Did you know? We offer a free 2 hour SD WAN workshop at any UK location.Consolidating the management of your network devices (and thus, your WAN) into a single console is not all that new, Extracting all of that intelligence, throwing in security and tons of other features and then rolling all of that up into a single management pane of glass, however, is a new concept.
Envisioning your entire WAN as a single, living, breathing entity instead of a bunch of individual circuits and connections, however, is a new concept to most WAN engineers. We, therefore, may have a hard time wrapping our heads around just what to look for in an SD WAN solution. In fact, SD WAN solutions today can perform so many enterprise features in a single solution, that it's likely that many of the features fall outside the day to day responsibility of just the WAN engineer. Thus, the evaluation process at your organisation is likely to be multi-disciplinary, involving WAN professionals, security professionals, applications professionals and maybe even others.
So what should a comprehensive set of requirements for your organisation's review process take into account? Every SD WAN implementation is different, but the most common areas to consider are fairly easy to define and that's what we'll try to do here. SD WAN solutions range from very limited (edge device only) to full-featured, fully integrated cloud solutions. For the purposes of this article, I'll target the more full-featured solutions, if you're looking for a more limited implementation, obviously, you can simply de-emphasise the requirements here that are less important to you or your business. Let's look at the areas you need to consider when creating your requirements.
Multiple circuit redundancy
Most organisations considering SD WAN solutions are employing redundant circuits to at least some of their branch offices. You also need your SD WAN solution to take redundancy into account within the deployment. You should determine not just how the solution reacts in the event of a link failure, but also ask what happens when an SD WAN controller fails. Are the controllers in-line (at a headquarters location) or are they in the cloud? Is there a redundant controller in the event of a controller failure? In the event of a circuit failure at a branch, you'll want to determine how quickly you need the solution to fail (all traffic) over to the backup path.
Tunnel bonding or circuit aggregation
It's common for SD WAN solutions to support bandwidth steering (something we'll talk about below), but perhaps you have a need for circuit bonding where you combine the two paths into a single, larger virtual circuit during regular operation. SD WAN solutions vary in how (and if) they can accomplish this. Work to determine if, and where you might need this capability and be prepared to describe this to your potential vendors.
Performance-based path selection
This is commonly referred to as bandwidth steering and involves classifying different traffic classes on the fly and steering them onto the best available path at the moment. Again, SD WAN solutions differ in how they achieve this, so be prepared to set forth some requirements for what traffic types are high priority, medium priority, or low priority. Also be prepared to discuss what amount of bandwidth you'd like to target on your dedicated links vs. your commodity Internet links (during normal operations).
Bandwidth controls / QOS
Many SD WAN solutions also include tools for managing your bandwidth on the available circuits. Perhaps you want to shape user Internet traffic down to no more than 30% of your total available bandwidth. Or perhaps you want to make sure that there is always a minimum of 10Mbits/second available and protected for your office to office SIP traffic. Determine these requirements early so that you can discuss them with the vendors and set expectations accordingly. QOS features should be available, and more robust solutions will solutions will be able to do their best to enforce these QOS rules whether it's over the commodity connections or dedicated connections.
Installation expectations and hardware compatibility
Especially if you are a larger Enterprise business, it may be critical to try to use as many of your existing edge devices as possible to keep implementation costs down. If this is the case, you'll want to catalog what you have out in the field and perhaps set a target for what can be re-used. Even if you're not intending to re-use the edge devices that exist today, installation considerations are important. Zero-touch deployment features are a huge draw for enterprises that are evaluating SD WAN solutions, so have a target and some requirements in mind for just how long an average branch install should take and how much "hands-on" work should be required (or NOT required). After all, if you have to go to each location to do these deployments, you may be missing out on one of the key features of SD WAN solutions in the first place.
Management and analytics
Since SD WAN solutions will typically tie together many different areas of your organisational IT operations, a single management pane may present some new challenges. You're going to have application developers that might need logins, security professionals, helpdesk staff, and of course your LAN and WAN specialists. In addition, you may need multiple levels of access for those individuals. So work to define what information you need out of your management portal(s), what access levels might make sense to you, and whether you need things like single sign on or tie-in to your existing LDAP or RADIUS servers.
Most of the larger SD WAN solutions allow you to integrate full security feature sets now. You can have a NGFW at each location, with a central management console, and full visibility into your security posture at a glance. Be prepared to define what your expectations are for the security deployments at the sites. This might include traffic inspection, endpoint security, DDOS detection, and any number of other security features you might have deployed today as standalone devices.
Other Virtual Network Functions (VNFs)
Many solutions providers today can also integrate other advanced network functions into your deployment. These might include things like application accelerators, cloud optimisation, or WAN optimisers. These might be implemented as appliances in the cloud, or they could be deployed at individual sites. If deployed at the sites, they may be an appliance, a VM, or a blade in the router. Every solution may be different, but if you have needs for these services, define what they are, and where you need them and be ready to share those needs with the vendors.
Deploying an SD WAN solution can save your enterprise time, money and headaches. Zero-touch deployment can make bringing on new offices almost completely painless. And getting your entire WAN extracted up to a coherent virtual overlay can vastly simplify how you view your operations day-to-day. But implementing your first one will mean bringing together multiple departments and putting together a multi-disciplinary set of requirements in order to do it successfully. I hope the above framework puts you on the path to a successful deployment.