Top Underused SD-WAN Features

SD-WAN is more than an alternative to MPLS. Contactless provisioning, application-oriented routing, and micro-segmentation are just a few of the features that SD-WAN products and services can offer.

The first SD-WAN products provided companies with a way to disable expensive and rigid MPLS links, connect branches directly to the cloud, and optimize WAN traffic. However, many initial SD-WAN offers lacked features such as integrated firewalls, application-oriented routing, and advanced data analysis.

Over time, SD-WAN providers have strengthened their products to include a robust set of additional functionality. However, many companies do not take advantage of all the features of the latest SD-WAN products and managed service options.

So why are executives not taking advantage of these new features? In some cases, vendors have failed to educate IT, managers, about the benefits and ease of use of these advanced features.

In other cases, organizational silos, such as barriers between networks and security teams, have prevented companies from activating, for example, the state-of-the-art firewall or intrusion prevention system that maybe provided with an SD device and in many cases, network professionals have a standard set of methods and procedures that they have followed for years and that do their job well. 

When it comes to a new way of doing things, like contactless procurement, there may be a reluctance to take a risk that can end up being counterproductive if something goes wrong. However, companies should consider the benefits that the underused SD-WAN functions can offer, listed below. After all, you are paying for the SD-WAN device or managed service anyway. Why not get your money's worth?

1. Contactless provisioning

The traditional method of implementing branch network equipment is to take the physical device to a preparation area, configure it, test it and send it to the branch office, where a network configuration professional sets it. For companies that implement dozens or hundreds of SD-WAN devices in a large geographic area, this is intense and time-consuming manual process.

Zero contact provisioning, which is standard on most SD-WAN devices automatically configure a ready-to-use tool. All the device needs are an Internet connection to call home, where it is wholly set quickly, efficiently, and standardized, according to predefined models, according to Kunal Thakkar, responsible for network engineering at Apcela.

2. Rotation of the encryption key

For sd wan companies doing business with the federal government, such as aerospace and defense companies, or companies with PCI compliance responsibilities, which include almost everyone, the encryption keys should be turned regularly (usually every 90 days). It can be a tedious manual process that involves complex change control policies and may require planned downtime.

SD-WAN platforms can replace conventional VPN-based key rotations with an automated system that can be programmed to perform rotations as often as every minute, without interrupting data plane traffic. The result is more excellent safety, with no downtime and no manual intervention.

3. Multiplexed VPN:

There are many scenarios in which companies must keep different types of traffic separated from each other. For example, in the case of a merger or acquisition, the combined company may be a single paper entity, but for commercial or compliance or security reasons, each business unit continues to operate independently. If the company decides to switch to SD-WAN, consider buying two sets of physical devices.

But SD-WAN technology allows you to multiplex multiple routing and virtual transfer (VRF) and VPN links with a single overlay. This was not possible with previous VPN technologies. In the case of large and complex organizations with multiple business units, traffic isolation can be achieved simply by defining policies. SD-WAN technology is capable of creating up to 16 virtual VPNs, all operating on the same physical WAN links, says Thakkar.

4. Routing adapted to applications.

SD-WAN products can inspect layer seven traffic to apply granular routing policies for specific applications. Some devices can identify more than 3,000 separate applications and understand the performance requirements for each use. 

This feature helps organizations optimize telecommunications costs at the granular level, continuously monitoring the latency, delay, instability, and other characteristics of sensitive applications in real-time and transferring the forms to the most economical transportation method. More profitable that meets the performance limits.

According to Ashwath Nagaraj, CTO of Aryaka Networks, application-oriented routing is not as widely implemented as it could be. One possible explanation is that Layer 7 traffic inspection is accompanied by a certain level of performance that exceeds the performance and requires companies to devote the time and effort needed to define policies for each application. But he argues that application-oriented routing can provide high cost and performance benefits.