Rajesh Maurya, Regional Vice President, India and SAARC, Fortinet

The need for SD-WAN is a foregone conclusion. Fast and reliable access to applications and critical resources for all users is essential for competing in today’s digital marketplace. Many organisations are currently at a crossroads in the implementation of SD-WAN. It is not a question of if, but how. Should they jump in and build a solution themselves, or wait for a managed service provider (MSP) to offer a service?

Challenges for early adopters

Early adopters, while lauding the benefits of an SD-WAN strategy, quickly ran into a number of critical challenges during implementation. Implementing an SD-WAN solution is not always as easy as it looks. SD-WAN solutions designed for one use case, say, connecting branch offices located in a specific metro area, are not always suitable for other use cases, such as trying to support a global deployment.

The biggest problem is how to secure these new, highly dynamic connections. Traditional traffic routed through an MPLS and WAN router configuration receives all the security inspection and protection provided by the core network. However, these functions disappear when a branch office connects directly to cloud and internet services. Once it is clear that the basic VPN and firewall that came with the new SD-WAN device will not be able to adequately protect critical data and applications, the organisation is forced to build and deploy an overlay security solution. Selecting, integrating and deploying a security solution that not only provides a full stack protection but that is also agile enough to keep up with the dynamic connections is not only expensive upfront but also has significant overheads throughout its life cycle.

Need for managed SD-WAN

Those smart enough to see these challenges are increasingly turning to MSPs to solve the problem. This is why SD-WAN has one of the fastest predicted annual growth rates of any solution for MSPs. According to Gartner, managed SD-WAN services are expected to grow at a 76 per cent CAGR through 2023. However, there is still a lot of churn in the vendor space as a growing number of solutions compete for market share.

Selecting an SD-WAN vendor

APIs and standards

One key consideration is to prioritise those vendors that have invested in the development and adoption of open APIs and have adhered to critical standards and certifications around security and interoperability. The Metro Ethernet Forum (MEF), with a membership that currently includes over 130 service providers and vendor partners worldwide, provides industry guidance to standards bodies that define the interoperability standards for implementation.

Performance and cloud on-ramp

Another critical consideration is performance. SD-WAN solutions use various strategies to ensure high-speed access to SaaS applications and multi-cloud resources. The most common is to embed controllers in the cloud to which all SD-WAN devices of the organisation are connected. This controller identifies the application being used and then searches for the optimum path to its location in the cloud. While traditional network management tools such as BGP are unable to identify and direct applications around congested traffic, this optimum path almost always connects to a third-party PoP. This cloud on-ramp function moves traffic on to a private fibre optic network backbone directly connected to all major cloud providers. The problem is that this extra hop between the MSP’s co-location site and the on-ramp PoP in the cloud can introduce time delays and latency into the process. MSPs are much better in selecting a solution in which the controller is embedded in the SD-WAN device itself rather than out in the cloud.

Security

The biggest issue for MSPs as well as their clients is security. In a recent survey conducted by the MEF, security was the number one value-added service demanded by MSPs. Another challenge is that most security devices function in silos, which can make it very difficult to integrate them into the MSP’s environment, let alone into the SD-WAN device. They are also slow. Most network security devices designed using traditional hardware cannot keep up with the demands of today’s applications, especially rich streaming services such as teleconferencing. Thus, MSPs need to build their service around an SD-WAN device that has already integrated a full stack of enterprise-class security into its core functionality. The management interface used to control both connectivity and security also needs to scale across multiple devices.

Best SD-WAN solutions start with the right partners

The key to launching a successful managed service is to start with a solution that already contains all the elements that customers need. It also needs to be easily integrated into their existing managed services environment to reduce the ratio of engineers to customers. The service must provide reliability, functionality and performance so that SLAs can be guaranteed.