We’ve worked with several of our customers recently on WAN refreshes. Some are looking to embrace SD-WAN. Others are just looking to replace EOL gear. And some are looking to dip a toe into the SD-WAN world.
All of the major network manufacturers have integrated SD-WAN into their offerings – see the likes of Cisco DNA Center, Cisco Meraki, Aruba Networks, Fortinet Secure SD-WAN, and even VMware with their VeloCloud offering. Needless to say, familiarizing yourself with the benefits of the platform with help align you decision making process with the marketplace.
If you’re looking at your next-generation WAN, but not sure where to start, here are few things to consider.
Standardize Your Branches
One of the major benefits of SD-WAN is far less manual configuration of devices. Instead of manually crafting configurations for each device in your network, the controller orchestrates all of the hard work. Most SD-WAN solutions do this based on a template. If you end up with a template for each individual site, you’re not much better off than doing the configurations manually!
To realize this benefit of SD-WAN, standardizing your branch networks is crucial.
For example, one customer may have 3 types of sites -bronze, silver, and gold (or small/medium/large). Each one has different connectivity requirements, bandwidth requirements, and HA SLA’s. Identifying the few (ideally, 4 or fewer) types of sites and classifying each one is an important first step. Once determined, these templates will make the deployment easier to execute, troubleshoot, and maintain.
Any time you can standardize your exceptions, that is less one-off configuration to produce. Ultimately, standardization minimizes risk and drives efficiency.
This also includes standardizing your IP scheme. If you’ve always wanted to move from the 172.16/21 space into another part of RFC1918, now is your chance. Come up with a plan and decide when to migrate: now or during the implementation (both have their pros and cons).
Identify Business Critical Apps
Every SD-WAN solution provides insight on your WAN traffic. Most provide some type of optimization or traffic-steering as well. Knowing your traffic profile and what applications make the business run is crucial. This should be more than just prioritizing voice and video. The better defined these applications are, the more valuable the analytics and traffic optimization features will be.
Often times, the network team may have this already defined, but we also recommend spending some time with your users. During this conversation, you should be asking and observing how they use the network and systems at your business. You may be surprised at how this has changed over the past few years.
Consider the Cloud
Most traditional enterprise WANs brought all user traffic to the data center and used the security stack on the internet edge to inspect traffic. Other businesses have already had traffic egress at the branch and are already embracing this model.
As workloads move to the cloud, consider what types of workloads your business is using and the traffic pattern to reach them. It may make sense to have an SD-WAN hub and spoke with one of the hubs located in the cloud or adjacent to the cloud. This can provide secure, low-latency traffic to a VPC or VNET. Additionally, embracing local internet egress often lowers latency and improves performance to SaaS applications.
We visited some basics of networking design in Azure previously. Feel free to pay it a visit to expand the conversation.
Security in today’s IT world is everybody’s responsibility. With threats constantly evolving, it’s important for a network engineer to understand any change in the security posture, traffic flows, and the right ways to protect that traffic. If internet traffic is leaving the branch directly for the first time, the security stack may need to extend into the branch, and your security tools need to be updated.
In a software-defined-world, security integrations and enablement can easily become a tangled web. Considerations on how this future alignment impacts things like your Network Access Control strategy and deployment, Identity Management and End User Access.
If you’re looking at a hardware refresh for EOL equipment, but not ready to bite off a full SD-WAN implementation, consider investing in hardware that will support SD-WAN in future. Most vendors are selling devices that be both a traditional router or firewall as well as an SD-WAN box. This could decouple your hardware refresh project from an SD-WAN rollout but still leave options open for the future.
Wherever you are on your SD-WAN journey, we’re glad to help. Feel free to leverage our experience to help you find some quick wins to get you started on your next WAN or SD-WAN project.
Defining the desired outcome is usually the easiest part of the journey. If you would like help defining the roadmap, creating strategy or execution plans or just executing on a step of the journey…hit us up!
Feel free to start chat in the window or give us a call at (616) 202-6518.