SDN vs. SD-WAN: Which is right for you?
Moving to the Cloud: The SASE Puzzle Part 7
Software-defined wide area network (SD-WAN) is a solution providing network connectivity over geographic distance, allowing employees to work from anywhere with the same resources. As a component of the larger SASE framework, SD-WAN contributes to protecting everything outside your organization’s perimeter.
As identified by Gartner, there are four characteristics of SD-WAN:
- Support of multiple connection types
- Dynamic path selection
- Simple interface for management of WAS
- Support of VPNs
Denoting the use of software in the name, software – as opposed to hardware – is used to control connectivity, management and services between datacenters, remote branches and/or cloud instances. This does not immediately translate into the absence of physical devices, but your deployment may include existing routers, switches, or virtualized equipment, which monitors WAN performance to ensure high speeds and optimize connectivity.
SDN vs. SD-WAN
SD-WAN has connections that originate from SDN, as they do contain shared methodology of separating the control plane from the data plane. The goal of both is to make networking smarter and more intelligent.
It seems natural to discuss SDN since SD-WAN could be considered the application of SDN in a different way, as they both do share similar architecture design characteristics, including…
- Centralized Management/Orchestration of the Control Plane
- Distributed Data Forwarding of the Data Plane
- Routing Polices that are based on Application-driven traffic
SDN is the physical separation of the network control plane from the forwarding plane, and where a control plane manages several devices. SDN has been used in telecom and datacenter infrastructures in a traditional way, allowing for on-demand adding of services, reducing costs, and improving the performance and scalability of the network.
It is possible, however, to utilize both. Organizations may still utilize SDN while also using SD-WAN, or may transition to a full SD-WAN use and migrate away from traditional SDN only for the datacenter.
SD-WAN: Basic vs. Business Driven
SD-WAN may fall into a basic offering or require additional functionality. Basic offerings are summarized as pre-defined rules. They cover monitoring paths for outages or underperformance to redirect to a better link. In this way, SD-WAN provides an equal service to a VPN service.
Advanced SD-WAN offer specific settings, going beyond the standard template or a pre-defined ruleset. SD-WAN can react to network conditions and alter rules to accommodate possibilities such as…
- Changes implemented when congestion or impairments are seen in your environment.
- Continuous monitoring and reaction to real-time network changes
- Capabilities to monitor all transport paths and react to address packet loss, latency, or jitter.
Traditional WANs were never designed for the cloud, only conventional routers. This would involve backhauling all your traffic – whether cloud destined or not – from your branch offices or headquarters to a central location. There, your network security inspection tools could apply policy prior to egress from your corporate environment.
When evaluating a SD-WAN solution, consider…
- Do your users access business applications in private, locally hosted databases or servers?
- Do your users access business applications in public, or private cloud instances of applications using a SaaS, IaaS or PaaS?
- Do you require zero-touch provisioning or full end-to-end orchestration of all WAN edge functions?
- Do you require centralized configuration enabling changes to be deployed quickly vs weeks?
Looking Beyond: Connecting SD-WAN to Cloud-based Security
SD-WAN is also important to organizations working to meet the upcoming drive to the SSE Gartner Quadrant, which includes firewall as a service (FWaaS) and SD-WAN. Including SD-WAN allows the ability to restructure your network security to meet the changing needs of your enterprise and users. SD-WAN benefits from being deployed in conjunction with FWaaS by receiving the integrated security offered by FWaaS. The partnership and combination of these two products allows a company to improve the performance and usability of their corporate WAN.
Implementing SASE correctly secures your workforce, no matter where they are. Choosing to partner with Braxton-Grant means we can become an extension of your team, work toward your goals, and be a trusted resource with deep experience that you can leverage.