What are the different trade-offs involved with a managed services versus DIY approach to WAN management? In the UK, we’ve traditionally opted for managed services for the Wide Area Network (WAN). This is in contrast to the US, where the majority of businesses opt for the wires only DIY approach. With this said, SD WAN is offering up somewhat of a dilemma as IT Managers are considering their resources in respect of DIY SD WAN. Does software-based networking mean businesses are positioned to remove the cost of managed services?
Over time, the industry is trending toward consumption models where I.T. infrastructure technologies are purchased and maintained as a service. This is in contrast to the traditional model where you buy the equipment and other resources up front and have access to all of their licensed capabilities in perpetuity. The great appeal of the consumption model for business managers is that it becomes easier to move potentially unpredictable capital expenditures (CAPEX) into more stable operational expenditures (OPEX). Likewise, it is easier with the consumption model to purchase only what you need and gracefully expand later. This is known as elasticity.
The traditional DIY approach to purchasing and operating your own IT infrastructure requires upfront investments in physical hardware. It also requires technical expertise to maintain the infrastructure. By moving to a managed services model, you have the opportunity to reduce upfront costs and potentially lower requirements for in-house expert-level technical staffing.
When it comes to an initial deployment of SD WAN, frequently the most expensive and time-consuming portion involves replacing legacy routing equipment at each location with new devices that support the SD WAN platform. Some recent equipment may become SD WAN enabled with software upgrades, as is the case with Cisco Meraki MX appliances and more recent Cisco ISR/ASR routers capable of running Cisco IOS-XE code. But if your existing equipment is more than five years old, chances are greater that it will need replacing to support SD WAN.
With the DIY approach, this can represent a very large expense in both hard and soft costs for the business. With a managed services provider, the SD WAN hardware may be included as part of your monthly spend rather than requiring the large initial investment. When you subscribe to services from public cloud providers such as Amazon AWS, Microsoft Azure, and Google GCP, the elastic consumption model allows you to easily purchase more resource capacity as it becomes necessary. Similarly, the managed services SD WAN approach lets you easily upgrade your SD WAN capabilities when the necessity arises.
A common example is when experiencing rapid growth within your business. When you suddenly run out of processing capacity in your WAN, you will need to acquire larger routers, which is another CAPEX purchase when using the DIY model. With the managed services approach, you can acquire the larger router and simply have your contract adjusted accordingly while only incurring the incrementally lesser OPEX costs instead.
Why SD WAN is marketed as predominately a DIY approach?
Larger organisations frequently have teams dedicated to managing the underlying networking infrastructure. This is because the design, configuration, and ongoing operations and maintenance often require expert-level knowledge. Some businesses outsource the knowledge needed for initial design and configuration of complex infrastructures and then perform ongoing operations with in-house talent.
SD WAN is frequently marketed toward a DIY approach because once the initial design and configurations have been performed, ongoing operations become radically simplified when compared to the traditional text command-line interface (CLI) model. This is because all SD WAN products are designed with a simplified web-based interface that makes it easy to maintain the system. The web-based graphical user interface (GUI) model usually has configuration defaults and best practices already defined. Likewise, many of the more advanced implementation details (affectionately known as “nerd knobs”) are hidden away.
When an SD WAN platform is acquired using the managed services approach, the MSP takes care of the design and configuration. Depending on the expertise level of your in-house staff, this aspect alone may make using an MSP worth it as your company begins to take advantage of what SD WAN can do for you. An MSP will also have teams dedicated to design and implementation who have had experience with different businesses magnitudes and their associated technology needs.
Most SD WAN platforms additionally offer the best of both worlds where the MSP can still perform the initial design and setup, but let the customer participate in ongoing operations. This includes both monitoring and management in the form of making business policy changes without requiring involvement from the MSP.
For example, your business may deploy a new company-wide application and decide to provide preferential treatment to the network traffic generated by the new software. With the hybrid managed SD WAN model, you could be granted the ability to make those kinds of changes without waiting for the MSP to do them for you.
Another common example with a managed services deployment is having an enterprise account with read-only access into the platform. This is useful for performing your own monitoring. Your company’s help desk or network operations centre (NOC) can keep an eye on the overall state of the WAN and contact individual locations when issues arise. Having this view into the system is also useful for trend analysis, such as physical links that consistently exhibit poor performance or deciding when it is time to upgrade the bandwidth of a particular connection. SD WAN makes these kinds of operations easy whether using the MSP or DIY approach.
What are the risks with a DIY approach?
