Know Before You Go: SD-WAN
Created by my Son using DALL.E

Know Before You Go: SD-WAN

BLUF: Bottom Line Up Front

SD-WAN is a flexible, software-defined network solution that enhances WAN connectivity by optimizing multiple connections and improving application performance. It has become essential as traditional MPLS and VPNs struggle to keep pace with hybrid operations, moveable workloads, and evolving technologies like AI and Edge Computing. While SD-WAN provides significant advantages, organizations must carefully plan and test deployments to ensure it integrates effectively with their network and security infrastructures.

Quick Orientation

Definition

Software Defined - Wide Area Network.  SD-WAN is in the family of Software Defined network which aims to provide a flexible software controller experience that acts as a configurator of connections as needed and adjust to meet business or performance requirements.

Key Characteristics

  • Normally used for WAN connections ( commodity Internet access) [Broadband, 5G, Ethernet, Satellite, etc. really anything that speaks ethernet]
  • Designed to aggregate and discriminate between multiple WAN connections to use them in the best way possible
  • Is Application Performance aware to steer traffic through the best local egress WAN connections and sometimes influence the traffic’s path.
  • Mesh of connections on SD-WAN are normally are always tunneled and normally encrypted
  • Considered a networking technology (not cyber security) with a side of privacy if the tunnels are encrypted

Common Terms

  • Underlay: These are the WAN Internet connections purchased from various providers.  
  • Overlay: The tunnels that the SD-WAN technology will create to establish a mesh of inter-connections that ride on-top of the Underlays.  Think about the Overlays as establishing a private World Wide Web.
  • Controller:  Vendor technologies operate differently. Some use a centralized “controller” to as the command and control.  Other technologies use a distributed, de-centralized approach that resembles an edge compute design.  Both of these approaches are valid, with their own strengths and weaknesses - yet both accomplish the goal to inform the SD-WAN component on how to forward the traffic.  Think of the Controller as the modern version of a Dynamic Routing table like BGP which knows the best way to get somewhere - or at least the first step on how to get there.
  • Application Steering:  The better SD-WAN technologies have the ability to sense which applications exist on the network and how they perform on the various WAN connections and available network up-stream paths.  Using this intelligence, the SD-WAN component will determine how to adjust the path the Application takes based upon a combination of business rules and optimized path.
  • Spoke:  A SD-WAN location which represents an outer edge of the SD-WAN mesh and has the objective of serving the users of that physical location.  A Spoke can also serve as a publisher of a resource or set of resources into a SD-WAN mesh.
  • Hub:  A SD-WAN location which services multiple Spokes and normally has local resources to publish into the SD-WAN mesh and can have other security/compliance services.  
  • POP:  A Hub often closely resembles a POP (Point of Presence) a network junction point: backhaul network connections (dark fiber for cross-continent), cloud on-ramp connections (high-speed, low latency, dedicated path connections into Cloud Service Providers like Google, Azure, Amazon, and Oracle), and proprietary connections (the “special” connections that cannot reach all locations for an organization)

Backstory

Perspective helps give us the contrast on how the technology we are discussing in different than where we have been - what is currently running our world.  Yes, this is the conversation that our parents had when we were complaining about the Music CD-ROM getting scratched and then they would tell us about their 8-tracks.

What was before (what most are using now)

For the last 5+ years, Enterprises only had a few options to connect their various offices to each other and their corporate resources.  The actual solutions used was largely based upon their budget.

  • It is sure to be said many times in this article: MPLS (Multi-Packet Label Switching).  These are special WAN links sold by large carriers which provide a Private IP space by which offices and resources can communicate.  MPLS comes with stringent SLAs (Service Level Agreements) to enable corporate communications like voice, video, and critical transactions that banks need.
  • Spaghetti VPN (Virtual Private Networks) connections.  Yes, Spaghetti is not a formal term. But some of you know what I’m talking about - a complex set of VPN pipes between all of the locations which need to communicate.  
  • Dark Fiber: Oh, for those who have money!  Dark fiber is where a company is able to purchase bandwidth directly between two locations as a private connection.  Depending on the requirements, sometimes Dark Fiber is used to create back-haul connections between POPs or Data Centers or can be used for cross-continent flows.  For organizations that had few count of larger offices, then they might have Dark Fiber connections between those locations.  If you recall SONET ring networks, this was the earlier version of this technology (yes, taking some liberties in connecting these two transport technologies).

