E-Handbook: The managed services trend reaches the software-defined WAN Article 3 of 4

ltstudiooo - Fotolia


How your SD-WAN appliance can consolidate the branch stack

The latest SD-WAN appliance technology promises expanded and accelerated consolidation of branch stacks. Learn how it works and how to make it work for you.

Early adopters of SD-WAN experience significant benefits beyond connectivity cost savings, which have also been dramatic for many adopters, according to Nemertes' research. Chief among benefits is reducing the amount of staff time required to run the WAN by half, on average. Those adopting software-defined WAN to replace other branch devices, rather than as another box in the stack, should expect the greatest savings.

A current generation SD-WAN appliance can replace routers; WAN optimizers, in many use cases; and even firewalls. As SD-WAN continues to mature, and as SD-WAN functions gradually become the baseline expectation for WANs, the consolidation of branch stacks into an SD-WAN appliance will expand and accelerate.

Plan, test, pilot, expand and learn

There is no mystery about how to succeed in consolidating branch stacks onto an SD-WAN appliance. As is generally true in IT, success begins with a plan -- one that defines preproduction testing scenarios, a pilot deployment to test the platform in production and a main deployment that expands from the pilot.

IT has to make an initial plan based on what it knows about its organization's network and applications. That knowledge, however, is rarely accurate or complete. So every phase, beginning with planning, has to proceed on the assumption that the plan will evolve. For example, mistaken assumptions will be corrected and blank areas in application portfolios, network usage, actual as-built network characteristics and other data sets will be filled in. The feedback loop should be explicit.

Happily, IT can use the SD-WAN tools themselves to gather, check and correct information on what actually happens in their networks. IT leaders should plan on testing and quickly pushing out a set of look-don't-touch SD-WAN nodes to help the project get the data it needs to succeed.

Don't go it alone

IT must engage end users, application delivery staff and security teams in every phase of the deployment project. Because the SD-WAN appliance replaces other tools, these teams will need to sign off during testing and pilot phases. For example, they'll need to ensure that the SD-WAN replacement will perform as well as, or better than, the status quo architecture and meets all policy requirements; this is especially important in security.

"Nemertes 2017-18 Cloud and Networking Benchmark" participants shared stories of SD-WAN deployments sold to leadership partly based on a plan to consolidate separate appliance layers -- WAN optimizers in one case, and firewalls in another. These deployments failed, however, because the SD-WAN products initially chosen could not meet real use-case requirements. Had the relevant subject-matter experts been involved in the process upfront, in each case, the platform's inadequacy would have become apparent even before the product was fully tested. (In both cases, the organizations did find another SD-WAN platform that met their needs.)

Pilot first with easy fallback and last with snap cutovers

IT has to use SD-WAN deployment as an opportunity to improve its knowledge of how the WAN is actually built, how it's used and how well it performs.

Where possible, IT should deploy the SD-WAN appliance in front of and in line with other tools they plan to replace. IT should use policy to direct traffic untouched through the older appliance, but also set up a second path that bypasses the appliance.

With ample testing after the change, use the policy console to switch on the functions that will replace the older appliance. Next, have those policies send traffic down the bypass path. If all is well, leave the policies in place and move on to the next appliance. Where there are problems, deactivate the new policies, which will send traffic back down the old pathway; modify them; and try again.

After a few iterations, the pilot should yield a complete and hardened policy set that fully replaces the old stack. The last set of pilot sites can be used to test snap conversion. To do this, slot in the SD-WAN appliance in parallel to the old stack, and cut traffic over to it all at once.

Plan together, do together, learn together, succeed together

IT has to use SD-WAN deployment as an opportunity to improve its knowledge of how the WAN is actually built, how it's used and how well it performs. By seeking and using that knowledge -- and by engaging all the key stakeholders in the transition during planning, testing and deployment -- IT has the best chance to succeed in consolidating branch stacks onto an SD-WAN appliance.

Dig Deeper on WAN technologies and services

Unified Communications
Mobile Computing
Data Center