A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows companies to leverage any combination of transport services, including broadband internet services, to securely connect users to applications (video, voice, cloud-based programmes, etc).
An SD-WAN uses a centralised control function to securely and intelligently direct traffic across the WAN. This increases application performance, resulting in enhanced user experience, increased business productivity and reduced costs for IT. As such, an SD-WAN is a considered a clever way to build a WAN, particularly if you have third party connectivity and would like to connect to private clouds.
Traditional WANs based on conventional routers are not cloud-friendly. They typically require backhauling all traffic – including that destined to the cloud – from branch offices to a hub or headquarters datacenter where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity. Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premise data centers, public or private clouds and SaaS solutions such as Salesfore.com, Workday, Office365 and Dropbox, while delivering the highest levels of application performance.
How does an SD-WAN work?
An SD-WAN uses software and a centralised control function to more intelligently steer or direct traffic across the WAN. An SD-WAN handles traffic based on priority, quality of service and security requirements in accordance with business needs. The conventional router-centric model distributes the control function across all devices in the network - routers simply route traffic based on TCP/IP addresses and ACLs.
Not all cloud-bound or web traffic is created equal. Many cloud applications and their providers natively apply robust security measures. Accessing these “trusted” applications directly from the branch, across the internet provides the needed security to protect the enterprise from threats. A few examples include Salesforce, Office365, ServiceNow, Box, and Dropbox.
However, other cloud apps and web traffic may be less trusted, unknown or even suspicious, requiring more advanced traffic screening. A sample security policy might be:
- Send known, trusted business SaaS traffic directly across the internet
- Send “home from work” applications like Facebook, YouTube and Netflix to a cloud-based security service
- Backhaul untrusted, unknown or suspicious traffic such as peer-to-peer applications or traffic to or from a foreign country back to a headquarters-based next generation firewall.
The intelligence and ability to identify applications provides an application-driven way to route traffic across the WAN instead of simply using TCP/IP addresses and ACLs. This software-driven approach delivers a much better QoEx (Quality of Experience) than possible with router-centric WAN model.
With that said, SD-WAN is not going to offer the QoEx, reliability or security as a direct, private connection.