The CIOs Guide to SD-WAN - Aryaka · SD-WAN is a potential game-changer for wide area...

N e m e r t e s R e s e a r c h G r o u p I n c . w w w . n e m e r t e s . c o m 1 - 8 8 8 - 2 4 1 - 2 6 8 5

TheCIOsGuidetoSD-WAN:Buildingthecaseforafaster,better,andcheapernetworkEmbracingLessExpensiveConnectivityMakesSD-WANaPowerfulEngineofWANSavings

MixinglessexpensiveconnectivityintotheWANcannotjustslowthegrowthofWANspendingbutactuallyreduceit—whileimprovingperformanceanduptime.

ByJohnBurkeCIOandPrincipalResearchAnalystNemertesResearch

CompassDirectionPoints:

± SD-WANcansavemoneyonconnectivity.GrowthinMPLSspendingcanbeeliminated,andannualcostsactuallyreducedbysubstitutingInternetlinksforMPLSsomeorallofthetime.

± SD-WANcanimproveuptime.Nemertesresearchdatashowa92%reductioninWANoutagesatSD-WANsites.

± SD-WANcanreduceITWANmanagementcosts.Nemertesresearchdatashowa95%reductioninWANtroubletickets.

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199

2

TableofContents

COMPASSDIRECTIONPOINTS: 1

TABLEOFFIGURES 4

EXECUTIVESUMMARY 5

THEISSUE 6

WHATISSD-WAN? 6

TYPESOFSD-WAN 7OVERLAYSD-WAN 7OVERLAY:PROS/CONS 8IN-NETSD-WAN 8IN-NET:PROSANDCONS 9

MAKINGABUSINESSCASE 9BOTTOMLINEBENEFITS 9TOP-LINEBENEFITS:BUSINESSAGILITY 10STRATEGICSUPPORTANDDIGITALTRANSFORMATION 10TOOMUCHRISK,ORRISKREDUCED? 10GLOBALWAN,REGIONALSERVICES,ANDSD-WAN 11

THENEMERTESSD-WANCOSTMODEL 11COSTCOMPONENT:CONNECTIVITY 11COSTCOMPONENT:CAPITALEQUIPMENT 12COSTCOMPONENT:TROUBLESHOOTINGANDPROBLEMRESOLUTION 13

CUSTOMIZINGTHEMODEL:MAKINGITWORKFORYOU 14SIZEANDCONVERSIONPERCENTAGE 14CARRIERSERVICEOPTIONS 14CAPITALEQUIPMENTSHIFTS 15SD-WANAPPLIANCETYPE 15SITETYPES 15

MODELOUTPUTS 16SD-WANVSCLASSICALWAN 16OVERLAYVSIN-NETSD-WANSAVINGS 17

SD-WANUSECASES 18USECASE1:BENDINGTHECOSTCURVEONRESILIENCE,GROWTH 18

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 3

USECASE2:OPERATIONALEFFICIENCYFORITANDTHEBUSINESS 19USECASE3:BUSINESSAGILITYVIASMARTERBRANCHING(FASTERISBETTER) 20

CONCLUSIONANDRECOMMENDATIONS 20


4

TableofFiguresFIGURE1:SD-WANWITHMESHANDHUB/SPOKEVIRTUALWANS...................................................................6FIGURE2:OVERLAYSD-WANARCHITECTURE.............................................................................................................8FIGURE3:IN-NETSD-WANARCHITECTURE..................................................................................................................8FIGURE3:SD-WANMODELVARIABLES..........................................................................................................................14FIGURE4:MODELINGCONNECTIVITYTOTYPICALSITES.....................................................................................16FIGURE5:MODELOUTPUTS.................................................................................................................................................17FIGURE6:USECASE#1—BETTERBACKUP..................................................................................................................18FIGURE7:USECASE#2—MOVINGAWAYFROMMPLS...........................................................................................19


ExecutiveSummarySD-WANisapotentialgame-changerforwideareanetworking—onthesamelevelasservervirtualization,whichtransformeddatacentersoverthelast10years.SD-WANcombinestheuseofmultipleactivebranchlinks,intelligentdirectionoftrafficacrossthoselinks,andcentralized,policy-drivenmanagementoftheWANasawhole.Theabilitytoleveragemultiplelower-costservices(includingInternetand4Gwireless)aswellastraditionalserviceslikeMPLSholdsthepromiseoftransformingIT’srelationshiptotheWANandtheWAN’srelationshiptothebusiness.

Transformationalpotentialisnotenough.IThastobuildacompellingbusinesscaseformakingthetransition.Thebaseofthecasemustbecost.NemerteshasdevelopedandvalidatedanSD-WANcostmodelthatenablesenterpriseuserstobuildthatbusinesscase.Theshortversion?SD-WANdeploymentscancutmillionsfromlargeWANservicebills.ButconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings;byprovidingcheaperandmoretransparentandautomaticfailoverwhenWANlinksfail,SD-WANcanreducebranchWANoutagesandtroubleshootingcostsby90%.

