the cios guide to sd-wan - aryaka · sd-wan is a potential game-changer for wide area...
TRANSCRIPT
N e m e r t e s R e s e a r c h G r o u p I n c . w w w . n e m e r t e s . c o m 1 - 8 8 8 - 2 4 1 - 2 6 8 5
TheCIOsGuidetoSD-WAN:Buildingthecaseforafaster,better,andcheapernetworkEmbracingLessExpensiveConnectivityMakesSD-WANaPowerfulEngineofWANSavings
MixinglessexpensiveconnectivityintotheWANcannotjustslowthegrowthofWANspendingbutactuallyreduceit—whileimprovingperformanceanduptime.
ByJohnBurkeCIOandPrincipalResearchAnalystNemertesResearch
CompassDirectionPoints:
± SD-WANcansavemoneyonconnectivity.GrowthinMPLSspendingcanbeeliminated,andannualcostsactuallyreducedbysubstitutingInternetlinksforMPLSsomeorallofthetime.
± SD-WANcanimproveuptime.Nemertesresearchdatashowa92%reductioninWANoutagesatSD-WANsites.
± SD-WANcanreduceITWANmanagementcosts.Nemertesresearchdatashowa95%reductioninWANtroubletickets.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
2
TableofContents
COMPASSDIRECTIONPOINTS: 1
TABLEOFFIGURES 4
EXECUTIVESUMMARY 5
THEISSUE 6
WHATISSD-WAN? 6
TYPESOFSD-WAN 7OVERLAYSD-WAN 7OVERLAY:PROS/CONS 8IN-NETSD-WAN 8IN-NET:PROSANDCONS 9
MAKINGABUSINESSCASE 9BOTTOMLINEBENEFITS 9TOP-LINEBENEFITS:BUSINESSAGILITY 10STRATEGICSUPPORTANDDIGITALTRANSFORMATION 10TOOMUCHRISK,ORRISKREDUCED? 10GLOBALWAN,REGIONALSERVICES,ANDSD-WAN 11
THENEMERTESSD-WANCOSTMODEL 11COSTCOMPONENT:CONNECTIVITY 11COSTCOMPONENT:CAPITALEQUIPMENT 12COSTCOMPONENT:TROUBLESHOOTINGANDPROBLEMRESOLUTION 13
CUSTOMIZINGTHEMODEL:MAKINGITWORKFORYOU 14SIZEANDCONVERSIONPERCENTAGE 14CARRIERSERVICEOPTIONS 14CAPITALEQUIPMENTSHIFTS 15SD-WANAPPLIANCETYPE 15SITETYPES 15
MODELOUTPUTS 16SD-WANVSCLASSICALWAN 16OVERLAYVSIN-NETSD-WANSAVINGS 17
SD-WANUSECASES 18USECASE1:BENDINGTHECOSTCURVEONRESILIENCE,GROWTH 18
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 3
USECASE2:OPERATIONALEFFICIENCYFORITANDTHEBUSINESS 19USECASE3:BUSINESSAGILITYVIASMARTERBRANCHING(FASTERISBETTER) 20
CONCLUSIONANDRECOMMENDATIONS 20
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
4
TableofFiguresFIGURE1:SD-WANWITHMESHANDHUB/SPOKEVIRTUALWANS...................................................................6FIGURE2:OVERLAYSD-WANARCHITECTURE.............................................................................................................8FIGURE3:IN-NETSD-WANARCHITECTURE..................................................................................................................8FIGURE3:SD-WANMODELVARIABLES..........................................................................................................................14FIGURE4:MODELINGCONNECTIVITYTOTYPICALSITES.....................................................................................16FIGURE5:MODELOUTPUTS.................................................................................................................................................17FIGURE6:USECASE#1—BETTERBACKUP..................................................................................................................18FIGURE7:USECASE#2—MOVINGAWAYFROMMPLS...........................................................................................19
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN51995
ExecutiveSummarySD-WANisapotentialgame-changerforwideareanetworking—onthesamelevelasservervirtualization,whichtransformeddatacentersoverthelast10years.SD-WANcombinestheuseofmultipleactivebranchlinks,intelligentdirectionoftrafficacrossthoselinks,andcentralized,policy-drivenmanagementoftheWANasawhole.Theabilitytoleveragemultiplelower-costservices(includingInternetand4Gwireless)aswellastraditionalserviceslikeMPLSholdsthepromiseoftransformingIT’srelationshiptotheWANandtheWAN’srelationshiptothebusiness.
Transformationalpotentialisnotenough.IThastobuildacompellingbusinesscaseformakingthetransition.Thebaseofthecasemustbecost.NemerteshasdevelopedandvalidatedanSD-WANcostmodelthatenablesenterpriseuserstobuildthatbusinesscase.Theshortversion?SD-WANdeploymentscancutmillionsfromlargeWANservicebills.ButconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings;byprovidingcheaperandmoretransparentandautomaticfailoverwhenWANlinksfail,SD-WANcanreducebranchWANoutagesandtroubleshootingcostsby90%.
