SD-WAN applies software defined networking (SDN) to wide area network (WAN) connectors. Enterprises use SD-WAN to connect corporate networks and data centers over a large distance, connecting remote offices and employees to securely deliver applications and data.
Here are some of the key features you should look for in an SD-WAN solution:
Here are three key aspects of SD-WAN solutions you should carefully evaluate when selecting a vendor.
Distributed organizations typically use their own setup of WAN and LAN equipment, such as WAN routers, LAN switches, WAN optimization technology, firewalls, Wi-Fi controllers, and IP VPNs. All of this equipment is already deployed at certain locations.
SD-WAN technology can integrate with your existing WAN and LAN infrastructure. You can set this up by deploying another box with its own management interfaces. You can use either a server or an appliance, and deploy the box at your branch location. You will then be able to leverage SD-WAN technology to monitor your existing network equipment.
A strategic capability of SD-WAN is zero-touch deployment. This means the provisioning of services is fully automated—there is no need for extensive technical skills in edge locations to launch Internet or network services, and no need to dispatch on-site technicians.
With zero touch deployment, employees in a branch office simply need to unpack virtualized customer premise equipment (vCPE) or universal customer premise equipment (UCPE) and connect it to the Internet and MPLS. The CPE device automatically connects to the cloud to get it’s network configuration and complete the deployment.
SD-WAN solutions should provide a single pane of glass, enabling complete visibility of the SD-WAN connectivity status, quality of service (QoS) and resource allocation. This should include local usage and demand metrics, including connectivity to core networks, cloud infrastructure, and local branch networks.
The SD-WAN console should show detailed metrics like:
SD-WAN solutions should be able to globally deploy equipment and service configurations, such as WAN optimization, based on custom policies. They should enable full interconnectivity between the cloud and distributed locations.
The easiest and fastest solution is to extend the WAN to the public cloud, delivering SD-WAN gateways and WAN optimization in an automated, scalable, and secure manner.
Orchestration should also include SaaS applications, which may be affected by physical distance, backhaul, bandwidth congestion, or limitations of end-user equipment. The SD-WAN solution should fully manage SaaS applications, including local breakout, end-user monitoring, and latency remediation.
SD-WAN must be able to support the full range of enterprise applications, and directly support common protocols like HTTPS, MAPI, SQL, CIFS, NFS and SMB, for improved performance and end-to-end throughput management.
Despite the benefits of SD-WAN, connecting branch offices directly to the cloud significantly increases their security risk. Prior to SD-WAN remote office connections were backhauled to the corporate data center where they were protected using the corporate network security stack. With the advent of SD-WAN, cloud and Internet connections connected directly to the Internet expose WAN users to sophisticated attacks.
Firewall as a Service and Secure Access Service Edge (SASE) solutions have emerged to protect SD-WAN connections to cloud applications. To learn more about Check Point’s SASE solutions and how they can improve your organization’s WAN security, contact us. You’re also welcome to request a demonstration to see Check Point’s SASE solution in action.