Four Factors for Evaluating SD-WAN Solutions
•Download as PPTX, PDF•
3 likes•1,759 views
The market is crowded with SD-WAN providers—from pure-play startups to more established infrastructure and WAN specialists. With so many vendors, each offering different SD-WAN features and functions, how do you find the solution that's right for your organization? Before you engage with SD-WAN providers or assemble your shortlist, learn how to choose the right solution for your organization and evaluate the four critical factors of SD-WAN: architecture, performance, security, and provisioning/management. Learn more: https://rvbd.ly/2vmZoNW
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Four Factors for Evaluating SD-WAN Solutions
Similar to Four Factors for Evaluating SD-WAN Solutions (20)
More from Riverbed Technology
More from Riverbed Technology (20)
Recently uploaded
Recently uploaded (20)
Four Factors for Evaluating SD-WAN Solutions
- 1. Four Factors for Evaluating SD-WAN Four Factors for Evaluating SD-WAN
- 2. © 2018 Riverbed Technology, Inc. All rights reserved. 2 Factor #4 Determine the architecture that best meets your needs
- 3. © 2018 Riverbed Technology, Inc. All rights reserved. 3 Business Initiative Connectivity Key Architectural Considerations IoT Mobility Cloud first Hardware or Software? Cloud or on-prem or hybrid? Interoperability? MPLS Broadband/Direct-to-net W/LAN & LTE Delivery
- 4. © 2018 Riverbed Technology, Inc. All rights reserved. 4 SaaS Hybrid Applications Hybrid WAN Higher utilization of dual MPLS 1) Traditional MPLS MPLS-B MPLS-A
- 5. © 2018 Riverbed Technology, Inc. All rights reserved. 5 MPLS-A SaaS Internet Hybrid Applications Hybrid WAN MPLS-B or Internet Bandwidth arbitrage w/ Internet backhaul 2) Hybrid WAN
- 6. © 2018 Riverbed Technology, Inc. All rights reserved. 6 MPLS-A SaaS Internet Hybrid Applications MPLS-B or Internet 3) Direct to Net Cloud-first strategy
- 7. © 2018 Riverbed Technology, Inc. All rights reserved. 7 MPLS-A SaaS Internet Hybrid WAN and LAN MPLS-B or Internet 4) Unified Network Fabric Policies extend across WAN and W/LAN
- 8. © 2018 Riverbed Technology, Inc. All rights reserved. 8 Factor #3 Ensure the overall performance and availability of your SD-WAN
- 9. © 2018 Riverbed Technology, Inc. All rights reserved. 9 Scalability Optimization Key Performance Considerations How many sites? Multiple hubs supported? Bandwidth capacity? Traffic prioritization? Traffic steering? High availability? Integrated monitoring? Application recognition? Encryption? Video stream splitting? Compression & dedup? Performance
- 10. © 2018 Riverbed Technology, Inc. All rights reserved. 10 Last mile challenges Path selection and traffic steering becomes critical What’s needed: dynamic, policy-based prioritization – Available bandwidth – Latency – Packet loss – Jitter Broadband May Vary in Performance/Availability MPLS-A SaaS Internet Hybrid Applications Hybrid WAN MPLS-B or Internet
- 11. © 2018 Riverbed Technology, Inc. All rights reserved. 11 Factor #2 Security and risk
- 12. © 2018 Riverbed Technology, Inc. All rights reserved. 12 Embedded Security Integration with Security Providers Key Security Considerations AutoVPN? Built in firewalls? Network segmentation? Guest WiFi segmentation? Centralized policy mgmt.? Policy enforcement? Unified views? Access control? Types of partners Level of integration, VPN or API-level? Security Management
- 13. © 2018 Riverbed Technology, Inc. All rights reserved. 13 ✔Native firewalls ✔Granular allow/deny filtering ✔VPN ✔NAT capabilities ✔WAN hardening ✔Logging SD-WAN Embedded Security Security Capabilities ✔Advanced threat prevention ✔Access control ✔Inline data protection ✔Acceptable Use Policy enforcement ✔InfoSec compliance audits and reporting Optional Best of Breed with CSPs
- 14. © 2018 Riverbed Technology, Inc. All rights reserved. 14 Factor #1 Ease of provisioning and orchestration
- 15. © 2018 Riverbed Technology, Inc. All rights reserved. 15 Provisioning Integrations Key Provisioning and Management Considerations Ease of provisioning new sites? Integration with existing environment? Zero touch capabilities? Centralized policy management? Application recognition? Ease of applying rules? Cloud providers? NPM? APM? End user experience? Management
- 16. © 2018 Riverbed Technology, Inc. All rights reserved. 16 No truck rolls or manual configurations How Easy Is It to Manage Centrally? • Deploy on premises or in the cloud • Remote configuration of branch offices (zero touch) • Centralized configuration and rollback, if needed • Multi-tenant • Mobile access
- 17. © 2018 Riverbed Technology, Inc. All rights reserved. 17 How Do You Apply Business Policies? Use GUI interface to determine how to apply traffic path rules
- 18. © 2018 Riverbed Technology, Inc. All rights reserved. 18 Can You Easily Connect to Cloud? Secure, one-click connect to AWS, Azure, and Internet• VPN to IaaS • Direct-to-SaaS/Internet
- 19. © 2018 Riverbed Technology, Inc. All rights reserved. 19 Go to Resource Image Try SteelConnect for free SteelConnect Free Trial
- 20. © 2018 Riverbed Technology, Inc. All rights reserved. 20 Resources to help you evaluate SD-WAN solutions Learn more about SD-WAN and SteelConnect ROI eGuideRFP/RFI Tool
- 21. Thank You © 2018 Riverbed Technology, Inc. All rights reserved. 21
Editor's Notes
- Go through the four factors countdown style Start with architecture…
- What’s on the slide Anecdote about a customer perhaps Will then go to 4 different architectural options Focus in on our strengths – ability to play well with existing infra and also support unified management for W/LAN
- Improve app performance & business SLAs during non-failure states. Traffic for all apps (on-prem and Internet) traverses MPLS. “Boomerang effect” increases latency for business-critical SaaS applications.
