The Benefits of SD-WAN vs MPLS
by Robert Bond
The 5 Benefits of Moving to SD-WAN from MPLS
SD-WAN Delivers Superior Performance and Scalability Over Traditional Architectures
Businesses today rely on network connectivity more than ever. With increased adoption of cloud services for everything from email to payroll applications and even VOIP phone systems, businesses need a reliable, fast network to function efficiently. Traditional network architectures including Metro Ethernet, Multiprotocol Label Switching (MPLS), and VPN tunnels over the Internet can be expensive and difficult to build and maintain. One option businesses are increasingly adopting for their wide area networking needs are software-defined wide area networks (SD-WANs), which are cost-effective, fast, scalable, and reliable.
Why SD-WAN is Faster and more Cost Efficient than MPLS
SD-WANs are an innovative solution for meeting networking needs in the cloud era. By applying virtualization over WAN connections to connect enterprise networks, branch offices, and data centers, SD-WANs improve on quality of service, latency, and load issues challenging traditional WAN architectures, including MPLS.
They do so through proactive routing and traffic optimization, combining multiple connections (including MPLS, broadband, frame relay, LTE Wireless, VPNs) to choose the most reliable, cost-effective pathway for each connection. By implementing a flexible approach to wide area connectivity, SD-WAN delivers 5 key benefits versus MPLS: cost effectiveness, resiliency, ease-of-use, visibility, and security.
Cost-Effectiveness – SD-WAN is more affordable than traditional WAN deployments
Through smart routing over multiple connections, SD-WAN can choose to route less sensitive, lower priority data over cheaper public lines, while routing business-critical or sensitive data over more dependable private connections. In addition, SD-WAN requires less infrastructure to support, replacing multiple devices (firewalls, routers and WAN path controllers and optimizers) with a single virtual system. Firewall capabilities are usually built into SD-WAN, increasing return on investment by relieving businesses of the need to purchase and maintain dedicated firewalls. Some estimates claim that SD-WAN can be as much as a third of the cost of traditional deployments.
Internet Service Providers often charge a premium for the high-speed connections needed to support modern business operations – especially at rural office sites. Using SD-WAN, businesses can purchase multiple, more affordable connections and bundle them together using an SD-WAN program.
Resiliency – SD-WAN provides multiple failover links to support critical needs
The software defined networking that supports SD-WAN allows for flexibility and resiliency for distributed architectures. By intelligently routing traffic (instead of being solely dependent on a single MPLS or IP tunnel), the SD-WAN connection can dynamically route traffic if one link fails. Businesses using SD-WAN might have two, three or more Internet connections supporting each site, and are able to dynamically route between them in the event of a failure. This is especially important for businesses moving to the cloud. SD-WAN provides reliability and backup connectivity to business-critical cloud applications should any one link experience issues.
Ease-of-Use – SD-WAN is simple and easy to scale, configure and maintain
Traditional WAN architectures require a substantial infrastructure to support them. This means businesses must maintain some combination of firewalls, routers, WAN path controllers and optimizers to support their site-to-site connectivity.
Through an SD-WAN implementation, businesses can streamline the solution to a software management console that is easy to manage and scale. With one system to manage that combines the functionality of multiple legacy systems, businesses are relieved of maintenance and management tasks. SD-WAN offerings are even able to utilize a cloud configuration to perform automatic configuration including downloading policy, cryptographic certificates and keys, and the automation of traffic pattern mapping.
While traditional WAN implementations require manual configurations and an on-site technician to manage them, SD-WAN can be managed centrally through a GUI. For example, with MPLS, a teleconferencing or VOIP set-up might require configuration to predefine bandwidth allocations to support the connectivity requirements of that system. Using an SD-WAN, businesses are able to easily support new technologies like VOIP automatically, without any extensive manual configuration needs or on-site support.
Visibility – SD-WAN provides one window into network activity
Another benefit of the all-in-one box set-up is the visibility it provides. Firewall and router set-ups that support legacy WAN implementations can be difficult to parse or not provide much detail on the traffic they are routing. SD-WANs typically provide granular visibility into the entire network, from one system.
In addition, unlike MPLS, SD-WAN allows organizations to leverage a variety of service providers to allow for growth, relocation, and resiliency with multiple points of failure. Many MPLS vendors do not offer seamless failover when there is an issue either, the SD-WAN not only provides improved visibility to traffic and seamless routing, but also improved uptime.
Security – SD-WAN can add an additional layer of security to WAN architectures
Security can be a risk with traditional WAN implementations like MPLS. MPLS lacks built-in data protection, and misconfigurations can expose networks to vulnerability and external attackers. The complexity of larger MPLS implementations makes centralized security policy management difficult.
Businesses moving to SD-WAN have an opportunity to partner with a Managed Security Services Provider (MSSP) to secure their network. In one recent example, as described in this press release SD-WAN provider Expereo has partnered with MSSP SecureOps to offer a secured SD-WAN solution to the market. Their new implementation adds core security offerings that include:
- Security infrastructure management – monitoring for security information and event management (SIEM), firewall, intrusion defense and prevention, and universal threat managers that can be built on SD-WAN gateways
- Threat monitoring and response – dedicated full time event triage and incident handling, built on SD-WAN monitoring technologies
- Vulnerability lifecycle management – SecureOps provides proactive scanning and analysis of infrastructure and provides vulnerability management, including assessment and remediation of findings
By building security into SD-WAN from the beginning, businesses can eliminate security gaps in a cost-effective manner. The bundled approach to WAN and security needs added through an MSSP like SecureOps enables businesses to build specialized security solutions tailored to their needs. The ease of integrating SD-WAN into security MSSP offerings is another key driver for businesses to adopt this new wide area network architecture.
How to Implement SD-WAN
SD-WAN implementations are increasing in demand across a variety of industries, however installation and security have been hurdles for some organizations. However, finding the right partner to assist in installation and set-up can make the process seamless even for the largest and most complex organizations.
Implementation is as simple as two steps:
- Vendor Selection and Procurement – SD-WAN technology is sold either as a software solution that runs on commodity infrastructure, or as a software/hardware appliance combination. Traditional vendors like Cisco and HP have brought products to market, along with those from WAN optimization specialist and pure-play SD-WAN startups. Businesses can select from a variety of vendors, however the integration of technology, services and security that the best-of-breed partnerships offer removes risk and improves ROI.
- Installation and Configuration – initial configuration of SD-WAN appliances or software is simple and quick. Once the software is installed or the appliance is connected to the network, most solutions offer a GUI administration portal and are able to automatically discover available connections and begin intelligent routing and path selection. Cloud support is included with most implementations and host automated configurations are necessary for initial setup; enabling SD-WAN to automatically start learning traffic patterns without significant manual configuration.
Gartner estimates that SD-WAN is still in the early marketing and currently has 5% market share, however predicts that up to 25% of organizations will migrate to an SD-WAN solution in the next two years. The technology supporting SD-WAN is not new – MPLS, VPN tunnels, LTE cellular connections have been around for years. However, SD-WAN bundles these legacy technologies and automates their management and connectivity to create an architecture that performs more optimally than the sum of its parts, thus, increasing resiliency and cost savings while adding centralized, automated management and path selection.
November 15, 2019