A Software-Defined Wide Area Network (SD-WAN) leverages software optimization to control how a network operates instead of the stereotypical hardware infrastructure that uses an “on or off” environment to direct traffic. SD-WAN software uses frame relay or Multiprotocol Label Switching (MPLS) to control communication across the network and connections between the organization locations and a data center supported by the internet service provider. The organization can still use existing hardware such as routers, switches, and remote infrastructure, but the software is the main component in controlling network traffic and security. It’s essentially a modern way to set up an enterprise network using secure connections to data centers and broadband links across many geolocated offices. Routing data is handled virtually using software for transport services instead of traditional routers with routing tables. Packets are given a label and a predetermined path when they are sent from a sender to a recipient to improve performance. SD-WAN technology makes cloud connectivity more flexible, convenient, and secure.
How an SD-WAN Works
Traditionally, routers were used to direct traffic across the Internet, and they are still prevalent today. When you send communication over the Internet, data is sent to a central location where the packets are analyzed and routed. Router tables are vast resources that create a bottleneck during data transmission. A lookup for the fastest path is performed and dynamically created. Enterprises leveraging SD-WAN first configure data center resources. The data center holds the physical hardware, and the many buildings where employees are located connect to the data center using an SD-WAN connection. Because an SD-WAN is a software-based networking system, administrators control every configuration from a centralized dashboard offered by the cloud provider.
In an SD-WAN environment, data is labeled with a predetermined path attached to the packet. This eliminates the inefficiency of sending packets to a central location where the path is dynamically determined. Instead of using a central office to determine the way packets are routed, an SD-WAN relies on the application. Distributing control of traffic to each application improves data transfer speeds. For large enterprise networks, data speeds are crucial for customer satisfaction and employee productivity.
Instead of using IP addresses and traditional routers, an SD-WAN uses real-time information to determine the optimal path for network traffic. In a simple WAN architecture, routers use the TCP/IP protocol and access controls to determine the direction of traffic, but an SD-WAN analyzes data and uses software-based configurations to transmit data more efficiently. By using software, data takes the optimum path to get to its intended recipient.
Why SD-WAN is Important
As more businesses integrate cloud computing into their architecture, they must maintain performance during migration. It’s also just as important to have the infrastructure that supports business applications. Leveraging the latest technology like SD-WANs keeps businesses current and helps them avoid supporting antiquated legacy architecture.
SD-WAN integrates well with cloud platforms, which is its primary benefit over WAN technology. For instance, Salesforce is commonly used in sales departments, but it’s a large project for organizations to set it up to work with local resources. SD-WAN technology works well with SaaS (Software as a Service) and PaaS (Platform as a Service) providers. It integrates well with Salesforce, Office 365, Dropbox, and other widely-used platforms.
WAN vs. SD-WAN
A central component in good network communication is quality of service (QoS). QoS determines the overall performance of the network. Performance is a primary factor in the quality of web services. For example, QoS should be optimal in voice data communications on a cloud computing network or a telecom. Instead of relying on hardware infrastructure, QoS relies on real-time data analysis and traffic monitoring to instruct routers and switches where to send data.
An SD-WAN focuses on QoS, and since QoS uses real-time monitoring to control traffic, it can react faster and more efficiently than a traditional WAN. A conventional WAN uses an “on or off” event to determine the direction of communication data, which works well but does not give the same performance benefits.
What is the Difference?
Most IT professionals are familiar with the traditional Wide Area Network (WAN) setup. The Internet itself is one large WAN where data travels first to an Internet Service Provider (ISP) and then to a target location that could be across the globe. A traditional WAN is just multiple Local Area Network (LAN) connections across different geolocations. It could be two separate buildings across the street from each other or two offices in different states. The connections are made using routers and switching that prioritizes traffic.
An SD-WAN setup has some of the features of a traditional WAN, but the following features are unique to SD-WAN architecture:
- Agnostic to switching protocols. Instead of worrying about the switching protocol used to route traffic, SD-WAN architecture relies on the application to assign a path to data.
- Load balance across each location. Administrators can specify where applications will run and share resource usage across data centers.