- Incorporate Internet circuits at the branch to reduce cost. Internet-bound traffic backhauled into data center via encrypted VPN. “Boomerang effect” increases latency for business-critical SaaS applications.
- Removes latency and bandwidth constraints due to increased use of rich media and SaaS Uses network segmentation and embedded security capabilities May also integrate with cloud security providers
- Removes latency and bandwidth constraints due to increased use of rich media and SaaS Uses network segmentation and embedded security capabilities May also integrate with cloud security providers
- High Availability Throughput Optimization Visibility
- To support enterprise deployments, SD-WAN solutions need to be highly scalable. They also need to be able to provide functionality to ensure that multiple WAN links can be effectively leveraged to provide high availability. How does your architecture enable the scalability of your solution? How scalable is your solution? For example, how many sites and how many tunnels can you support? Describe how architecture of your solution enables high availability at both data centers and branch offices. For each component, describe how it is designed to ensure high availability. Discuss what happens if a component of your solution fails. Describe the ability of your solution to continue to function, potentially at a reduced level, if one or more of the central components fails. If a WAN link fails, how long does it take to switch over to an alternative WAN link on average? What is the maximum failover time? Once a WAN link that failed is returned to production, how long does it take to switch back to using that link? What is the maximum switch back time? Describe the ability of your solution to support a hub-and-spoke design with multiple hubs. Include the number of hubs supported with a full mesh design that connects the hubs. In contrast to a traditional WAN, SD-WAN makes greater use of broadband services that do not include performance guarantees. That is one reason why companies evaluating SD-WAN solutions need to understand the performance characteristics in detail. Describe any testing that has been done on the performance of your solution. Include a discussion of your solution’s IPSec performance, for inbound, outbound, and pass through. Is it possible to get access to those test results? Describe the ability of your solution to prioritize traffic types. Describe how your solution does path selection/traffic steering. Include the parameters used (e.g., available bandwidth, latency, packet loss, jitter, MOS) and how they are used. When your solution does traffic steering, does it take into account the applications that are running over the WAN? If it does, describe how. Does your solution have the capability to enforce traffic flowing between two sites taking the same path in both directions? Discuss how your solution supports VoIP and highlight the functionality that ensures acceptable voice quality. Below is a list of WAN optimization functionality. Indicate which functionality your solution supports and where it is supported. Caching Deduplication Latency mitigation techniques including Layer 4 and Layer 7 application optimization Optimize SSL Latency avoidance and reduction including techniques such as TCP acceleration, HTTP acceleration, and request prediction and spoofing Are there proof points that quantify the impact of the various components of your solution’s WAN optimization functionality? How does your solution leverage analytics and big data to provide higher availability and performance? Does your SD-WAN solution have the capability to reduce the impact of latency on applications and services? Does your SD-WAN solution have the capability to compress or reduce network consumption?
