Compass Direction Points - nemertes.com€¦ · The CIO’s Guide to SD-WAN ... Compass Direction Points: ... In-net SD-WAN can be tied to Network Functions Virtualization ...

N e m e r t e s R e s e a r c h G r o u p I n c . w w w . n e m e r t e s . c o m 1 - 8 8 8 - 2 4 1 - 2 6 8 5

TheCIO’sGuidetoSD-WANEmbracingLess-ExpensiveConnectivityMakesSD-WANaPowerfulEngineofWANSavings,EnterpriseAgility,andImprovedApplicationDeliveryMixingless-expensiveconnectivityintotheWANcannotonlyslowthegrowthofWANspending,butactuallyreduceit—whileimprovingagility,performance,anduptime.

2017

08

ByJohnBurkeCIOandPrincipalResearchAnalystNemertesResearch

CompassDirectionPoints:

± SD-WANcansavemoneyonconnectivity.ExploreSD-WANtocurtailgrowthofMPLSspendingorevenreduceitbysubstitutingInternetlinksforMPLSsomeorallofthetime.

± SD-WANcanimproveuptime.Nemertesresearchdatashowa92%reductioninWANoutagesatSD-WANsites.ExploreSD-WANtoreducethecosttothebusinessofWANproblems.

± SD-WANcanreduceITWANmanagementcosts.Nemertesresearchdatashowa95%reductioninWANtroubletickets.ExploreSD-WANtoreducemanagementoverhead.

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

2

TableofContents

COMPASSDIRECTIONPOINTS: 1

TABLEOFFIGURES 4

EXECUTIVESUMMARY 5

THEISSUE 6

WHATISSD-WAN? 6

TYPESOFSD-WAN 7OVERLAYSD-WAN 7OVERLAY:PROS/CONS 8IN-NETSD-WAN 8IN-NET:PROSANDCONS 9

MAKINGABUSINESSCASE 9BOTTOMLINEBENEFITS 9TOP-LINEBENEFITS:BUSINESSAGILITY 9STRATEGICSUPPORTANDDIGITALTRANSFORMATION 10TOOMUCHRISK,ORRISKREDUCED? 10FORAGLOBALWAN,AGLOBALSD-WAN 11

THENEMERTESSD-WANCOSTMODEL 11COSTCOMPONENT:CONNECTIVITY 11COSTCOMPONENT:CAPITALEQUIPMENT 12COSTCOMPONENT:TROUBLESHOOTINGANDPROBLEMRESOLUTION 13

CUSTOMIZINGTHEMODEL:MAKINGITWORKFORYOU 14SIZEANDCONVERSIONPERCENTAGE 14CARRIERSERVICEOPTIONS 14CAPITALEQUIPMENTSHIFTS 15SD-WANAPPLIANCETYPE 15SITETYPES 15

MODELOUTPUTS 16SD-WANVSCLASSICALWAN 16OVERLAYVSIN-NETSD-WANSAVINGS 17

SD-WANUSECASES 17USECASE1:BENDINGTHECOSTCURVEONRESILIENCE,GROWTH 17

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 3

USECASE2:OPERATIONALEFFICIENCYFORITANDTHEBUSINESS 18USECASE3:BUSINESSAGILITYVIASMARTERBRANCHING(FASTERISBETTER) 19

CONCLUSIONANDRECOMMENDATIONS 19


4

TableofFiguresFIGURE1:SD-WANWITHMESHANDHUB/SPOKEVIRTUALWANS...................................................................6FIGURE2:OVERLAYSD-WANARCHITECTURE.............................................................................................................7FIGURE3:IN-NETSD-WANARCHITECTURE..................................................................................................................8FIGURE4:SD-WANMODELVARIABLES..........................................................................................................................14FIGURE5:MODELINGCONNECTIVITYTOTYPICALSITES.....................................................................................16FIGURE6:MODELOUTPUTS.................................................................................................................................................16FIGURE7:USECASE#1—BETTERBACKUP..................................................................................................................18FIGURE8:USECASE#2—MOVINGAWAYFROMMPLS...........................................................................................18


