SD-WAN is dead? Of course the answer is no

2022.09.01
SD-WAN is dead? Of course the answer is no
Does SD-WAN exist as a discarded and forgotten networking technology in the SASE world, or can it continue to play an important role? Let's find out.

​At first glance, everyone must be shocked by this title. Just last year, this title was also used to describe SDN, and SD-WAN is one of the evidences for the continuation of the SDN concept.

Once upon a time, we were still celebrating the introduction of SD-WAN technology, expecting this new favorite network to help us get rid of the shackles of traditional MPLS services, but just when we started trying to deploy SD-WAN, another newer, safer and faster The deployed technology emerged - SASE. Does SD-WAN exist as a discarded and forgotten networking technology in the SASE world, or can it continue to play an important role? Let's find out.

SD-WAN: The Early Years

The birth of SD-WAN taught enterprises how to move from the era of MPLS into a new network world. In the era of MPLS, users worked in the office and resources were in the data center. However, over time, MPLS gradually fell out of tune with this rapidly evolving Internet world. 

SD-WAN solves these problems, and enterprises can take advantage of Internet connectivity to overcome the limitations of MPLS. More specifically, this means: 

  • More capacity to improve application performance
  • Lower cost, reduces network costs by using Internet access instead of expensive MPLS 
  • Greater flexibility, increasing bandwidth flexibility by aggregating last-mile Internet connections
  • Higher availability, improved last mile availability
  • Faster deployments with deployment connectivity in days

SD-WAN: Early Deployment

But later, the online world changed again, resources were transferred to the cloud, and the outbreak of the epidemic made the office no longer the focus of work, and it was no longer enough to solve the field-to-field communication challenges. Businesses need a way to get advanced security wherever resources live (in the cloud or private data center) and wherever users work (office, home, or on the road), and do so without compromising performance. to all of this. But all of these capabilities are outside the scope of SD-WAN, which makes many scenarios challenging:

 remote work

SD-WAN lacks support for remote access. But due to the impact of the pandemic, secure remote access is an important pillar of business continuity.picture

cloud ready

SD-WAN is limited in its ability to be cloud-ready. As an appliance-based architecture, SD-WAN requires management and integration of proprietary appliances to connect to the cloud.picture

Global performance

SD-WAN may perform well within a region, but the global internet is too unpredictable for businesses. That's why all SD-WAN players are encouraging enterprises to use third-party backbones for global connectivity. But this approach increases deployment complexity and cost, and does not provide performance optimizations.

picture

Advanced Security

SD-WAN lacks the security needed to protect branch offices—next-generation firewalls (NGFWs), intrusion prevention systems (IPS), secure web gateways (SWGs), anti-malware, and more, none of which SD-WANs provide. Additional equipment and services required to provide these capabilities can add cost and complexity to SD-WAN deployments.

picture

SD-WAN: Advanced mid-term

So, SD-WAN is not perfect, but you may have such doubts, why don't I deploy SWG or Security Service Edge (SSE) solution in addition, but the result of this is that it is difficult for the network to manage it uniformly , resulting in more problems. 

Not really zero touch

SD-WAN claims to offer zero-touch provisioning, but the reality is quite different. Without the necessary security features, SD-WAN deployment becomes more complex, requiring additional evaluation, purchase, delivery, installation, and integration of security equipment. 

Difficult to achieve high availability

Since SD-WAN relies on Internet connectivity, high availability is one of its must-haves, but it is difficult to achieve high availability when managing multiple services at the same time. There is no auto-configured elastic connectivity between devices or services, and no associated dynamic failover, which requires enterprises to install backup devices and additional runtime to test failover scenarios.

 limited visibility

Fragmenting data across multiple networks and security systems means users don't have a complete view of their network, making it difficult to spot new cyber threats. Data is hidden in multiple device logs, making troubleshooting more difficult.

 Relying on SSE products or cloud security services is not a complete solution. Deployment is still an issue as there is no automatic traffic routing and tunnel creation between the SD-WAN appliance and the cloud security PoP. The security infrastructure is also unable to use and share security policies between SD-WAN and cloud security vendors. Operationally, SD-WAN appliances and cloud services are still different, making troubleshooting more challenging.

SD-WAN: It's not dead, it's just part of a bigger family

So, is SD-WAN dead? The answer is of course no. SD-WAN remains an important tool for building enterprise networks, but it also has limitations that need to be addressed, such as security and deployment constraints.

 SD-WAN uses a virtualized network overlay to connect and remotely manage branch offices. While SD-WAN can connect to the cloud, it is not built with the cloud in mind, the focus is on connecting these branch offices back to a central private network.

 SASE puts the cloud at the center, focusing on connecting individual endpoints, whether branch offices, individual users, or individual devices, to a centralized cloud. Secure and connect your entire enterprise with one network, making deployment easier, visibility improved, and security more consistent.

 SASE is just the first step in a WAN transformation journey. The difference between SD-WAN and SASE is the infrastructure. SASE's infrastructure is an edge data center, PoP point or cloud that acts as an endpoint, which is also where all networking, optimization and security functions run and are controlled. And these functions in SD-WAN run in the branch and headquarters box. For SD-WAN, SASE makes SD-WAN more secure and controllable. For SASE, SD-WAN makes SASE connections more reliable. The two complement each other and combine with each other to achieve the best performance.