ForITandnetworkingprofessionalsthemessageisclear:nowisthetimetotakeacloselookatyourWANarchitecture,withtheaimofidentifyinglocationsthatcouldbenefitfromhigherbandwidth,lowerrates,increasedreliability,orallthree.ModelthecostofstickingwiththecurrentarchitectureandcomparethatagainstatleasttwoSD-WANsolutions.IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscasebasedonthem,aswellasotheroperationalsavingsandanybusinessvalueassignedbythebusinesslinestofasterbranchturn-up.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
6
TheIssueIntheclassicengineer’sformulation,“Youcanhaveitcheaper,faster,orbetter…picktwo.”Fromtimetotimenewtechnologycomesalongand,bychangingthebasicassumptionsunderlyingexistingsolutions,managestobecheaperandfasterandbetterallatonce.SD-WANpromisestohitthetrifecta.BychangingtheunderlyingassumptionsabouthowyouconnectabranchtotheWAN(and,indeed,whatconstitutesabranch)itoffersthechanceofimprovingagility(i.e.beingfaster)andperformanceandreliability(i.e.beingbetter)whilealsoreducingcosts.BuildingabusinesscasefordeployingSD-WANinvokesallthreebenefitsbutrestsmostlyonthestrengthofsavings,whetherintheformofexpectedcostincreasesavoided,orasactualcostdecreases.
WhatisSD-WAN?Let’sstartfirstwithdefinitions.Software-DefinedWAN,orSD-WAN,incorporatesseveralkeyconcepts:
• Abstractionofedgeconnectivity:Makingalltheconnectionsintoalocationusefulasasinglepoolofcapacityavailabletoallservices.
• VirtualizationoftheWAN:OverlayingoneormorelogicalWANsonthepoolofconnectivity,withbehaviorandtopologyforeachoverlayWANdefinedtosuittheneedsofspecifictypesofnetworkservices,locations,orusers.
• Policy-driven,centralizedmanagement:KeytoanSD-WANistheabilitytodefinebehaviorsforanoverlayWANandhavethemimplementedacrosstheentireinfrastructurewithoutrequiringdevice-by-deviceconfiguration.
DC
BranchRTR
BranchRTR
BranchRTR
Internet
MPLSCarrierCore
SD-WANRTR
MeshWAN
SD-WAN
SD-WAN
SD-WAN
Hub-and-SpokeWAN
Figure1:SD-WANwithMeshandHub/SpokeVirtualWANS
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 7
• Flexibletrafficmanagementforperformanceandsecurity:SD-WANscanoptimizetrafficinmanyways;foremost,theycanselectivelyroutetrafficacrosslinksbasedoncriteriasuchaslinkperformance.
TypesofSD-WANTherearetwokeywaystoprovidetheseservicesinaWAN.Nemertescallstheseoverlayandin-netSD-WAN.
OverlaySD-WANInanoverlaySD-WAN,thenewSD-WANappliancesaredeployedonanexistingroutednetwork,eitherbehindtheroutersorreplacingthemasthebranchconnectiontotheWAN.SD-WANappliancescanalsocollapsethetypicalbranchstackbyreplacingotherbranchWANappliancessuchasoptimizersandfirewalls.MorethanadozencompaniessellSD-WANappliances,bothphysicalandvirtual(whichallowextensionoftheSD-WANintopubliccloudspacessuchasAmazonEC2orGoogleComputeEngine).Someareintendedtoreplacerouters,sometoridebehindthem,otherscanfilleitherrole,andenterpriseITstaffneedtocarefullyevaluateeachagainsttheirspecificneeds.Forexample,thosewithanagingrouterplantbutmostlyMPLSandCarrierEthernetorbroadbandlinksmayfindrouterreplacementveryattractive.ThosewithalotofolderT1orT3connectionsthatcan’torwon’tbereplacedwithEthernetmaywanttokeeptheirexistingroutersinplace,toterminatetheolderconnectivity,whileusingtheSD-WANsolutiontosupplementitwithwiredor3G/4Gbroadband.
MPLS Carrier Core
Branch
DC
Branch
Inte
rnet
SD-WAN
Encrypted tunnels Optionally encrypted tunnels
SD-WAN
SD-WAN
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
8
Figure2:OverlaySD-WANArchitecture
Overlay:Pros/ConsIntheoverlayscenario,SD-WANappliancescomprisealayerofenterpriseinfrastructuredistinctfromtheWANconnectivitytheymanage,allowingITtoeasilyaddandremovenetworkserviceprovidersandlinktypes.Thisgivestheenterprisemaximumflexibilityonconnectivityservices,butincurstheburdenofmanagingthesolutionitself.Thisistypicallylesstroubletomanagethantheold-schoolrouterplant,andcanevenhelpmakeroutermanagementeasierwhereroutersstayinthepicture,butisstillasignificantoperationalresponsibilityforIT.
In-NetSD-WANIncontrast,in-netSD-WANtiestheSD-WANfunctionalitytotheconnectivityservices.Thesefunctionsmayallbeprovidedintheserviceprovider’sedgeandcoreinfrastructure,withthebranchusingatraditionalroutertoconnecttotheprovider’snearestpointofpresence.Or,someorallfunctionsmaybeprovidedon-premisesviaappliancesunderserviceprovidermanagement;thispushesworkoutoftheserviceprovider’sinfrastructureandalsoallowsoptimizationoflast-mileconnectivityviacompression.