- Reduces complexity. Using an SD-WAN, administrators no longer need to worry about adding complexity to a WAN. Professionals can more easily understand the settings and configurations required to set up the network.
- Security and VPN technology. Although a WAN can also be secure, an SD-WAN can be more easily set up with VPN to encrypt and protect data sent across the network.
MPLS vs. SD-WAN
- Although an SD-WAN might utilize MPLS technology, it’s a different strategy for network design and optimization. MPLS is an older technology that you might still implement in some environments, but SD-WAN implementations have proven to be more cost-effective for organizations, especially those with several hosted resources.
- The connection between the data center and the organization’s on-premises infrastructure is much more secure with an SD-WAN because it uses real-time data to analyze traffic. This real-time analysis can be used to detect malicious anomalies that could lead to a data breach or eavesdropping. Even if an SD-WAN had better cybersecurity than MPLS, experts recommend that the organization implement added intrusion detection and prevention measures.
SD-WAN vs. VPN
- A virtual private network (VPN) also brings security between the organization’s on-premises infrastructure and the data center, but it serves a different purpose than an SD-WAN. An SD-WAN optimizes routing traffic across transport infrastructure (e.g., routers) so that network performance always returns high-speed data transfers. An SD-WAN is always on, and it’s configured to keep the organization connected to the data center.
- A VPN, however, protects data communication by tunneling traffic from one location to another. Some compliance regulations require VPN for remote connections to protect data. When an administrator connects to a server in the data center, a VPN connection will ensure that the data is secured. A VPN wraps data into an encrypted package and sends it along a secured path. The organization could use a third-party provider for VPN or use a connection offered by the data center hosting provider.
- For organizations that work with extremely sensitive data such as financial account numbers or patient records, both an SD-WAN and VPN connection add to data security. The SD-WAN is used for basic connections to applications hosted in the cloud, but a VPN adds security to sensitive administrative connections. For example, a VPN is used when administrators connect to a database server hosting patient data to ensure the security of the connection to prevent eavesdropping and credential theft.
- An SD-WAN is considered a next generation VPN alternative. It provides a more convenient way for users to connect to internal cloud applications, but it offers administrators additional tools and resources to better secure the network. A VPN limits the way an administrator can secure remote connections, but an SD-WAN gives administrators more granular control of data access and visibility.
Do I Need an SD-WAN?
An SD-WAN is common in a data center environment. If you use a data center to house applications and data, you may already use an SD-WAN unknowingly. Because an SD-WAN is software-based, it runs “on top” of the existing hardware network. It’s used in data centers to give customers control over their environment using a centralized controller.
If you want to build an on-premises network and wonder if you need an SD-WAN, here are a few reasons to implement the technology:
- Your network needs better performance, and more hardware is not the answer.
- You rely on cloud resources, and you are vulnerable to internet outages.
- The current network infrastructure doesn’t efficiently use resources, and it’s not cost-effective.
- Installation of new resources is slow and requires too many manhours.
What are the Benefits of an SD-WAN?
Better performance and flexibility aren’t the only two benefits of using SD-WAN technology. Most organizations convert their environment to an SD-WAN to lower IT costs and improve resources. Configuring an SD-WAN can be a learning curve for IT professionals accustomed to traditional WAN resources. Still, once it’s deployed, the resources can be much easier to manage, especially if the physical hardware is remotely stored in a data center. Using an SD-WAN over traditional WAN technology has several other benefits. A few of these are:
- Prioritize traffic. With a traditional WAN, all traffic is considered the same, but it’s isolated from other traffic to prevent packet loss. Usually, certain network traffic is more critical than other applications. For instance, voice calls should be a priority over general traffic. Prioritizing traffic gives speed and bandwidth to more critical applications.
- Security. MPLS connections are secure by keeping traffic private from other data, but SD-WAN technology incorporates VPN into data transfers. VPN security is much more reliable and can be easily configured with the current infrastructure.
- Scalability. WAN technology is older and much less manageable when scalability becomes an issue. SD-WAN is much easier to scale and configure when adding new offices.
- Cheaper IT costs. MPLS technology is expensive, and SD-WAN lets businesses use cheaper fiber, cable, or DSL connectivity.