What changed and broke what was “good enough”

Necessity is the mother of all inventions.  SD-WAN did not need to be created as the current technologies were sufficient but these approaches could not accomadate the changing landscape.  These are a sample of the catalyst events that caused SD-WAN to move from a science project into a necessity for digital transformation towards the fifth industrial revolution.

  • Rate of locations added and removed: Why it might not seem like a thing, remember that many businesses would only add and remove buildings/locations/bases every three to five years.  This has dramatically changed over the past decade, with new locations being created and dissolved as needed. Consider pop-up Tax locations, forward-deployed bases, emergency response facilities, and more.  Impact >> 1) Reduced desire to invest in last-mile circuits, 2) Time between the organization deciding on a location and expecting it to be operational has beeen significantly reduced from 4-8 months to a few weeks.
  • Hybrid operations: Where a resource resides now can exist in one of so many locations. It used to be that resources were heavily concentrated at a data center or well conditioned closet at the main office.  Now IT applications and resources provided to users and other applications/resource can reside anywhere.  And the flexibility on which services accessible to your application can determine your competitive or mission advantage.  Impact >> 1) The line between a user and their resource is no longer straight, 2) A user needs to utilize resources that live in multiple places with an expectation of consistent performance across them all, 3) Where a resource or user resides today is unlikely to be where they will be in a year
  • Workloads that move: A workload is a logical set of IT resources and systems that combine together to provide value to a user. Different from Hybrid Operations, this characteristic is about the reality that workloads move either through normal development/maturity or through Disaster Recovery.  Many organizations and even recently through an Executive Order, there is the requirement for a workload to be able to move across Cloud Service Providers for either cost, performance, risk, or reliability advantage.  Impact >> 1) The return on intensive effort to create an optimized path for users is short lived when the workload moves, 2) It is unlikely that the next destination of the workload is known and that the WAN connections that will be available at that time are well-known ahead of the application being migrated, 3) In most circumstances, it is expected that when the Workload moves - the user’s access to the workload and the workload’s access to its dependencies JUST adjust as needed.  Said another way, the connections between users and resources are an after-thought and not a focus area of the migration.
  • MPLS restrictions: MPLS has bandwidth and reach restrictions.  Normally, an MPLS circuit is a dedicated and “new trench” created to provide MPLS service to a location.  This means that the time to get a new MPLS circuit into an office can take a significant amount of time and usually has a several thousand dollar cost.  Further, MPLS circuits are not available for remote offices and connections outside of the service provider’s area of operation.  Some larger organization even have to make a soup of multiple MPLS providers in order to inter-connect multiple MPLS providers.  OK, take all of that an then consider that MPLS itself has a bandwidth and site count limit ??? Impact >> 1) The duration that a physical location will exist, the number of users, and location’s geo-location will all determine if MPLS is available or financially viable 2) MPLS solves the need for a ‘private’ connection between an organization’s multiple locations yet can reach scenarios that become highly complex, 3) The lead time required in order to provision a physical site is substantial, 4) If your organization needs to move beyond the MPLS throughput or site limitation, then you have to get creative on how to solve the problem.
  • Cloud on-ramp diminishing returns:  A Cloud on-ramp is a unique circuit that a company can buy to provide high-speed, direct access into the customer’s private Cloud instance within the Cloud Service Provider (CSP).  Further, the on-ramp will normally have different cost metrics associated with it - for example, the Cloud on-ramp is a set fee versus normal WAN access is based upon usage.  Further, in order for a user to access the Cloud on-ramp, the user has to first get to and through the customer’s hub or POP.  This can be an advantage since the hub/POP can have a required security stack or set of application accelerators.  Impact >> 1) The necessity to “hair pin” traffic through a hub/POP can lead to doubling the amount of traffic being handled and add unnecessary user latency, 2) The hub/POP requires its own level of redundancy in order to assure continuous operations, 3) Once an on-ramp’s bandwidth is consumed, than additional circuits have to procured or might not even be available
  • 5G & LEO:  Now we’re getting into the fun stuff. We have not even seen the limit of 5G and LEO (Low Earth Orbit) internet access options that will transform how locations connect with resources.  And if you’ve worked enough hours in the trenches with these technologies like I have, you’ll come to find out how each connection technology have their own unique “characteristics” at the packet level and they they certainly have different financials.  I’d highly recommend that you look into Private 5G and other evolving technologies in this area that will blow your mind on where we’re going.  Just remember that my car with a 5G connection has more bandwidth than the first iPhone, Apollo 11 capsule, and bandwidth George Lucas had while filming the first Star Wars.  Impact >> 1) The methodologies on how to apply business rules and security/compliance to multiple and ever changing connections are the edge require a whole new level of flexibility, 2) Consider that your current approach to handling bandwidth increases at your data center and application mesh will 10x to 20x over the next five years - you need a new game plan, 3) Assumptions on privacy, end user experience, and provisioning all change with a many to many dynamic (many edge connectivity mechanisms to many destinations)