Choosing to deploy and manage an SD WAN environment yourself is certainly possible, and many organisations have done so. However, as with all things, there are certain risks and trade-offs that must be considered before jumping down this path. Most of these considerations are based on the size of your business and the expertise level of your staff.
With the traditional wires only approach, your business purchases the SD WAN platform and the underlying physical connections independently. Smaller organisations may have an easier time with this type of deployment because there are fewer circuits to manage and the overall network design will most likely be simpler as well.
When your company grows in size, different network designs and operations must be considered as the overall environment grows accordingly in complexity. Different network-level optimisations must be made to keep performance high and to keep costs down. These network designs frequently require staff with expert-level skills. SD WAN attempts to simplify some of these operations through the use of a GUI and by implementing safe defaults, but networking staff with the requisite skills will understand the ramifications of performing the different available optimisations to give your users a better overall experience and increase your total value of the SD WAN deployment. Expert-level staffing is included with the managed services deployment.
When you attempt the DIY model without having appropriately-skilled staff in place, you potentially open yourself up to additional vulnerabilities such as security risks and potential downtime due to poor network designs. Staff with lower skill levels may not even be aware of the various security risks associated with SD WAN deployments which could leave your business open to outside attackers. A poor network design may not have the required redundancy levels to keep your network operating smoothly when outages or misconfigurations occur.
On the opposite side of the spectrum, you may have very skilled networking staff, but the size of your business makes a DIY approach cost prohibitive. For example, if your company has hundreds or thousands of locations that all require equipment upgrades to take advantage of SD WAN, the upfront cost of replacing the equipment may be less palatable to you than with the managed services approach where the SD WAN edge devices are typically included as part of the service.
Another risk of the DIY approach is that some SD WAN platforms are offered only to service providers and are unavailable to the general public. This is becoming less of a consideration, though, as SD WAN platforms continue to mature with new features and more stable code. Chances are relatively slim that a platform offered only to service providers will have features unavailable with other vendors that do support a DIY deployment. But, with an MSP, you won’t have to give this any consideration at all.
What kinds of device and service consolidations are available with SD WAN?
The managed services approach to SD WAN has additional benefits with the option of device and service consolidation. For instance, most SD WAN vendors offer appliances with “branch in a box” functionality where multiple discrete devices are replaced with a single appliance that contains the required features. A typical legacy branch deployment may have a separate router, switch, wireless access point, and potentially a firewall. Depending on your needs and the size of the location, each of these devices can be replaced with a single SD WAN device that covers all of the features and presents a single point of management.
A lot of companies have centralised or regionalised Internet backhaul where all traffic to and from the general Internet passes through a main firewall cluster. Most SD WAN platforms have integrated firewalls that allow for localised Internet breakout where you still have site-to-site VPN traffic, but traffic destined to and from the Internet can be kept local to the branch based on policy. A common scenario is to have trusted whitelisted Internet sites use the local Internet connection, while all other Internet-bound traffic continues to traverse the central firewall for deeper inspection.
While localised Internet breakout can be done with the DIY approach, a distinct advantage of the managed services approach is that the MSP can offer their own centralised firewall along with other public and private network services, such as private interconnections with major public cloud vendors. The MSP can offer regionalised gateways into these services which saves you money and increases the performance of your managed SD WAN environment.
What is the cost of managed SD WAN?
Most considerations in business ultimately come down to cost. Organisations continue to seek new ways to predict and stabilise ongoing expenses. The DIY approach can work for businesses of all sizes, and so can managed services. However, managed services may be a better fit for all but the smallest and very largest companies. A very small company might not see an appreciable difference in what an MSP can offer because they are generally going to have smaller requirements including a simpler network design that is usually not too complicated. On the other side, the very largest organisations might not see a lot of benefit from an MSP because chances are they already have a sufficient number of expert-level staff along with established vendor relationships.
For just about everyone else, the managed services approach can represent cost savings through both CAPEX and OPEX as the SD WAN equipment is typically included as part of the service and often updated on a schedule. Likewise, the MSP will have a staff of engineers who can take your business requirements and create an appropriate network design for you. The trade-off is that architectural level changes need to be worked out with the MSP which can take longer than the DIY approach, but with the MSP approach, you save by not necessarily needing to keep experts on staff.
Finally, there is the cost of acquiring and managing the circuits themselves. For larger companies with hundreds or thousands of sites, managing this many circuits is at least a full-time job unto itself. You save money and aggravation by offloading this management task to the MSP. Some MSPs even have agreements with various carriers that lower overall costs, which can then be passed on to you as the ultimate customer. A common example is an MSP’s ability to create a single pool of data across all of your individual 3G/4G/5G connections, which can be a substantial savings across many locations.