SDWAN is a networking tool often used for businesses who are spread out geographically. It’s been growing in popularity and use within Australia for several years now, but there is still a lot of confusing information surrounding it. When you first begin researching the topic, you may feel overwhelmed just trying to determine what is SDWAN and should you go with Cisco SDWAN or FortiGate SDWAN? So, allow us to help and let’s dive into the topic. Firstly:
What is SDWAN?
SDWAN (not to be confused with Obi Wan) stands for Software Defined Wide Area Network. And unless you have a technical IT background, that phrase is just as meaningless as its acronym. Let’s start with the ‘WAN’ part first. WAN (Wide Area Network) is a network that connects computers and systems that are spread across a large geographical area. That is to say, computers within the same room or building, usually connected by a LAN (local area network). A WAN connects several LANs, usually within a specific organisation. This is generally when they have several branches spread throughout the city, state or country.
WAN technology previously relied on special hardware to perform these long-distance connections. But the future is here! So now we have Software Defined WAN that utilises the omnipotent power of the Internet to perform these connections.
How Does SDWAN Work?
SDWAN works by connecting users on the network to one another via multiple Internet-based services (such as broadband or 4G). Instead of requiring a physical connection à la MPLS (more on that later), SDWAN utilises a bundle of Internet connections. It then intelligently chooses the optimal one at any given time to route traffic.
For example, your SDWAN may be a selection of various connections including a 4G network, NBN, fibre and an ADSL connection. These can be provided by any combination of ISPs such as Telstra, Optus or TPG. When you want to send data across the network to another location, the SDWAN identifies which connection currently provides the most efficient speeds and will route traffic that way. If that connection becomes overloaded, or is otherwise unavailable, it will move to the next best connection available.
Furthermore, this is why it’s also advised to use multiple ISPs in your bundle. If one carrier is down, e.g. Telstra is having an outage, then you still have other options on your Optus or TPG connections.
SDWAN vs MPLS
Hopefully you’re still with us, and haven’t drowned amongst all the technical definitions and acronyms. If so, then let’s have a look at MPLS and how it differs from SDWAN. MPLS stands for Multiprotocol Label Switching. Again, this is a pretty meaningless phrase for anyone without a background in telecommunications or IT.
MPLS was (and in many cases still is) the reliable WAN solution for businesses before SDWAN rode into town. MPLS utilises telecommunications networks in order to transmit data. Essentially, the business pays a network provider (such as Telstra) to use their physical lines to transmit data from their Sydney branch, to their Seattle branch, for example. This means there is a direct physical line between the networks, and as such, it’s secure, reliable and most importantly, very expensive!
Although MPLS provides a real solution to the WAN problem… it’s completely out of reach for 99% of businesses due to the exorbitant cost. Imagine renting your own private lane on the M2, and you’re starting to get an inkling of what’s involved. Essentially, the cost of this service serves as a barrier to most businesses — so it’s really just the biggest corporations that had the deep pockets for this service. A rough cost of an MPLS service will run you up to $600-$800 per Mbps on average. Yeah, that is not a typo. Easy to see why most businesses were completely unable to utilise this service.
SDWAN bundles often consist of various connections such as fibre broadband, 4G and MPLS.
As we mentioned earlier, SDWAN doesn’t utilise physical phone lines for these connections (though it might take advantage of a cable line). It primarily relies on internet connections to perform its networking. Therefore, it’s a far more accessible and affordable option for businesses.
The Top 11 Benefits of SDWAN
So what are the main benefits of SDWAN and how does it support your business? Is it necessary, or just a gimmick technology that you can do without? Let’s make a list:
1. Increased Bandwidth
With an SDWAN on hand, you’re not restricted to one ISP. SDWAN bundles multiple connections, across multiple providers, so your available bandwidth is exponentially more than it would be without SDWAN. Definitely worth a tick in the pro column.
2. Lower Cost
As mentioned earlier, MPLS is a painfully expensive option that is basically just accessible to high-ranking corporations with dollars to burn. Instead of paying exorbitant rates of nearly $1000 per Mbps, you’re paying the standard rates of Internet broadband and 4G costs. It’s a lot easier on the budget. Another tick.
