-WAN challenge that national enterprises don't: Procuring international internet service provider (ISP) connectivity from a single backbone provider isn't always possible. Potential issues include latency delays as traffic moves from ISP to ISP and troubleshooting issues between service providers. Where possible, IT teams need to investigate which providers are best suited to their specific locations before choosing their potential SD-WAN suppliers.
The challenge of deployment
Another SD-WAN challenge is the expertise needed for deployment. Some vendors base their offerings around a single-pane-of-glass DIY installation and support approach. The onus, however, is still on the customer to provision the features correctly and pay careful attention to security policies and traffic routing.
The challenge of QoS
The industry has thoroughly discussed the topic of MPLS vs. SD-WAN, but quality of service (QoS) remains an important subject to consider. With a typical MPLS service provider offering, end-to-end QoS is available across six settings that allot applications into service-level categories.
SD-WAN over the internet doesn't offer end-to-end prioritization, but it does provide traffic treatment, path selection and enhanced packet loss detection. It's important to understand that the laws of physics cannot be broken, so traffic that moves from one location to another will be subject to network delay. Whether you're debating MPLS or internet-based SD-WAN, the analysis of latency and jitter SLAs between endpoints will dictate whether the connection -- not the technology -- fits the purpose.
The challenge of BYOD
The final SD-WAN challenge is BYOD. One benefit of cloud-based applications is the freedom they provide. Users can bring their own devices to work and seamlessly access public cloud network connectivity between personal and office devices. The question for IT teams is whether to use security policies to ban those devices or embrace the benefits of cloud access from anywhere.
Some statistics state most employees use five devices -- business and BYOD -- at any one time. Each device is capable of accessing any cloud application via apps or a browser, driving users to demand seamless access throughout their workday.
There's no quick fix to the BYOD challenge. Teams should treat and evaluate the traffic like any other data that traverses the WAN. Traffic analysis will require granular reporting to classify traffic based on the risk your business agrees is acceptable. Teams can deploy other technologies, including content filtering and intrusion detection, to protect the overall network. The key is visibility into network traffic because stats enable IT teams to make the right policy decisions when deploying SD-WAN for BYOD.
Follow established best practices
Advice about best practices hasn't changed with the advent of SD-WAN technology. If anything, the sheer volume of available features means businesses must recognize when expertise isn't enough to deploy the best possible configuration.
SD-WAN is often a DIY approach, but professional, managed and comanaged services exist to help complement your own capability. Prior to SD-WAN, the majority of enterprise customers would self-manage where their staff competency allows and outsource specific elements to maximize their overall capability.
Ask these questions when it comes to SD-WAN and QoS
Conduct proper testing before SD-WAN deployment