blackzheep -

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Working from home could expand SD-WAN edge to residences

Organizations have long relied on VPNs to connect remote workers with company resources. But could SD-WAN be a viable option for certain employees working from home?

Because of the coronavirus pandemic, many companies have temporarily shut down offices but still need to operate as close to normal as possible. Work-from-home strategies in the age of shelter in place are changing how businesses address the network edge, which has already expanded outward with cloud services and software-defined WAN. Now, the network edge -- and, in particular, the SD-WAN edge -- may reach the employee residence.


Traditionally, strong firewalls and security kept the network perimeter in the data center. With cloud computing and SD-WAN, that network edge began shifting to the cloud or the branch office. Firewalls can now be purchased as a service from cloud providers, where the economics align nicely with the changing network edge.

Normally, remote users dial in using a VPN to create a tunnel into the resources they need within that firewall. A VPN is a session-based tool where the user initiates a connection and then disconnects when done, and this strategy has worked fine for travelers and the handful of remote users.

The economics of SD-WAN work well for a branch office with multiple users, but for individual users, the ROI was not there, hence the continued reliance on VPNs.


COVID-19 changes SD-WAN economics

With COVID-19, IT is seeing SD-WAN as an interesting option for the high-priced engineers, designers and other skilled workers who need persistent access to large, sensitive or critical files. The move to SD-WAN pushed the network edge from the cloud or branch office, and now it may go all the way out to an employee's home.

The move to SD-WAN pushed the network edge from the cloud or branch office, and now it may go all the way out to an employee's home.

The typical SD-WAN appliance, at $1,000 or more, was not cost-effective for individual users occasionally working from home in the past. But, as these high-priced employees now work 40 or more hours a week from a set location, the economics of converting that connection to SD-WAN -- instead of a VPN -- suddenly become more feasible.

SD-WAN at home

Residential SD-WAN provides more flexible security than a VPN, making it a better choice for a persistent connection. Another benefit over a VPN is that an SD-WAN can route cloud traffic, like Office 365 or Salesforce, directly to cloud services instead of backhauling the data through the data center.

A VPN is a more coarse-grained approach to remote access that essentially treats most users the same. VPNs typically route all traffic over the connection, so even nonwork traffic ends up running through the headquarters' gateways out to the internet.

But, with the SD-WAN edge at home, IT can take a more fine-grained approach to managing users, access, security and the other aspects of connectivity back to the main headquarters. SD-WAN enables some traffic to go to the main office and some traffic to go directly to cloud services under the company's control and parameters, with a final block of traffic, like Facebook and YouTube, routed externally, not constraining the company's bandwidth and infrastructure.

The zero-touch provisioning of most SD-WAN gateways means IT can send SD-WAN appliances directly to employees for installation. Once plugged in, the device can self-provision and connect back to headquarters with little or no interaction on the employee's end. Even VoIP can be configured, enabling calls from the headquarters to route directly to the employee.

Does a residential edge make sense for your business?

The pros and cons of extending your network edge to an employee's residence boils down to three key factors.

The first is the type of work the employee is doing. Most productivity-based tasks, like with Office 365, don't require an SD-WAN connection, but larger applications, like computer-aided design and computer-aided engineering, could benefit from the better-quality SD-WAN connection.

The second factor is the cost of the employee. It's easier to make the case for high-priced employees where the higher cost of the SD-WAN is offset by the increased productivity.

The final factor is your existing remote infrastructure. If your company already had a solid work-from-home program with strong connectivity, then continuing down the VPN path might make sense. But, if your VPN infrastructure is being taxed by new shelter-in-place rules, then extending the SD-WAN edge to key employees or groups may make sense.

As IT scrambles to react to this incredibly fluid pandemic environment, SD-WAN is one more tool that can be deployed to help keep employees connected and keep business running.

This was last published in April 2020

Dig Deeper on Software-defined WAN (SD-WAN)

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

SD-WAN at home has a different set of challenges versus the typical branch office. Think of it in terms of Netflix vs business traffic to your VPN. Visibility and control via QoS mechanisms are the best way to achieve the QoE your critical remote-office employees need. Our Chief Product Officer talks in a recent blog post about quick and easy solutions for this that our customers are deploying. Zabrina Doerck Director of Product Marketing, Global Enterprise Infovista Corp