The market is crowded with SD-WAN providers—from pure-play startups to more established infrastructure and WAN specialists. With so many vendors, each offering different SD-WAN features and functions, how do you find the solution that's right for your organization?
Before you engage with SD-WAN providers or assemble your shortlist, learn how to choose the right solution for your organization and evaluate the four critical factors of SD-WAN: architecture, performance, security, and provisioning/management.
Learn more: https://rvbd.ly/2vmZoNW
Go through the four factors countdown style
Start with architecture…
What’s on the slide
Anecdote about a customer perhaps
Will then go to 4 different architectural options
Focus in on our strengths – ability to play well with existing infra and also support unified management for W/LAN
Improve app performance & business SLAs during non-failure states.
Traffic for all apps (on-prem and Internet) traverses MPLS.
“Boomerang effect” increases latency for business-critical SaaS applications.
Incorporate Internet circuits at the branch to reduce cost.
Internet-bound traffic backhauled into data center via encrypted VPN.
“Boomerang effect” increases latency for business-critical SaaS applications.
Removes latency and bandwidth constraints due to increased use of rich media and SaaS
Uses network segmentation and embedded security capabilities
May also integrate with cloud security providers
Removes latency and bandwidth constraints due to increased use of rich media and SaaS
Uses network segmentation and embedded security capabilities
May also integrate with cloud security providers
High Availability
Throughput
Optimization
Visibility
To support enterprise deployments, SD-WAN solutions need to be highly scalable. They also need to be able to provide functionality to ensure that multiple WAN links can be effectively leveraged to provide high availability.
How does your architecture enable the scalability of your solution?
How scalable is your solution? For example, how many sites and how many tunnels can you support?
Describe how architecture of your solution enables high availability at both data centers and branch offices.
For each component, describe how it is designed to ensure high availability. Discuss what happens if a component of your solution fails.
Describe the ability of your solution to continue to function, potentially at a reduced level, if one or more of the central components fails.
If a WAN link fails, how long does it take to switch over to an alternative WAN link on average? What is the maximum failover time?
Once a WAN link that failed is returned to production, how long does it take to switch back to using that link? What is the maximum switch back time?
Describe the ability of your solution to support a hub-and-spoke design with multiple hubs. Include the number of hubs supported with a full mesh design that connects the hubs.
In contrast to a traditional WAN, SD-WAN makes greater use of broadband services that do not include performance guarantees. That is one reason why companies evaluating SD-WAN solutions need to understand the performance characteristics in detail.
Describe any testing that has been done on the performance of your solution. Include a discussion of your solution’s IPSec performance, for inbound, outbound, and pass through. Is it possible to get access to those test results?
Describe the ability of your solution to prioritize traffic types.
Describe how your solution does path selection/traffic steering. Include the parameters used (e.g., available bandwidth, latency, packet loss, jitter, MOS) and how they are used.
When your solution does traffic steering, does it take into account the applications that are running over the WAN? If it does, describe how.
Does your solution have the capability to enforce traffic flowing between two sites taking the same path in both directions?
Discuss how your solution supports VoIP and highlight the functionality that ensures acceptable voice quality.
Below is a list of WAN optimization functionality. Indicate which functionality your solution supports and where it is supported.
Caching
Deduplication
Latency mitigation techniques including Layer 4 and Layer 7 application optimization
Optimize SSL
Latency avoidance and reduction including techniques such as TCP acceleration, HTTP acceleration, and request prediction and spoofing
Are there proof points that quantify the impact of the various components of your solution’s WAN optimization functionality?
How does your solution leverage analytics and big data to provide higher availability and performance?
Does your SD-WAN solution have the capability to reduce the impact of latency on applications and services?
Does your SD-WAN solution have the capability to compress or reduce network consumption?
Broadband
+ less expensive
+ faster to provision
+ for cloud first companies
No performance guarantees (imp for VOIP, etc)
Traditional approaches to branch security that require backhauling compromise cloud app performance
How do you provide direct to net secure connectivity?
If you are using a cloud security provider like Zscalar, need to route traffic based on app and user defined policies
Centralized Security Policy Management vs Device-Centric Management: SD-WAN allows you to establish centralized control of network-wide business and security policies. Rules can be implemented, deployed, managed, and changed universally throughout the system—without requiring command-line interface (CLI) configuration that is often susceptible to human error or driven by custom scripts. SD-WAN provides rules-based traffic, security, and hardware assignment policy definition. Best of all, it’s centralized and automated rather than on a manual, per-device basis. Say goodbye to CLI.
Unified Views of the Network vs Multiple Panes of Glass: SD-WAN management dashboards offer unified views of the network topology, including registered and online appliances and new events. The dashboards continuously and automatically reflect network events, sites, and tunnel status to validate that security policies are working as expected. You can gain insight of the entire network topology or drill into specific site, application, and user views. With improved visibility and integrated analytics, you can troubleshoot problems quickly, better plan for changes, and even rollback changes if they are not working as intended.