Is SD-WAN still relevant (AI, Edge Compute)

Per Wikipedia, SD-WAN started around 2014 and then became a thing in 2020 given the demand during COVID to interconnect remote works and move workloads.  In contrast, MPLS started in 1994.  Yet a new technology does not mean that it is ready to accommodate rapidly evolving technology like Artificial Intelligence, the shift back to Edge Computing, etc.

First, Artificial Intelligence will be infused into the Applications that we use.  This is not the development of AI, but rather that AI becomes a native feature that either runs locally on your device or accessible through a remote service.  In the area of AI inference running locally, chip manufacturers like Intel have been designing co-processors which enable AI inference with extremely lower power consumption.  Don’t even get me started on Apple’s M chips.  I’m right now composing this article on an iPad that has an M4 chip in it.  Completely ridiculous to use a 3 Nano Meter chipset that has 36 cores with 28 Billion transistors … to write an article.  Yet, it is the power of these processing chips to enable AI models and other more complex Application features that will greatly increase the demand for always-on WAN connectivity and the expectation for low-latency access to multiple resources to facilitate the application.

To illustrate the AI demand for SD-WAN connection, consider that the application you currently access might have 10-15 resources behind it - all invisible to you as the user as these resources sit behind the published service.  Now, with AI powered software and just the plain amount of computational power at the workstation - the application now running on the device will need to access those same 10-15 services directly from the device/end-point.  See the challenge, today you only need to monitor and assure a few flows - now the flows are multiples higher.

Pulling on the thread of high-powered end-points, let’s discuss the demand brought upon by Edge Computing.  Edge Computing is the advent of shifting the computation, storage, or place from where an application is ‘served’ closer to the end-user rather than a distant Cloud or Data Center.  We see the cycle of de-centralization, centralization, and then back to de-centralization again over time as computation, regulation, and bandwidth dynamics change.  

Edge Computing demands the ability for the relationship between the user, Edge resource, Cloud resource, etc. to be fluid and dynamically adjust to what provides the best experience, assures compliance, etc.  For instance, I’ve been working with mission critical systems for over a decade.  We normally have to intricately design system to be highly available for zero downtime during maintenance or changes.  As an easy example, consider an organization’s HTTP based application that is serviced from a local server at an office but if that application is down for whatever reason, the user’s machine automatically re-routes them to another application server dynamically based upon business rules and performance characteristics. 

In summary, AI, Edge Compute, evolving WAN connectivity options, all demand dynamic relationships between users and their resources.  Knowing that it is a circumstantial many to many relationship that if manually configured and maintained with be so overly complex that it is likely to fail and hamper mission/business outcomes.

Current alternatives to SD-WAN

Alright, so let’s say that you don’t believe in SD-WAN or don’t want to implement a vendor’s technology in to achieve some of the benefits that have been described above.   After all, it’s software defined - there should be a way to realize some of the value without having to purchase yet another tool from a vendor or cloud service provider.

Publishing >> CDN & modern multiplexing

A CDN (Content Distribution Network) only applies to Applications that your organization creates or controls.  Utilizing a CDN enables dynamic interactions between highly intelligent browsers using modern Java Script and HTML5 technologies which interconnect with a CDN ecosystem.

Subscriber >> DNS

Please don’t forget the basics.  Remember that DNS (Domain Name System) still under-pins the how your user ‘finds’ your application and that intelligence can be applied to the destination presented to the user.  Remember the example I provided earlier about highly available systems that needed to be available during maintenance but not cause an interruption to the end-user - old school DNS worked magic.

Publishing >> Zero Trust

For 80% of all organizations and their applications, implementing a REAL Zero Trust methodology accomplishes the equivalent of what an SD-WAN provides on the Publishing side of the equation since it enables the full power of the Internet routing and scale - without the need for hair-pinning traffic through a POP, private access through an MPLS, and the workload can move anywhere there is an Internet connection.  Comment on this article is you want the to dive into the 20% of situations where SD-WAN is still required even through Zero Trust is implemented.