- No single point of failure. Instead of using a single-point connection with MPLS, SD-WAN gives administrators the option to use multiple links across locations. A dual-link connection can be used as a failover if one fails. Improve network performance but reduce the cost of network resources. Since an SD-WAN is usually configured in a data center, the organization no longer needs to house expensive equipment and install additional hardware.
- Centralize management from one administrator location instead of remotely accessing each individual component to configure it.
- Better visibility across the entire enterprise network is beneficial for large environments where segments are located worldwide.
- Provide improved connectivity and performance for all locations, offices, and satellite sites that need network access.
A true cloud-connected enterprise should have multiple locations to support users at different geolocations. SD-WAN technology makes it much more convenient and scalable for an organization to quickly add a remote office and keep it secure from eavesdropping.
When Should an SD-WAN Be Used?
Adding an extra office or cloud location is the first step in considering an SD-WAN. There are several scenarios when an SD-WAN would be more beneficial compared to traditional WAN technology.
Because you can prioritize traffic, an SD-WAN is beneficial when several applications take large amounts of bandwidth. With an SD-WAN, the administrator can set the path data will take as it travels across circuits. Voice and media could take the path using one circuit, and then internal applications could be given a lower priority and routed across another circuit. With multiple circuits, high-bandwidth applications can be routed over circuits with more capacity compared to other circuits.
Some organizations work with cloud data centers to host applications and data. An SD-WAN is much more easily configured to work with cloud locations versus a WAN. Any time you use a cloud location, an SD-WAN should always be the solution. Traditional WAN technology is better for connections across offices close in proximity.
Any time an organization shares sensitive data from one location to several satellite offices, an SD-WAN can be configured to work with a VPN. VPN is a more secure method of data transfer across circuits, especially the Internet.
Traditional WAN connections can be expensive. An organization can cut costs by switching to SD-WAN, but many don't want to make significant changes with existing connections. Organizations can set up a hybrid system where traditional MPLS circuits stay active, but any new office connections work with SD-WAN technology. SD-WAN can also be used as a failover across all connections.
What Does SD-WAN Have to Do with SDN?
Shopping for networking technology, administrators will run into the term Software-Defined Network (SDN). Although it might seem like the two technologies are similar, they are distinct in what they do for an organization. SDN is a technology used in local area network (LAN) management, while SD-WAN is used for managing network resources across multiple sites and the technology used to connect them.
SDN networks can also prioritize traffic and let administrators control configurations from a central location. The primary difference is that control and prioritization are configured for a LAN rather than a WAN. SDN networks will still use traditional routing and infrastructure and can be added to existing network environments where WAN or SD-WANs are set up.
What Can Happen with Inadequate SD-WAN Security?
Organizations that go with an SD-WAN for infrastructure must include a plan for cybersecurity. Assuming an SD-WAN is inherently secure without following the right cybersecurity protocols could lead to an unforeseen data breach. Although an SD-WAN can be secure, it can add risks if the infrastructure is not configured with cybersecurity in mind. Inadequate SD-WAN security is one major issue when organizations are new to the way the infrastructure should be configured.
An SD-WAN is typically implemented to support remote workers, and securing multiple locations in the cloud requires experts to ensure that security is optimized. A few issues an organization could face include:
- Lack of a well-defined parameter: With remote employees, the internal network perimeter is no longer a standard. The perimeter must be opened to cloud-connected employees but block external attackers. This puts more pressure on IT to properly configure and secure the SD-WAN.
- Failure of trust: Traditionally, any internal employee was implicitly trusted. With remote workers, the organization must change the way authorization and access are set up to assume no trust and provide access to users based on the standard of least privilege.
- Additional complexity: For administrators unfamiliar with an SD-WAN, they must be trained to configure and secure the new environment. Without knowing the many ways an attacker can exploit an SD-WAN environment, configurations could open vulnerabilities and leave the network insecure.
Why SD-WAN Needs a Software-Defined Perimeter
Increasing security is one of the primary benefits that organizations are looking for when they adopt a Software Defined WAN (SD-WAN).
With Proofpoint cloud app security solutions, you can detect, investigate, and defend against cybercriminals accessing your sensitive data and trusted accounts.