Figure3:In-NetSD-WANArchitecture
In-netSD-WANcanbetiedtoNetworkFunctionsVirtualization(NFV),withthevariousfunctionsprovidedbyseparate,cooperatingVirtualNetworkFunctions
SD-WAN Service Cloud
Branch Branch
DCSD-WAN
Internet
Encrypted tunnels
SD-WAN SD-WAN
PoP
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 9
(VNFs)dynamicallydownloadedtotheon-premisesdevice(wherethereisone)orchainedintothetrafficpathinthecarrierinfrastructure.Thisopensthepossibilityoftheon-premisesdevicebeingwhite-box/genericratherthanbespokefortheservice,decreasingvendorlock-insomewhat.
In-Net:ProsandConsThetrade-offforhandingoffthemanagementburdenfortheSD-WANisthelossofautonomywithrespecttoconnectivity.Inthein-netscenario,youcan’tnecessarilymixandmatchlinksfromdifferentvendorsfreely.ThenewlevelofWANfunctionalityistiedtothein-netSD-WANprovider,afterall.Ifyouhavetroublegettingconnectivitytoallyoursitesfromasingleprovider,thatbecomesanissue.Likewiseifyouwanttohaveproviderdiversityforyourbranchconnectivity,aswellaspathandlink-typediversity:thatis,youwanttohaveeachbranchhavealinkfromatleasttwodifferentproviders,e.g.oneforMPLSandadifferentoneforInternet.Thein-netSD-WANproviderhastoallowfor(andpotentiallypartnerwith)theotherprovidersyouwanttouseinorderforyoutofoldinlinksfromthoseothervendors.Thissharplylimitsenterprisechoiceinthematter.
MakingaBusinessCaseBottomLineBenefitsFirstandforemostinthebusinesscasemostSD-WANuserswillbuildiscostsavings,andthemainsourceofhard-dollarcostsavingsinSD-WANisthesubstitutionoflower-costconnectivityinplaceofmoreexpensivekinds.Theorganizationmightbelookingforimmediatesavings.Inthatcase,thegoalwillbetodecreaseabsolutespendingonconnectivity.ThiscanbeaccomplishedbyreplacingMPLSorotherrelativelyexpensiveconnectivity(atleastasreckonedonacost-per-Mbpsbasis)infavorofalessexpensiveoption:replacingsomeMPLSlinkswithbusinessInternetservices,orevenconsumer-gradebroadband.Or,theorganizationmightbelookingforsavingsoveralongertimeframe—lookingto“bendthecostcurve”fortheirWANastheyprojectcurrentgrowthtrendsintothefuture.Inthiscase,theymaychangelittleornothingintheircurrentuseofMPLS,forexample,butshiftallgrowthtoothermedia.Fully78%oforganizationsdeployingSD-WANhavenoplantocompletelydropMPLSfromtheirWAN.However,mostintendtoreduceandrestricttheiruseofit,ifnotimmediatelythenoverthenextfewyears.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
10
Top-LineBenefits:BusinessAgilitySpeedhasvalueinbusiness.Forthegrowingnumberofbusinessesadoptinga“getclosertothecustomer”approachtotheirphysicalstorefronts,thatspeedcanbemeasuredinpartbyhowmanydaysittakestoturnupanewbranch.SD-WANcanradicallyalterthatnumber.Mostsolutionsallowfreemixtureofdifferentkindsofconnectivity.Consequently,anewlocationcanbebroughtupwithwhateverformofconnectivityismostreadilyavailable,beitcableorDSLoreven4G/LTE,andcanbecomeonlineinunderaweek,evenwithinadayofreceivingitsendpointequipment.Contrastthatwiththeusual30tomorethan90daystoconnectupanewbranchusingtraditionalapproaches.AnotherformofagilitythattheSD-WANapproachlendsitselftoisrapiddeploymentofnewWAN-basedservices.Centralized,policy-basedmanagementoftheWANasawholeallowsrapidreconfigurationtosupporttheadditionofnewservicesaswellaschangesintheprioritizationoftheapplicationportfoliooverall.Thebusinesslinesresponsiblefornewbranchoperationscanlikelyputadollarvalueoneveryadditionalweekorevendayofoperationsforanewlocation.ITshouldbereachingouttothemforthatinformationinconstructingthebusinesscase.Likewise,theywillhaveputavalueonthebenefitsofdeliveringthenewservicestheyarepursuing,andITshouldreachouttogetthatinformationforanyinitiativesplannedforthenearterm.
StrategicSupportandDigitalTransformationThatrapiddeploymentandintegrationofnewservicesisinturnthecornerstoneofanotherlevelofvaluetoconsiderinabusinesscase:supportforstrategicinnovationsandespeciallyDigitalTransformation(DT)efforts.ManyDTinitiativesrevolvearoundnewusesofreal-timecommunicationstointeractwithcustomersandprospects.Others,aroundinsertionintotheenvironmentofnewtechnologiesthatgeneratestreamsofdatathatflowbacktothedatacenterorouttothecloud—sensors,digitalsignage,locationtrackingdevices.Ineithercase,theWANbecomesthechannelbywhichDTdataflowstoandfrombranches,andSD-WANprovidestheabilitytoswiftlyaddnewflowstothemixwithouthurtingperformanceforwhatisalreadythere,aswellastoeasilymeetnewbandwidthdemandsusingmoreaffordableconnectivity.