ForITandnetworkingprofessionalsthemessageisclear:nowisthetimetotakeacloselookatyourWANarchitecture,withtheaimofidentifyinglocationsthatcouldbenefitfromhigherbandwidth,lowerrates,increasedreliability,orallthree.ModelthecostofstickingwiththecurrentarchitectureandcomparethatagainstatleasttwoSD-WANsolutions.IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscasebasedonthem,aswellasotheroperationalsavingsandanybusinessvalueassignedbythebusinesslinestofasterbranchturn-up.


6

TheIssueIntheclassicengineer’sformulation,“Youcanhaveitcheaper,faster,orbetter…picktwo.”Fromtimetotimenewtechnologycomesalongand,bychangingthebasicassumptionsunderlyingexistingsolutions,managestobecheaperandfasterandbetterallatonce.SD-WANpromisestohitthetrifecta.BychangingtheunderlyingassumptionsabouthowyouconnectabranchtotheWAN(and,indeed,whatconstitutesabranch)itoffersthechanceofimprovingagility(i.e.beingfaster)andperformanceandreliability(i.e.beingbetter)whilealsoreducingcosts.BuildingabusinesscasefordeployingSD-WANinvokesallthreebenefitsbutrestsmostlyonthestrengthofsavings,whetherintheformofexpectedcostincreasesavoided,orasactualcostdecreases.

WhatisSD-WAN?Let’sstartfirstwithdefinitions.Software-DefinedWAN,orSD-WAN,incorporatesseveralkeyconcepts:

• Abstractionofedgeconnectivity:Makingalltheconnectionsintoalocationusefulasasinglepoolofcapacityavailabletoallservices.

• VirtualizationoftheWAN:OverlayingoneormorelogicalWANsonthepoolofconnectivity,withbehaviorandtopologyforeachoverlayWANdefinedtosuittheneedsofspecifictypesofnetworkservices,locations,orusers.

• Policy-driven,centralizedmanagement:KeytoanSD-WANistheabilitytodefinebehaviorsforanoverlayWANandhavethemimplementedacrosstheentireinfrastructurewithoutrequiringdevice-by-deviceconfiguration.

DC

BranchRTR

BranchRTR

BranchRTR

Internet

MPLSCarrierCore

SD-WANRTR

MeshWAN

SD-WAN

SD-WAN

SD-WAN

Hub-and-SpokeWAN

Figure1:SD-WANwithMeshandHub/SpokeVirtualWANS


• Flexibletrafficmanagementforperformanceandsecurity:SD-WANscanoptimizetrafficinmanyways;foremost,theycanselectivelyroutetrafficacrosslinksbasedoncriteriasuchaslinkperformance.

TypesofSD-WANTherearetwokeywaystoprovidetheseservicesinaWAN.Nemertescallstheseoverlayandin-netSD-WAN.

OverlaySD-WANInanoverlaySD-WAN,thenewSD-WANappliancesaredeployedonanexistingroutednetwork,eitherbehindtheroutersorreplacingthemasthebranchconnectiontotheWAN.SD-WANappliancescanalsocollapsethetypicalbranchstackbyreplacingotherbranchWANappliancessuchasoptimizersandfirewalls.MorethanadozencompaniessellSD-WANappliances,bothphysicalandvirtual(whichallowextensionoftheSD-WANintopubliccloudspacessuchasAmazonEC2orGoogleComputeEngine).Someareintendedtoreplacerouters,sometoridebehindthem,otherscanfilleitherrole,andenterpriseITstaffneedtocarefullyevaluateeachagainsttheirspecificneeds.Forexample,thosewithanagingrouterplantbutmostlyMPLSandCarrierEthernetorbroadbandlinksmayfindrouterreplacementveryattractive.ThosewithalotofolderT1orT3connectionsthatcan’torwon’tbereplacedwithEthernetmaywanttokeeptheirexistingroutersinplace,toterminatetheolderconnectivity,whileusingtheSD-WANsolutiontosupplementitwithwiredor3G/4Gbroadband.

MPLS Carrier Core

Branch

DC

Branch

Inte

rnet

SD-WAN

Encrypted tunnels Optionally encrypted tunnels

SD-WAN

SD-WAN


8

Figure2:OverlaySD-WANArchitecture

Overlay:Pros/ConsIntheoverlayscenario,SD-WANappliancescomprisealayerofenterpriseinfrastructuredistinctfromtheWANconnectivitytheymanage,allowingITtoeasilyaddandremovenetworkserviceprovidersandlinktypes.Thisgivestheenterprisemaximumflexibilityonconnectivityservices,butincurstheburdenofmanagingthesolutionitself.Thisistypicallylesstroubletomanagethantheold-schoolrouterplant,andcanevenhelpmakeroutermanagementeasierwhereroutersstayinthepicture,butisstillasignificantoperationalresponsibilityforIT.

In-NetSD-WANIncontrast,in-netSD-WANtiestheSD-WANfunctionalitytotheconnectivityservices.Thesefunctionsmayallbeprovidedintheserviceprovider’sedgeandcoreinfrastructure,withthebranchusingatraditionalroutertoconnecttotheprovider’snearestpointofpresence.Or,someorallfunctionsmaybeprovidedon-premisesviaappliancesunderserviceprovidermanagement;thispushesworkoutoftheserviceprovider’sinfrastructureandalsoallowsoptimizationoflast-mileconnectivityviacompression.

