This article is based on content from the Telstra Ultimate SD-WAN Guide – a comprehensive guide containing 40+ pages of handy tips, pitfalls to avoid, security risks to be aware of, lessons learned and more. Download now.
Every network transformation is a major endeavour for an IT team and deploying SD-WAN is no different.
If you are designing your SD-WAN solution, you want to know you have the right architecture to help you maximise the potential of your networks and enhance your business agility. And you’d want to avoid the pitfalls of poor design. Disrupted transitions and the potential for an entire rebuild are just some of the risks of getting the architecture wrong.
Thankfully SD-WAN is no longer an emerging, uncommon technology and you can learn from other organisations’ experiences. At Telstra we have deployed nearly 7,000 SD-WAN devices for a variety of enterprises, giving us great insights into what works and what doesn’t when it comes to SD-WAN architectures.
Here are six principles to abide by when it comes to avoiding the common mistakes in SD-WAN network design.
1. Start with the outcomes you want
The first step in determining the right architecture is to clarify your network transformation objectives and determine your success criteria. Your business plan should drive your technology choices rather than vice versa.
Your desired business outcomes can be translated to the type of applications your business uses, and how you prioritise their performance. For example, do you organisation require high-quality video conferencing? Do you have critical business apps such as a customer relationship management database (CRM) which you want to prioritise to ensure availability? Are there external factors such as regulatory or government requirements for service availability?
2. Review network design
Your network design is a significant influence on SD-WAN’s ability to deliver better app performance. Consider whether your planned transport types are robust enough to carry future traffic, not just your current volume.
Your cloud architecture will also influence your SD-WAN design. Many organisations are opting to deploy dedicated cloud interconnects to improve SaaS app performance. You will need to incorporate these interconnects into your SD-WAN architecture.
3. Diversity = resiliency
You can improve your network’s resiliency - and application availability - by choosing diverse connectivity options. Diverse options enable you to take advantage of SD-WAN’s capability to redirect traffic onto another path if the usual path is unavailable.
Don’t forget mobile when you plan for diversity. 4G can be an effective wireless back up to your fixed network.
4. Identify site types
Review your branches to identify the types of sites you have and any relevant requirements.
For example, do core sites have different requirements compared to non-core sites? You can then create a set of site templates to make deployment easier.
5. Cut carriage complexity
Talking of sites, it can be tempting to take advantage of the flexibility offered by SD-WAN and develop specific requirements for individual sites.
The result is a complex architecture tailored to the needs of the business at that moment. Such designs make it harder to roll out new applications without separate templates for each site and connectivity type.
Avoid building in complexity by simplifying the underlying carriage. If customisation on a per site basis is important to you, review whether your chosen vendors can support it with one template and firewall.
6. Security goes hand-in-hand with network design
SD-WAN architectures create a number of security questions. It leverages the internet, which can expose your business to a broader attack surface. Consider the security appliances and solutions you’ll need when deploying SD-WAN to reduce the risk of exposure to a security breach.
And if you choose to set granular security policies at branch sites, you have to ensure each security feature is deployed and configured correctly.
We recommend adopting cloud-based security solutions for securing your branch internet breakouts. Cloud security products have end-point controls to help protect staff laptops.