3. Centralised Management Across Branches
When you have multiple branches of your business, there is a huge benefit to being able to manage everything centrally. With SDWAN, you have more control over communications between sites, and you can implement changes across the environment instantly.
4. Greater Choice of Connection Vendor
Since SDWAN utilises a bundle of connections, you have options in what vendors you go with for this bundle. You’re not limited to just Telstra cable, you can also have Optus 4G, TPG Fibre, and an NBN connection.
5. Carrier Redundancy
Further to having multiple vendors and connections, this means that you’re not dead in the water when one of those connections goes down due to scheduled or impromptu service interruptions. Therefore, SDWAN provides you with far more reliability in terms of your connectivity.
6. Better Security
SDWAN provides greater security for your business as you can encrypt all communications across your network by default. When all traffic is routed through your SDWAN connections, they are secured by your encryption protocols.
7. Useful for Everyone
The best news about SDWAN is that it is not just for businesses with multiple sites and branches. You can utilise SDWAN for connecting from office to home, as well as office to office. Or without any secondary location at all. You can simply use it as a means to bundle your connections and provide a Quality of Service (dedicating portions of your bandwidth to specific functions).
8. Auto Provisioning
You can send SDWAN devices to additional branches without being configured before hand. The device can download its policies, crypto-certificate and keys and begin learning traffic patterns immediately and automatically. The technology becomes very hands off, which saves you time and headaches.
9. Intelligent Traffic Routing
As mentioned previously, SDWAN evaluates the available pathways and chooses the optimal route based on several factors from time of day, port numbers, quality of service markings, and IP addresses. This traffic-management ability can be pushed out to all relevant SDWAN devices.
10. High Performance
SDWAN uses the Internet to create multiple secure, high-performance connections, so that even if you’re dealing with traffic congestion on your Optus connection, the SDWAN is still able to access high-performing connections on your TPG or Telstra connections.
11. Increased Uptime
SDWAN enables rapid deployment of its services, without requiring specific IT staff to manually configure and install all aspects. Without the time-consuming aspect of older WAN models, your business therefore has increased uptime and can get on with what needs to be done.
What Are My SDWAN Options?
When it comes to choosing your SDWAN vendor, it can be difficult knowing which to choose. You’ll need to determine what your priorities are, what capabilities you need, and of course, the ever-present budget considerations. When searching for vendors, the top ones you’ll come across are likely Riverbed, Cisco, Citrix, VMware, FortiNet, Aryaka and Silver Peak. To help you get started on your SDWAN research journey, we’ll have a look at a few of these in detail.
Cisco is probably one of the biggest IT networking vendors around, their name has really become synonymous with cloud network technology and hardware routers. So, it’s only natural they have a share of the SDWAN market as well.
Cisco SDWAN boasts of the following features:
- Choice of cloud-based or on-premise Cisco SDWAN.
- Available as a 3 year or 5 year subscription, with a variety of packages to choose from (Cisco DNA Essentials, DNA Advantage and DNA Premier).
- Cisco SDWAN supports third-party API integration, allowing for greater customisation and automation in daily operations.
- Centralised management dashboard called vManage.
- Transport independence: zero network downtime utilising multiple connections.
- Network services: WAN optimisation, cloud security, firewalls, intrusion protection, URL filtering.
- Cisco SDWAN OnRamp provides continuous uptime and connectivity by continuously measuring connection performances and provides real-time visibility of performance.
- vManage console allows you to automate virtual private gateway deployment in certain environments, you can also monitor underlay performance, and harden your entire network.
- Cisco SDWAN also segments your network traffic from end to end, protecting your data.
- vManage also provides real-time analytics of applications and infrastructure, failure correlation, application performance, forecasting performance, bandwidth provisioning, and enact policy changes.
Where Cisco is the name in networking, FortiNet is the name in firewalls and endpoint security. FortiGate SDWAN is their solution to the modern WAN problem, achieved by bundling with several other FortiNet security services.
FortiGate SDWAN includes all the following functions:
- Path awareness intelligence to monitor application-level transactions and choose the best available path.
- Centralised management to simply deployment, management and monitoring.
