SD-WAN Tutorial: How to Handle Next Generation SD-WAN

How can SD-WAN help me better manage my network? Software-Defined WAN (SD-WAN) has been touted as a transformative technology by industry pundits and enterprise customers, of all sizes and diverse verticals.

How Does SD-WAN Work

SD-WAN works by simplifying traditional network infrastructure by creating an overlay that virtualizes multiple, diverse, and carrier agnostic connections, using centralized control for the deployment and monitoring of branch office services. This transport agnostic overlay network can replace a plethora of legacy and proprietary branch network and security equipment, to simplify operations, lower costs, and provide greater control of the orchestration, monitoring, and visibility of WAN infrastructure.

Next-gen SD-WAN accomplishes this with application-layer control of service policies to ensure peak performance. The SD-WAN overlay defines and applies QoS policies and rules and orchestrates the WAN to deliver predictable levels of application performance.

SD-WAN also controls the underlying physical network infrastructure with an automated and programmable SD system that reliably and effectively delivers their applications, providing users with a quality experience.

How to Manage Next-Gen SD-WAN Using Policies and Application-Awareness

As with most things, the more advanced the SD-WAN is, the more effective it will be in meeting business objectives, providing deployment flexibility, and ensuring IT operations are future-proofed.

Network Policy

A next-gen SD-WAN will understand individual application SLA requirements and translate them into policies to which the network must adhere. This provides proactive network and application monitoring to ensure optimal traffic delivery and a quality user experience – whether on-premises, private/public cloud, or SaaS.

Application Awareness

An automated policy-based framework is propagated through unified control and management, from an easy-to-use, single-pane-of-glass interface. Visibility is enhanced, providing IT with insights into applications, devices, users, and networking, to ensure all functions adhere to the organization’s business intent. This simplifies IT’s ability to define, control, and change business requirements across their branches, data centers, and cloud/SaaS.

Centralized management using simple, template-driven workflows eliminates monotonous, error-prone configuration. Cloud-based SD-WAN workflows make it easy to propagate new branches with zero-touch, with consistent and error-free SD-WAN deployment.

How to Manage Next-Gen SD-WAN Using Policies and Application-Awareness

How to Simplify and Consolidate Branch IT

SD-WAN deployment can be in branch offices, in multiple clouds, or a dedicated data center. The elimination of single-function proprietary appliances with a consolidation of cloud-delivered virtual network functions (VNFs) provides a cohesive, virtualized network, and multi-layered security approach.

This approach eliminates siloed, single-function appliances that bring unnecessary risk, complexity, and cost to an organization. Rather than managing WAN complexities and expending time and resources tediously configuring and managing network and security devices, a next-gen SD-WAN allows IT to add applications and services with an automated and programmable cloud-native platform.

How to Improve Traffic Flow

A next-gen cloud-native SD-WAN brings greater levels of application intelligence to business connectivity. Application-aware routing understands the paths applications need to take and provides the management and control to deliver a quality user experience. This means IT spends less time fussing with the networks and the complexities of their underpinnings, and more time and focus can be applied to the applications. Application-aware routing reinforces the business intent and context of how applications are used, based on the business policies the organization prescribes.

Rather than only directing traffic using routing protocols, a next-gen SD-WAN identifies, classifies, and secures traffic based on the application ID. For example, Secure SD-WAN leverages a database of over 3600 application signatures and 100 million URLs that match conditions for routing-oriented policies.

Application-based VPNs can also be set up with minimal configuration. For example, a VPN can be cost-effectively deployed within a fully meshed topology, to deliver the highest levels of redundancy, and to support latency-sensitive applications, like voice and video. For compliance purposes, hub-and-spoke VPNs can be set up for FTP and HTTP, to ensure applications are routed through the secure hub site.

How to Deploy SD-WAN

Provisioning templates are an effective approach to simplifying tedious network configuration tasks and avoiding error-prone manual processes.

A next-gen SD-WAN with configuration templates can use workflows that combine the class of service to steer traffic; define service chains with a simple drag-and-drop, and automate network configurations to eliminate errors that degrade network performance and even cause network failures. Re-using templates improves productivity and streamlines the entire SD-WAN deployment process while implementing a modular methodology.

SD-WAN configuration templates have the same relationships applied to multiple branch offices or groups of branches. Pre-defined configuration templates automate a host of tedious and time-consuming tasks.

They mask complexity, by eliminating the need to know every detail about how to achieve a specific task. By simply selecting target elements, the template automatically applies the appropriate SD-WAN configurations.

Provisioning is simplified by providing a single system that pushes final configurations from the central controller to the SD-WAN edge devices located in branch offices. Eliminated is the complex building of monolithic configurations, as SD-WAN templates act as configuration building blocks using small, manageable, modular templates, with distinct permissions for different users. This also provides administrators with a mix-and-match approach to add elements as needed.

How to Set Up Micro-Segmentation for Control, Consolidation, and Incident Containment

A next-gen SD-WAN can segment the network by the class of traffic and types of data, essentially setting up an intra-enterprise multi-tenancy.

