Considerations for Integrating Access to the Internet

In addition to these basic questions, enterprises will want to understand how the Internet integrates with the SD-WAN. Is there a need for a simple circuit failover while maintaining the same IP address? Sites that have traditionally had a single Internet connection may have trouble integrating a second circuit from a different ISP, which can cause trouble with security and long-duration sessions, such as voice and video conferencing.

MPLS Replacement or Enhancement?

Depending on the customer, an organization may want to implement the SD-WAN environment to complement an existing MPLS network or to completely replace it. To design an SD-WAN environment that is secure, delivers high performance, and can quickly adjust to fit changing business needs, enterprises and providers alike should consider some key factors:

• Complementing an MPLS network with SD-WAN can add redundancy to the environment, which improves uptime and prevents against costly outages
• Replacing MPLS with SD-WAN is also a common practice to increase scalability and agility, and can be easily implemented because the SD-WAN uses similar topology and routing rules as the MPLS network
• In some cases, an enterprise can use the SD-WAN for private network functionality as opposed to the MPLS network

The Security Architecture Is Integral

The security policies and architecture team should be integral to the decision process. The more complex the objectives, the more security must be integrated up front. Entire network designs have been invalidated when security is included as an afterthought. Typical security considerations include:

• Where will internet access be allowed, and what rules apply at each point?
• How is the existing security implementation changing, if at all?
• How are remote workers handled?
• What Extranet VPNs are required? What site(s) have VPNs to third parties?
• Do some devices require Un-Natted public addresses instead of RFC-1918 addresses?

Where Should the SD-WAN Center of Excellence Be Sourced—Internally or Externally?

One of the tougher questions to address when implementing an SD-WAN environment is whether or not to keep development internal or to outsource it, given that the LAN and WAN are integrated more deeply than ever before.

While SD-WAN simplifies some configuration steps, it introduces substantially more complexity, requiring experienced SD-WAN engineers to deliver a more sophisticated implementation fully and correctly. Like security engineers, SD-WAN engineers are expensive and difficult to retain. In addition, SD-WAN environments rely on hardware and software that require regular maintenance, upgrades, and troubleshooting, as well as interoperability with the rest of the environment. Organizations need to consider whether they are committed enough to build and maintain a sophisticated and highly skilled in-house staff to operate the SD-WAN or, alternatively, bring in a reputable managed solutions provider (MSP) who can manage your environment through an experienced team of experts. Very often, these organizations offer a range of network-related services, around-the-clock support, and reporting and analytics capabilities.

Know the Applications and the Computation Environment Well

One element of application performance depends on the proximity of an organization’s databases to its computation environment. Introducing too much latency between the two can have a detrimental effect on application performance and user experience. Consider the following to help determine an appropriate enterprise solution:

• Where is the computation for the mission-critical applications performed? On the desktop or in the cloud?
• What are the actual latency requirements between the data, the computation engine, and the user’s keyboard and monitor?
• Do applications get wrapped in some VPN native to the application or virtual desktop? This obscures the SD-WAN visibility into the application, and consequently treats all traffic in the VPN the same.