ExecutiveSummarySD-WANisapotentialgame-changerforwideareanetworking—onthesamelevelasservervirtualization,whichtransformeddatacentersoverthelast10years.SD-WANcombinestheuseofmultipleactivebranchlinks,intelligentdirectionoftrafficacrossthoselinks,andcentralized,policy-drivenmanagementoftheWANasawhole.Theabilitytoleveragemultiplelower-costservices(includingInternetand4Gwireless)aswellastraditionalserviceslikeMPLSholdsthepromiseoftransformingIT’srelationshiptotheWANandtheWAN’srelationshiptothebusiness.Transformationalpotentialisnotenough.IThastobuildacompellingbusinesscaseformakingthetransition.Thebaseofthecasemustbecost.NemerteshasdevelopedandvalidatedanSD-WANcostmodelthatenablesenterpriseuserstobuildthatbusinesscase.Theshortversion?SD-WANdeploymentscancutmillionsfromlargeWANservicebills.ButconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings;byprovidingcheaperandmoretransparentandautomaticfailoverwhenWANlinksfail,SD-WANcanreducebranchWANoutagesandtroubleshootingcostsby90%.ForITandnetworkingprofessionalsthemessageisclear:nowisthetimetotakeacloselookatyourWANarchitecture,withtheaimofidentifyinglocationsthatcouldbenefitfromhigherbandwidth,lowerrates,increasedreliability,orallthree.ModelthecostofstickingwiththecurrentarchitectureandcomparethatagainstatleasttwoSD-WANsolutions.IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscasebasedonthem,aswellasotheroperationalsavingsandanybusinessvalueassignedbythebusinesslinestofasterbranchturn-up.ITstaffshould:

• Assesstheamountoffailover-onlybandwidththeyarepayingfornow• AssesstheirdemandcurveforWANandInternetbandwidth:determinehow

theconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesforUC,collaboration,etc.

• Modelthecostofusingthecurrentarchitectureforthreetofivemoreyears.• Evaluateandmodelcostsforatleasttwoin-netoroverlaySD-WANsolutions• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,they

shouldbuildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementstheyexpecttorealize.

• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranchesordeliveringnewservicesmorequickly;businessunitsmayhavebuiltasignificantportionofthebusinesscase.


6

TheIssueIntheclassicengineer’sformulation,“Youcanhaveitcheaper,faster,orbetter…picktwo.”Fromtimetotimenewtechnologycomesalongand,bychangingthebasicassumptionsunderlyingexistingsolutions,managestobecheaperandfasterandbetterallatonce.SD-WANpromisestohitthetrifecta.BychangingtheunderlyingassumptionsabouthowITconnectsabranchtotheWAN(and,indeed,whatconstitutesabranch)itoffersthechanceofimprovingagility(i.e.beingfaster)andperformanceandreliability(i.e.beingbetter)whilealsoreducingcosts.BuildingabusinesscasefordeployingSD-WANinvokesallthreebenefitsbutrestsmostlyonthestrengthofsavings,whetherintheformofexpectedcostincreasesavoided,orasactualcostdecreases.

WhatisSD-WAN?Let’sstartfirstwithdefinitions.Software-DefinedWAN,orSD-WAN,incorporatesseveralkeyconcepts:

• Abstractingedgeconnectivity:Makingalltheconnectionsintoalocationusefulasasinglepoolofcapacityavailabletoallservices.

• WANvirtualization:OverlayingoneormorelogicalWANsonthepoolofconnectivity,withbehaviorandtopologyforeachoverlayWANdefinedtosuittheneedsofspecifictypesofnetworkservices,locations,orusers.(PleaseseeFigure1.)

• Policy-driven,centralizedmanagement:KeytoanSD-WANistheabilitytodefinebehaviorsforanoverlayWANandhavethemimplementedacrosstheentireinfrastructurewithoutrequiringdevice-by-deviceconfiguration.

• Flexibletrafficmanagement

DC

BranchRTR

BranchRTR

BranchRTR

Internet

MPLSCarrierCore

SD-WANRTR

MeshWAN

SD-WAN

SD-WAN

SD-WAN

Hub-and-SpokeWAN

Figure1:SD-WANwithMeshandHub/SpokeVirtualWANS


forperformanceandsecurity:SD-WANscanoptimizetrafficinmanyways;foremost,theycanselectivelyroutetrafficacrosslinksbasedoncriteriasuchaslinkperformance.

TypesofSD-WANTherearetwokeywaystoprovidetheseservicesinaWAN.Nemertescallstheseoverlayandin-netSD-WAN.

