There are a number of key SD-WAN features evolving, each more efficient and secure than the last one. Increased efficiencies make the lives of IT teams easier. However, many of these automated features go untapped. In some instances, the vendor falls short when it comes to educating IT executives as to the full functionality of the SD-WAN platform.
Other times, impasses between security and networking teams prevent organisations from activating certain features. A common one is a next-generation firewall that often comes with an SD-WAN device. Of course, many networking professionals have their tried and true methods and procedures.
12 Key SD-WAN Features
When it comes to trying new ways, like zero-touch provisioning, for example, they often resist. Regardless, companies should consider all the key SD-WAN features and the various benefits which are listed below.
1. Zero-touch Provisioning
Typically, the process for deploying branch office networking equipment involves bringing the physical devices to a staging area. There, technicians configure, test, and then ship it to the branch. There, a network specialist sets it up. For organizations that deploy hundreds of SD-WAN devices, sometimes across multiple geographic locations, this takes a long time and many man-hours.
Zero-touch provisioning is a standard feature on most SD-WAN devices. It automatically configures a device right out of the box. All you need is an internet connection so the device can connect and then auto-configure quickly, efficiently, and in a standardized manner. This happens through the use of predefined templates.
2. Encryption Key Rotation
Encryption keys need to be rotated on a regular schedule, usually every 90 days. This is a tedious manual process that involves set change control policies and often requires scheduled downtime. Encryption keys are often essential for companies that work with the federal government in the fields of aerospace and defence. Just about all businesses must adhere to PCI compliance requirements, which also calls for encryption key rotation.
SD-WAN platforms replace traditional, manual VPN key rotations with an automated system. You can program this system to make rotations every minute, and it won’t interrupt the data plane traffic. As a result, your company has better security, no downtime (as compared to VPNs), and no need for manual resources.
3. Multiplexed VPNs
Sometimes, companies prefer to keep different types of traffic separated from one another. After a merger, for example, the joined companies may wish to continue operating separately. Or, security and compliance requirements may require networks to remain independent.
When the company upgrades to SD-WAN, the logical option would seem to be purchasing multiple sets of hardware. However, SD-WAN technology can handle multiple virtual routing and forwarding (VRF) and VPN links, which it can multiplex with one overlay. Previous VPN technologies could not perform these functions.
With SD-WAN technology, you can create up to 16 virtual VPNs, which all run on the same WAN links. For more complex organizations with many business units, you can isolate traffic by setting basic policies.
4. Application-aware Routing
SD-WAN products can inspect traffic all the way up to Layer 7 and apply granular routing policies for select applications. Instead of blocking traffic on a specific port, you can use an application firewall to accept traffic on that port (layer 4) while blocking any traffic with an identifiable vulnerability un higher layers. One example would be a malicious telnet command or a SQL injection attack.
Some SD-WAN devices can identify over 3,000 different applications. Further, they recognize the performance requirements of each app. Companies can use this feature to optimize telecom costs at a very granular level. The devices consistently monitor latency, jitter, delay, and other characteristics that sensitive applications have. The monitoring is in real-time, so the device can shift applications to the best, most efficient transport method that stays within performance thresholds.
The application-aware routing feature isn’t used as well or as often as it could be. This may be because Layer 7 traffic inspection comes with some performance overhead. It requires companies to spend time defining policies for each app. However, application-aware routing does provide performance and cost benefits overall.
5. Programmatic APIs
APIs help organizations configure and automate functionality through the entire SD-WAN lifecycle. This is yet another underappreciated feature, though IT executives are beginning to understand that APIs can help their companies control their networks in new ways.
With APIs, you can automate and customize the SD-WAN gear’s configuration. You can then scale those configurations at any time. You can also automate the trouble ticket process so that it gathers performance data for real-time traffic optimization as well as long-term monitoring and infrastructure management.
Thus, companies can set it up so that their SD-WAN infrastructure automatically collects data, which is helpful when viewing audit logs, managing user groups, conducting real-time monitoring, collecting device inventories, and troubleshooting devices.
6. Optimized Cloud Connectivity
One of SD-WAN’s most substantial benefits is cloud breakout, which is the ability to connect branch office traffic to the cloud instead of back to the data centre. However, many network administrators can’t monitor network performance between the end-user and cloud Software-As-A-Service (SaaS) applications. Where available, network administrators can use programmatic APIs to measure the performance of SaaS applications or IaaS services from Microsoft Azure and Amazon Web Services.