End Point >> Multiple network interfaces

Most devices don’t have the ability to distinguish between multiple network connections (say wired and wireless) and then when those connections each have multiple WAN connections.  Further, it is normally that a network client (laptop, desktop, WiFi device) don’t have the ability to influence how they connect to the resource - they only have the ability to say what they want to access.  That being said, my Apple iPad can simultaneously have & utilize WiFi and 5G.  We are not too many generations from 5G being how a small office sets up their Local Area Network.

Office Location >>  Multiple WAN links

There are a myriad of technologies that enable efficient routing to SaaS resources, combine together multiple WAN links, and provide WAN optimization & caching.  Now, these technologies don’t avoid the purchase of another piece of equipment that you have to implement and maintain, but it does highlight that you can address individual needs for your environment with individual technologies.

What SD-WAN does not solve

Physics

Yes, physics still applies.  It does not make light travel faster.  So when you consider the overall latency and jitter, it cannot make radio waves or photons move faster.

Now the unfair part about this is - not all traffic is treated the same by service providers so the ability to provide Direct Internet Access (DIA) from a physical location to your resource being hosted in the cloud might result in a different REALIZED bandwidth and user experience.  Latency and jitter matter just as much as bandwidth when it comes to the inter-connection between a user and their resource.

Restrictions on the last mile

SD-WAN cannot magically turn a remote 5 kbps into a 10 Gbps connection.  It just cannot, no matter how much that vendor tells you. So unless you are planning to use SD-WAN as a way to combine together multiple WAN connections or enable a back-up WAN connection architecture, putting an SD-WAN router at a location in place of a standard router is not going to get you as far.

I do echo here though that enabling SD-WAN for bandwidth restricted sites that cannot get MPLS, etc.- SD-WAN does enable a more direct, efficient path on how the user can access the resource they need.  This eliminates the needs for the user’s traffic to ride a VPN back to a POP where they can hop on the MPLS to then get to the Data Center where the application lives.

Poor performing applications

Yup, does not fix this easier.  Let’s say you have an application that is a poor performer for what ever reason - old code, old computer, just takes a long time to work its magic, whatever.  Hooking up the application to SD-WAN is not likely to fix the application’s performance.  It might actually make the problem worse, since now more users and more bandwidth are now coming in to hit the application.  So make sure to gauge the need to actually restrict the incoming number of users, sessions, bandwidth, etc. to not knock over the application.

Now an advantage you can have by enabling SD-WAN is that you might have some ability to prioritize which users are able to access the resource - a set of controls that you did not have before.  Also, you might realize some improvements for individual users since the application will have less “network wait” conditions since the latency between the user and application will be reduced.

Hamstrung by dependencies

This one is a little more complex, so stick with me.  Most data center resources or even applications installed on the user’s device have various dependencies.  These can be as simple as DNS, email relay, log-on server, etc.  When we examine the user’s experience, the weakest (slowest, most unreliable) dependency for that overall application or what the user needs to perform their job, slows down their entire reality.  It does not matter if the connection between the user and the application server that is presenting the web page is now faster - when the back-end database still cannot keep up.

Other controls that cannot adapt

Just because you can, doesn’t mean that you can.  Sometimes when SD-WAN is implemented there are still organizational policies or compliance requirements that still require traffic to take a particular path.  This is normally because the necessary security controls are centralized and not designed to move with the workload or handle the location egressing through multiple WAN connections.  While this does go back to the Zero Trust methodology mentioned before, this section is to remind us all that our expected benefits of new technology is held-back until other technologies and compliance requirements catch up.

Your cyber security needs - well mostly

Know that I’m a cyber security guy, so that is how my brain is wired.  SD-WAN is a networking technology that is application aware.  It can assist an organization’s cyber security objectives when they consider the crossing of risk zones as where security controls are applied at the network level.  Yes, this does align more to a defense-in-depth and perimeter security approach rather than a modern Zero Trust, yet does align with how most organization’s security policies are written.  This also does follow the United State’s civilian government TIC 3.0 architecture/program (Trusted Internet Connections).

SD-WAN does enable a private connection, but privacy does not mean secure.  So at the most, SD-WAN does help keep unnecessary load from transiting through a centralized cyber security stack.  At the least, it just opens up more avenues and more bandwidth if your cyber security plan cannot accommodate the changes.  Ideally, you’re either able to choose a cyber security oriented (or originated) SD-WAN vendor OR can create a tight integration between your SD-WAN deployment & your controls.

Getting the most from your investment

Yes, that was a very long pre-amble to finally get into the title of this article - what to know about SD-WAN before you start purchasing and implementing.  This section focuses on how to best orient the project and organization to get the most out of your time, energy, and financial investment.

