(Editor’s note: Recent research by Enterprise Management Associates takes a look at how enterprises view currently available SD-WAN products. This article by Shamus McGillicuddy, EMA’s research director for network management, details highlights of “Wide-Area Network Transformation: How Enterprises Succeed with Software-Defined WAN,” a report based on EMA’s survey of 305 WAN decision-makers at distributed enterprises. EMA has posted a free webinar about the report.)
SD-WAN products solve some very immediate and pressing business requirements today. They secure and optimize internet connectivity, giving enterprises immediate access to vast amounts of bandwidth. They provide centralized, programmatic management of the WAN, allowing enterprises to close the skills gaps they are struggling with in the network team. Increasingly, SD-WAN products enable direct access to cloud applications from remote sites, which is essential. EMA’s newly published report, “Wide-Area Network Transformation: How Enterprises Succeed with Software-Defined WAN,” found that 55% of enterprises now prefer to connect branch offices directly to the cloud, rather than route cloud traffic though a data center or hub. The research is based on a survey of 305 WAN decision-makers at distributed enterprises.
End-to-end management from data center to user
Unfortunately, EMA’s research also uncovered some emerging requirements that most SD-WAN vendors are neglecting. First of all, 90% of enterprise network teams indicated that they need an end-to-end management environment that covers WAN networking. On the surface, SD-WAN solves this requirement, but SD-WAN’s scope is too narrow. EMA asked enterprises to identify the places in the network that they want this end-to-end management environment to cover. Branch site WAN infrastructure (routers, WAN optimization, SD-WAN gateways) was the top response (48%). SD-WAN vendors generally cover this today, although some of them ignore third-party routers and WAN optimization controllers.
SD-WAN and branch security
Next came branch site security and remote user VPN (tied at 43%). Most SD-WAN solutions offer security management, either through native security functions or third-party integrations with security vendors. However, very few SD-WAN products address remote user VPN management. Remote user VPN solutions are becoming increasingly software-defined, so it would make sense to consolidate SD-WAN and remote VPN at least in the management layer. At least a couple SD-WAN vendors today use the same controller to manage branch SD-WAN and remote VPN. This integrated approach simplifies policy management and allows enterprises to consolidate vendors.
SD-WAN and branch LAN management
Forty-one percent of enterprises want their WAN management environment to cover branch LAN infrastructure, such as Wi-Fi and switching. Again, only a few SD-WAN products offer this management integration. Some Wi-Fi vendors have added SD-WAN solutions recently. This is especially valuable to enterprises that have sites unstaffed by network personnel.
Some SD-WAN vendors that offer branch LAN products typically integrate management to an extent that a low-level technician or even a line-of-business employee can plug in and power up local switches and access points. Then the central network team can provision and configure the LAN remotely through the SD-WAN controller.
Finally, 39% of enterprises want management integration with the data center network. Specifically, they are seeking ways to implement integrated policy frameworks for security and segmentation from the data center out branch office. Very few vendors do this today, even vendors that sell both data center networking and SD-WAN products. However, they will tell you this integration is on their product roadmap.
EMA’s research survey also asked enterprises that are engaged with SD-WAN to identify their top challenges with the technology. The number one response was “integration with existing security architecture” (33%). While SD-WAN products usually have some native security functionality, most enterprises will continue to have an extensive estate of security technology. The network team will need to collaborate with the security team and IT service management to identify how SD-WAN changes security architecture requirements.
SD-WAN challenges IT skills
Many enterprises also said they struggle with network team skills gaps and SD-WAN product maturity (tied at 28%). SD-WAN product maturity is unsurprising, given that more than 60 vendors have joined the SD-WAN market over the last five years. Some of these products are nothing more than evolutions of legacy technologies like WAN link bonding, routing, and WAN optimization. But many others are built from scratch.
The skills gap issue is more unexpected. After all, SD-WAN is supposed to simplify network management, not make it more difficult. There are a couple of ways to interpret this issue.
First, the network team needs to learn a new product. It always takes time for this issue to resolve. Next, there is the issue of abstraction. SD-Wan is usually an overlay technology that abstracts transport and even infrastructure. Network engineers who are used to taking a box-by-box approach to WAN management will struggle with seeing the forest for the trees. They need to stop thinking in terms of individual routers and appliances, and they need to start thinking about end-to-end services. The network needs to be managed as a platform for the business, not a complex utility.
EMA has spoken to individual network leaders who adopted SD-WAN early, and they told us that this was often their biggest challenge with SD-WAN. Fortunately, they also told us that this issue could be resolved over time.
EMA's recent free webinar highlighted its WAN-transformation research, including the above mentioned issues and much more. Overall, we found that enterprises generally see greater success with the WAN after completing an SD-WAN implementation. However, there are pitfalls along the way.