Product
Solutions
Company
Resources

The "Flavors" of SD-WAN and Their Relevant Use Cases

In this blog post we will cover the major “flavors” and types of SD-WAN in an attempt to provide a high-level overview of the current solution landscape.

sd wan use cases
Rob Rodier

Sep 6, 2024

SHARE

Today’s SD-WAN vendors offer a seemingly endless array of services that can be tailored to a business’s specific use cases. Unfortunately, this makes your job of navigating the new-fangled WAN landscape harder than ever! In this blog post we will cover the major “flavors” and types of SD-WAN in an attempt to provide a high-level overview of the current solution landscape.

Additionally, the industry is seeing significant trends toward network perimeter and cloud-centric security solutions being deployed alongside SD-WAN as a single solution, known as SASE (pronounced “sassy”) or Secure Access Service Edge. This blog post will cover various use cases and call out specific SD-WAN vendors, many of which also provide SASE security functionality. Finally, this blog post will also cover MSPs, and the role they often play in helping enterprise customers deploy and manage these solutions. 

Before we dive into specific use cases, let’s align on the basic, modern SD-WAN functions. 

“Tablestakes” SD-WAN Functionality 

Today’s enterprise centric SD-WAN solutions tend to build on a core set of “basic” SD-WAN functions. All of the solutions outlined in this post incorporate the following:

  • Appliance-based device element that encompasses multiple WAN interfaces and an ability to either load balance or steer traffic on one WAN connection to another depending on circuit / link health being measured in real time  

  • Centralized, cloud-based GUI that can be used to manage multiple sites / on prem devices

  • Robust network and application reporting which can be used to prioritize WAN traffic based on application, as well as offer insights on WAN utilization and application performance 

  • Automated configuration utilities for ease of deployment across many sites, including  VPN configuration

Instead of breaking this blog post down by “technology types” and then classifying them, we are going to take an approach of describing a popular SD-WAN use case and then providing a couple of specific vendors who tend to do well solving for that particular need.

Retail Store Use Case

The first use case is centered around having many sites on a WAN that have relatively simple networking needs, but also require high availability and network security features in a single package. IT teams deploying these solutions are often looking for ease of administration, deployment, and an ability to scale to hundreds or even thousands of devices / locations. An example of the core business need in these types of environments is the ability to process credit card transactions at all times without fail. Credit card processing is mostly happening in the public cloud / over the internet and represents small amounts of traffic, but mission critical traffic. This is of course most frequently seen in retail network environments.

Below are a few examples of popular solutions that meet the above criteria, and are often deployed by enterprises who have many sites, but do not require complex interoffice networking, or access to latency sensitive cloud applications like telephony, CRM, or ERP. Some popular solutions deployed for this use case are:

These solutions can be configured to deliver high availability access to the internet via WAN load balancing or failover, and often offer built-in SIM card slots for LTE/5G failover. They are easy to use, with GUIs that make configuration and administration straightforward, including auto VPN configurations, and also offer rich reporting and prioritization of applications accessing the internet. They also often offer the ability to act as a controller for WiFI access points for WLAN, and can also perform most routing functions.   

Branch Office Use Case

This use case is similar to retail, but is often a bit more demanding and complex. This profile of use case often requires a need to have interoffice connectivity, WAN throughput, or ISP connections that are much higher throughput, as there are administrative users that require access both to resources and applications housed both in private data center footprints as well as the public cloud. Security requirements in these environments are also often more bespoke. Rolling out SASE often needs to align with an enterprise's firewall / hardware refresh intervals to make sense, and there are often more security-centric requirements. 

Solutions what we see commonly deployed for this use case are:

The way these solutions work is by incorporating private middle-mile networks into their offerings which sit between the customer's edge site and the public Internet. These middle-mile networks allow for more predictable and lower latency routing of applications across the public internet by incorporating their private ASNs with preferred peering points for popular public cloud based applications and infrastructure. From a security perspective, functionality within this profile varies greatly. Fortinet offers robust security and firewalling features, while VeloCloud sticks to a simpler ease of configuration and reporting. 

The Startup Use Case

The startup use case is a combination of elements from both the retail use case, as well as the branch office use case. In most cases, startups have no legacy applications and leverage SaaS applications that are all public cloud based: G-Suite, O365, Zoom, SFDC, etc. In addition, there is often very little need for any interoffice connectivity or multi-site firewalling, so you are left with a primary need to access the public internet with high availability and high throughput with predictable routing and low latency. Some examples of popular solutions for the startup use case are:

Both Bigleaf and VeloCloud offer managed middle-mile networks with an ability to seamlessly access the Internet with multiple ISPs. Bigleaf even offers the ability for their customers to advertise Bigleaf assigned public IP addresses which sit in front of customer’s ISP connections, allowing for completely transparent failover between ISPs with no IP change. VeloCloud offers the same, but it is done via BGP which is a bit more complicated. Both Velo and Bigleaf also provide optimal routing to many public cloud applications and infrastructure providers through their own ASNs. Where these solutions come up short tends to be with security functionality, which is often incorporated as an entirely separate solution. 