- Improves cloud application performances by prioritising business critical applications and enabling branches to communicate directly to the Internet.
- Integrates and supports a range of over 3000 applications as well as granular visibility into sub-applications.
- Includes FortiGuard services with FortiGate SDWAN which covers: Application control with real-time visibility of what users are operating.
- Application control allows you to create policies to allow, deny or restrict access as required, enforce compliance and improve security.
- Web Filtering: protect the business by blocking access to malicious, or otherwise inappropriate websites.
- FortiSandbox Cloud is a threat detection solution that performs dynamic analysis to identify new malware threats, and then actions said threats using controls within your network.
- FortiGate SDWAN is also bundled with the highly rated FortiGuard Antivirus, which will protect your business against all the latest viruses, malware and threats.
- Intrusion prevention by utilising the FortiGuard IPS so threats are detected and eliminated before they reach network devices.
- Available as a physical device, virtual machine or cloud service.
- Easy to deploy and use, with a simplified UI and easy maintenance.
- Saves cost by integrating firewall and antivirus services with the SDWAN function and overall performs as more than just a replacement for MPLS.
Riverbed Technology is another name in networking, focusing a lot on both software and hardware products designed for network performance monitoring, application performance management and of course, WANs.
Riverbed’s SDWAN product SteelConnect includes the following features:
- Single-click set up of SDWAN capabilities in the cloud, and application acceleration in Microsoft Azure and AWS environments.
- Scalability for large environments, including data centres.
- Simple workflows for policy definitions.
- Fully automates secure connectivity between cloud vendors, cloud regions and between branch locations.
- Centralised management console for cloud, WAN and LAN which also enables WAN optimisation.
- Management console also allows admin to view network health, deploy appliances, and enact policy changes.
- Riverbed offers a free trial for SteelConnect so you can evaluate if its the right tool before making a financial commitment.
- SteelConnect uses a line of physical and virtual secure WAN gateways to provide unified connectivity, and enforces global policies, automated VPN management and next-gen firewall capabilities.
- User to server control, whether the user is static or mobile, on premises or on the cloud.
- Enforce application policies (such as path quality, path selection, quality of service and security).
- SteelConnect also includes integrated and third-party security providers.
6 Factors To Consider When Choosing Your SDWAN Solution
So what factors should you be considering when trying to choose from the numerous SDWAN options out there? How do you decide between Cisco SDWAN and FortiGate? There are a few items you should consider in order to determine which product will work best for you and your business:
- Cost: Do you have cost restrictions? If you’re planning to migrate from MPLS, you’ll likely be saving costs anyway, but it’s good to have a realistic idea of where your budget lies.
- Security: What are your security requirements? Are you looking for a bundled security SDWAN solution (such as FortiGate SDWAN)? Otherwise consider what security will be provided by alternate solutions.
- Reliability: Does the vendor offer reliability for their product? Some vendors will include an optional SLA to provide a guarantee of ongoing service with no interruptions.
- Scalability: Is your business growing or spreading out? Will you need to add additional branches/locations down the track? Look for a vendor that offers painless scalability.
- Existing Infrastructure: Are you looking to replace your existing SDWAN, or starting from scratch. Do you need a hybrid solution to integrate with your existing MPLS?
- Control: Do you require a tool that provides visibility and extensive control? Are you more hands off and looking for something that automates itself? Or will you use some IT managed services to handle it for you?
To sum up, SDWAN is a very technical and often confusing topic that can take some time to fully grasp. And that’s totally okay. Ultimately, it’s a networking solution for your business, whether you have multiple locations or simply require bundled Internet connectivity to optimise your connections and performance.
With multiple products and factors to choose from, it’s not something to rush into, and it certainly doesn’t need to be considered as a replacement to MPLS (though it’s certainly a viable alternative for many). Some businesses choose to utilise both SDWAN and MPLS, and some will choose one over the other.
Whether you choose to go with Riverbed, or Cisco SDWAN, you’re always welcome to chat with us at Stanfield IT about how these products can serve your business. We’re well versed in SDWAN technology here, and will be more than happy to chat to you about your network needs and how you can go about improving your productivity at home and in the office.