Plan for Hybrid

Hybrid operations are a reality for both how resources are made available to users and how users operate.  A workload can exist at a local premise, Cloud Service Provider, organization’s Data Center, and more.  A user is now expected to operate from a cafe, home, plane, office, shared office space, and when on vacation.  Simply planning for the reality that you’ll have less and less control on where and how your precious resources and users operate.

So when selecting your vendors and deciding on how to start your project, be aware of the limitations of your architecture and vendor as it relates to the how future proof you are.

Plan ahead for IPv6, Edge Compute, transformers, …

Consider your 5-8 year horizon of what other technologies that you’ll need to support in order to complete the rollout or not have to perform another major change.  While IPv6 is an easy example, each organization will need to perform their own research and than dove-tail those requirements into your immediate needs.  If your current investment of time and technology cannot withstand the future organizations requirements, then the value of your investment will be limited.   When at all possible, pick the vendor who is most likely to accommodate your future needs with a software update or enables you to natively integrate another solution to achieve the additional objective.

Acknowledge the value of Customer Experience

I love technology and most readers of this article are likely the same enthusiast.  I encourage you to remember that technology exists to enable a business or organization to function.  Then employees exist to fulfill the company or organization’s objectives.  Increasing the User Experience or Customer Satisfaction is the real objective.

Get a baseline - be able to know the change

You might not be surprised, but so many organizations base an entire project based upon a directive from leadership and a few accounts from users.  Get a real baseline for both information where and how you start your project - to really identify the real problem that you’re trying to solve.  Become aware early in the project if SD-WAN will only solve part of the problem, both to set users and management expectation - but also line up secondary projects to now address those additional constraints.

Also, don’t forget that a user commenting “it seems to be the same speed” or an application owner saying “my application is not the problem” create confusion when not substantiated by quantitive monitoring.  This is beyond pretty reports that management and operations need to see, it becomes a central point of communication and understanding.  And given that SD-WAN is application aware, it might be first time that you have this level of awareness on which applications are running across your network - so a baseline provides the ability to have a point in time snapshot.  

I cannot emphasize this enough.  Remember when you start the spring cleaning of the closet and forget to take a before picture and then take a picture 60% of the way through.  It is really hard to describe to anyone else what really existed before … “it really was that bad.”

Play nice = network + security + application + compliance + …

SD-WAN change the fabric that connects users and resources.  This means that an SD-WAN project will impact many areas of your organization.  It will challenge their current approach and what they are comfortable with.  There will be comments like “we did not budget for this”, or “that will not be compliant”.  Just know that disrupting technology like SD-WAN will either result in a forced maturity process for your organization or only 10% of its effectiveness will be realized.

Field test before you commit

When at all possible, perform a field test of your short list of vendors for three sites each.  Have the vendors implement the technology as they best see fit.  This is the only true way to understand the benefits of their approach, what level of reporting information you’ll see, and what underlying issues were present of which you were not aware.  I emphasize that you want to let the vendor implement the solution to the most ideal approach determined by the vendor and require the least amount of stipulations as possible.  This will let the vendor show their true strength before you apply more complexity.

The exact opposite approach is valid too. Place your final selected vendor into the harshest environment possible - but you’ll likely only be able to perform this for one vendor and not gain a comparative view of how other vendors were to perform.  The goal is to evaluate the vendor’s ability to withstand your requirements and how they react as a Partner of your requirements and expectations.  Also, please don’t forget that opening up Technical Support cases, performing firmware upgrades, etc. are all a part of experiencing how gracefully your new corporate workhorse will fare.

Decide, document, and apply discipline

We as human forget and we each have our own recall of a meeting - what is next, what we decided, what needs to be researched.  Since SD-WAN will impact so many areas of the organization, basic project management, accountability, documentation, etc. are necessary for a successful SD-WAN implementation.

My greatest recommendation is that you create a basic set of rules and constraints that are then applied consistently across the ecosystem.  For example, any corporate location that does not have an MPLS link will use SD-WAN.  Or any organization location that is outside of the United States will use SD-WAN to both access corporate resources and connect with Business partners for audit trail and privacy.

Recommendations on where to start

Use SD-WAN as a pressure relief valve

This approach is to find the areas in your organization who are red-lining (yes, another car analogy) their capacity for network connections, handling burst traffic, etc.  For instance, let’s say you have a Cloud On-Ramp link from a Cloud Service Provider (a very expensive and fast link from a Data Center to a CSP like AWS).  When this link is constantly being clogged, then you can use SD-WAN to handle some of the traffic via this alternate traffic path.  This gives the organization the benefit of not needing to increase the spend to increase the link’s size and also the waiting time requirements.