TooMuchRisk,orRiskReduced?SD-WANsolutionscanalsocontributetothesecurityofanorganization.AlthoughtheymakeitpossibletomoreeasilysendtrafficdirectlytotheInternetfromthebranch,avoidingbackhaulsthroughthedatacenter,mostbuildfirewallfunctionalityaroundthat,andallallowforcarefulselectionofwhichtrafficis
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 11
allowedtoflowdirect.Forexample,policycanallowtraffictoandfromOffice365orSalesforcetogodirect,whileotherweb-boundtrafficisnot.And,onanotherfront,creatingaholistically-managedWANusingproviderendpointsallowstheorganizationtoeasilyandreliablykeeptheendpointscurrentonallsecurity-relatedupdatesandpatches.MostorganizationsarereluctanttoapplypatchesandupdatestoalltheirWANrouterstoofrequently,sincetheyhavetoinvestsignificantstaffhoursinpushingoutpatchesbranchbybranch,anddoingsousuallyinvolvesaninterruptioninservices.Toomanyorganizationsapplypatchesandupdatesonlywhentheyhavenootheroption,ratherthanwheneveroneisavailablethatwilltightenupsecurity.Asystemintendedtoallowno-down-time,comprehensiveupdatingchangesthisdynamicentirely,andimprovestheoveallsecuritypostureoftheorganization.
GlobalWAN,RegionalServices,andSD-WANLastly,SD-WANcanmakeiteasierfortheorganizationtospinupnewbranchesanywheretheyneedto,globally,bydeliveringaconsistentsetofserviceswhiletakingadvantageofwhateverlocalconnectivityoptionsareavailable.In-netSD-WANcanenjoyaparticularadvantageinthisscenariobyusinganoptimizedbackbonetodeliver“middle-mile”optimizationsindependentoflocale,avoidingtheunpredictabilityofmulticontinentalInternetperformance.Bringinggreaterconsistencyaswellasbetterperformancetobothin-houseandSaaSapplicationscanboostproductivityglobally.
TheNemertesSD-WANCostModelTheNemertesmodelincorporatesthreekeycostcomponentsoftheWANandofSD-WANsolutions:connectivity,capital,andoperations.Itisbuilttosupportmultipledecisionpointsinregardstoeach.
CostComponent:ConnectivityInassessingcostsforanyWANarchitecture,circuitandservicecostsrepresenttheoveralllion’sshare.And,asnoted,thelargestpieceofcostsavingsfromSD-WANcomesfromchangesincircuitandservicecosts.Whetheroverlayorin-net,thefundamentalconceptbehindSD-WANistouseanyavailablenetworkroutesthatdeliveranapplication’srequiredqualityofservice;wherebigcheapInternetlinksareavailable,alotoftrafficwillshiftontothemoffmoreexpensiveMPLSlinks,whichcanshrinkorgoaway.ThisprovidesITwitharangeofoptionsforaddingbandwidth,andletsnetworkprofessionalstakeadvantageofthefullrangeofoptionstomeettheneedsoftheirparticularmixofservices,sitetypes,andusecases.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
12
Dependingontheorganizationanditsapplications,thatmaymean:• Routingunifiedcommunicationsandotherreal-timetrafficoverMPLSwhile
shiftingotherapplicationtraffic,filetransfers,andotherlatency-insensitiveapplicationstobusinessorconsumerInternetservices(whichcostupto10timeslessthancomparableMPLSservices)
• RoutingallapplicationsacrossMPLSwhereavailable,andusing4Gwirelessasbackuporforoverflowtraffic
• ShiftingallapplicationsfromMPLStobusinessorconsumerInternetservicestomaximizecostsavings,withacoupleofprovidersperbranchsothesolutioncanstilltakeadvantageofdifferencesinperformancereachingvariousservicesacrossthevendors’respectivenetworks
Soatthecoreofourcostmodelisthe“circuitcosts”component,whichincludesallservicesthatanenterprisehasinthe“beforeSD-WAN”stateandthoseitwillhaveafterdeployingSD-WAN,including:
• MPLScircuits:TraditionalMPLSserviceswithSLAandpossiblymultiplelevelsofQoS
• BusinessInternet:InternetservicesprovidedwithanSLAandsymmetricalservice,i.e.thesamebandwidthuptotheInternetanddownfromit
• ConsumerInternet:Consumer-gradeInternetservices(althoughalsotypicallyprovidedforsmallerbranchoffices)whichdon’thaveanSLAandmay,ifbasedoncableorDSL,beasymmetrical,withlowerbandwidthfortrafficgoinguptotheInternetthanfortrafficcomingdownfromit
• 4GorLTEwireless:Broadbandwirelessservicesusuallyusedasinitialconnectivityinanewbranch,orasbackuporoverflowcapacityforanestablishedbranchwithotherconnectivityavailable
CostComponent:CapitalEquipmentGivenhowlarge,comparatively,thespendingonconnectivityis,withalongenoughreplacementcycle(5to7years,althoughcostsareusuallyamortizedover3to5years)thecostofcapitalequipmentcanseeminsignificant.Evenasthebranchstackhasgrownfromjustaroutertoincludealsooptimizationandfirewalls,thiscanstilllooktrue.Thatis,itcanseeminsignificantifyouhaveeasyaccesstocapitalfunds.However,manyorganizationsfindcapitalfundsincreasinglypinched.That,coupledwithanacceleratingpaceoftechnologychangemakesabigupfrontinvestmentinalongreplacementcycleuntenable,fornow.So,theimpetusistoreducecapitalspendbyconsolidatingthestackintoasinglebox;ortoshiftcostsfromcapitaltooperatingexpenses.SD-WANappliances,especiallythenewestgenerationonesusedbycarriersandserviceprovidersintheirin-netsolutions,areintendedtobeabletoreplaceroutersandfirewallsandsomefunctionsofWANoptimizers,whetherviaintegralfunctions
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 13
ofaunifiedappliance,or,intheNFVscenario,viarouter,firewall,oroptimizationVNFsrunalongsidethecoreSD-WANVNF.Inotherwords,anapples-to-applesbefore-and-aftercomparisonofcapitalequipmentmightinclude:
Ormanyothercombinations.Themodelaccommodatesselectinghowmanysiteshaveaseparatefirewallbeforethetransition,andhowmanyafter;likewiseWANoptimizers.Webundlebothsoftwarelicensingcostsandamortizedhardwareintoasinglelineitem.
