From simplicity to security: Learnings gained from thousands of SD-WAN deployments

Article content

This article is based on content from the Telstra Ultimate SD-WAN Guide – a comprehensive guide containing 40+ pages of handy tips, pitfalls to avoid, security risks to be aware of, lessons learned and more.

Steve Jobs once said, “Simple can be harder than complex: you have to work hard to get your thinking clear to make it simple. But it's worth it in the end because once you get there, you can move mountains.”

This quote always comes to mind when I think about what we have learned from working with customers to deploy SD-WAN in their businesses. The reason is that SD-WAN promises a wealth of benefits but delivering them takes a lot of work. Clear thinking from the beginning — about what to expect from the solution and what the business really needs — is just one of the ingredients for success.

To help IT leaders get the most from their SD-WAN, we have picked some of the most important lessons to keep in mind during their SD-WAN journey.

Avoid falling for the myths

There are a number of misconceptions about the role and benefits of SD-WAN in the market. These include the assumption SD-WAN will reduce network costs and remove the need for MPLS.

While SD-WAN does enable better value from your network and helps reduce operational overhead by decreasing complexity and improving repeatability, you should factor in the total cost of design, deployment and ongoing management. The same is true if your goals for SD-WAN is to improve user experience and resiliency. These have direct value to the business but may not reduce your WAN OPEX spending.

When it comes to replacing MPLS links, not every organization will benefit from Internet-only deployments, while many others may see it as a perfect solution. It all comes down to your business needs for application performance, reliability and cost. Like everything in life, you can’t have it all and trade-offs need to be assessed on what delivers the best value for your business.

Sorting the true benefits from these myths will help you set your SD-WAN transformation up for success.

Seek consistency and simplicity

Simplicity is one of the key benefits of SD-WAN. IT teams can look forward to managing their networks through a graphical user interface, with centralised policy controls and automated traffic switching. But it’s a misconception that SD-WAN is easy to set up simply because it employs a software overlay. Designing and deploying an optimised SD-WAN is a complex endeavour.

You can avoid some of the complexity by minimising the number of site patterns you use so you could reap the benefits of control and change management that SD-WAN offers.

The same is true when it comes to policies. SD-WAN control and orchestration tools make it straightforward to write policies that would be highly complex in a traditional WAN.

This can also be a trap you need to avoid. As tempting as it is to explore the full potential of this flexibility, the more rules you apply, the more complicated management becomes and the more likely you will experience performance dips. We’ve seen quite a few examples of “over-specified” deployments where the business attempted to define every possible case, resulting in 100s of rules that didn’t achieve much and were a nightmare to manage.

Instead, use appropriate rules for your business needs rather than trying to define every application flow and edge case.

Evaluate vendor options

There is no ‘one SD-WAN box to rule them all’ so choosing a vendor needs to be based on your organisation’s requirements.

Getting the most business value from SD-WAN is not as simple as incorporating your current WAN provider’s SD-capabilities into your network. Vendors will always recommend their devices, even if their capabilities may not meet all your organisation’s requirements or achieve your goals.

There are a variety of SD-WAN technologies in market from entry-level to fully-featured solutions. Evaluate the technologies against your business use cases and demands and weigh up what’s most important to your organisation.

The variety of technologies on offer also have distinct security capabilities, and these can often be traced back to their origins.

For example, most devices are either firewalls supplemented with SD-WAN capabilities or SD-WAN devices with firewalls added on. The former will be better at security functions, while the latter will have more routing/SD-WAN features and may be easier to manage.

The market is seeing a major move to ‘SASE’ (Secure Access Service Edge) that will utilize cloud security solutions combined with SD-WAN. Separating the SD-WAN vendor decision from the security vendor decision enables you to choose the capabilities best suited to your business.

Create a broader business case for SD-WAN investment

IT leaders should not view SD-WAN as a silver bullet for reducing networking costs because SD-WAN is unlikely to be the solution.

Instead, IT leaders can gain executive support for the project by tying the investment to broader initiatives. These can be technical — for example, SD-WAN enabling an organisation’s migration to public cloud — or based on delivering a better quality of experience to staff or customers.

Secondly, teams can avoid SD-WAN costs blowing out by focusing on essential requirements rather than an extensive wish list of features. For example, is it necessary to effect changes to your network within 12 hours or is a lower SLA acceptable? Distinguishing what is essential to your business and what is simply nice-to-have will help reduce complexity and cost to the business and help build a strong business case for the investment.

For more in-depth tips and insights about SD-WAN, download the Telstra Ultimate SD-WAN Guide or find out more about Telstra SD-WAN here