Table of Contents |
How does SD-WAN work?
SD-WAN uses software abstraction to decouple WAN control functions from the underlying hardware. When possible, it leverages traditional MPLS to handle requests for enterprise resources in the data center, but it can also use less-expensive cellular and public internet links to handle cloud-destined traffic. SD-WAN uses virtualized and cloud-based security technologies to securely connect remote sites to SaaS, web, and cloud resources, reducing MPLS bandwidth and eliminating the need for VPNs.
Regional points-of-presence (PoPs) act as SD-WAN gateways for employees working from home, giving them access to enterprise network resources without a VPN. Often, major SD-WAN providers have an existing network of regional PoPs to take advantage of, but large or especially geographically diverse organizations may also wish to deploy their own PoPs in specific areas.
There are several different SD-WAN deployment architectures for companies to choose from depending on their specific requirements and capabilities. Learn more in A Guide to SD-WAN Deployment Models.
SD-WAN benefits guide
SD-WAN benefits organizations with complex and highly-distributed networks in the following ways:
SD-WAN Benefits |
|
Reduces costs
|
Improves performance
|
Enables automation & orchestration
|
Enhances branch security capabilities
|
SD-WAN reduces costs
MPLS bandwidth is far more expensive than standard broadband, fiber, or cellular, often hundreds of dollars per megabit per month. For branches with existing MPLS circuits installed, SD-WAN reduces bandwidth costs by redirecting traffic that’s destined for the cloud or internet across less-expensive channels, reserving the MPLS for enterprise traffic alone.
For some branch networking use cases, such as IoT (internet of things) deployments relying entirely on cloud-based software and data processing, organizations may opt to forgo a new MPLS installation and rely solely on SD-WAN and cloud-based security solutions. Not only does this save money on installation costs and bandwidth, but it significantly reduces the time it takes to spin up a new branch, enabling that branch to generate revenue sooner.
SD-WAN improves performance
SD-WAN uses technologies like application awareness and guaranteed minimum bandwidth to provide efficient, intelligent routing for improved performance. For example, in organizations with SASE (secure access service edge) deployments, SD-WAN automatically separates cloud- and SaaS-destined traffic to flow through the cloud-based SASE stack instead of the central firewall. This reduces the load on the firewall and ensures improved performance for users who do need to access enterprise resources, while at the same time providing a “shortcut” for remote users trying to reach the cloud.
SD-WAN also responds to availability and performance issues much faster than human admins are capable of, automatically redirecting traffic to avoid bottlenecks or downed nodes to ensure a seamless end-user experience. In addition, SD-WAN’s software abstraction makes it easier to centralize WAN management, giving admins full visibility into every part of the WAN architecture for holistic performance monitoring.
SD-WAN enables automation & orchestration
SD-WAN’s software abstraction opens up many automation opportunities because WAN configurations and workflows are no longer tied to the underlying hardware. For example, device, system, and service configurations can be written as scripts or playbooks and deployed automatically to reduce the time and effort required to spin up a new branch. Policy-based automation can handle additional tasks such as load balancing and failover, and route automation faster and more efficiently than human beings can.
SD-WAN also makes it possible to bring the WAN under one management platform for holistic monitoring and centralized orchestration. This gives admins control over large, distributed, and complex WAN architectures. For example, a centralized SD-WAN platform makes it easier to orchestrate traffic across hybrid cloud architectures because admins can monitor and manage WAN workflows across their various branches, private clouds, and public clouds.
SD-WAN automation and orchestration reduce the number of tedious, manual workflows that fall on overworked networking teams. This helps to decrease the rate of human error in device and security configurations, which in turn decreases the risk that mistakes will cause outages or be exploited by cybercriminals. Centralized SD-WAN orchestration also helps organizations improve their security posture by providing more holistic visibility into things like patch statuses, system changes, and traffic patterns.
SD-WAN enhances branch security capabilities
Another way SD-WAN improves network security is by making it easier to enforce security policies at branches and edge sites without deploying additional hardware or backhauling traffic through a central firewall. Since the SD-WAN control plane is decoupled from the underlying WAN hardware, organizations can also deploy advanced security technologies with fewer device compatibility issues.
SD-WAN enables organizations to use cloud-based security solutions like SSE (security service edge). SD-WAN’s intelligent, application-aware routing can automatically separate traffic from branches and other remote sites based on whether it’s destined for enterprise data center resources or resources that live in the cloud. Cloud-destined traffic is then diverted through the SSE stack, bypassing the main firewall and reducing bottlenecks at the data center.
SSE’s security stack typically includes Firewall-as-a-Service (FWaaS) technology which provides the same (or better) capabilities as a hardware appliance. SSE is also used to extend enterprise security and access control policies to traffic between remote sites and the cloud.
In addition, the SSE stack supports Zero Trust Network Access (ZTNA), which provides secure remote access to enterprise and cloud resources to WFH employees and other systems outside the WAN. In this way, ZTNA is similar to a VPN, only more secure. ZTNA only lets remote users see and interact with one specific resource at a time, and makes them re-authenticate if they wish to access something else. If a remote user account is compromised, this re-authentication step increases the chances that unusual behavior or failed multi-factor authentication (MFA) attempts will trigger an account lock, decreasing the blast radius of an attack.
When SD-WAN and SSE are married together under a single orchestration platform, the result is SASE (secure access service edge). Organizations can purchase a complete SASE solution, or use a vendor-neutral platform to combine the SD-WAN and SSE solutions of their choice for greater customization.
Learn more about SD-WAN benefits
SD-WAN helps organizations reduce MPLS-related costs, improve WAN performance, enable greater automation and orchestration capabilities, and improve overall network security. Learn more about SD-WAN from the branch networking experts at ZPE Systems.
SD-WAN Learning center |
|
Ready to learn more about SD-WAN benefits?
To see how a vendor-neutral orchestration platform simplifies branch management and accelerates SD-WAN benefits, request a free demo of the Nodegrid solution from ZPE Systems.