Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

Three Secrets to SD-WAN Success


It’s no secret that business applications are moving out of the data center and into the cloud. In fact, more than 40 percent of business applications now reside in the public clouds according to RightScale. This migration has forced organizations to re-evaluate their network architectures and how they handle the upsurge in internet-bound traffic.

For many organizations, the answer is SD-WAN. According to a survey by IDG, 63 percent of networking professionals have plans for implementing SD-WAN technology, which will allow them to leverage the internet to connect to their business applications hosted in the cloud. A research study by Silver Peak found that 61 percent of respondents are planning to deploy SD-WAN in the next two years. And, NSS Labs is reporting that 88 percent of U.S. enterprises have or will adopt SD-WAN in the next 12 months. None of this comes as a surprise. SD-WAN is proving to simplify branch routing, reduce costs, and improve the user experience by allowing users to connect directly to the internet and cloud apps. Hard to see any downside.

While SD-WAN deployments seem straightforward, they aren’t quite as simple as drawing a straight line and connecting end users to business resources on the internet. But, an SD-WAN deployment need not be an arduous undertaking either. As such, I’m going to share three secrets to help organizations achieve a successful SD-WAN deployment.

1. Not all sites are the same

While organizations may say that all offices are equal, that’s not true, at least from a technology-requirements standpoint. For example, a branch office that has a few salespeople and recruiters with a phone system, a LAN switch, and some wireless access points is very different from a call center office with 300 people, a campus with 5,000 people, or even a data center.

Before undertaking an SD-WAN deployment, it is critical to understand the different sites and rationalize your site profiles, because doing so dictates the level of services and redundancy levels at each location. For example, organizations can go from one profile, where everyone gets two redundant connections at all locations, to three or four profiles, including a headquarters profile, a campus profile, and more.     

Profiles allow organizations to provide each site with the specific services it needs and leverage capabilities that weren’t being delivered before because everyone was on one standard network through one service provider. Now, organizations have the opportunity to change how they deliver network capabilities to their branches—and do it in a much cheaper way.

2. Not all internet connections are the same

Using local internet connections across a branch footprint can help reduce the amount of MPLS bandwidth required on a legacy network. And, since 60 percent of outbound traffic is destined for the internet anyway in most organizations, there is no reason to send it back into a legacy data center. A one-to-one comparison of internet bandwidth vs. legacy network solutions found that organizations can get 10 times the bandwidth for one-fourth of the cost when comparing local broadband providers with legacy service providers.

However, the internet connections that organizations can deploy across their branches are very different depending on where they are in the world. And combing through the choice of providers can be overwhelming.  

For example, in the United States, if an organization were to just leverage cable modem providers, it could have potentially 30 to 40 different providers. Extrapolate that across a global organization that has some 900 locations and the plethora of options becomes even greater. Then you have the various types of internet connections, including cable, SDSL, ADSL, and Fiber. And, in some locations, wired internet service can’t be delivered at all, making satellite the only option.

When looking at using SD-WAN to replace a legacy network, organizations must figure out what works best for the different site profiles, then leverage the expertise of an ISP aggregator. This important partner can provide organizations with several service provider options based on what’s available in the regions of their branch locations. Then, the organization can choose which service provider is most appropriate for each of its locations. And, the ISP aggregator takes on the administrative burden of managing all these different internet providers.

3. Address the security question before you start SD-WAN

Addressing security first can actually help organizations deploy SD-WAN faster and realize some of the benefits more quickly. This is critical since organizations can’t replicate their security stack in all branch locations. That wouldn’t be cost-effective and would completely diminish the business case around an SD-WAN deployment.

Security is a major concern with users connecting directly to the internet, but organizations can enable a secure direct connection if they leverage a cloud-based security platform. This isn’t a replacement for existing data center security, because it is only for traffic that’s destined for SaaS platforms and the open internet. Moving traditional security capabilities to the cloud enables organizations to use SD-WAN to take advantage of an optimal path for this traffic. Failure to do so forces organizations to send traffic back to the data center for security treatment, which mitigates all of the benefits that could be delivered as part of an SD-WAN deployment. Addressing the security question first allows organizations to truly change their network architecture during the SD-WAN deployment to provide best-path routing to resources hosted in the cloud.   

Making it a success

As business applications have moved to the cloud, organizations are looking for a better way of connecting users and branch locations to their applications without sacrificing the user experience or corporate security. Quite often, they are turning to SD-WAN. But, organizations need to evaluate their branch locations and investigate the various internet options to make their deployment successful. And, they must employ a cloud-based security platform to fully leverage the benefits of SD-WAN.

Want to learn more? Listen to our on-demand webinar on how to successfully deploy and secure SD-WAN.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Dan Shelton is Zscaler director of product management

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.