Next Steps After Deploying SD-WAN
In This Article
Our labs are always an excellent place to gather insights into how large organizations are consuming technology. This year, we've seen a distinct trend in clients optimizing and expanding their existing SD-WAN investments.
While plenty of clients still conduct proofs of concept to evaluate competing solutions, more and more are moving their lab activity to sandbox environments. These isolated testing environments allow clients to fine tune deployments without impact to their own systems. Common examples of such sandbox use include troubleshooting production issues or testing new feature releases from a given vendor.
At the same time, we're seeing clients launch more labs that demonstrate how an SD-WAN solution can integrate with emerging technologies, such as secure service edge (SSE).
In this article, we explore how SD-WAN can serve as a jumping off point for enhanced connectivity and security across your organization.
SD-WAN was designed to optimize traffic flowing between branch sites and corporate data centers. It accomplishes this by choosing the best path for traffic over the internet and MPLS IPSEC tunnels. SD-WAN can also leverage existing internet connections to provide direct internet access (DIA) to SaaS applications from the branch rather than traversing an on-prem data center.
After a successful SD-WAN deployment, organizations can deploy virtual SD-WAN devices in a public cloud environment to establish a cloud presence. Existing network policies can be leveraged, eliminating the burden of administrators creating new policies and security constructs when managing cloud traffic.
We always tell clients that when it comes to cloud, they should try to make it look and feel like the rest of their network. Extending SD-WAN into the public cloud is a perfect example. SD-WAN's centralized management makes managing cloud networking environments look and feel the same as managing a typical branch site.
Aside from simplifying cloud management, SD-WAN can also serve as a shortcut to what can be a labor-intensive process of deploying cloud landing zones, the first step in building out public cloud environments after establishing your overall cloud strategy.
AWS, Azure and Google Cloud each have different ways of deploying cloud on-ramp landing zones. Doing so manually requires a fairly deep level of expertise with a given platform, not to mention configuration time.
However, most SD-WAN vendors have abstracted away this complexity. In many cases, administrators can simply put their credentials into AWS, Azure, Google Cloud or their SD-WAN centralized admin tool, and within minutes have a best practice landing zone automatically built.
As mentioned above, our clients are increasingly exploring secure service edge (SSE) inside our labs. SSE exclusively focuses on the security functions of the larger secure access service edge (SASE) architecture.
Some of what SSE provides at a high level includes capabilities like threat detection, data security, centralized security policy and monitoring, and a secure user experience regardless of location.
Like our cloud presence use case, DIA and automated IPSec tunneling can accelerate the SSE journey. Instead of pointing campus and branch traffic to cloud infrastructure, those with SD-WAN can simply point the same traffic to an SSE provider.
While traffic flow and services are different with SSE than a standard SD-WAN deployment, management is essentially the same. SD-WAN has already abstracted the complexity of maintaining multiple IPSec tunnels, and network administrators are already familiar with applying policy dynamically.
Again, administrators can simply put their credentials into a vendor's platform and begin steering traffic to a cloud-delivered firewall just as they would steer any other traffic within their SD-WAN fabric.
The path toward SSE integration will depend on your SD-WAN solution in place. In some cases, it may make sense to onboard your SD-WAN vendor's SSE solution. In other cases, it might make sense to integrate your SD-WAN solution with a different vendor's solution. For reference, our Cisco SD-WAN Viptela labs not only show how the solution integrates with Cisco Umbrella (Cisco's SSE solution) but also SSE solutions from three other vendors.
See how SD-WAN lends itself to simplified integrations.
Our clients are also wanting to know more about software-defined branch (SD-Branch). The idea behind SD-Branch is to collapse management of all aspects of branch networking. For example, an SD-Branch solution can support not only SD-WAN but also Wi-Fi and LAN networking.
Maybe you're hearing more about full-stack networking. SD-Branch falls in this bucket.
The concept certainly holds appeal. Imagine that instead of tracking separate GUIs for SD-WAN, application visibility, SSE and your wireless network, you had one interface. More importantly, you could write one networking or security policy and have it pushed to all these different areas of your network.
But let's not get ahead of ourselves.
Just as the SD-WAN story evolved within the SASE story, we see SD-Branch as the next phase of the software-defined networking evolution. Unlike our first two use cases, SD-Branch isn't as much a logical next step for your SD-WAN investment as something to keep your eye on.
That's not to say that certain vendors are starting to present a compelling picture of singular end-to-end management across various branch topologies. But will the concept turn from vendor positioning into an industry trend? Only time will tell.
Hopefully you're enjoying the foundational benefits of SD-WAN today, especially as branch and campus traffic must now be managed more dynamically with hybrid work. And hopefully you're excited about taking some next steps to integrating your SD-WAN investment with emerging technologies and accelerating your journey toward broader networking architectures.
While this article paints a broad picture of where we see clients going, what's right for your organization will very much depend on your existing SD-WAN investment. To that end, we suggest exploring our SD-WAN labs, where you can see real examples of how these integrations work and the benefits they deliver.