Micro-segmentation across the LAN, WAN, cloud, and data center reduces vulnerabilities and risks from external and internal threats. Segmentation and embedded security can limit the impact of data breaches by keeping ransomware and other attacks from quickly spreading. It also provides more time to detect, block, and purge unfolding exploits.

Segmentation enables the ability to securely consolidate disparate physical environments into a single network. In doing so, you can support diverse lines of service, such as IT, guest Wi-Fi, and mission-critical traffic across a common infrastructure, while retaining management and control.

How to Manage Next-Gen SD-WAN Using Policies and Application-Awareness

How to Achieve End-to-End Control

A next-gen SD-WAN should have functional capabilities that include routing, connectivity, WiFi, LTE, security, NGFW with UTM functions, rich SD-WAN functions, and robust WAN optimization.

The combination of all these capabilities enables advanced analytics, visibility, and automation and with those three together: organizations can create a consolidated and unified software platform.

With these services embedded within a single software stack and the data (such as logging, events, and other information collected into the central controller) IT has a single location for control, analytics, and visibility. Administrators only need to go to one interface to see routing, transport, security, and SD-WAN events. This simplifies the correlation between everything. It also eliminates the complexity of having to manage and correlate the data from every individual function, like firewall, WAN optimizer, router, and SD-WAN, from multiple vendors.

A single software stack can optimize performance through its native service chaining architecture. Network and security functions can be connected logically and cohesively while carrying information along the service chain, as packets proceed on the chain, from one function to another. A single memory copy operation can extract packet information for fast performance, and perform lookups based on the information extracted. Operations can be further optimized when a packet is offloaded to the fastest path. The next-gen SD-WAN can process the rest of the packets in the same flow without requiring detailed lookups and achieve consistent execution of forwarding, packet manipulations, QoS/HQoS functions, packet encapsulation, and decapsulation, etc.

How to Implement Robust Multi-Layered Security

A next-gen SD-WAN with embedded security will protect against increasing Internet and branch cyber threats that are growing more complex every day.

Security functions like firewalls, access control and filtering, anti-virus/malware, and DNS, are required when data center and cloud resources are accessed by branch office users. The challenge for IT is how to efficiently deploy and monitor all this functionality within their remote offices. They need centralized provisioning, deployment, and monitoring, and have little to no technical personnel located within the branches. This is where next-gen SD-WAN shines.

Whereas traditional networks have a complex jumble of diverse single-function proprietary hardware appliances that require technicians to deploy and monitor, a next-gen SD-WAN simplifies this, with a central controller and edge devices deployed in each branch. Rather than being hardware-bound, the SD-WAN is software-based, built on software-defined networking (SDN), with a network functions virtualization (NFV) approach and cloud principals.

By leveraging robust network and security virtual network functions (VNFs), the SD-WAN can provide all the security functions at the branch offices – all deployed and monitored centrally. Cost and operational flexibility are obtained by leveraging an open-standard-based cloud-native, multi-stack solution for embedded network and security applications with robust features, as well as, third-party VNF services using their brand preference.

Versa Secure SD-WAN

Secure SD-WAN reduces costs through WAN flexibility and simplifies operations with centralized provisioning, management, policy control, and application visibility.

Secure SD-WAN’s multiple layers of security protect against Internet and branch cyber threats. Organizations can reduce the Capex and Opex of their WAN and branch networks while increasing IT responsiveness to meet business needs.

Eliminated are the plethora of individual proprietary network and security devices, each requiring different skill sets to install, configure, test, and maintain. The time required to manage the network is minimized and branch security is strengthened.

Secure SD-WAN is built for hosting virtual enterprise native network and security apps and services and supports third-party VNFs. This new model is a streamlined solution that consolidates and optimizes the interactions between the stack layers, and the interactions between the various apps and services themselves. Secure SD-WAN’s virtualization layer has robust routing, SD-WAN, and security functions natively embedded.

Enterprises and service providers can deploy the VM of their choice that allows for more flexibility. Secure SD-WAN is built on a multi-service, multi-tenant software platform, based on cloud principles that will deliver the unique value of scale, segmentation, programmability, and automation. Secure SD-WAN provides both networking and security functions within a single software platform, with streamlined service chaining capabilities. This approach gives users the flexibility to choose the solution they want, free from vendor lock-in.

Learn More

Find more research, analysis, and information on SASE (Secure Access Service Edge), networking, security, SD-WAN, and cloud from industry thought leaders, analysts, and experts.



Versa SASE for Enterprises & Service Providers

Versa SASE enables Enterprises to increase their bandwidth and cloud experience, improve flexibility, and decrease the cost of their legacy network all with an application-driven and software-defined solution.




Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.




Versa SASE: Solutions to Modern-Day Needs

Versa SASE helps organizations streamline their transition to multi-cloud and SaaS, support a dispersed and remote workforce, and optimize network performance, without compromising security.