SD-WAN solutions can:
- Significantly reduce the cost of hardware and services required to deploy WAN networks.
- Create secure Internet connections between end users and cloud-based applications or remote data centers.
- Provide virtualization functions that can improve security of Virtual Private Networks (VPN).
- Improve the quality and security of communication tools such as Voice over Internet Protocol (VoIP) and video conferencing.
SD-WAN solutions have the following key characteristics:
- Support for multiple WAN connectors
- Able to link SDN connectors and WAN connectors
- Support for VPNs, firewalls and web gateways
- Able to synchronize network communications between remote sites
Key Features of SD-WAN Solutions
Here are some of the key features you should look for in an SD-WAN solution:
- Automated provisioning—automates provisioning of network devices, preferably with a centralized controller that can quickly set up equipment for branch offices with zero touch deployment.
- Deployment and monitoring—provides one interface for WAN deployment, management and monitoring, across all components, including network, traffic management, security and policies.
- Improved performance and reliability—prioritizes business-critical applications, improving their performance by steering traffic and finding the optimal network path. Application-aware SD-WAN solutions can enable branch offices to connect directly to the Internet when serving low-latency applications. It can also automatically fail over to the best WAN link available, ensuring reliable connectivity.
- Policy management—provides a central management console that covers all common policies, including security and application filtering, for a large number of devices across multiple regional sites.
- Flexible connection options—enables efficient routing of traffic over multiple channels including existing MPLS lines, public Internet over LTE, and broadband. This provides more flexibility in network management, and allows the enterprise to leverage lower-cost connectivity options.
- Security capabilities—provides centralized visibility and control, as well as integrated security features like next generation firewall (NGFW), web filtering, IPS (Intrusion Prevention System), sandboxing and HTTPS inspection.
How to Choose the Right SD-WAN Provider
Here are three key aspects of SD-WAN solutions you should carefully evaluate when selecting a vendor.
Reviewing the WAN/LAN Branch Architecture
Distributed organizations typically use their own setup of WAN and LAN equipment, such as WAN routers, LAN switches, WAN optimization technology, firewalls, Wi-Fi controllers, and IP VPNs. All of this equipment is already deployed at certain locations.
SD-WAN technology can integrate with your existing WAN and LAN infrastructure. You can set this up by deploying another box with its own management interfaces. You can use either a server or an appliance, and deploy the box at your branch location. You will then be able to leverage SD-WAN technology to monitor your existing network equipment.
1. Zero Touch Deployment
A strategic capability of SD-WAN is zero-touch deployment. This means the provisioning of services is fully automated—there is no need for extensive technical skills in edge locations to launch Internet or network services, and no need to dispatch on-site technicians.
With zero touch deployment, employees in a branch office simply need to unpack virtualized customer premise equipment (vCPE) or universal customer premise equipment (UCPE) and connect it to the Internet and MPLS. The CPE device automatically connects to the cloud to get it’s network configuration and complete the deployment.
2. Centralized Visibility and Management
SD-WAN solutions should provide a single pane of glass, enabling complete visibility of the SD-WAN connectivity status, quality of service (QoS) and resource allocation. This should include local usage and demand metrics, including connectivity to core networks, cloud infrastructure, and local branch networks.
The SD-WAN console should show detailed metrics like:
- Network egress from specific branch office
- Applications that use the most Internet bandwidth
- QoS of business critical applications
- Real time performance of each WAN link
3. Global Orchestration
SD-WAN solutions should be able to globally deploy equipment and service configurations, such as WAN optimization, based on custom policies. They should enable full interconnectivity between the cloud and distributed locations.
The easiest and fastest solution is to extend the WAN to the public cloud, delivering SD-WAN gateways and WAN optimization in an automated, scalable, and secure manner.
Orchestration should also include SaaS applications, which may be affected by physical distance, backhaul, bandwidth congestion, or limitations of end-user equipment. The SD-WAN solution should fully manage SaaS applications, including local breakout, end-user monitoring, and latency remediation.
SD-WAN must be able to support the full range of enterprise applications, and directly support common protocols like HTTPS, MAPI, SQL, CIFS, NFS and SMB, for improved performance and end-to-end throughput management.
SD-WAN with Check Point
Despite the benefits of SD-WAN, connecting branch offices directly to the cloud significantly increases their security risk. Prior to SD-WAN remote office connections were backhauled to the corporate data center where they were protected using the corporate network security stack. With the advent of SD-WAN, cloud and Internet connections connected directly to the Internet expose WAN users to sophisticated attacks.
Firewall as a Service and Secure Access Service Edge (SASE) solutions have emerged to protect SD-WAN connections to cloud applications. To learn more about Check Point’s SASE solutions and how they can improve your organization’s WAN security, contact us. You’re also welcome to request a demonstration to see Check Point’s SASE solution in action.
Feedback