The Large Global Enterprise Use Case

Large enterprises with global facilities footprints are one of the most complex use cases out there. These companies tend to require it all: robust interoffice connectivity, access to resources in both private and public cloud environments, reliable access to many cloud-based SaaS applications, bespoke security needs, integrations with multiple security tools, and more. Oftentimes instances need to be virtualized within a cloud environment as well as appliance-based at the edge. Many of these customers not only need to route traffic over the internet, but also need to route sensitive internal traffic over physical private MPLS or layer 2 networks. Traffic moving across these network cores can be tens or even hundreds of Gbps and an outage, even at an edge site, can disrupt distribution of goods or manufacturing, costing the enterprise tens of thousands of dollars per minute or more. The other thing that sets large enterprises apart from SMBs is their ability to effectively deploy and self manage their environments. Examples of some large, enterprise-centric  SD-WAN providers are:

These solutions are complex, extremely flexible and can be tailored to the enterprise’s specific needs. Instead of offering their own middle-mile networks, these solutions often rely on enterprises to build out their own. These SD-WAN platforms offer many integrations for reporting and security needs and also provide WAN acceleration, FEC, packet duplication and other other trickery to ensure smooth and consistent performance. 

The Midsize Global Enterprise Use Case

This enterprise has many of the requirements and demands of the large enterprise, but may lack the resources to effectively deploy and manage the solution on their own. Security requirements for a midsize enterprise are also often less demanding than for a large enterprise, and a single provider who can “do it all” is often the most effective solution for this segment of the market. Additionally, the ISP sourcing requirements for this profile can be difficult, as procuring diverse internet connectivity globally can be very challenging for organizations without dedicated telecom teams. (It can be complicated for ones with telecom teams too!)

Examples of SD-WAN providers that cater to this market segment include:

Both Cato and Aryaka offer full-featured SD-WAN solutions that can also transform into SASE as needed, in many cases with the flip of a proverbial switch. They offer global middle-mile networks, VPN support, and can either be co-managed or fully-managed. Both Cato and Aryaka also offer ISP management within their product sets, meaning they will deal with trouble reporting and repair resolution for the ISP wireline underlay networks. They accomplish this in different ways however; with Cato, it is incumbent upon the enterprise to source connectivity on their own, but Cato will then monitor the links, and open tickets to troubleshoot issues with ISPs on their own via an LOA. Aryaka acts as a reseller and resells ISP services on a customer’s behalf while also managing them. The latter is a bit more transparent for the end user, but keep in mind there is no free lunch with aggregation

How MSPs fit into all of this

In all but the very large enterprise space, MSPs are playing an increasingly important role in the deployment and management of SD-WAN and SASE solutions. Part of the reason for this is that SD-WAN is displacing MPLS, which is in itself a managed solution. There are many MSPs providing managed SD-WAN services and SD-WAN providers themselves are now offering MSP-like functions. But, what exactly  is an MSP? Simply put, an MSP is an extension of your IT team that is paid to help manage components of your network. This can be holistically-oriented or point-solution oriented. For SD-WAN specifically, we see MSPs fulfilling the following responsibilities:

  • Design and migration support

  • Deployment and management. This includes procurement, configuration, management, troubleshooting, change management and ongoing optimization 

  • ISP trouble reporting and repair

Additionally, some MSPs have the ability to significantly augment the SD-WAN solutions in which they provide services by adding functional and performance capabilities that may not be inherently available from the manufacturer. 

A great example of this is when a specific SD-WAN solution inherently lacks a middle-mile network, but is deployed by a MSP that offers one. Palo Alto Prisma and HPE Aruba are both good examples of SD-WAN solutions which do not offer a middle mile network function. However, when deployed by an MSP who has one, the MSP creates a unique ability to offer SD-WAN solutions like these that are tailored to an enterprise's unique needs. 

Wrapping up

Unlike MPLS, we are observing rapid product development and feature enhancement in the SD-WAN and SASE space. Navigating this landscape is tedious and time consuming as many SD-WAN providers market using the same words and terms. SD-WAN functionality, management, security offerings, deployment and “day 2” support are all things that need to be carefully considered. 

If you would like help navigating this landscape, using the best data set in telecom to ensure you find the right solution. Contact us at Lightyear for a free, no obligation needs assessment. 

Featured Articles

Want to learn more about how Lightyear can help you?

Let us show you the product and discuss specifics on how it might be helpful.

Join our mailing list

Stay up to date on our product, straight to your inbox every month.

© 2024 All rights reserved