E-Handbook: Latest SD-WAN features offer better management, security Article 2 of 4

Dmitry Nikolaev - stock.adobe.co


What to expect with SD-WAN management, intent and usability

Users can expect advancements in SD-WAN intent, usability and management, as vendors seek to improve their developer ecosystems, integration and multi-tenancy capabilities.

The software-defined WAN market is maturing as it becomes a mainstream element of IT organizations' plans to improve application performance. Leading SD-WAN technology providers continue to improve the automation, scalability and centralized management features of their products. But SD-WAN providers have a long way to go before they deliver the promise of fully automated, intent-based WANs.

The SD-WAN market continues to grow rapidly -- reaching over $1 billion in annual sales, according to Doyle Research -- as a wide range of distributed organizations adopt its technology to optimize WAN bandwidth and application performance. This highly competitive market, with dozens of suppliers, continues to improve the depth and breadth of features and functionality, as well as its partnerships with other network and security products.

Key areas of competitive SD-WAN differentiation include application performance, access to cloud and SaaS applications, security, software-defined branch features and, of course, its manageability and automation.

Elements of usability, intent and manageability

The discussion of SD-WAN management, automation and orchestration (MANO) is complex and involves a number of distinct elements. The intelligence of SD-WAN is typically distributed between the premises device, a centralized console and the cloud. From a functional perspective, we can break it down into four work processes:

  • installation, with so called zero-touch SD-WAN installment at the branch;
  • setting application performance priorities;
  • maintenance, which includes changing locations, adding or dropping internet service providers and onboarding new applications or user groups; and
  • integration with existing network, security and application management systems.

Installation. SD-WAN uses the concept of zero-touch deployment where an appliance is shipped to the branch, plugged in to AC power and the internet and configured by a centralized console. It also has the ability for IT teams to pre-set configuration templates for dozens or hundreds of branch sites, which helps ease installation and supports a smooth SD-WAN rollout. One size does not fit all regarding branch requirements, and some industries -- like retail or restaurants -- may frequently need to provision new branches and locations.

Application prioritization. Large organizations typically have a hundred or more applications developed for in-house consumption, and the addition of dozens of popular SaaS applications makes it challenging for IT to establish and administrate application priorities. Many SD-WAN products have pre-set policies for certain application types, like unified communications and video.

Automating the intent of users and IT administrators with regards to application performance is complex, as it requires end-to-end measurement of traffic between the branch and data center or the branch and cloud. Traffic must then shift to the most appropriate link and adhere to IT-directed prioritization policy.

Most SD-WAN products can identify and prioritize leading SaaS applications like Office 365 and Salesforce. SD-WAN products offer plenty of options to set application and security policies for locations or user groups. IT teams will likely find it complex to administer and keep these policies current in changing IT environments.

Ongoing maintenance of SD-WAN systems. SD-WAN offerings provide management consoles that experienced IT personnel can use at a centralized location. These dashboards can graphically illustrate the health of the network -- e.g., slowdowns and brownouts -- and the current performance of key applications. These consoles can help IT quickly identify the location of any problem, determine the likely cause and -- with multiple WAN circuits -- automatically route traffic over the best link, based on specified application priorities. SD-WAN management systems also help IT make changes to locations and user groups, add new applications and change security policies, among other things.

Integration with IT management systems. The integration between SD-WAN management consoles and existing network, security and other management systems is critical for maintaining overall IT health. Examples of management integration include unified communications, network security and application performance management systems.

Most SD-WAN products integrate with leading network security products -- like Palo Alto Networks and Zscaler -- but vary in their level of integration from a management perspective. In many cases, SD-WAN is yet another management console in IT swivel chair management. 

MANO and managed SD-WAN services

Enterprise IT teams need an end-to-end management environment that includes SD-WAN.

SD-WAN technology is increasingly delivered as a service by communications service providers, managed service providers (MSPs), IT outsourcers and channel partners. Managed SD-WAN service providers require more robust MANO capabilities than most enterprise users. In addition to scale, an important feature is the concept of multi-tenancy -- being able to operate multiple, independent networks on the same product to deliver services to several customers at the same time.

MSPs also require highly customized dashboards, automated customer provisioning and the ability to easily integrate with third-party management systems. Versa Networks and VMware have focused on meeting these MSP requirements, including multi-tenancy.

Key trends in SD-WAN management and intent

As the market matures, SD-WAN suppliers are making good progress in improving their management capabilities. We can evaluate their progress in a number of areas, including:

  • developer ecosystems;
  • customized dashboards;
  • integrated management systems; and
  • multi-tenancy capabilities.

SD-WAN providers offer open APIs to integrate with other platforms and to enable customized development on their platforms. The depth and breadth of SD-WAN suppliers' developer ecosystems will be critical to achieving MANO goals over time. For example, Cisco's DevNet program provides sandboxes, sample code and other support for Cisco SD-WAN developers and users. CloudGenix has also focused on the programmability of its platform and its developer ecosystem.

Enterprise IT teams need an end-to-end management environment that includes SD-WAN. SD-WAN suppliers are working toward integrating their management systems in an ideal single pane of glass to enable end-to-end application performance and security management. 

SD-branch integration

The software-defined branch (SD-branch) simplifies network operations by consolidating network security, LAN, Wi-Fi and WAN connectivity -- including SD-WAN and routing -- in a unified platform that is easy to deploy and manage. SD-branch offers integrated management to control a full range of network and security elements.

Many vendors are currently delivering SD-branch options, including Aruba Networks from Hewlett Packard Enterprise, Cisco Meraki, Cradlepoint, Fortinet, Riverbed, WatchGuard and Versa Networks.

What's next for SD-WAN management

In isolation, SD-WAN technology is relatively easy to deploy and maintain. It does a good job of identifying key applications and applying traffic prioritization to deliver a high-quality user experience. Customizable management dashboards show the network's health and the performance of specific applications.

The next phase of SD-WAN management developments relates to its ability to seamlessly integrate with the rest of the network, security and data center management systems. This requires open APIs and programs to enable developers to customize and integrate the specific, proprietary SD-WAN MANO elements. A robust partner ecosystem with deep integration, including all the leading network security providers and key management platforms is necessary.

Dig Deeper on SD-WAN

Unified Communications
Mobile Computing
Data Center