CostComponent:TroubleshootingandProblemResolutionAlthoughtheyfeelkeenlythefactthattheyhavetoomuchtodoandtoolittletimeinwhichtodoit,networkprofessionalsusuallydon’tknowexactlyhowmuchtimethey(andtheirteams)spendintroubleshootingandresolvingWANproblems.That’sbecauseteamstypicallywearmultiplehats,andoutagesandissuesoccurrelativelyinfrequentlyinmostWANs.Overthecourseofayear,anetworkengineermightestimateshespends75%ofhertimeonupgradesandnewinstallations;10%ofhertimedoingarchitectureandplanning;andtheremainderontroubleshooting.Butunlessthecompanysheworksforisexceptionallyobsessiveabouttime-tracking,there’snowaysheknowsthis.Andwhensitesdoexperiencesignificantconnectivityissues,solvingtheproblemisparamountandtime-trackingwhatgoesintoitisnot;resolutionpushesasidenormalworkandofteninvolvesafter-hoursandweekendworkthatisrarelytrackedandaccountedforaccurately.Whatwefoundinresearchforthecostmodel,aswellasinthe2016CloudandDataCenterBenchmarkresearch,isthatregardlessofhowmuchtimenetworkengineersinvestintroubleshootingandproblemresolution,thatnumberdecreasedbyroughly90%withdeploymentofSD-WAN.Thatmayseemcounter-intuitive,giventhatwithSD-WANnetworkarchitectsareintheoryputtingless-reliableInternetlinksintheroleofprimaryconnectivitybeside(orinplaceof)morereliableMPLSlinks.However,inpractice,mostusecasesinvolvemovingfromsingleMPLSconnectionstopoolsconsistingofMPLS-plus-Internetormultiple-Internetconnections—andaconsequenceofmovingtomultipleconnectionswithtransparentfailoveristoreduceoreliminatetheimpactofanysinglelinkhaving
Before:• Hardwarerouter• HardwareWANoptimizer• Nofirewall• NoSD-WANappliance
After:• Softwarerouter(VM)• SoftwareWANoptimizer• Softwarefirewall(VM)• SD-WANappliance
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
14
problems.TheSD-WANtechnologyhappilyreroutestrafficoverthegoodlink(s),andsimplyresumesusingthelinkthatwentdownassoonasitisbackup.Whenthere’saserviceoutagewithasingleMPLScircuit,networkengineersneedtodropeverythinganddealwiththeoutageuntilthesiteisbackup.Butwhenacircuitgoesdownandothercircuitstakeitsplace,it’snotreallyanoutage,it’smerelyaservicedegradation,andnotanemergency.Andgiventhatsuchoutagesareusuallytemporaryandself-correcting,oftennoactionbyITisrequired.
CustomizingtheModel:MakingItWorkForYouSizeandConversionPercentageForacostmodeltoapplytoanygivenenvironment,usersneedtobeabletocustomizeittoreflecttheircurrentenvironmentandplannedchanges.Thisabilityiskeytoconducting“what-if”analyses:determiningwhichoptionsmakethemostsenseforagivendeploymentscenario.Toenablecustomization,Nemertesfocusedonafewkeyvariables.(PleaseseeFigure2.)Firstandforemost:theWANsize(numberofsites)andthepercentageoftheWANconvertedtoSD-WAN,becauseSD-WANdoesn’thavetobeallornothing.Userscaninputboth,andseehowtheresultschange.