Built-in Firewalls vs Separate Firewall Appliances: SD-WANs provide centralized support for embedded security, firewalls, access points, and switches, eliminating the need for additional security appliances in many remote/branch location scenarios. They include a built-in stateful firewall and allow tight policy control over the types of Internet traffic that are allowed in and out at a branch. SD-WAN solutions are hardened and provide in-flight encryption for additional built-in security. Lastly, because many SD-WANs deployments run on top of existing infrastructure, they work in combination with your current firewalls and switches.
Network Segmentation: You can define granular segmentation policies tied to application characteristics, network configurations, addressing, etc., which are distributed across all nodes in the SD-WAN. Based on the segmentation policies, SD-WAN creates multi-point tunnels using IPsec to dynamically enforce segmentation of LAN and Wi-Fi users and devices across all locations. Many organizations also use network segmentation to reduce attack surfaces and contain possible breaches. Traditional WAN segmentation was based on Layer 2/3 and was not driven by application and business priorities.
Identity Based User Access: SD-WAN identifies users by names, roles, or job functions, and assigns users to a virtual network zone to simplify management. These virtual zones automatically follow the users and their devices across all locations, no matter which device is used. You can rely on user-identity based access control to better secure mobile and bring-your-own-device (BYOD) environments.
Secure Guest Wi-Fi Access: SD-WAN offers authenticated and identity-based registration and then directs all guest Wi-Fi traffic over the Internet with a firewall between the guest zones and the internal zones. Guests can self-register each device in a matter of minutes and the administrator automatically attaches the security policy to each device registered by that user. Web content restriction and malware filtering can also be set as policies.
Auto Virtual Private Network (AutoVPN): AutoVPN, based on the industry-standard IPsec with AES-256 encryption, creates a secure VPN backbone around remote branches and users. It can also be deployed between access points, gateways, as well as third-party VPNs (Classic VPNs). Encrypted AutoVPNs are typically supported over all WAN transports including Internet and MPLS and can be applied to SD-WAN environments for highly-sensitive data and applications.
Describe the tool or tools that you provide for the teeing of your solution in general and of each part of your solution in particular
Describe the overall provisioning process. As part of your answer describe how you integrate your solution with the existing environment.
Describe your ability to automate the provisioning of new sites and new connections.
Describe in detail the deployment process for your SD-WAN solution. Include in your response the ability to configure the solution prior to deploying it. Also include the number and type of resources required.
Describe the process of deploying a new device in a branch office.
Describe the process of deploying software updates.
Describe the ability of your solution to dynamically discover, procure, allocate, and reconfigure resources.
Describe the functionality to minimize the amount of manual labor required for provisioning, deployment, and ongoing management.
Ongoing Management
While the dynamic nature of SD-WANs adds considerable value, it also further complications the task of WAN management as does the large and growing number of mobile workers.
Can your solution be managed both on premise and in the cloud?
Can your solution support multiple virtual WANs? If so, what is the maximum number of virtual WANs supported? If your solution can support multiple virtual WANs, detail how each virtual WAN is managed and secured.
Describe the functionality to manage the performance of the SD-WAN. Include how you determine that SD-WAN performance is degrading.
Describe the reporting functionality, including key reports and screen shots of the relevant management dashboards.
Describe your ability to centralize management across SD-WAN, wired and wireless LAN, and cloud resources. Provide an example.
Describe the ability of your solution to map an application to the end-to-end resources, both physical and virtual, that are supporting the application. Include how your solution maps the virtual resources that support an application to the physical resources that support those virtual resources.
Identify and describe the functionality to manage real-time applications such as voice and video.
Identify and describe the functionality that enables a company to implement and support SLAs regardless of whether resources are hosted in an internal data center or in a public cloud facility.
How does your solution leverage analytics and big data for enhanced management?
Describe how your solution enables effective event correlation and fault management.
Describe how the management functionality integrates with industry leading Network Performance Management, Application Performance Management, and End User Experience Monitoring tools.
Describe the ability to create centralized policies and orchestration. Describe how you create the central policies, the language used, and whether they can be deployed across SD-WAN, wired and wireless LAN, and cloud resources.
Relative to the policies described above, how are they developed and implemented? How do you apply them to users, locations, and security requirements. Include in your response an example of a policy.
Should we break out analytics and data and have in one place? Right now, is sprinkled throughout.
Answering the question: How do you automate provisioning?
Automatically identify and classify apps business policies can be easily applied
SteelConnect identifies 1,300+ applications out of the box, including Internet and on-premises
DPI with SSL/TSL support
You can easily apply rules based on application target/types
> Scot to talk to customer if he has one…
Mike make the point to send this link to colleagues in roles on the top of the DEM slide
A few more resources that will help you figure out how evaluate SD-WAN and Riverbed