OverlaySD-WANInanoverlaySD-WAN,thenewSD-WANappliancesaredeployedonanexistingroutednetwork,eitherbehindtheroutersorreplacingthemasthebranchconnectiontotheWAN.SD-WANappliancescanalsocollapsethetypicalbranchstackbyreplacingotherbranchWANappliancessuchasoptimizersandfirewalls.MorethanadozencompaniessellSD-WANappliances,bothphysicalandvirtual(whichallowextensionoftheSD-WANintopubliccloudspacessuchasAmazonEC2,MicrosoftAzureCompute,orGoogleComputeEngine).Someareintendedtoreplacerouters,sometoridebehindthem,otherscanfilleitherrole,andenterpriseITstaffneedtocarefullyevaluateeachagainsttheirspecificneeds.Forexample,thosewithanagingrouterplantbutmostlyMPLSandCarrierEthernetorbroadbandlinksmayfindrouterreplacementveryattractive.ThosewithalotofolderT1orT3connectionsthatcan’torwon’tbereplacedwithEthernetmaywanttokeeptheirexistingroutersinplace,toterminatetheolderconnectivity,whileusingtheSD-WANsolutiontosupplementitwithwiredor3G/4Gbroadband.

Figure2:OverlaySD-WANArchitecture

MPLS Carrier Core

Branch

DC

Branch

Inte

rnet

SD-WAN

Encrypted tunnels Optionally encrypted tunnels

SD-WAN

SD-WAN


8

Overlay:Pros/ConsIntheoverlayscenario,SD-WANappliancescomprisealayerofenterpriseinfrastructuredistinctfromtheWANconnectivitytheymanage,allowingITtoeasilyaddandremovenetworkserviceprovidersandlinktypes.Thisgivestheenterprisemaximumflexibilityonconnectivityservices,butincurstheburdenofmanagingthesolutionitself.Thisistypicallylesstroubletomanagethantheold-schoolrouterplant,andcanevenhelpmakeroutermanagementeasierwhereroutersstayinthepicture,butisstillasignificantoperationalresponsibilityforIT.

In-NetSD-WANIncontrast,in-netSD-WANtiestheSD-WANfunctionalitytotheconnectivityservices.Thesefunctionsmayallbeprovidedintheserviceprovider’sedgeandcoreinfrastructure,withthebranchusingatraditionalroutertoconnecttotheprovider’snearestpointofpresence.Or,someorallfunctionsmaybeprovidedon-premisesviaappliancesunderserviceprovidermanagement;thispushesworkoutoftheserviceprovider’sinfrastructureandalsoallowsoptimizationoflast-mileconnectivityviacompression.

Figure3:In-NetSD-WANArchitecture

In-netSD-WANcanbetiedtoNetworkFunctionsVirtualization(NFV),withthevariousfunctionsprovidedbyseparate,cooperatingVirtualNetworkFunctions(VNFs)dynamicallydownloadedtotheon-premisesdevice(wherethereisone)orchainedintothetrafficpathinthecarrierinfrastructure.Thisopensthepossibility

SD-WAN Service Cloud

Branch Branch

DCSD-WAN

Internet

Encrypted tunnels

SD-WAN SD-WAN

PoP


oftheon-premisesdevicebeingwhite-box/genericratherthanbespokefortheservice,decreasingvendorlock-insomewhat.

In-Net:ProsandConsThetrade-offforhandingoffthemanagementburdenfortheSD-WANisthelossofautonomywithrespecttoconnectivity.Inthein-netscenario,youcan’tnecessarilymixandmatchlinksfromdifferentvendorsfreely.ThenewlevelofWANfunctionalityistiedtothein-netSD-WANprovider,afterall.Ifyouhavetroublegettingconnectivitytoallyoursitesfromasingleprovider,thatbecomesanissue.Likewiseifyouwanttohaveproviderdiversityforyourbranchconnectivity,aswellaspathandlink-typediversity:thatis,youwanttohaveeachbranchhavealinkfromatleasttwodifferentproviders,e.g.oneforMPLSandadifferentoneforInternet.Thein-netSD-WANproviderhastoallowfor(andpotentiallypartnerwith)theotherprovidersyouwanttouseinorderforyoutofoldinlinksfromthoseothervendors.Thissharplylimitsenterprisechoiceinthematter.

MakingaBusinessCaseBottomLineBenefitsFirstandforemostinthebusinesscasemostSD-WANuserswillbuildiscostsavings,andthemainsourceofhard-dollarcostsavingsinSD-WANisthesubstitutionoflower-costconnectivityinplaceofmoreexpensivekinds.Theorganizationmightbelookingforimmediatesavings.Inthatcase,thegoalwillbetodecreaseabsolutespendingonconnectivity.ThiscanbeaccomplishedbyreplacingMPLSorotherrelativelyexpensiveconnectivity(atleastasreckonedonacost-per-Mbpsbasis)infavorofalessexpensiveoption:replacingsomeMPLSlinkswithbusinessInternetservices,orevenconsumer-gradebroadband.Or,theorganizationmightbelookingforsavingsoveralongertimeframe—lookingto“bendthecostcurve”fortheirWANastheyprojectcurrentgrowthtrendsintothefuture.Inthiscase,theymaychangelittleornothingintheircurrentuseofMPLS,forexample,butshiftallgrowthtoothermedia.Fully78%oforganizationsdeployingSD-WANhavenoplantocompletelydropMPLSfromtheirWAN.However,mostintendtoreduceandrestricttheiruseofit,ifnotimmediatelythenoverthenextfewyears.