Figure4:SD-WANModelVariables
CarrierServiceOptionsThenextmostimportantvariableinthecostequationis,asnotedabove,thecostofconnectivityservices.Thiscomprisesmultiple,separatevariables:Whichproviderisdeliveringservices,andwhichservices—MPLS,businessInternet,consumerInternet,andLTE—areinuse,andathowmanysites.Themodelallowsuserstoselect“before”and“after”optionsforservicetypes,andtodefineconnectivityprofilesforafewcommonbranchscenarios(seebelow).Thecostforthoseserviceswilldrawfromoneofthreesources:
How many sites on WAN? 100Carrier GenericPercentage of sites converted to SD-WAN 100%Percentage with full firewall before 5% 3 yearsPercentage with full firewall after 25%Percentage with WAN otimization before 50%Percentage with WAN otimization after 0%
Solution selected
WAN Variables SDWAN Other (e.g. VeloCloud or Viptela)
Amortization Period
Percentage routers replaced by SD-WAN appliance
80%
Your Input: Describe Your WAN Now and the WAN You Want
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 15
• Specificcarriercosts.Networkprofessionalswhoworkwithaspecificcarrier,orwhoareconsideringselectingthatcarrier,canselectthatprovider’scostsfortheoptions.
• Specificenterprisecosts.Networkprofessionalswhoknowtheirowncostsforservicescanplugthosein,andhavethemodelcompareconfigurationsbasedontheactualcostspaidforservices.
• Genericcosts.Networkprofessionalswhodon’tknowtheirowncostsandaren’tfocusingonaspecificcarriercanleverageanaverageofbenchmarkandsurveydatacollectedbyNemertes.Thesearepaidcosts,notlistprices,sotheyprovidearealisticsenseofactualmarketcosts.
CapitalEquipmentShiftsWealsoenableuserstoindicatebeforeandafterscenariosforcapitalequipment.Theseinclude:
• Routerreplacement.Asindicatedabove,somesolutionsallow(andevenencourage)routerreplacement.Atleastonemayrequireit(i.e.forin-routerSD-WANrequiringanewenoughroutertosupportit).Removingabranchrouterreducescapital,management,andmaintenancecosts.
• Branchfirewalls,pre-andpost-transition.AsignificantappealofSD-WANistheabilitytosendcloud-boundtrafficdirectlytothecloudratherthanroutingitbackthroughadatacenter;deployingmoreDirectInternetAccess(DIA)inbranchesmeansdeployingmorefirewallstosecurethoseconnectionpoints.SomeSD-WANsolutionsprovidestrongfirewallfunctionality,othersdon’t,andinsomecasesITwillwanttodeployastandalonenomatterwhat,asamatterofpolicy.
• WANoptimizers,pre-andpost-transition.Betweenincreasesinusablebandwidth(withconsequentdecreaseincontentionforcapacity)andtheabilityofSD-WANappliancestosupplycrucialWANoptimizationfunctionssuchasprioritizationandrouteoptimization,enterprisesoftenhavenoongoingneedforaseparateoptimizationapplianceinanSD-WANsite.
SD-WANApplianceTypeAlthoughthetypeofSD-WANappliancedoesn’taffectthecostofadeploymentdramatically,weletusersselecttheSD-WANappliancestheyareconsideringaspartofthemodeling.ThisisaparticularlyusefulcapabilitywhenitcomestocomparingoverlaySD-WAN(forwhichusersmustpurchasetheirownSD-WANappliances)within-netSD-WAN(inwhichprovidersdeliver,andmanage,theapplianceaspartoftheservice).
SiteTypesLastly,theNemertestoolallowstheusertodescribetheorganization’smostcommonsitetypesintermsoftheircurrentconnectivityprofileandtheprofilethey
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
16
wouldliketoshifttoviaSD-WAN.(PleaseseeFigure3.)Sitetypescanrangefromalargeheadquartersordatacentertotypicalmidsizebranchofficestosmallbranchesorevenkiosksorotherunstaffednetworksites(e.g.anATMoraRedBoxorsimilarnetwork-connectedvendingmachine).
Figure5:ModelingConnectivitytoTypicalSites
ModelOutputsThemodel’sgoalistodeterminenotonlywhetherSD-WANcandelivercostbenefits,butparticularlywhatsortofSD-WANisoptimal:overlayorin-net.
SD-WANvsClassicalWANAsoutputs,themodelcomparescurrentcostswithSD-WANcosts,modelingbothanoverlayandanin-nettransition.(PleaseseeFigure4.)
Per-Site Variables Site Type 1 15% Site Type
2 30% Site Type 3 50% Site Type
4 5%
Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100
Commodity Internet LTE
Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS Business Internet Commodity Internet LTE
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199 17
Figure6:ModelOutputs
Thisprovidesnetworkprofessionalswiththeopportunitytogaintwopiecesofinsight.First,howmuch(ifany)willconvertingtoSD-WANsave?Andsecond,whichtypeofSD-WAN—overlayorin-net—savesmost?
OverlayvsIn-NetSD-WANSavingsWhichsolutiongeneratesgreatersavingsdependsonthetransitionscenariosenvisioned.Currently,userswillbemostlikelytoseein-netSD-WANgeneratinggreatersavingsinscenarioswhereMPLSconnectivityisleftintactandnoconsumerbroadbandisaddedtothemix.WhenconsumerservicescomeintoplayandMPLSuseisscaledback,overlayusuallytakesthelead.Itisimportant,though,tokeepinmindthattheattractionofoutsourcingabigpartofSD-WANmanagementviaanin-netsolutionmayoutweighsmalldifferencesinsavings.Someorganizationswouldthinktheprospectofsaving20%overcurrentspendinglevelsandoffloadingmanagementmoreattractivethansaving30%andkeepingit;offloadingtheworkfreesstaffuptoaddvalueinotherways.
