It’s no secret that traditional wide area networks (WANs) have to change. There has been a lot of talk about their high costs, long-time deployment time, and poor fit for running internet and cloud traffic. But cost reductions, in particular, that are often promised with SD-WANs, are often misleading.
SD-WAN Cost Savings
Early marketing around SD-WAN technology pointed to the 90 percent cost difference between Multiprotocol Label Switching (MPLS) and internet bandwidth costs. Due to this, many SD-WAN service suppliers claimed that the technology would lead to comparable savings.
The reality is very different. On a recent Cato Networks’ survey of 353 IT professionals, less than half of respondents indicated reduced costs when switching, even though nearly 90 percent had reported that cost savings were important in their choice to switch.
Can’t Eliminate MPLS
All too often, the cost savings stem from the expectation of eliminating a carrier’s costly MPLS service, the standard private data service enterprises use to connect their location. But there’s an excellent chance that most SD-WANs will not eliminate MPLS. In part, this has to do with reasons of regulatory or standards compliance; many security professionals still do not trust SD-WANs across the open internet to meet requirements.
In other cases, SD-WANs rely on the internet, which lacks the consistent packet loss and jitter characteristics needed to run high-quality voice. This is particularly true between internet regions, where the long-distances and the lack of alternate paths makes finding a route with the right networking characteristics very challenging.
More than Basic Internet
Preliminary SD-WAN calculations compared MPLS against the most basic internet services. But all too often these services are insufficient. Companies often need to invest in not only business-grade internet but services with redundant links to meet uptime expectations. All of which increases last-mile costs.
Service provider management, an inherent part of any MPLS service, must be assumed by the enterprise with SD-WAN — another cost center. Then there are also the additional security costs often calculated into the equation.
As a rule, appliances do not provide advanced security. They encrypt traffic, like any other VPN, but lack the advanced security services necessary for defending against malware penetration and more. As a result, while they can use the internet to establish VPNs to locations, they must still backhaul traffic to the company’s secured internet portal. This means the same cloud and internet traffic performance problems experienced with MPLS persist.
Connecting locations with Direct Internet Access (DIA) forces the deployment of IPS, malware protection, next generation firewall (NGFW) and other advanced security services at each site or, more likely, in regional hubs, increasing the SD-WAN-related costs.
Cost Savings You Will See
Clearly, deployments do realize cost savings in some cases — 41 percent according to our survey. Where do those savings come from?
Cost savings, or more specifically cost avoidance, comes from avoiding the need to replace end-of-life routers. Bandwidth costs, even with redundant fiber pairs, will reduce somewhat when replacing MPLS in well-developed internet regions. MPLS can be eliminated, but the SD-WAN needs to include a low-cost, SLA-backed backbone alternative. Security costs can also be reduced when the provider integrates advanced security services.
Operational costs will also decline because the SD-WAN uses centralized configuration and management. In general, SD-WANs help wide area networking become much easier to implement. Appliances are designed to configure themselves once connected to the network, saving companies from relying on skilled, on-site expertise. But they are still hardly plug-and-play. Companies using SD-WANs will continue to need network engineering expertise to configure the routing and create the policies appliances will use to configure themselves.
SD-WANs can help your bottom line. It’s partially a matter of setting proper expectations and partly about finding an SD-WAN with the right security and performance characteristics to make DIA and MPLS replacement possible. Do that, and you too can join the happy 41 percent.
Gur Shatz is co-founder and CTO of Cato Networks. Prior to Cato Networks, he was the co-founder and CEO of Incapsula Inc., a cloud-based web applications security and acceleration company. Gur holds a BSc in computer science from Tel Aviv College.