This is part one of a four-part series to help you design your network transformation strategy and turn it into reality – moving from proof of concept tests to real world deployment.
1. Consult the right stakeholders
It's very important to consult the right internal stakeholders as you begin your network transformation journey to ensure your strategy supports your broader digital business goals. This means understanding the expectations and needs of the CxO, business application owners and end users, as well as the network, IT and security management teams.
Every day, employees access a wide range of SaaS applications – including Salesforce, Microsoft Office 365, AWS, Skype, Webex as well as specialist tools – that are critical to their day-to-day jobs. They require reliable, fast, and secure access – even if they are based in branch offices located far away from the data center where their cloud services are provisioned. The SD-WAN strategy will need to reflect the business priority placed on a diverse range of traffic transiting your network.
2. Define your SD-WAN transformation goals
According to a recent survey by Frost & Sullivan, the top three reasons for enterprises to adopt SD-WAN are to:
- Ensure 24/7 resiliency and business continuity of network and applications
- Enforce granular security policies for applications and users
- Achieve superior application and WAN performance
Increased agility – particularly when it comes to provisioning new branch offices with connectivity or adapting security controls – also ranks highly on many people's lists. It is important to be clear from the outset on the problems you're trying to fix as well as the business goals you're trying to achieve.
3. Define your SD-WAN solution scope
The next step is to define your SD-WAN solution scope. Most enterprises want to be able to:
- Create and automate the setup of site-to-site VPNs that connect an enterprise's branch offices to the cloud or corporate data center to augment or replace the existing MPLS WAN
- Leverage lower-priced broadband access links using a physical or virtualized customer premise equipment (vCPE) and dynamically scale bandwidth capacity to the cloud when and where it is required
- Enable dynamic path selection (to balance traffic loads across the various access technologies)
- Access a self-care portal that provides centralized, automated control over their branch-office connectivity, eliminating the need for truck rolls to implement changes (also known as zero-touch provisioning)
- Avoid lockin to any specific SD-WAN vendor solution to ensure they benefit from market innovation in the future and avoid the need to create services-specific operational silos in their network management teams
4. Decide on your deployment model and provider
You'll need to be confident that the providers on your shortlist provide robust business-grade services with the ability to meet end-to-end service level agreements (SLAs) to ensure that end users experience the high levels of application performance they expect. SD-WAN service provider rankings by the major analyst groups can help here.
SD-WAN deployment models range from DIY – where the enterprise sources and deploys the SD-WAN solution and manages the Internet Service Providers (ISPs) directly – to fully-managed services with various forms of co-management in between. An enterprise's choice will be guided by whether they have the staff and expertise for DIY in the first place and if they have an overall strategy of outsourcing non-core activities. It's critical to ensure you'll be able to get the performance you need out of a diverse range of ISPs around the world. You may wish to work with a multisourcing service integrator like Orange.
5. Define your network topology
Enterprises will deploy an increasing array of virtualized connectivity services in their networks. The starting point is generally the SD-WAN routers with dynamic path selection and application-aware traffic-steering capabilities. Over time, they will add virtualized Wi-Fi controllers, WAN optimization devices, session border controllers, next generation firewalls and more.
You'll need to decide whether to deploy each function on an onsite universal CPE (uCPE) or virtualized CPE, in your enterprise data center or the communication service providers' data centers (cloud SD-WAN). For example, an enterprise may opt to scan all its Internet traffic at scale in the cloud, rather than using an on-premise device to avoid slowing down the employees' browsing experience. Other functions, like traffic acceleration and optimization may be best deployed on a uCPE or vCPE at remote sites where they are needed most.
6. Define your access types
By its very nature, SD-WAN is access-agnostic and supports any type of local access technology (copper, fiber, cable-coaxial, radio and even satellite). Enterprises may wish to consider a BYOA (bring your own access) deployment model. Using existing connections already in place may make sense – especially in some of the more exotic parts of the world – if you're satisfied with the service being delivered and don't want to change.