Top-LineBenefits:BusinessAgilitySpeedhasvalueinbusiness.Forthegrowingnumberofbusinessesadoptinga“getclosertothecustomer”approachtotheirphysicalstorefronts,thatspeedcanbemeasuredinpartbyhowmanydaysittakestoturnupanewbranch.SD-WANcan


10

radicallyalterthatnumber.Mostsolutionsallowfreemixtureofdifferentkindsofconnectivity.Consequently,anewlocationcanbebroughtupwithwhateverformofconnectivityismostreadilyavailable,beitcableorDSLoreven4G/LTE,andcanbecomeonlineinunderaweek,evenwithinadayofreceivingitsendpointequipment.Contrastthatwiththemoretypical30to90ormoredaystoconnectupanewbranchusingtraditionalapproaches.AnotherformofagilitythattheSD-WANapproachlendsitselftoisrapiddeploymentofnewWAN-basedservices.Centralized,policy-basedmanagementoftheWANasawholeallowsrapidreconfigurationtosupporttheadditionofnewservicesaswellaschangesintheprioritizationoftheapplicationportfoliooverall.Thebusinesslinesresponsiblefornewbranchoperationscanlikelyputadollarvalueoneveryadditionalweekorevendayofoperationsforanewlocation.ITshouldbereachingouttothemforthatinformationinconstructingthebusinesscase.Likewise,theywillhaveputavalueonthebenefitsofdeliveringthenewservicestheyarepursuing,andITshouldreachouttogetthatinformationforanyinitiativesplannedforthenearterm.

StrategicSupportandDigitalTransformationThatrapiddeploymentandintegrationofnewservicesisinturnthecornerstoneofanotherlevelofvaluetoconsiderinabusinesscase:supportforstrategicinnovationsandespeciallyDigitalTransformation(DT)efforts.ManyDTinitiativesrevolvearoundnewusesofreal-timecommunicationstointeractwithcustomersandprospects.Others,aroundinsertionintotheenvironmentofnewtechnologiesthatgeneratestreamsofdatathatflowbacktothedatacenterorouttothecloud—sensors,digitalsignage,locationtrackingdevices.Ineithercase,theWANbecomesthechannelbywhichDTdataflowstoandfrombranches,andSD-WANprovidestheabilitytoswiftlyaddnewflowstothemixwithouthurtingperformanceforwhatisalreadythere,aswellastoeasilymeetnewbandwidthdemandsusingmoreaffordableconnectivity.

TooMuchRisk,orRiskReduced?SD-WANsolutionscanalsocontributetothesecurityofanorganization.AlthoughtheymakeitpossibletomoreeasilysendtrafficdirectlytotheInternetfromthebranch,avoidingbackhaulsthroughthedatacenter,mostbuildfirewallfunctionalityaroundthat,andallallowforcarefulselectionofwhichtrafficisallowedtoflowdirect.Forexample,policycanallowtraffictoandfromOffice365orSalesforcetogodirect,whileotherweb-boundtrafficisnot.And,onanotherfront,creatingaholisticallymanagedWANusingproviderendpointsallowstheorganizationtoeasilyandreliablykeeptheendpointscurrent


onallsecurity-relatedupdatesandpatches.MostorganizationsarereluctanttoapplypatchesandupdatestoalltheirWANrouterstoofrequently,sincetheyhavetoinvestsignificantstaffhoursinpushingoutpatchesbranchbybranch,anddoingsousuallyinvolvesaninterruptioninservices.Toomanyorganizationsapplypatchesandupdatesonlywhentheyhavenootheroption,ratherthanwheneveroneisavailablethatwilltightenupsecurity.Asystemintendedtoallowno-down-time,comprehensiveupdatingchangesthisdynamicentirely,andimprovestheoverallsecuritypostureoftheorganization.

