What is Software-Defined Wide Area Network (SD-WAN)?
SD-WAN abstracts and virtualizes Wide Area Networks to connect users and applications over links that match a business’s intent to provide a secure and optimal user experience at a lower cost.
Under the hood, SD-WAN appliances at branch offices aggregate multiple different transport media such as broadband Internet, multiprotocol label switching (MPLS) links, and mobile. Traffic sent over the SD-WAN is routed based on application-specific policies and the current health and performance of the various available network links to the SD-WAN endpoint nearest to its destination.
By aggregating various transport media and optimizing traffic routing, SD-WAN offers improved network performance, reliability, and optimization of investment in corporate network infrastructures. However, its performance and reliability are limited by the types of network media used.
The Importance of SD-WAN
Modern corporate networks are increasingly distributed. Unlike the past, when most corporate resources were located on the corporate network, modern companies have remote workers, cloud-based infrastructure, and remote sites. Managing a larger distributed network infrastructure adds complexity and also requires additional time from a company’s IT staff to deploy, configure and monitor the WAN.
Improved network performance and choice in how users connect to which application is probably the number one benefit of SD-WAN, but with its virtualization and central orchestration and management features, SD-WAN also reduces management complexity. The time taken to provision, configure and monitor large, distributed networks add significant OPEX advantages. In addition, with zero touch deployment, network equipment can be deployed to remote offices without needing on-site technical staff, reducing costs.
SD-WAN significantly improves a company’s ability to manage and adapt to change. In short, SD-WAN better fits the needs of modern businesses, allowing them to expand and add new remote sites, or to simply upgrade or modify existing equipment as needed to better connect users and applications.
4 Best Practices for SD-WAN Security
SD-WAN has the potential to dramatically improve the corporate WAN. However, SD-WAN only provides top performance if correctly configured and deployed, following these best practices:
#1. Limit Use of Public Internet Links
SD-WAN provides improved performance compared to broadband Internet because it optimizes the use of available network links. This includes public and private networks, mobile data, and other links.
While SD-WAN chooses the best available link for all traffic, its performance is limited by that link’s capabilities. While routing traffic over the public Internet may be cost-effective, the lack of control over routing can cause performance issues. When possible, define SD-WAN policies to route traffic over private links that include service level agreement (SLA) guarantees.
#2. Educate Stakeholders About the Role of SD-WAN
SD-WAN technologies enable an organization to implement a secure, optimized corporate WAN. This provides optimized traffic routing between SD-WAN endpoints deployed in an organization’s on-prem and cloud-based infrastructure.
SD-WAN is a supplement to a company’s existing network infrastructure, not a replacement. It provides visibility and control otherwise over the unmanaged broadband Internet, MPLS, and other network links used to route corporate network traffic from one location to another. Communicating this information to stakeholders is essential to gaining support and managing expectations. SD-WAN augments existing network investments and is not a drop-in replacement.
#3. Perform Regular SD-WAN Testing
SD-WAN is a solution that can help improve the performance and reliability of the corporate WAN. However, to perform at its best, it needs to be configured and optimized to meet an organization’s needs.
SD-WAN deployments should be tested regularly to ensure that they meet SLAs and provide the network performance and reliability that the organization needs. Not only should testing be performed during and after the deployment process but also at regular intervals to ensure that the SD-WAN deployment meets the needs of expanding IT infrastructure and the evolving business.
#4. Deploy a Secure SD-WAN Solution
By itself, SD-WAN is only a networking solution. It optimally routes traffic between SD-WAN endpoints over various transport media. However, like virtual private networks (VPNs), it does not offer any built-in security or access control functionality beyond encrypting the traffic flowing between endpoints.
SD-WAN’s security limitations can be overcome by deploying a full security stack behind each SD-WAN endpoint. However, this can be expensive, complicated to maintain, and difficult to accomplish in certain environments.
To address these issues, Gartner defined the concept of the Secure Access Service Edge (SASE). SASE integrates the network optimization of SD-WAN with built-in, virtualized security functions, including:
By building security into an SD-WAN solution, SASE enables SD-WAN to be deployed throughout the corporate WAN, offering network optimization without creating security risks.
SD-WAN Security with Check Point
SD-WAN provides the ability for businesses to streamline and optimize their corporate WAN. However, taking full advantage of the benefits of SD-WAN requires selecting the correct SD-WAN solution and configuring, deploying, and managing it correctly. To learn more about making the right choice for SD-WAN and securing it properly, check out this SD-WAN security buyer’s guide.
Check Point offers SD-WAN security solutions designed to meet the needs of the modern businesses, including SASE. To learn more about Check Point’s SASE solution, request a free demo of Harmony Connect.
Feedback