Key Features of 2024’s SD-WAN Solutions

Understanding Vendor Differences in SD-WAN Solutions

Whilst SD-WAN offers vast improvements over traditional WAN systems, not all SD-WAN solutions are made equal and so it is important for IT decision makers to consider and understand the vendor differences between SD-WAN solutions. By doing so, IT decision makers understand where vendors may offer more critical features that better align with their organisational requirements.

These features affect the connectivity, flexibility, performance, security and management of the network, which means that there are plenty of areas where vendors may differ. These differences may have knock-on effects that impact the network. For example, the ability to utilise more network links can lead to improved performance, and the ability to remotely configure newly deployed devices allows for quicker network scaling.

Multi-Cloud Connectivity

As businesses begin to prepare for the future, more and more are integrating cloud solutions as part of their network infrastructure through SD-WAN. However, by integrating multi-cloud connectivity, businesses are ensuring that they can leverage the ability of several cloud solutions, their individual perks and the continuous uptime that comes with them.

By utilising multiple cloud services, this prevents businesses from "vendor lock-in" where there is dependence on a single provider. This dependence can be an issue should there be potential outages. Through multi-cloud, redundancy eliminates this issue. Should a single cloud service go offline, another service can pick up the slack. This means that crucial applications never experience any downtime and the overall user experience benefits.

Different cloud providers offer different perks with their services. For example, Google Cloud Platform (GCP) offers "Live Migration", the ability to seamlessly move virtual machines across Google's network infrastructure; however, Amazon Web Services (AWS) provides more raw computational power than GCP. By leveraging services from multiple providers, businesses can enjoy the benefits of each cloud system for improved network capabilities.

[wpdatatable id=78 table_view=regular]

Advanced Security Features

By leveraging multiple cloud services, organisations need to secure every connection point, which can cause complexity. To reduce the complexity of setting up lots of security appliances, SD-WAN provides advanced security features pre-packaged. These can often include features such as next-generation firewalls (NGFW) and intrusion prevention systems (IPS). These security features are just some of many that ensure the protection of the network, ensuring that no breach of the system occurs. Other advanced security features include the use of Artificial Intelligence (AI) and Machine Learning (ML) for anomaly detection. These indicate potential threats to the network and, by allowing for proactive mitigation, SD-WAN enables administrators to rapidly respond to network threats.

It should be noted that different SD-WAN vendors offer different advanced security features.

Fortinet offers advanced security features such as:

• Next-Generation Firewall (NGFW)
• AI-powered Secure Web Gateway
• Zero-Trust Network Access (ZTNA)
• Cloud Access Security Broker (CASB)
• Firewall-as-a-Service (FaaS)

Whereas Cisco Umbrella offers:

• Secure Web Gateway
• Cloud Access Security Broker (CASB)
• DNS-layer security features

Whilst each offer Secure Web Gateway and CASB, Fortinet offers features such as Zero Trust Network Access and Cisco offers DNS-layer security.

Depending on the requirements of the system, IT decision makers should consider the features offered by different SD-WAN vendors in order to determine the offering most suitable for their system.

[wpdatatable id=82 table_view=regular]

Automated Path Selection

Unlike traditional WAN, SD-WAN offers automated path selection for network traffic. In traditional WAN systems, MPLS is used to define static routing paths. These are configured manually and therefore it can be difficult to change routing protocols, which can be problematic during peak-use as this can cause latency.

SD-WAN, however, uses dynamically selected routing. By analysing real-time data, historical data and the currently available network links, SD-WAN is able to automatically route traffic over the optimal path, whilst also prioritising crucial data flows, reducing network latency. This provides a much better user experience than traditional WAN system as it increases the reliability of the network.

How vendors like VMware and Silver Peak Systems implement automated path selection to enhance application performance.

Both VMware and Silver Peak Systems implement automated path selection to enhance application performance. Silver Peak's SD-WAN uses 'Host-Base redirection' routes all devices to a local Silver Peak appliances and the appliances then performs dynamic path selection in order to determine the next hop. With VMware SD-WAN, edges can identify and prioritise different application types to use the optimal path based on real-time traffic data.

[wpdatatable id=79 table_view=regular]

Zero-Touch Provisioning

For many businesses, scalability is an important factor. Zero-Touch Provisioning (ZTP) can be used for rapid expansion of network architecture. Via Zero Touch Provisioning, SD-WAN enables a simplified deployment model. SD-WAN is able to be deployed, controlled and configured remotely to provide the best configurations at any given moment, based on real-time network traffic.

Aruba provides Zero-Touch provisioning via the form of plug and play deployment of branch controllers. With Aruba branch controllers, administrators can activate them via a cloud service for provisioning and the controller authorises with the cloud in order to activate.

Juniper Networks have enabled Zero-Touch provisioning on their switches and routers. These enable remote deployment by downloading and installing the required software and configuration files from the network.

[wpdatatable id=84 table_view=regular]

Optimised Cloud Access

SD-WAN optimises cloud access by changing the way cloud data is routed. Within traditional WAN architectures, traffic was backhauled via a central data centre before accessing the cloud, however with SD-WAN, this is no longer necessary as SD-WAN can provide a direct connection to different public cloud services. This dedicated path means that direct connections between the network and cloud have higher bandwidth, with the network experiencing higher speeds and less latency.

Aryaka optimises cloud access by providing its own global private network. This network has its own Points-of-Presence (PoPs) scattered across the globe, which reduces geographical distance and therefore increases the cloud access speeds. Aryaka also supports hybrid WAN systems, allowing the use of the Aryaka global network as a backbone whilst allowing access locally from site-to-site. Aryaka primarily uses AWS and Azure for these cloud services, selecting the best provider based on real-time data to reduce latency and jitter.