Figure3:In-NetSD-WANArchitecture

In-netSD-WANcanbetiedtoNetworkFunctionsVirtualization(NFV),withthevariousfunctionsprovidedbyseparate,cooperatingVirtualNetworkFunctions

SD-WAN Service Cloud

Branch Branch

DCSD-WAN

Internet

Encrypted tunnels

SD-WAN SD-WAN

PoP


(VNFs)dynamicallydownloadedtotheon-premisesdevice(wherethereisone)orchainedintothetrafficpathinthecarrierinfrastructure.Thisopensthepossibilityoftheon-premisesdevicebeingwhite-box/genericratherthanbespokefortheservice,decreasingvendorlock-insomewhat.

In-Net:ProsandConsThetrade-offforhandingoffthemanagementburdenfortheSD-WANisthelossofautonomywithrespecttoconnectivity.Inthein-netscenario,youcan’tnecessarilymixandmatchlinksfromdifferentvendorsfreely.ThenewlevelofWANfunctionalityistiedtothein-netSD-WANprovider,afterall.Ifyouhavetroublegettingconnectivitytoallyoursitesfromasingleprovider,thatbecomesanissue.Likewiseifyouwanttohaveproviderdiversityforyourbranchconnectivity,aswellaspathandlink-typediversity:thatis,youwanttohaveeachbranchhavealinkfromatleasttwodifferentproviders,e.g.oneforMPLSandadifferentoneforInternet.Thein-netSD-WANproviderhastoallowfor(andpotentiallypartnerwith)theotherprovidersyouwanttouseinorderforyoutofoldinlinksfromthoseothervendors.Thissharplylimitsenterprisechoiceinthematter.

MakingaBusinessCaseBottomLineBenefitsFirstandforemostinthebusinesscasemostSD-WANuserswillbuildiscostsavings,andthemainsourceofhard-dollarcostsavingsinSD-WANisthesubstitutionoflower-costconnectivityinplaceofmoreexpensivekinds.Theorganizationmightbelookingforimmediatesavings.Inthatcase,thegoalwillbetodecreaseabsolutespendingonconnectivity.ThiscanbeaccomplishedbyreplacingMPLSorotherrelativelyexpensiveconnectivity(atleastasreckonedonacost-per-Mbpsbasis)infavorofalessexpensiveoption:replacingsomeMPLSlinkswithbusinessInternetservices,orevenconsumer-gradebroadband.Or,theorganizationmightbelookingforsavingsoveralongertimeframe—lookingto“bendthecostcurve”fortheirWANastheyprojectcurrentgrowthtrendsintothefuture.Inthiscase,theymaychangelittleornothingintheircurrentuseofMPLS,forexample,butshiftallgrowthtoothermedia.Fully78%oforganizationsdeployingSD-WANhavenoplantocompletelydropMPLSfromtheirWAN.However,mostintendtoreduceandrestricttheiruseofit,ifnotimmediatelythenoverthenextfewyears.


10

Top-LineBenefits:BusinessAgilitySpeedhasvalueinbusiness.Forthegrowingnumberofbusinessesadoptinga“getclosertothecustomer”approachtotheirphysicalstorefronts,thatspeedcanbemeasuredinpartbyhowmanydaysittakestoturnupanewbranch.SD-WANcanradicallyalterthatnumber.Mostsolutionsallowfreemixtureofdifferentkindsofconnectivity.Consequently,anewlocationcanbebroughtupwithwhateverformofconnectivityismostreadilyavailable,beitcableorDSLoreven4G/LTE,andcanbecomeonlineinunderaweek,evenwithinadayofreceivingitsendpointequipment.Contrastthatwiththeusual30tomorethan90daystoconnectupanewbranchusingtraditionalapproaches.AnotherformofagilitythattheSD-WANapproachlendsitselftoisrapiddeploymentofnewWAN-basedservices.Centralized,policy-basedmanagementoftheWANasawholeallowsrapidreconfigurationtosupporttheadditionofnewservicesaswellaschangesintheprioritizationoftheapplicationportfoliooverall.Thebusinesslinesresponsiblefornewbranchoperationscanlikelyputadollarvalueoneveryadditionalweekorevendayofoperationsforanewlocation.ITshouldbereachingouttothemforthatinformationinconstructingthebusinesscase.Likewise,theywillhaveputavalueonthebenefitsofdeliveringthenewservicestheyarepursuing,andITshouldreachouttogetthatinformationforanyinitiativesplannedforthenearterm.

StrategicSupportandDigitalTransformationThatrapiddeploymentandintegrationofnewservicesisinturnthecornerstoneofanotherlevelofvaluetoconsiderinabusinesscase:supportforstrategicinnovationsandespeciallyDigitalTransformation(DT)efforts.ManyDTinitiativesrevolvearoundnewusesofreal-timecommunicationstointeractwithcustomersandprospects.Others,aroundinsertionintotheenvironmentofnewtechnologiesthatgeneratestreamsofdatathatflowbacktothedatacenterorouttothecloud—sensors,digitalsignage,locationtrackingdevices.Ineithercase,theWANbecomesthechannelbywhichDTdataflowstoandfrombranches,andSD-WANprovidestheabilitytoswiftlyaddnewflowstothemixwithouthurtingperformanceforwhatisalreadythere,aswellastoeasilymeetnewbandwidthdemandsusingmoreaffordableconnectivity.

TooMuchRisk,orRiskReduced?SD-WANsolutionscanalsocontributetothesecurityofanorganization.AlthoughtheymakeitpossibletomoreeasilysendtrafficdirectlytotheInternetfromthebranch,avoidingbackhaulsthroughthedatacenter,mostbuildfirewallfunctionalityaroundthat,andallallowforcarefulselectionofwhichtrafficis


allowedtoflowdirect.Forexample,policycanallowtraffictoandfromOffice365orSalesforcetogodirect,whileotherweb-boundtrafficisnot.And,onanotherfront,creatingaholistically-managedWANusingproviderendpointsallowstheorganizationtoeasilyandreliablykeeptheendpointscurrentonallsecurity-relatedupdatesandpatches.MostorganizationsarereluctanttoapplypatchesandupdatestoalltheirWANrouterstoofrequently,sincetheyhavetoinvestsignificantstaffhoursinpushingoutpatchesbranchbybranch,anddoingsousuallyinvolvesaninterruptioninservices.Toomanyorganizationsapplypatchesandupdatesonlywhentheyhavenootheroption,ratherthanwheneveroneisavailablethatwilltightenupsecurity.Asystemintendedtoallowno-down-time,comprehensiveupdatingchangesthisdynamicentirely,andimprovestheoveallsecuritypostureoftheorganization.

GlobalWAN,RegionalServices,andSD-WANLastly,SD-WANcanmakeiteasierfortheorganizationtospinupnewbranchesanywheretheyneedto,globally,bydeliveringaconsistentsetofserviceswhiletakingadvantageofwhateverlocalconnectivityoptionsareavailable.In-netSD-WANcanenjoyaparticularadvantageinthisscenariobyusinganoptimizedbackbonetodeliver“middle-mile”optimizationsindependentoflocale,avoidingtheunpredictabilityofmulticontinentalInternetperformance.Bringinggreaterconsistencyaswellasbetterperformancetobothin-houseandSaaSapplicationscanboostproductivityglobally.

TheNemertesSD-WANCostModelTheNemertesmodelincorporatesthreekeycostcomponentsoftheWANandofSD-WANsolutions:connectivity,capital,andoperations.Itisbuilttosupportmultipledecisionpointsinregardstoeach.

CostComponent:ConnectivityInassessingcostsforanyWANarchitecture,circuitandservicecostsrepresenttheoveralllion’sshare.And,asnoted,thelargestpieceofcostsavingsfromSD-WANcomesfromchangesincircuitandservicecosts.Whetheroverlayorin-net,thefundamentalconceptbehindSD-WANistouseanyavailablenetworkroutesthatdeliveranapplication’srequiredqualityofservice;wherebigcheapInternetlinksareavailable,alotoftrafficwillshiftontothemoffmoreexpensiveMPLSlinks,whichcanshrinkorgoaway.ThisprovidesITwitharangeofoptionsforaddingbandwidth,andletsnetworkprofessionalstakeadvantageofthefullrangeofoptionstomeettheneedsoftheirparticularmixofservices,sitetypes,andusecases.


12

Dependingontheorganizationanditsapplications,thatmaymean:• Routingunifiedcommunicationsandotherreal-timetrafficoverMPLSwhile

shiftingotherapplicationtraffic,filetransfers,andotherlatency-insensitiveapplicationstobusinessorconsumerInternetservices(whichcostupto10timeslessthancomparableMPLSservices)

• RoutingallapplicationsacrossMPLSwhereavailable,andusing4Gwirelessasbackuporforoverflowtraffic

• ShiftingallapplicationsfromMPLStobusinessorconsumerInternetservicestomaximizecostsavings,withacoupleofprovidersperbranchsothesolutioncanstilltakeadvantageofdifferencesinperformancereachingvariousservicesacrossthevendors’respectivenetworks

Soatthecoreofourcostmodelisthe“circuitcosts”component,whichincludesallservicesthatanenterprisehasinthe“beforeSD-WAN”stateandthoseitwillhaveafterdeployingSD-WAN,including:

• MPLScircuits:TraditionalMPLSserviceswithSLAandpossiblymultiplelevelsofQoS

• BusinessInternet:InternetservicesprovidedwithanSLAandsymmetricalservice,i.e.thesamebandwidthuptotheInternetanddownfromit

• ConsumerInternet:Consumer-gradeInternetservices(althoughalsotypicallyprovidedforsmallerbranchoffices)whichdon’thaveanSLAandmay,ifbasedoncableorDSL,beasymmetrical,withlowerbandwidthfortrafficgoinguptotheInternetthanfortrafficcomingdownfromit

• 4GorLTEwireless:Broadbandwirelessservicesusuallyusedasinitialconnectivityinanewbranch,orasbackuporoverflowcapacityforanestablishedbranchwithotherconnectivityavailable

CostComponent:CapitalEquipmentGivenhowlarge,comparatively,thespendingonconnectivityis,withalongenoughreplacementcycle(5to7years,althoughcostsareusuallyamortizedover3to5years)thecostofcapitalequipmentcanseeminsignificant.Evenasthebranchstackhasgrownfromjustaroutertoincludealsooptimizationandfirewalls,thiscanstilllooktrue.Thatis,itcanseeminsignificantifyouhaveeasyaccesstocapitalfunds.However,manyorganizationsfindcapitalfundsincreasinglypinched.That,coupledwithanacceleratingpaceoftechnologychangemakesabigupfrontinvestmentinalongreplacementcycleuntenable,fornow.So,theimpetusistoreducecapitalspendbyconsolidatingthestackintoasinglebox;ortoshiftcostsfromcapitaltooperatingexpenses.SD-WANappliances,especiallythenewestgenerationonesusedbycarriersandserviceprovidersintheirin-netsolutions,areintendedtobeabletoreplaceroutersandfirewallsandsomefunctionsofWANoptimizers,whetherviaintegralfunctions


ofaunifiedappliance,or,intheNFVscenario,viarouter,firewall,oroptimizationVNFsrunalongsidethecoreSD-WANVNF.Inotherwords,anapples-to-applesbefore-and-aftercomparisonofcapitalequipmentmightinclude:

Ormanyothercombinations.Themodelaccommodatesselectinghowmanysiteshaveaseparatefirewallbeforethetransition,andhowmanyafter;likewiseWANoptimizers.Webundlebothsoftwarelicensingcostsandamortizedhardwareintoasinglelineitem.

CostComponent:TroubleshootingandProblemResolutionAlthoughtheyfeelkeenlythefactthattheyhavetoomuchtodoandtoolittletimeinwhichtodoit,networkprofessionalsusuallydon’tknowexactlyhowmuchtimethey(andtheirteams)spendintroubleshootingandresolvingWANproblems.That’sbecauseteamstypicallywearmultiplehats,andoutagesandissuesoccurrelativelyinfrequentlyinmostWANs.Overthecourseofayear,anetworkengineermightestimateshespends75%ofhertimeonupgradesandnewinstallations;10%ofhertimedoingarchitectureandplanning;andtheremainderontroubleshooting.Butunlessthecompanysheworksforisexceptionallyobsessiveabouttime-tracking,there’snowaysheknowsthis.Andwhensitesdoexperiencesignificantconnectivityissues,solvingtheproblemisparamountandtime-trackingwhatgoesintoitisnot;resolutionpushesasidenormalworkandofteninvolvesafter-hoursandweekendworkthatisrarelytrackedandaccountedforaccurately.Whatwefoundinresearchforthecostmodel,aswellasinthe2016CloudandDataCenterBenchmarkresearch,isthatregardlessofhowmuchtimenetworkengineersinvestintroubleshootingandproblemresolution,thatnumberdecreasedbyroughly90%withdeploymentofSD-WAN.Thatmayseemcounter-intuitive,giventhatwithSD-WANnetworkarchitectsareintheoryputtingless-reliableInternetlinksintheroleofprimaryconnectivitybeside(orinplaceof)morereliableMPLSlinks.However,inpractice,mostusecasesinvolvemovingfromsingleMPLSconnectionstopoolsconsistingofMPLS-plus-Internetormultiple-Internetconnections—andaconsequenceofmovingtomultipleconnectionswithtransparentfailoveristoreduceoreliminatetheimpactofanysinglelinkhaving

Before:• Hardwarerouter• HardwareWANoptimizer• Nofirewall• NoSD-WANappliance

After:• Softwarerouter(VM)• SoftwareWANoptimizer• Softwarefirewall(VM)• SD-WANappliance


14

problems.TheSD-WANtechnologyhappilyreroutestrafficoverthegoodlink(s),andsimplyresumesusingthelinkthatwentdownassoonasitisbackup.Whenthere’saserviceoutagewithasingleMPLScircuit,networkengineersneedtodropeverythinganddealwiththeoutageuntilthesiteisbackup.Butwhenacircuitgoesdownandothercircuitstakeitsplace,it’snotreallyanoutage,it’smerelyaservicedegradation,andnotanemergency.Andgiventhatsuchoutagesareusuallytemporaryandself-correcting,oftennoactionbyITisrequired.

CustomizingtheModel:MakingItWorkForYouSizeandConversionPercentageForacostmodeltoapplytoanygivenenvironment,usersneedtobeabletocustomizeittoreflecttheircurrentenvironmentandplannedchanges.Thisabilityiskeytoconducting“what-if”analyses:determiningwhichoptionsmakethemostsenseforagivendeploymentscenario.Toenablecustomization,Nemertesfocusedonafewkeyvariables.(PleaseseeFigure2.)Firstandforemost:theWANsize(numberofsites)andthepercentageoftheWANconvertedtoSD-WAN,becauseSD-WANdoesn’thavetobeallornothing.Userscaninputboth,andseehowtheresultschange.

Figure4:SD-WANModelVariables

CarrierServiceOptionsThenextmostimportantvariableinthecostequationis,asnotedabove,thecostofconnectivityservices.Thiscomprisesmultiple,separatevariables:Whichproviderisdeliveringservices,andwhichservices—MPLS,businessInternet,consumerInternet,andLTE—areinuse,andathowmanysites.Themodelallowsuserstoselect“before”and“after”optionsforservicetypes,andtodefineconnectivityprofilesforafewcommonbranchscenarios(seebelow).Thecostforthoseserviceswilldrawfromoneofthreesources:

How many sites on WAN? 100Carrier GenericPercentage of sites converted to SD-WAN 100%Percentage with full firewall before 5% 3 yearsPercentage with full firewall after 25%Percentage with WAN otimization before 50%Percentage with WAN otimization after 0%

Solution selected

WAN Variables SDWAN Other (e.g. VeloCloud or Viptela)

Amortization Period

Percentage routers replaced by SD-WAN appliance

80%

Your Input: Describe Your WAN Now and the WAN You Want


• Specificcarriercosts.Networkprofessionalswhoworkwithaspecificcarrier,orwhoareconsideringselectingthatcarrier,canselectthatprovider’scostsfortheoptions.

• Specificenterprisecosts.Networkprofessionalswhoknowtheirowncostsforservicescanplugthosein,andhavethemodelcompareconfigurationsbasedontheactualcostspaidforservices.

• Genericcosts.Networkprofessionalswhodon’tknowtheirowncostsandaren’tfocusingonaspecificcarriercanleverageanaverageofbenchmarkandsurveydatacollectedbyNemertes.Thesearepaidcosts,notlistprices,sotheyprovidearealisticsenseofactualmarketcosts.

CapitalEquipmentShiftsWealsoenableuserstoindicatebeforeandafterscenariosforcapitalequipment.Theseinclude:

• Routerreplacement.Asindicatedabove,somesolutionsallow(andevenencourage)routerreplacement.Atleastonemayrequireit(i.e.forin-routerSD-WANrequiringanewenoughroutertosupportit).Removingabranchrouterreducescapital,management,andmaintenancecosts.

• Branchfirewalls,pre-andpost-transition.AsignificantappealofSD-WANistheabilitytosendcloud-boundtrafficdirectlytothecloudratherthanroutingitbackthroughadatacenter;deployingmoreDirectInternetAccess(DIA)inbranchesmeansdeployingmorefirewallstosecurethoseconnectionpoints.SomeSD-WANsolutionsprovidestrongfirewallfunctionality,othersdon’t,andinsomecasesITwillwanttodeployastandalonenomatterwhat,asamatterofpolicy.

• WANoptimizers,pre-andpost-transition.Betweenincreasesinusablebandwidth(withconsequentdecreaseincontentionforcapacity)andtheabilityofSD-WANappliancestosupplycrucialWANoptimizationfunctionssuchasprioritizationandrouteoptimization,enterprisesoftenhavenoongoingneedforaseparateoptimizationapplianceinanSD-WANsite.

SD-WANApplianceTypeAlthoughthetypeofSD-WANappliancedoesn’taffectthecostofadeploymentdramatically,weletusersselecttheSD-WANappliancestheyareconsideringaspartofthemodeling.ThisisaparticularlyusefulcapabilitywhenitcomestocomparingoverlaySD-WAN(forwhichusersmustpurchasetheirownSD-WANappliances)within-netSD-WAN(inwhichprovidersdeliver,andmanage,theapplianceaspartoftheservice).

SiteTypesLastly,theNemertestoolallowstheusertodescribetheorganization’smostcommonsitetypesintermsoftheircurrentconnectivityprofileandtheprofilethey


16

wouldliketoshifttoviaSD-WAN.(PleaseseeFigure3.)Sitetypescanrangefromalargeheadquartersordatacentertotypicalmidsizebranchofficestosmallbranchesorevenkiosksorotherunstaffednetworksites(e.g.anATMoraRedBoxorsimilarnetwork-connectedvendingmachine).

Figure5:ModelingConnectivitytoTypicalSites

ModelOutputsThemodel’sgoalistodeterminenotonlywhetherSD-WANcandelivercostbenefits,butparticularlywhatsortofSD-WANisoptimal:overlayorin-net.

SD-WANvsClassicalWANAsoutputs,themodelcomparescurrentcostswithSD-WANcosts,modelingbothanoverlayandanin-nettransition.(PleaseseeFigure4.)

Per-Site Variables Site Type 1 15% Site Type

2 30% Site Type 3 50% Site Type

4 5%

Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100

Commodity Internet LTE

Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS Business Internet Commodity Internet LTE


Figure6:ModelOutputs

Thisprovidesnetworkprofessionalswiththeopportunitytogaintwopiecesofinsight.First,howmuch(ifany)willconvertingtoSD-WANsave?Andsecond,whichtypeofSD-WAN—overlayorin-net—savesmost?

OverlayvsIn-NetSD-WANSavingsWhichsolutiongeneratesgreatersavingsdependsonthetransitionscenariosenvisioned.Currently,userswillbemostlikelytoseein-netSD-WANgeneratinggreatersavingsinscenarioswhereMPLSconnectivityisleftintactandnoconsumerbroadbandisaddedtothemix.WhenconsumerservicescomeintoplayandMPLSuseisscaledback,overlayusuallytakesthelead.Itisimportant,though,tokeepinmindthattheattractionofoutsourcingabigpartofSD-WANmanagementviaanin-netsolutionmayoutweighsmalldifferencesinsavings.Someorganizationswouldthinktheprospectofsaving20%overcurrentspendinglevelsandoffloadingmanagementmoreattractivethansaving30%andkeepingit;offloadingtheworkfreesstaffuptoaddvalueinotherways.

Classic WAN (MPLS)

$1,884,162$477,350$8,827

$2,370,339

Cost Component SD-WAN In-Net SD-WAN

Annual Circuit Costs $1,335,627 $1,335,627Annual Capital/Licensing $298,300 $359,100Annual Troubleshooting $883 $88

Total Cost $1,634,810 $1,694,815Savings over classic model $735,529 $675,524

Nemertes SD-WAN Cost Model and Business Value Analysis

Overlay SD-WAN vs In-Net SD-WAN

Cost Component

Annual Circuit CostsAnnual Amoritized Capital/Licensing CostsAnnual Problem-Resolution Costs

Total Cost

Cost Analysis: Classic WAN (MPLS)


18

SD-WANUseCasesUseCase1:BendingtheCostCurveonResilience,GrowthMostWAN-connectedbranchesofsignificantimportancehaveaprimarylink(typicallyMPLS)andabackuplink(usuallyanIP-VPNrunningacrossanInternetlink).Undernormalcircumstances,theyuseonlytheprimarylink.If,andonlyif,thatprimarylinkfailswilltheyusethebackuplink,andtheywillusethatonlyuntilserviceontheprimaryisrestored.Usually,thefailoverbetweenprimaryandsecondaryisslowenoughtobreakallnetworksessionscurrentlyrunningtoorfromthebranch,bootingpeopleoutofconferencesandhangingupvoiceorvideocalls,terminatingsessionsoncoreapplications.Inalltoomanycases,itwillbemanualandrequireWANstafftimetoexecute.Thewholedramaisreplayedwhentheprimarycomesbackupandservicesaremovedbacktoit,unlesstheWANstaffwaituntil“afterhours”tomaketheswapback—typicallystillpenalizingstaffwithpoorerWANperformance(andpenalizingthemselveswithafter-hourswork).ThepresenceofunusedbackuplinksisoneofthechiefavenuesbywhichSD-WANsolutionscanprovidevaluequickly.UsingNemertes’SD-WANTCOTooltomodelvariousscenarios,itiseasytoseethatevensomeonemakingthemostconservativechoicesaboutconnectivity—e.g.keepingexistingMPLSlinksinplaceandatcurrentspeeds,andusingonlybusinessInternetcan,bymakingactive/activeuseofexistingIP-VPNlinkstodoubleavailablebandwidth,offsetbigspendingincreasesassociatedwithbigbandwidthincreases.Forexample,considera100-siteWANspending$1.88MayearonMPLSandbackupInternet.Doublingthespeedtothebranchesresultsina35%costincrease,to$2.54M,usingtheconventionalprimary-plus-failoverarchitecture.(PleaseseeFigure5.)Switchingtohot/hotuseofbothoriginallinksviaSD-WANinstead,doublingeffectivebandwidthwithoutactuallyincreasinglinkspeeds,avoidsthathugeaddedcost.

Figure7:UseCase#1—BetterBackup

DecreasingMPLSportspeeds(butretainingMLPSasacoretechnology)andshiftingsomesmallerlocationsoffitentirely,caneasilydecreaseconnectivitycostsby



4 5%



Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 100 1 20 1 10 2 100Business Internet 1 100 1 20 1 10 2 100Commodity Internet LTE


nearly30%,to$1.33M.(PleaseseeFigure6.)Moreradical(andconsequentlyriskier)shiftsoffMPLScandrivesignificantlydeepersavings.

Figure8:UseCase#2—MovingAwayfromMPLS

UseCase2:OperationalEfficiencyforITandtheBusinessInadditiontoprovidinglowercostformoreconnectivityforbrancheswithduallinksalready,fullyleveragingInternetlinksviaSD-WANgivesmanyotherbranchessomethingtheynevercouldaffordbefore:resilience.ManysmallandmidsizebrancheshaveonlyasingleMPLSlinkandnobackup,orasingleInternetVPNlink.Forsuchbranches,thecostofasecondlinkusefulonlywhenthefirstfailedwasseenasunjustifiablewhencomparedtothecostofdowntime.ButbyfullyexploitingasecondInternetlinkassoonasitisavailable,SD-WANmakesinvestinginthesecondlinkpartofagrowthandperformancestrategyatthesametimethatitprovidesbusinesscontinuity.SD-WANlowersthebarrierstoinvestinginredundancyandimprovesenterpriseuptimeevenfurtherasaresult.

Andofcourse,whenabranchhasmultipleactivelinksandintelligenceinhowtheyareused,difficultiesonanyonelinkhavelessimpact.Branchesexperiencelessdowntime,abouta90%reductioninNemertes’2016CloudandDataCenterBenchmarkdata.Thiscanrepresentenormousimprovementsinproductivityforbrancheswithpoorconnectivitycurrently.Suchimprovements,whichmostbusinessacknowledgeexisteventhoughtheyhaveahardtimequantifyingthem,shouldbementionedasancillarybenefitsinanySD-WANbusinesscase,eventhoughtheyaregenerallynotenoughtodriveapprovalofadeploymentinandofthemselves.

Similarly,anSD-WANbusinesscaseshouldmentionITtimesavings,aswell.Whenlinkproblemsdon’thavediscernibleimpactonusers,theurgencyoftroubleshootingtheissuesdecreases.Giventhatmostsuchproblemsaretransitory,ITcurrentlyengagesinalotoftroubleshootingonWANissuesthateventuallyjustresolvethemselves.Bymakingmostlinkissuesnon-eventsfortheusersandthebusiness,aswellasbyprovidingintelligenceontheexactnatureandtimingofthe



4 5%



Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 30 1 5 2 100Business Internet 1 100 1 20 1 5 2 100Commodity Internet 1 5LTE


problems,SD-WANcandriveasmuchas90%reductioninWANtroubleshootingtime,accordingto2016CloudandDataCenterBenchmarkdata.

UseCase3:BusinessAgilityviaSmarterBranching(FasterIsBetter)It’simportanttotrackanother“soft-cost”improvementofSD-WAN:businessagility.ForWANs,thisaspectof“faster”boilsdowntoonething:branchleadtime,thelengthoftimeittakestolightupanewnetworksite.ForMPLSnetworks,ITexecutivesbemoanlengtheningleadtimes,whichformanyofthemhavecreptupfrom30to60dayseightyearsagoto90to120now.BycontrasttheycanoftenprovisionwiredInternetserviceinaweekortwo;LTE,inadayortwo.Withbusinessagilityonmanyminds,thisisnosmallimprovement.Youcan’tbuildthebusinesscaseonit,usually,buteverybusinesscaseshouldmentionit.And,ifthereisanexplicitcorporatestrategybuiltaroundanimblerbranchstrategy,thebusinessmayhavedonetheworkofquantifyingthevalueofeachdayshavedofftheleadtimeforlightingupanewbranch,andITshouldleanheavilyonthatinbuildingtheSD-WANbusinesscase.

ConclusionandRecommendationsSD-WANcombinesactiveuseofmultiplebranchlinks,intelligentdirectionoftrafficacrossthoselinkstoprovidebetterperformance,security,andreliability,andcentralized,policy-drivenmanagementoftheWANasawhole.ItholdsthepromiseoftransformingIT’srelationshiptotheWANbysimplifyingmanagementofcomplexbehaviors,promotingresilienceandcontinuityofservice,empoweringmorenimblebranchstrategies,andradicallydecreasingthecostofmeetingrisingbandwidthandperformanceneeds.Asalways,IThastobuildacompellingbusinesscaseformakingatransitionlikethis,especiallywhereanup-frontinvestmentwillberequired.

Thebaseofthecasemustbecost,and,basedonNemertes’SD-WANcostmodel,savingsshouldbeeasytocomeby.ThebiggestcostcomponentintheenterpriseWANistheconnectivity,andSD-WANcandrivemajorsavingsonconnectivityinacoupleways:preventingthemajorcostincreasesassociatedwithmajorbandwidthincreases,bymakingalllinkstoasiteusablesimultaneously;andallowingactualspendingreductionsbymeansofsubstitutingless-expensiveInternetbandwidthforsomeorallofanenterprise’smore-expensiveMPLS.

Note,though,thatconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings.Bymakingredundantlivelinkscheapertodeployandmakingfailoveramonglinkstransparenttoendusers,SD-WANcanreducebothWANoutagesandWANtroubleshootingcostsby90%.


ITstaffshould:• Assesstheamountofbackupbandwidthyouarepayingfornow—thelinks

onlyavailableasfailoverconnectivityintheeventanMPLSlinkfails.• AssessyourdemandcurveforWANandInternetbandwidth:determinehow

theconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesandroadmapsforUC,collaboration,andotherapplicationorservicerollouts.

• Modelthecostofstickingwiththecurrentarchitecture,goingoutatleastthreeyears.

• EvaluateatleasttwoSD-WANsolutions,overlayorservicebased,andmodelthecostofswitchingtothem.

• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementsyouexpecttorealize.

• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranches;businesscircuitsmayhavebuiltasignificantportionofthebusinesscaseforyou.

AboutNemertesResearch:NemertesResearchisaresearch-advisoryandconsultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].

Aryaka, the Cloud-First WAN company, brings agility, simplicity and a great experience to consuming the WAN-as-a-service. An optimized global network and innovative technology stack delivers the industry’s #1 managed SD-WAN service and sets the gold standard for application performance. Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning. The company’s customers include hundreds of global enterprises including several in the Fortune 100.

Give it a try to experience the benefits for yourself. Sign up for a free trial.Questions? Email [email protected] or

give us a call at 1.877.727.9252.

For information on other products, services, use cases or customer success, visit www.aryaka.com.

mailto:[email protected]

http://www.aryaka.com

Date post:	22-May-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

The CIOs Guide to SD-WAN - Aryaka · SD-WAN is a potential game-changer for wide area...

Documents