Over the past four to five years, the term software-defined wide area network, or SD-WAN, has become all the rage. The technology is innovating how connectivity to the edge is done. It is replacing expensive MPLS networks with lower costs internet circuits while driving higher efficiency in networking teams. Technology departments are under constant pressure to provide high availability, flexible, secure solutions, and to meet increasing demands for bandwidth. All while reducing costs and shrinking budgets.
Budget restrictions are a challenge for any organization. To introduce a new technology that changes how networking has been done could cause roadblocks by old school big iron network engineers. However, centralize management of the SD-WAN environment, flexibility, and the amount of diagnostic information available at an engineer’s fingertips should quickly amaze and win over any techie. Some SD-WAN offerings can be managed fully by the cloud. Support personnel can manage the device from anywhere, including their mobile devices. The ability to quickly diagnose an issue, apply updates or push standard settings all in a few clicks without the need for scripting and command-line access.
Various manufacturers of SD-WANs include traditional routing and switching companies such as Juniper and Cisco. Other companies with a long history of WAN optimization and other networking products such as SilverPeak, Riverbed, and Citrix also provide high quality and innovated products. The internet providers are catching on, and offering managed SD-WAN solutions as well.
"The technology is innovating how connectivity to the edge is done"
Over the course of 2017, the team performed multiple proofs of concepts of all the big players in the SD-WAN arena. Thorough testing of the features and an attempted validation of the claims for each manufacture’s product was done. We provided multiple internet circuits along with LTE in our testing. Some of our criteria were:
• High-quality VoIP calls
• No drop calls or data loss when an interface is lost
• Data compression
• Data Encryption
• Secure connectivity
• Cloud management
After eight months of product testing, we selected the SilverPeak Unity EdgeConnect solution. Our biggest delay was the new internet circuits for different locations. We had approximately 100 locations requiring two new internet circuits. They range from DSL or cable modems to DIA fiber. In some cases, we installed T1 internet circuits or a pair of LTE routers to get off of our legacy MPLS. The circuit issues caused the completion of the router installation to be delayed for 9 months.
The installation of the router was simple and painless once the circuits were in. We plugged in the SilverPeak router. It automatically synchronized to their cloud Orchestrator for management. From there, the team would apply the necessary overlay to push the settings to the router for that location. Once the device was ready, it was plugged into the local switch, and the MPLS port was disabled and disconnected. In general, the entire process took less than 15 minutes. The actual switch over was done in several cases during business hours. The process only dropped 2 ICMP packets to the branch switch connected to the SD-Wan from the engineer’s desk during the cutover. To provide additional redundancy, we provided a MoFi LTE router as a tertiary connection. As part of the installation procedure, a managed PDU was installed. This allowed the team to power cycle any device if needed. This is a typical first step when a circuit may have issues.
Over the past two years, we have had multiple instances where the primary internet circuits had failed, and the location was only running on the LTE circuit. The users did not experience any issues during that time.
Overall the SD-WAN solution has provided high availability, flexibility, performance metrics, and additional layers of security that we never had in the legacy router environment. We’ve experienced a drastic reduction in costs over MPLS and reduced TCO. The SD-WAN solution has proven time and time again to be a great investment. I would expect that it would be for your organization, as well.
Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected professional with over 25 years of experience in cyber and physical security, IT/security architecture, business, and departmental strategy, budgeting, project management, and is a public speaker. He is a board member of St. Louis Chapter of InfraGard, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. Possessing security certifications in CISSP, CISM, CRISC, and Security+, Ashworth currently oversees First Bank’s Information Security Department and the Network Services Department.