Classic WAN (MPLS)
$1,884,162$477,350$8,827
$2,370,339
Cost Component SD-WAN In-Net SD-WAN
Annual Circuit Costs $1,335,627 $1,335,627Annual Capital/Licensing $298,300 $359,100Annual Troubleshooting $883 $88
Total Cost $1,634,810 $1,694,815Savings over classic model $735,529 $675,524
Nemertes SD-WAN Cost Model and Business Value Analysis
Overlay SD-WAN vs In-Net SD-WAN
Cost Component
Annual Circuit CostsAnnual Amoritized Capital/Licensing CostsAnnual Problem-Resolution Costs
Total Cost
Cost Analysis: Classic WAN (MPLS)
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5199
18
SD-WANUseCasesUseCase1:BendingtheCostCurveonResilience,GrowthMostWAN-connectedbranchesofsignificantimportancehaveaprimarylink(typicallyMPLS)andabackuplink(usuallyanIP-VPNrunningacrossanInternetlink).Undernormalcircumstances,theyuseonlytheprimarylink.If,andonlyif,thatprimarylinkfailswilltheyusethebackuplink,andtheywillusethatonlyuntilserviceontheprimaryisrestored.Usually,thefailoverbetweenprimaryandsecondaryisslowenoughtobreakallnetworksessionscurrentlyrunningtoorfromthebranch,bootingpeopleoutofconferencesandhangingupvoiceorvideocalls,terminatingsessionsoncoreapplications.Inalltoomanycases,itwillbemanualandrequireWANstafftimetoexecute.Thewholedramaisreplayedwhentheprimarycomesbackupandservicesaremovedbacktoit,unlesstheWANstaffwaituntil“afterhours”tomaketheswapback—typicallystillpenalizingstaffwithpoorerWANperformance(andpenalizingthemselveswithafter-hourswork).ThepresenceofunusedbackuplinksisoneofthechiefavenuesbywhichSD-WANsolutionscanprovidevaluequickly.UsingNemertes’SD-WANTCOTooltomodelvariousscenarios,itiseasytoseethatevensomeonemakingthemostconservativechoicesaboutconnectivity—e.g.keepingexistingMPLSlinksinplaceandatcurrentspeeds,andusingonlybusinessInternetcan,bymakingactive/activeuseofexistingIP-VPNlinkstodoubleavailablebandwidth,offsetbigspendingincreasesassociatedwithbigbandwidthincreases.Forexample,considera100-siteWANspending$1.88MayearonMPLSandbackupInternet.Doublingthespeedtothebranchesresultsina35%costincrease,to$2.54M,usingtheconventionalprimary-plus-failoverarchitecture.(PleaseseeFigure5.)Switchingtohot/hotuseofbothoriginallinksviaSD-WANinstead,doublingeffectivebandwidthwithoutactuallyincreasinglinkspeeds,avoidsthathugeaddedcost.
Figure7:UseCase#1—BetterBackup
DecreasingMPLSportspeeds(butretainingMLPSasacoretechnology)andshiftingsomesmallerlocationsoffitentirely,caneasilydecreaseconnectivitycostsby
Per-Site Variables Site Type 1 15% Site Type
2 30% Site Type 3 50% Site Type
4 5%
Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100
Commodity Internet LTE
Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 100 1 20 1 10 2 100Business Internet 1 100 1 20 1 10 2 100Commodity Internet LTE
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN519919
nearly30%,to$1.33M.(PleaseseeFigure6.)Moreradical(andconsequentlyriskier)shiftsoffMPLScandrivesignificantlydeepersavings.
Figure8:UseCase#2—MovingAwayfromMPLS
UseCase2:OperationalEfficiencyforITandtheBusinessInadditiontoprovidinglowercostformoreconnectivityforbrancheswithduallinksalready,fullyleveragingInternetlinksviaSD-WANgivesmanyotherbranchessomethingtheynevercouldaffordbefore:resilience.ManysmallandmidsizebrancheshaveonlyasingleMPLSlinkandnobackup,orasingleInternetVPNlink.Forsuchbranches,thecostofasecondlinkusefulonlywhenthefirstfailedwasseenasunjustifiablewhencomparedtothecostofdowntime.ButbyfullyexploitingasecondInternetlinkassoonasitisavailable,SD-WANmakesinvestinginthesecondlinkpartofagrowthandperformancestrategyatthesametimethatitprovidesbusinesscontinuity.SD-WANlowersthebarrierstoinvestinginredundancyandimprovesenterpriseuptimeevenfurtherasaresult.
