‘Software Defined’ networking (SDN) has been capturing headlines and marketing dollars throughout 2014 and 2015 but I have struggled to see the ROI for most enterprise organisations until late last year when I was introduced to a technology labelled SD-WAN.
SD-WAN is an overlay technology that allows enterprises to flexibly and securely connect users to applications via the most cost efficient source of connectivity available. This enables enterprises to augment or replace MPLS networks with secured broadband Internet connectivity.
The SD-WAN ROI targets the OPEX enterprises spend on the Telco provided MPLS links that currently provide WAN transmission services by delivering a secure, controlled and optimised overlay across much lower cost enterprise grade internet links.
According to Gartner in 2014, on average enterprise IT spent 9% of its budget on the data network and more than three quarters of that expenditure went on transmission and personnel. SD-WAN provides savings in both these key areas.
Internet bandwidth is a fraction of MPLS costs. We were quoted a 25Mbps MPLS Sydney metro service costs for $1,650 per month (on a 36month contract) and an Enterprise quality VDSL 80 Mbps service for $120 per month (on a 12-month contract). Put another way the VDSL service is about $1.50 per megabit; MPLS is $66 per megabit. OK, so there are savings to be made but let’s face it, enterprises invest in MPLS technology over internet based VPN connections for a number of strong reasons, namely performance, security and availability.
ICT Networks has been running a POC of the Unity Edge Connect offering from Silver Peak for the last few months. The exciting opportunity provided by this technology is that it addresses each one of MPLS’ values to the enterprise but at significantly lower costs. Let’s have a look at how:
Performance: The Silver Peak solution delivers 3 key technologies to overcome the adverse effects of dropped and out of sequence packets that are common to broadband Internet connections. Adaptive Forward Error Correction reconstitutes lost packets at the far end of a WAN link, avoiding delays that come with multiple round-trip retransmissions. Real-Time Packet Order Correction re-sequences packets across all IP flows on the far end of a WAN link to avoid retransmissions that occur when packets arrive out of order. Finally, Dynamic Path Control provides real-time traffic steering and load balancing over multiple broadband and/or MPLS link based on company-defined business intent policies.
Security: Of vital importance to all enterprises, the Silver Peak solution secures broadband WANs edge-to-edge with multiple security features. Firstly, all WAN traffic is secured by 256-bit AES encryption while in-flight across the SD-WAN overlay fabric. Secondly a feature called WAN Hardening enables enterprises to deploy Unity EdgeConnect appliances directly onto the Internet. No unauthorised outside traffic is allowed to enter the branch. If a packet is not in the Silver Peak encrypted tunnel it is denied access and immediately dropped. With WAN hardening there also is a reduced need to add additional routers and firewalls at the branch, which helps eliminate appliance sprawl and the high costs of deploying and managing dedicated firewalls.
Availability: An SD-WAN solution requires redundancy in the local access to match (or exceed) the uptime you would expect from an MPLS circuit. One of the most impressive features of an SD-WAN fabric overlay is its ability to provide a service over any and all links, regardless of whether they are Internet, 3G/4G or MPLS and not have to worry about complex routing protocols such as BGP. In a dedicated broadband solution, you could utilise the Dynamic Path control feature to load balance across two diverse Internet services or use an Internet service as a prime with a 3G/4G backup. Many organisations are initially installing SD-WAN to augment their existing MPLS service, adding broadband rather than paying for expensive upgrades or making use of their existing back-up broadband links.
So what about personnel costs? SD-WAN’s policy based automation and centralised management tools radically reduce the costs of rolling out new sites, new policies and adds, moves and changes to the WAN.
Contact ICT Networks to arrange a Proof of Concept. You will be impressed with the returns.