Prisma, however, relies on the internet and an advanced software WAN. This means that Prisma analyses Layer 7 metrics such as server response time, application response time and application transaction failures in order to determine the best routing. This allows for optimal performance of cloud-based applications, enhancing the user experience with these critical applications.

[wpdatatable id=76 table_view=regular]

Traffic Shaping and Prioritisation

SD-WAN provides traffic shaping and prioritisation in order to optimise the network performance. To perform traffic shaping, SD-WAN allows network administrators to define bandwidth limits (minimum and maximum), priority levels of different traffic classes and set prioritised traffic paths from within the network policies. This ensures that critical applications always get the required bandwidth and latency is minimised.

Citrix offers Quality of Service (QoS) functionality within its traffic management system. This identifies specific applications that may be crucial to businesses (such as VoIP) and ensures the ability to automatically and seamlessly switch to a reliable backup system should the primary path drop out or latency increase.

Cisco Meraki introduces 3 levels of traffic prioritisation and the ability to limit bandwidth usage across a traffic group. This means that administrators can force the distribution of bandwidth to specific applications and prevent less-crucial applications from using excessive bandwidth, producing latency across the network.

[wpdatatable id=83 table_view=regular]

AI and Machine Learning Integrations

As Artificial Intelligence and Machine Learning integrations within SD-WAN become more prevalent, it is important to understand the different use cases for each across different SD-WAN vendors.

Artificial Intelligence (AI) and Machine Learning (ML) have been integrated to produce tools that assist with the predictive maintenance and anomaly detection of SD-WAN networks. These technologies monitor network traffic, finding patterns within said traffic. These are then able to match these patterns up against expected behaviours (from users) or potential threats to the network and thus enables a proactive approach to dealing with these potential threats.

Additionally, AI and ML are being used to automate networks through the process of managing traffic routing and security policy updates. This reduces the workload on network administrators and simplifies the management of the network.

VMware have developed VersaAI as part of their unified SASE platform. VersaAI is capable of detecting malicious behaviour in real-time, enhance network performance through traffic routing and secure operations. VersaAI can be considered a reliable AI tool due to VMware training VersaAI on their large customer-base's analytic data in order to refine advanced functionality.

Juniper Networks use AI to optimise the network performance. Through analytics (and via Juniper Apstra), Juniper's AI can perform predictive maintenance and anomaly detection to ensure the security of the network.

[wpdatatable id=75 table_view=regular]

Bandwidth Aggregation

SD-WAN improves the network performance by dynamically routing traffic via the best path based on real-time traffic analysis. This is further extended by the ability of SD-WAN to leverage multiple ISPs (broadband, 4G, 5G, LTE, internet leased lines and satellite services) and combine them to provide greater bandwidth for the network - Bandwidth Aggregation. This decreases the latency of the network and ensures reliability to crucial applications across the network.

Peplink has the ability to combine DSL, LTE and satellite, to provide a greater bandwidth and failover for the network. Peplink also has the capability to aggregate up to 4 LTE links. Whereas, Riverbed has the ability to aggregate multiple WAN links including broadband, 4G, 5G, LTE and MPLS to provide increased bandwidth and redundancy.

[wpdatatable id=77 table_view=regular]

Real-Time Analytics and Reporting

SD-WAN provides the ability for administrators to review analytics and reports in real-time. This includes the ability to view current traffic against historical traffic across different links, whilst also being able to generate on-demand reports for later review. This is important as it allows network administrators to determine where there may be potential weaknesses or issues within the network.

Cato Networks offer a "single pane of glass" in order to manage the network and its security. Within this pane, administrators can manage analytics, policy configuration, incident review and troubleshooting all within real-time.

VeloCloud provides real time analytics on user traffic, such as the top bandwidth consuming applications, individual user flows and the routing of the flow so that traffic can be viewed at the next hop. VeloCloud also enables administrators to output this data into a CSV format, allowing for further analysis.

[wpdatatable id=80 table_view=regular]

Scalability and Flexibility

As SD-WAN aligns with the SASE framework it enables IT decision makers to incorporate a more holistic, cloud-centric approach to network security by applying the same policies regardless of device or location. When integrated as a component of SASE, SD-WAN provides the scalable and flexible network architecture for delivery of cloud-based services. This is especially true within Internet of Things (IoT) environments, where large numbers of devices require streamlined policy enforcement.

As SD-WAN can function entirely within the cloud (cloud-native), the security services that SD-WAN contributes within the SASE model simplifies an organisation's network and security architecture, enhances its security posture, scalability, and agility.

SD-WAN solutions such as Viptela scale by introducing more vEdge (software or hardware router responsible for the data plane within SD-WAN). This means that scaling is very quick and easy, making the process more flexible for businesses. Viptela vEdges also have the ability to integrate with the rest of Cisco products, making the onboarding process for each vEdge less complex.

[wpdatatable id=81 table_view=regular]

Conclusion

When evaluating SD-WAN solutions, it's important to consider the key differences in offerings provided by vendors. Whilst all SD-WAN vendors aim to improve upon traditional WAN systems, the importance placed on features such as performance, security, manageability and deployment models varies from solution to solution.

By carefully evaluating network requirements, IT decision makers can consider the right SD-WAN vendor offering for their requirements to not only improve their network for the short term but also improving the network infrastructure for the future.