Streamline application path for same security boundary

This applies mostly to government operations but might apply to commercial organizations as well.  The concept of a security boundary applies to users and resources that exist on networks where the security controls (firewall, IPS, authentication, etc) are applied based upon a legacy defense in depth or perimeter security approach.  This means that if you don’t “cross the moat” when going from site one to site two, then your traffic is not subjected to additional controls.

So, where does SD-WAN come into play? Let’s say you’re at an airport in Terminal 1 and need to get to Terminal 2, but the only way to do so is to exit the TSA security zone and have to re-enter through TSA security. Oh, what a pain. It costs time (walking, TSA security), costs money (TSA has to screen more people and bags than really necessary), potentially costs the travelers money (missed flights, hotel stays, etc.), and more. When TSA first existed, what I’m describing used to be a reality.  Now airports have created short-cuts between different terminals, so you are able to reach your connecting flight without leaving the protected security zone.

In the same way, SD-WAN allows for short-cuts between users and the resources that they are wanting to access - without needing to exit and come back in.  Practical examples:

  • In-stead of accessing sanctioned Cloud resources through a CSP on-ramp, use SD-WAN to directly connect a site to the resource’s cloud segment.
  • In-stead of having to connect to Site A through the home office VPN concentrator, in order to access Site B - SD-WAN can provide direct connections.
  • For organizations that use different levels of security controls based upon the user, their resource, and the target resource - then routing all user traffic through a central security stack is ridiculous.  SD-WAN allows the ability to discriminate traffic based upon various characteristics and then force the traffic down a given path as determine by the security policy or business rules.

Solve remote site local bandwidth problems

Core sites and office locations which are in major city locations get the best Internet connectivity and thus the best experience when accessing the organization’s resources.  Yet remote locations suffer from quality, fast, reliable Internet connectivity.  SD-WAN allows the ability to combine together multiple different Internet providers and types to get an aggregated better experience.  This specifically helps in a few ways:

  • Different mediums: You might have awesome broadband, but it goes out when the storms roll in.  Now you’ll have the ability to add a 5G backup.
  • Reliability intervals: Increase the location’s uptime by having more than one service provider in order to keep the location online.  The hope is that when one link goes down, the other link is still up.  Depending on your SD-WAN vendor, the users might not even notice the change.
  • Cost controls: Some locations have the ability to purchase higher quality Internet links, but then the links get saturated with non-organizational traffic (personal browsing, secondary business systems, etc.).  SD-WAN provides the ability to add another link and route the lesser important traffic onto the other link.  

Mesh for moveable workloads

Ok, this one is fun and not a traditional use of SD-WAN.  First, a moveable workload means that the components of a particular resource is a group of systems that can move.  For example, a website and data base is probably the simplest resource group.  Many organizations and government agencies want or require the ability for the group to move between Cloud Service Providers and their Data Center.  This can be for cost control or resiliency of operations.

SD-WAN comes into the mix as the application aware mesh the connects all your various users and their resources.  The resource group has a SD-WAN connection point that adds itself into the “application matrix” and self-publishes its availability.  When you combine the Moveable Workloads justification for SD-WAN in combination with the Security Boundary and/or the Pressure Relief Value - things really get interesting.  Use cases for moveable workloads:

  • This is useful for an application now being available on a CSP when the Data Center goes down.  
  • An application moves to a CSP during end-of-month processing and then comes back to the Data Center for cost control.
  • An application is developed at the Data Center and then moves to the Cloud for production
  • An application that is already published in the Cloud  now has additional instances come online in different regions to handle the load or provide a better user experience.

Before you leap to your comments: yes, there are other ways that are more elegant or streamlined to solve some of the objective above: Content Distribution Network, DNS, Cold Site for Disaster Recovery, etc.


Please comment below what interests you more, on how SD-WAN can also be used for:

  • “Network” for Zero Trust
  • An approach for resiliency of operations
  • The next generation of Layer 3 routing


P.S.: If you are a small or disadvantaged business, I provide complimentary advisory services to help you figure out new technology, how to architect your needed change. Reach out to me via LinkedIn to find out together what is possible.

>> My own words. Edited by GenAI.

>>AI image created by me and my genius son.


Ronald Bartels

👍Driving SD-WAN adoption in South Africa 🇿🇦

3mo

Great read.

Like
Reply

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics