A secure dynamic VPN overlay simplifies deployment and operation by abstracting and hiding the complexity of each type of transport. IT departments should ask whether an SD-WAN solution supports all the types of transports an organization might need, and the speed of redundancy in the event of a failure. Solutions should also be scalable enough to meet future needs and support security features, such as encryption, that might be business critical.
Visibility into how in-house and SaaS applications are performing is also critical to ensuring the best user experience. You should consider what level of visibility an SD-WAN solution offers into application performance and which paths applications are taking over the network in real-time. A solution that optimizes TCP windowing, compression, object caching and content prepositioning will give you further insights into traffic prioritization and better application service level agreement, a key value in purchasing an SD-WAN solution.
One of the most common concerns about moving to software-based networking solutions is security. You should not assume data is protected over private MPLS VPNs, public Internet or cellular services. Instead, your SD-WAN solution should ensure data integrity and privacy over all WAN transports and specify what levels of encryption are supported. You should ask how automated the negotiation, renewal and revocation of IPsec encryption keys are between sites and how well the provider-facing interfaces are protected against outside attacks in areas such as scanning, penetration, and denial of service.
SD-WAN solutions can provide embedded firewall and intrusion prevention systems (IPS) and offer advanced protection to users who access the Internet directly from the branch, particularly with capabilities such as content filtering and malware protection. IT departments looking at SD-WAN security features as a top priority should also consider solutions that have been evaluated by industry or government bodies, comply with common security certifications and have a formal incident response team in place to notify customers of vulnerabilities.
The list might seem daunting, but with the SD-WAN market still young, vendor offerings are changing quickly. Taking these considerations into account will ensure that organizations new to SD-WAN will find improved performance, lowered costs and substantial security.
Sign up for CIO Asia eNewsletters.