Andofcourse,whenabranchhasmultipleactivelinksandintelligenceinhowtheyareused,difficultiesonanyonelinkhavelessimpact.Branchesexperiencelessdowntime,abouta90%reductioninNemertes’2016CloudandDataCenterBenchmarkdata.Thiscanrepresentenormousimprovementsinproductivityforbrancheswithpoorconnectivitycurrently.Suchimprovements,whichmostbusinessacknowledgeexisteventhoughtheyhaveahardtimequantifyingthem,shouldbementionedasancillarybenefitsinanySD-WANbusinesscase,eventhoughtheyaregenerallynotenoughtodriveapprovalofadeploymentinandofthemselves.
Similarly,anSD-WANbusinesscaseshouldmentionITtimesavings,aswell.Whenlinkproblemsdon’thavediscernibleimpactonusers,theurgencyoftroubleshootingtheissuesdecreases.Giventhatmostsuchproblemsaretransitory,ITcurrentlyengagesinalotoftroubleshootingonWANissuesthateventuallyjustresolvethemselves.Bymakingmostlinkissuesnon-eventsfortheusersandthebusiness,aswellasbyprovidingintelligenceontheexactnatureandtimingofthe
Per-Site Variables Site Type 1 15% Site Type
2 30% Site Type 3 50% Site Type
4 5%
Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100
Commodity Internet LTE
Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 30 1 5 2 100Business Internet 1 100 1 20 1 5 2 100Commodity Internet 1 5LTE
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN519920
problems,SD-WANcandriveasmuchas90%reductioninWANtroubleshootingtime,accordingto2016CloudandDataCenterBenchmarkdata.
UseCase3:BusinessAgilityviaSmarterBranching(FasterIsBetter)It’simportanttotrackanother“soft-cost”improvementofSD-WAN:businessagility.ForWANs,thisaspectof“faster”boilsdowntoonething:branchleadtime,thelengthoftimeittakestolightupanewnetworksite.ForMPLSnetworks,ITexecutivesbemoanlengtheningleadtimes,whichformanyofthemhavecreptupfrom30to60dayseightyearsagoto90to120now.BycontrasttheycanoftenprovisionwiredInternetserviceinaweekortwo;LTE,inadayortwo.Withbusinessagilityonmanyminds,thisisnosmallimprovement.Youcan’tbuildthebusinesscaseonit,usually,buteverybusinesscaseshouldmentionit.And,ifthereisanexplicitcorporatestrategybuiltaroundanimblerbranchstrategy,thebusinessmayhavedonetheworkofquantifyingthevalueofeachdayshavedofftheleadtimeforlightingupanewbranch,andITshouldleanheavilyonthatinbuildingtheSD-WANbusinesscase.
ConclusionandRecommendationsSD-WANcombinesactiveuseofmultiplebranchlinks,intelligentdirectionoftrafficacrossthoselinkstoprovidebetterperformance,security,andreliability,andcentralized,policy-drivenmanagementoftheWANasawhole.ItholdsthepromiseoftransformingIT’srelationshiptotheWANbysimplifyingmanagementofcomplexbehaviors,promotingresilienceandcontinuityofservice,empoweringmorenimblebranchstrategies,andradicallydecreasingthecostofmeetingrisingbandwidthandperformanceneeds.Asalways,IThastobuildacompellingbusinesscaseformakingatransitionlikethis,especiallywhereanup-frontinvestmentwillberequired.
Thebaseofthecasemustbecost,and,basedonNemertes’SD-WANcostmodel,savingsshouldbeeasytocomeby.ThebiggestcostcomponentintheenterpriseWANistheconnectivity,andSD-WANcandrivemajorsavingsonconnectivityinacoupleways:preventingthemajorcostincreasesassociatedwithmajorbandwidthincreases,bymakingalllinkstoasiteusablesimultaneously;andallowingactualspendingreductionsbymeansofsubstitutingless-expensiveInternetbandwidthforsomeorallofanenterprise’smore-expensiveMPLS.
Note,though,thatconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings.Bymakingredundantlivelinkscheapertodeployandmakingfailoveramonglinkstransparenttoendusers,SD-WANcanreducebothWANoutagesandWANtroubleshootingcostsby90%.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN519921
ITstaffshould:• Assesstheamountofbackupbandwidthyouarepayingfornow—thelinks
onlyavailableasfailoverconnectivityintheeventanMPLSlinkfails.• AssessyourdemandcurveforWANandInternetbandwidth:determinehow
theconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesandroadmapsforUC,collaboration,andotherapplicationorservicerollouts.
• Modelthecostofstickingwiththecurrentarchitecture,goingoutatleastthreeyears.
• EvaluateatleasttwoSD-WANsolutions,overlayorservicebased,andmodelthecostofswitchingtothem.
• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementsyouexpecttorealize.
• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranches;businesscircuitsmayhavebuiltasignificantportionofthebusinesscaseforyou.
AboutNemertesResearch:NemertesResearchisaresearch-advisoryandconsultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].
Aryaka, the Cloud-First WAN company, brings agility, simplicity and a great experience to consuming the WAN-as-a-service. An optimized global network and innovative technology stack delivers the industry’s #1 managed SD-WAN service and sets the gold standard for application performance. Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning. The company’s customers include hundreds of global enterprises including several in the Fortune 100.
Give it a try to experience the benefits for yourself. Sign up for a free trial.Questions? Email [email protected] or
give us a call at 1.877.727.9252.
For information on other products, services, use cases or customer success, visit www.aryaka.com.