- Broadband + less expensive + faster to provision + for cloud first companies No performance guarantees (imp for VOIP, etc)
- Traditional approaches to branch security that require backhauling compromise cloud app performance How do you provide direct to net secure connectivity? If you are using a cloud security provider like Zscalar, need to route traffic based on app and user defined policies Centralized Security Policy Management vs Device-Centric Management: SD-WAN allows you to establish centralized control of network-wide business and security policies. Rules can be implemented, deployed, managed, and changed universally throughout the system—without requiring command-line interface (CLI) configuration that is often susceptible to human error or driven by custom scripts. SD-WAN provides rules-based traffic, security, and hardware assignment policy definition. Best of all, it’s centralized and automated rather than on a manual, per-device basis. Say goodbye to CLI. Unified Views of the Network vs Multiple Panes of Glass: SD-WAN management dashboards offer unified views of the network topology, including registered and online appliances and new events. The dashboards continuously and automatically reflect network events, sites, and tunnel status to validate that security policies are working as expected. You can gain insight of the entire network topology or drill into specific site, application, and user views. With improved visibility and integrated analytics, you can troubleshoot problems quickly, better plan for changes, and even rollback changes if they are not working as intended. Built-in Firewalls vs Separate Firewall Appliances: SD-WANs provide centralized support for embedded security, firewalls, access points, and switches, eliminating the need for additional security appliances in many remote/branch location scenarios. They include a built-in stateful firewall and allow tight policy control over the types of Internet traffic that are allowed in and out at a branch. SD-WAN solutions are hardened and provide in-flight encryption for additional built-in security. Lastly, because many SD-WANs deployments run on top of existing infrastructure, they work in combination with your current firewalls and switches. Network Segmentation: You can define granular segmentation policies tied to application characteristics, network configurations, addressing, etc., which are distributed across all nodes in the SD-WAN. Based on the segmentation policies, SD-WAN creates multi-point tunnels using IPsec to dynamically enforce segmentation of LAN and Wi-Fi users and devices across all locations. Many organizations also use network segmentation to reduce attack surfaces and contain possible breaches. Traditional WAN segmentation was based on Layer 2/3 and was not driven by application and business priorities. Identity Based User Access: SD-WAN identifies users by names, roles, or job functions, and assigns users to a virtual network zone to simplify management. These virtual zones automatically follow the users and their devices across all locations, no matter which device is used. You can rely on user-identity based access control to better secure mobile and bring-your-own-device (BYOD) environments. Secure Guest Wi-Fi Access: SD-WAN offers authenticated and identity-based registration and then directs all guest Wi-Fi traffic over the Internet with a firewall between the guest zones and the internal zones. Guests can self-register each device in a matter of minutes and the administrator automatically attaches the security policy to each device registered by that user. Web content restriction and malware filtering can also be set as policies. Auto Virtual Private Network (AutoVPN): AutoVPN, based on the industry-standard IPsec with AES-256 encryption, creates a secure VPN backbone around remote branches and users. It can also be deployed between access points, gateways, as well as third-party VPNs (Classic VPNs). Encrypted AutoVPNs are typically supported over all WAN transports including Internet and MPLS and can be applied to SD-WAN environments for highly-sensitive data and applications.
- Describe the tool or tools that you provide for the teeing of your solution in general and of each part of your solution in particular Describe the overall provisioning process. As part of your answer describe how you integrate your solution with the existing environment. Describe your ability to automate the provisioning of new sites and new connections. Describe in detail the deployment process for your SD-WAN solution. Include in your response the ability to configure the solution prior to deploying it. Also include the number and type of resources required. Describe the process of deploying a new device in a branch office. Describe the process of deploying software updates. Describe the ability of your solution to dynamically discover, procure, allocate, and reconfigure resources. Describe the functionality to minimize the amount of manual labor required for provisioning, deployment, and ongoing management. Ongoing Management While the dynamic nature of SD-WANs adds considerable value, it also further complications the task of WAN management as does the large and growing number of mobile workers. Can your solution be managed both on premise and in the cloud? Can your solution support multiple virtual WANs? If so, what is the maximum number of virtual WANs supported? If your solution can support multiple virtual WANs, detail how each virtual WAN is managed and secured. Describe the functionality to manage the performance of the SD-WAN. Include how you determine that SD-WAN performance is degrading. Describe the reporting functionality, including key reports and screen shots of the relevant management dashboards. Describe your ability to centralize management across SD-WAN, wired and wireless LAN, and cloud resources. Provide an example. Describe the ability of your solution to map an application to the end-to-end resources, both physical and virtual, that are supporting the application. Include how your solution maps the virtual resources that support an application to the physical resources that support those virtual resources. Identify and describe the functionality to manage real-time applications such as voice and video. Identify and describe the functionality that enables a company to implement and support SLAs regardless of whether resources are hosted in an internal data center or in a public cloud facility. How does your solution leverage analytics and big data for enhanced management? Describe how your solution enables effective event correlation and fault management. Describe how the management functionality integrates with industry leading Network Performance Management, Application Performance Management, and End User Experience Monitoring tools. Describe the ability to create centralized policies and orchestration. Describe how you create the central policies, the language used, and whether they can be deployed across SD-WAN, wired and wireless LAN, and cloud resources. Relative to the policies described above, how are they developed and implemented? How do you apply them to users, locations, and security requirements. Include in your response an example of a policy. Should we break out analytics and data and have in one place? Right now, is sprinkled throughout.
- Answering the question: How do you automate provisioning?
- Automatically identify and classify apps business policies can be easily applied SteelConnect identifies 1,300+ applications out of the box, including Internet and on-premises DPI with SSL/TSL support You can easily apply rules based on application target/types
- > Scot to talk to customer if he has one…
- Mike make the point to send this link to colleagues in roles on the top of the DEM slide
- A few more resources that will help you figure out how evaluate SD-WAN and Riverbed