When using IaaS, one can configure a virtual instance of the SD-WAN router within the cloud service provider’s domain. From there, it measures the app’s performance, giving administrators a view into the application’s performance like they never could before.
With SaaS, the SD-WAN device connects to the nearest SaaS point of presence. It makes real-time decisions, choosing the best path. In some cases, end-users have seen performance improve as much as 40% when it comes to standard productivity apps like Office 365 that traverse the public internet.
7. Data Analytics
Yet another hidden gem of SD-WAN systems is the power to use data analytics as a troubleshooting tool for network performance issues. You can also use the same analytics feature to execute long-range network capacity planning.
Whether you handle your network yourself or have a managed service, you have a wealth of traffic data available to you that details your end-to-end WAN connection. Using analytics removes the speculating and finger-pointing between parties like the enterprise customer, the IPS, the cloud services provider, the last-mile provider, and so on.
8. End-to-end Micro-segmentation
Micro-segmentation is gaining popularity as an approach for securing applications running in cloud environments and data centres. It works by isolating workloads based on policy. As a result, micro-segmentation gives organizations more control over east-west traffic. If a breach should occur, micro-segmentation will limit a hacker’s possible lateral movement.
The popularity and development of software overlays like SDN and NFV have opened the door for micro-segmentation. Thus, it makes sense that it has become a feature found in SD-WAN overlays. So, if a branch node fell under attack, a central policy server could immediately and automatically take action to quarantine the branch, sealing it off from the rest of the network.
9. Service Chaining
Before, branch office traffic was routed back to the data centre through secure MPLS links. At the time, there wasn’t a need for additional security networking and other functionality in the branch. Now, however, branch offices connect directly to the Internet. So, organizations are finding themselves with several branch office devices like firewalls, to include intrusion prevention systems and NAT boxes.
Service chaining allows companies to minimize extraneous branch office traffic. Organizations like yours can create a chain of connected network services. You can then automate the way the system treats various types of traffic flows, depending on your traffic requirements for latency, security, or QoS.
10. Fixed Wireless Connectivity
While this next one is not a feature specific to SD-WAN, enterprises setting up branch office links should go with fixed wireless. This is beneficial if your priority is speed to deployment. If your company has a smaller regional footprint, you can order WAN links from the incumbent ISP.
However, organizations in rural locations do not often have traditional broadband. Other companies need to connect SD-WAN to a new retail location or pop-up storefront quickly. In these cases, fixed wireless is the best option.
Some of the earlier SD-WAN deployments provided basic connectivity and cost savings to companies. Today’s SD-WAN is a more powerful platform that offers network automation, which in turn supports digital transformation. Deploying these underutilized features can help IT organizations customize their WAN to meet business needs.
11. Next-generation Security
With all these evolutions such as migrating to the cloud, utilizing SaaS applications, deploying Wi-Fi, and instituting bring-your-own-device to work policies, companies are finding that networks more and more challenging to secure. To counter this, companies and security vendors must adopt an approach that encompasses the entire infrastructure.
Here, SD-WAN plays a vital role in next-generation security. Each SD-WAN-enabled branch with Internet access expands that network’s attack surface. Thus, an enterprise must select a security solution that offers protection beyond the data centre. It should integrate security architecture, effectively enabling centralized visibility and control.
Your organization should seek a solution that has multiple security features. It should include an IPSec VPN solution that spans multiple locations, integrated NGFW, Web-Filtering, IPS, and high-speed SSL inspection performance.
12. Flexible Connection Options
An SD-WAN enables a network to route traffic over multiple channels. Those channels include existing MPLS circuits as well as the Internet through broadband and LTE. The result is a highly efficient way of managing both WAN connectivity and overhead. You’re able to leverage more flexible and lower-cost broadband options.
Thankfully companies realize that they should explore the many underappreciated functions of SD-WAN, from encryption key rotation to service chaining to fixed wireless connections. Doing so would secure their local LAN as well as support the direct connections to online resources.
Today’s organizations should and are looking beyond the basic features, exploring the many options that come with an SD-WAN solution. Those options bring more efficient operation, more automated functions, effective data gathering, and more reliable network security, among other things.
Fortunately, the 12 benefits listed in this article may just lead you to the solution that best meets your digital transformation requirements and possibly even lowers the total cost of ownership in the process. Please get in touch to discuss your networking requirements in more detail. We offer a completely free consultation with one of our technology experts to fully go over your precise needs.