BACKGROUND IMAGE: Maksim Pasko/Fotolia

E-Handbook:

Latest SD-WAN features offer better management, security

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How to assess an SD-WAN product and determine which you need

Two main differentiators have emerged in SD-WAN products. Learn how they work and how an IT manager can use them to assess network performance and diagnose problems.

The software-defined WAN industry might only be a few years old, but it's already reaching a point of maturity. SD-WAN, once such a novelty, has become almost a commodity. Today, more than 50 companies offer some kind of SD-WAN product or service.

Differentiation between one SD-WAN product and another is increasingly happening in two ways. First, many vendors are already packaging SD-WAN capabilities with other functions, namely security. Second, the networking capabilities are being exposed through management consoles. See sample screenshots from various vendors below.

Editor's note: Inclusion or exclusion of a vendor or a vendor's screenshot does not indicate approval or disapproval of that vendor's capabilities.

Usability makes a big difference

The management console of an SD-WAN product is the cockpit of your WAN. Its usability will determine how quickly you can get up to speed in the new environment and get things done. Some environments take minutes to learn, while others might take days.

That brings us to the next point: the command-line interface (CLI). Many Cisco-hands will prefer an IOS-like CLI, which is a fair point. At the very least, if a vendor does offer a CLI, validate that all of the capabilities in the CLI are available in the GUI.

Cato Networks dashboard
Cato Networks' management application shows the network topology, security and network options and overall network health.
Silver Peak network dashboard
Silver Peak offers a customizable network overview, with real-time status, appliance health and various metrics, such as bandwidth usage of applications, IPs and ports.

Network analytics

Ultimately, SD-WAN is about the WAN -- unsurprisingly -- and it's critical to understand what happens on the network. While in the past you might have needed to probe the network or run scripts to gather information from local routers, SD-WAN services provide a consolidated view into site metrics.

Most management applications from major vendors allow you to understand what's happening on the network in terms of network characteristics -- like loss, latency, throughput and, in many cases, jitter.

Cato Networks dashboard showing traffic prioritizing
Cato routing and policies allow organizations to prioritize traffic by QoS level, application and Microsoft ActiveDirectory identity.

Some metrics are only shown in near real time, which can be helpful in planning and understanding historical network performance, but less helpful in diagnosing problems. When looking at real-time metrics, management screens should provide aggregate visibility for each location and upstream-downstream performance.

Silver Peak Systems dashboard
Silver Peak's flow tables provide real-time metrics for every connection and user across the Silver Peak tunnel.

Application metrics

Over the years, a divide has grown between application people and networking people. Application people tend to speak in terms of transactions and server response time, while networking people look more at loss and latency. Even the way we talk about throughput -- megabytes per second for application people and megabits per seconds for networkers -- differs.

SD-WAN started to cross this divide by enabling IT teams to optimize routing per application. Increasingly, SD-WAN is expanding on those capabilities to deliver application-layer metrics. To do that, you first need to identify applications. All SD-WAN products can identify applications using information from the 5-tuple source/destination IP address, port number and protocol. Many applications, though, cannot be identified by the protocol alone. They might share protocols, namely HTTP, or employ multiple unknown protocols. The SD-WAN product vendor needs to use deep packet inspection to distinguish the application.

The second step is to display the metric relevant to that application. Many SD-WAN products now offer a mean opinion score for paths that carry voice traffic, as MOS is the standard metric for measuring voice quality. Others are more granular, looking at MOS for each voice call.

Other products now offer metrics more common to application performance monitoring, tracking server response time and transaction times, for example. Application-layer visibility might not be a must-have, but it certainly makes troubleshooting application performance issues easier. The network will always be blamed first for any problem. Providing application-level metrics that demonstrate the network is functioning when problems arise with the application can save significant time resolving a problem with your SaaS provider or application team.

CloudGenix dashboard
CloudGenix allows a view of application-level performance, in addition to traditional networking statistics. In this case, the problems stem from server issues, not the network.

Security capabilities in an SD-WAN product

As organizations replaced MPLS lines at their branch offices with dedicated internet, the need for local security has become more apparent. SD-WANs alone lack the firewalls, intrusion protection and detection systems, antimalware and antidata exfiltration capabilities to protect branch offices. Initially, SD-WAN vendors partnered with third-party suppliers. But, more recently, a number of vendors have included security capabilities in their base platforms. Those security capabilities should be available in the same SD-WAN management platform.

Versa Networks dashboard
Versa Networks offers a view that displays traffic to blacklisted IPs.

The window into your WAN

Some call the SD-WAN management console a view into the WAN, but it's more like a cockpit, allowing you to see and control what's happening on your network. As a whole, the network analytics tools we've seen from SD-WAN vendors might not provide the full seven-layer decode of a packet sniffer, though a few do. They are quite robust, however, and should enhance any IT manager's ability to diagnose network problems.

This was last published in February 2019

Dig Deeper on Software-defined WAN (SD-WAN)

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What's the No. 1 feature you'd want in an SD-WAN console and why?
Cancel

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close