Dynamic Path Selection & Multi-Transport
SD-WANs use dynamic path selection to steer or route network traffic to one or multiple WAN links based on priority, network conditions or traffic patterns. Data packets are automatically steered to specific WAN links based on link availability, to balance network traffic or to save costs. The data packets are identified by the SD-WAN and then categorized by application, source, user and destination. This packet identification is used to route the data packets down the most optimal path which results in enhanced performance of applications. The dynamic path selection and data routing is configured to utilize your existing underlay connectivity such as Broadband, LTE, MPLS or WAN. The SD-WAN uses the underlay connectivity’s characteristics such as cost (flat, usage based etc.), bandwidth, latency and jitter to make decisions on application steering to the appropriate path(s).
SD-WAN allows network administrators to centrally manage their entire network fabric by pushing out policies to all the branches with ease. This also allows for quicker integration of new branches. Administrators can also have a full view of the network, leading to the possibility of easily pinpointing any network issues and then take immediate action to resolve those issues. This insight can also be used to figure out where optimizations can be implemented to improve the overall usage of the network.
SD-WAN, at its core, supplies an organization’s network with a secure fabric to trusted devices while leveraging insecure connectivity, such as the Internet. SD-WAN has in-built security features as well, such as stateful firewalls, IPS/IDS Intrusion Prevention System/Intrusion Detection System), DNS filtering, and much more. All these features are provided at the CPE level, without the need for traffic to be filtered through a corporate data center. More advanced security features like web filtering, anti-SPAM, anti-phishing, ATD, etc. are available through the use of third-party security appliances.
SD-WAN solutions offer built-in security features to enhance an organization’s network security to help combat typical cybersecurity concerns. These features arm a network with the tools necessary to minimize the security attack surface across the network, applications, devices, and users to ensure all aspects of the fabric are secure. One of the integral ways an SD-WAN solution achieves higher levels of security involves encryption of all packets traversing the fabric utilizing industry standard SSL/TLS techniques. Another key feature prevents unneeded data from reaching the network. This means that all packets use the shortest path available to destinations, without compromising security – SaaS traffic to well known and reputable sites can be sent directly to the destination without having to be sent through the data center, avoiding hairpinning of network traffic. At the same time, general internet traffic is inspected in real-time and automatically responded to if a threat is identified.
SD-WAN empowers organizations with the freedom to connect branches directly to a corporate data center and directly to cloud services such as SaaS applications. Connecting to cloud services has the added benefit of not requiring the traffic to route through the corporate data center.
Policy Based Management
The SD-WAN steers data based on policies (Quality of Service) configured specifically for your applications, devices, users, groups, locations and more. These polices are configured with a priority setting in which the SDWAN utilizes to prioritize the data packets and how they are dynamically routed. The policies can be configured to meet the specific business and QoS requirements. The policies enable the SD-WAN the ability to steer traffic over specific networks, based on costs, as well as prioritization of traffic based on application, such as videoconferencing of business-critical SaaS applications.
Enterprise SD-WANs supports a secure true zero-touch provisioning of edge controllers. In order to onboard a device in a remote location the only required steps are to unbox the edge controller, plug it in and connect it to the internet. The edge controllers are automatically provisioned and configured to operational status. The network administrator can setup rules and policies that will be automatically applied when a matching edge controller is onboarded.
Improved Network Performance
SD-WAN brings awareness of traffic types that traverse through your network. An IT manager can prioritize traffic from business-critical applications as well as other services such as VoIP and web-conferencing and help steer the traffic via the most efficient route, automatically. This prioritization and steering work together to allow the IT Manager to get the best out of the available network, even minimize when network links experience packet loss and latency.
SD-WAN reduces overall costs by allowing the use of low cost alternatives to expensive MPLS such as the public internet, broadband and LTE networks, allowing direct cloud access for the increasing use of SaaS applications, getting better results from available public networks by use of traffic shaping, prioritization of network traffic.
The use of SaaS applications and other cloud services are on the rise. SD-WAN facilitates cloud access throughout the network fabric, including branch offices and remote workers, which in turn removes the need to route cloud and remote traffic back through the corporate data center, thus reducing latency.