However, be aware that providing the local access, the carrier can better control the underlay (the various access technologies) and the overlay (the SD-WAN orchestrating the underlay) in an integrated way. Working with ISPs around the world is part of a carrier's daily business and they tend to have the global buying power to better manage performance and costs. Nevertheless, if enterprises decide to take on third-party ISP management themselves, they should be prepared to speak the country's local language when opening tickets and ensure that their low-cost local access includes 24/7 support.
7. Assess your overall application landscape and QoS prioritizations
Most enterprises find it's a good idea to switch on application visibility tools before they dive into re-architecting their network. This will reveal what cloud applications are running on your network that you don't already know about and what bandwidth is being consumed, and identify quality of service (QoS) problems. At this stage, it's also worth referring back to your stakeholders to identify the most business-critical applications that need to be prioritized in your new SD-WAN network.
8. Define your site profiles
The enterprise will need to do an audit of each location to determine the number of employees, the user profiles and applications used. Look at the connectivity needs of specialist sites – like manufacturing facilities.
9. Security requirements
Right from the outset, network and security teams will need to work together to think about their security policies today and how the enterprise's needs are likely to change down the road. The security elements of a SD-WAN service can dramatically change the design of your overall network. Security vetting spans not just the SD-WAN system but components such as log retention for user traffic.
10. Virtual network function requirements
Your service provider should be able to support a wide range of virtual network functions (VNFs). This will enable you to remotely set up and manage communications services such as VPNs, WAN optimization, VoIP and next generation firewalls. Future VNFs could include applications specific to the enterprise core business: video surveillance and payment functions for retail stores or IoT sensor applications.
11. Service management requirements
There is little doubt that enterprises will increasingly need to be able to manage SD-WAN features and policies, as well as other virtualized network functions for security and acceleration. Your SD-WAN management console needs to be easy to use and contain a sufficient level of monitoring and visibility to establish a means of control. The best portals feature an intuitive graphical user interface (GUI), which you – or your managed service provider – can use to configure devices at your branch offices and specify application prioritization policies that align with your business needs. This is extremely fast compared to the traditional process, which requires individual routers to be manually programmed using command line interfaces, which can take hours to complete and is prone to error.
SD-WAN continuously monitors the health of networks, tracking metrics that include latency and jitter. Some solutions monitor traffic at the packet level while others focus on network flows or at the application protocol level. Packet-level prioritization is more granular and provides a faster response to changing network conditions but requires a more advanced controller. The portal should also produce very visual, easy-to-understand reports. Sometimes there are more advanced visibility requirements, such as dashboards, that show end-user experience or tracking of IT or application performance changes. For example, shifting applications to the cloud means a loss of control of the IT infrastructure where visibility and performance will be very important. Therefore, supplemental visibility tools may be required leveraging APIs to feed the SD-WAN portal.
12. Service lifecycle management
Your SD-WAN service provider needs to have robust back-office operational/billing support systems (OSS/BSS) for end-to-end fulfillment and assurance, service lifecycle management and accurate billing. A state-of-the-art orchestration platform will be critical, too. SD-WAN, with its requirement to integrate physical and virtual networks, should be deployed as a comprehensive WAN solution that is future proofed but also can leverage legacy equipment wherever possible. Orchestration provides the abstraction layer that enables service providers like Orange to support a wide range of WAN applications and vendors.
SD-WAN enables enterprises to leverage the advantages of Internet connectivity (high speed, low cost, wide availability) while minimizing the disadvantages (unpredictable reliability, poor latency, limited security). It promises to provide fast, secure and reliable access to public and private cloud services for remote users. Connectivity is now critical to every digital business, which makes defining your network transformation strategy one of the most important tasks facing IT leaders today.
Read part two in this series, where we review the steps to defining an SD-WAN proof of concept program to validate your strategy.
Jean is Head of Solution Consulting, Europe at Orange Business. She leads a team of professional services consultants based throughout Europe who consult and deliver unified comms-collaboration, APM, security and SDN/SD-WAN solutions for global multinational customers. Over the last two years, her team has been driving the SDN/SD-WAN journey transformation of Orange customers.