Software-defined networking (SDN) exploded onto the scene five years ago with a tremendous amount of hype, but the transition from hype to reality has been a little less explosive. Most enterprises are still in evaluation mode with SDN.
However, the SDN story is a little different when it comes to the wide-area network (WAN). The barrier to adoption for software-defined WAN (SD-WAN) appears to be much lower, so much so that more and more vendors and service providers are offering SD-WAN solutions to enterprises. Each vendor offers its own spin on the technology, making it difficult to define SD-WAN and understand its true value proposition.
Recently, Enterprise Management Associates (EMA) conducted research on the future of the WAN, sponsored in part by Viptela. We sought to identify how WAN requirements are changing and how SD-WAN addresses those changes. Based on a survey of 200 enterprise WAN professionals, our research, published in the report “Next-Generation Wide-Area Networking,” found that enterprises need a new WAN that is simpler, more flexible, and also cloud-enabling. Moreover, we found that SD-WAN is an essential technology for creating such a network. The research also uncovered some unexpected results that offer some valuable insights but also warrant some words of warning.
Is the Internet Actually More Secure than Managed WAN?
It is widely acknowledged that enterprises are replacing MPLS and other managed WAN services with internet connectivity. EMA’s recent research confirmed this trend. Among enterprises that are adding new internet connectivity, 74% told EMA they are using those internet connections to replace MPLS. This was not surprising, but we were shocked by what they reported as the chief driver of this transition: Forty-nine percent (49%) of enterprises said the internet made them “more secure.” Given that the internet is a public network, it is inherently unsecured. So why do enterprises view the internet as an opportunity for improved security?
First of all, many enterprises have the mistaken impression that MPLS is inherently secure, because it is a private, unshared network. They are so confident in the security of MPLS that they often forward unencrypted data over these networks. Yet even a Tier 1 provider is vulnerable to a breach. A network provider’s engineers are just as susceptible to a social engineering hack as an enterprise’s network engineer. The same goes for a network provider’s data centers.
When network architects incorporate internet connectivity into the WAN, however, they are well aware that they are using a public network. Most of them will encrypt that traffic, which leads to a better security posture than they had before.
The internet’s native access to public cloud services is another opportunity for improved security. When an enterprise incorporates internet connectivity into the WAN, it gains easier access to cloud-based security services, which can enhance an existing security architecture. An SD-WAN solution can help network managers apply those cloud-based security services granularly across all of their remote sites. Thus, while the internet may be a public network, it can indeed enable a better security posture for many enterprises.
MPLS Is Not Going Away
While the majority of enterprises are replacing MPLS connections with the internet, this trend will not lead to the demise of MPLS. EMA research found that the average enterprise is replacing MPLS with the internet at only 45% of its remote sites.
The future of the WAN is actually a hybrid one. Most enterprises will operate networks that use both public and private connections, and application traffic will drive these connectivity choices. For instance, our research indicates that network teams prefer to forward traffic from secure enterprise Web applications (HTTPS) over the internet, but they prefer to support big data applications, storage replication traffic, and enterprise resource planning (ERP) applications with MPLS.
Now imagine a branch office that generates traffic from a wide variety of applications. It will need hybrid connectivity, with the policy-based forwarding across MPLS and the internet. SD-WAN solutions can enable this hybrid connectivity. With this technology, a network architect can design a network that makes forwarding decisions based on application type.
The Definition of SD-WAN Is Fuzzy
EMA’s research found one area of concern: Some enterprises have a warped definition of SD-WAN. EMA defines SD-WAN as an overlay technology that offers centralized management and automation, virtualized and/or cloud-based network functions and services, and dynamic hybrid WAN connectivity with path selection across multiple internet and/or managed WAN connections.
When we asked early adopters of SD-WAN to identify the most valuable features of their SD-WAN solutions, we gave them some options that were not necessarily true SD-WAN features. The results showed some enterprises do not understand what SD-WAN truly is. Twenty-five percent (25%) named “static load balancing of traffic across multiple internet and MPLS connections” as one of the most valuable SD-WAN features. However, this active-active hybrid WAN connectivity is more of a legacy link-bonding solution than a true feature of SD-WAN. By identifying this as a valuable SD-WAN feature, many enterprises revealed that they have either erred in their evaluation of the SD-WAN market or they have been oversold and misled by a vendor.
A true SD-WAN solution must include dynamic hybrid WAN connectivity, because such a feature allows enterprises to better utilize MPLS and the internet. Simple active-active load balancing does not deliver on this requirement. SD-WAN’s dynamic hybrid WAN technology allows enterprises to create granular traffic-forwarding decisions based network conditions and network and security policies. Legacy link-bonding solutions do not support this next-generation requirement. A failure to understand this key distinction will lead some enterprises to adopt a technology that fails to deliver on the promise of SD-WAN.
The Future of the WAN
If these research findings were valuable to you, be sure to attend my upcoming keynote presentation at FutureWAN’17: The SD-WAN Virtual Summit, where I will share more of my research on WAN trends and SD-WAN adoption. This virtual summit will also include presentations from network service providers, enterprise WAN practitioners, network and security vendors, and leading SD-WAN vendor Viptela. You can also download a summary report of EMA’s next-generation WAN research.
Editor’s note: This blog was sponsored by Viptela, but the thoughts expressed here are entirely my own.