ForaGlobalWAN,aGlobalSD-WANSD-WANcanbeakeyenablerofsimplifiedglobaloperations.SD-WANcanmakeiteasierfortheorganizationtospinupnewbranchesanywheretheyneedto,globally,bydeliveringaconsistentsetofserviceswhiletakingadvantageofwhateverlocalconnectivityoptionsareavailable.And,fornewandexistingbranchesboth,securelydeliveringgreaterconsistencyandbetterperformancetobothin-houseandcloudapplicationscanboostproductivityglobally.In-netSD-WANcanenjoyaparticularadvantageinthisscenariobyusinganoptimizedbackbonetodeliver“middle-mile”optimizationsindependentoflocale.Assumingabroadenoughdistributionofproviderpointsofpresence,thiscaneliminatemostoftheunpredictabilityofmulticontinentalInternetperformance,ahugeboonwhenthedatacenters(whethertheenterprise’sortheenterprise’scloudproviders)areaworldawayfromthebranch.

TheNemertesSD-WANCostModelTheNemertesmodelincorporatesthreekeycostcomponentsoftheWANandofSD-WANsolutions:connectivity,capital,andoperations.Itisbuilttosupportmultipledecisionpointsinregardstoeach.

CostComponent:ConnectivityInassessingcostsforanyWANarchitecture,circuitandservicecostsrepresentthelion’sshare.And,asnoted,thelargestpieceofcostsavingsfromSD-WANcomesfromchangesincircuitandservicecosts.Whetheroverlayorin-net,afundamentalconceptbehindSD-WANistouseanyavailablenetworkroutesthatdeliveranapplication’srequiredqualityofservice;wherebigcheapInternetlinksareavailable,alotoftrafficwillshiftontothemoffmoreexpensiveMPLSlinks,whichcanshrinkorgoaway.ThisprovidesITwitharangeofoptionsforaddingbandwidth,andletsnetworkprofessionalstakeadvantageofthefullrangeofoptionstodelivertheirparticularmixofservices,sitetypes,andusecases.Dependingontheorganizationanditsapplications,thatmaymean:


12

• Routingunifiedcommunicationsandotherreal-timetrafficoverMPLSwhileshiftingotherapplicationtraffic,filetransfers,andotherlatency-insensitiveapplicationstobusinessorconsumerInternetservices(whichcostupto10timeslessthancomparableMPLSservices)

• RoutingallapplicationsacrossMPLSwhereavailable,andusing4Gwirelessasbackuporforoverflowtraffic

• ShiftingallapplicationsfromMPLStobusinessorconsumerInternetservicestomaximizecostsavings,withtwoormoreprovidersperbranchbothforresilienceandtoallowthesolutiontotakeadvantageofwhicheveroneofthemprovidesthebestperformanceforservicestheenterpriseuses.

Soatthecoreofourcostmodelisthe“circuitcosts”component,whichincludesallservicesthatanenterprisehasinthe“beforeSD-WAN”stateandthoseitwillhaveafterdeployingSD-WAN,including:

• MPLScircuits:TraditionalMPLSserviceswithSLAandpossiblymultiplelevelsofQoS

• BusinessInternet:InternetservicesprovidedwithanSLAandsymmetricalservice,i.e.thesamebandwidthuptotheInternetanddownfromit

• ConsumerInternet:Consumer-gradeInternetservices(althoughalsotypicallyprovidedforsmallerbranchoffices)whichdon’thaveanSLAandmay,ifbasedoncableorDSL,beasymmetrical,withlowerbandwidthfortrafficgoinguptotheInternetthanfortrafficcomingdownfromit

• 4GorLTEwireless:Broadbandwirelessservicesusuallyusedasinitialconnectivityinanewbranch,orasbackuporoverflowcapacityforanestablishedbranchwithotherconnectivityavailable.

CostComponent:CapitalEquipmentGivenhowlarge,comparatively,thespendonconnectivityis,withalongenoughreplacementcycle(fivetosevenyears,althoughcostsareusuallyamortizedoverthreetofiveyears)thecostofcapitalequipmentcanseeminsignificant.Evenasthebranchstackhasgrownfromjustaroutertoincludealsooptimizationandfirewalls,thiscanstilllooktrue.Thatis,itcanseeminsignificantifyouhaveeasyaccesstocapitalfunds.However,manyorganizationsfindcapitalfundsincreasinglypinched.That,coupledwithanacceleratingpaceoftechnologychangemakesabigupfrontinvestmentinalongreplacementcycleuntenable,fornow.So,theimpetusistoreducecapitalspendbyconsolidatingthestackintoasinglebox;ortoshiftcostsfromcapitaltooperatingexpenses.SD-WANappliances,especiallythenewestgenerationonesusedbycarriersandserviceprovidersintheirin-netsolutions,areintendedtobeabletoreplaceroutersandfirewallsandsomefunctionsofWANoptimizers,whetherviaintegralfunctionsofaunifiedappliance,or,intheNFVscenario,viarouter,firewall,oroptimization


VNFsrunalongsidethecoreSD-WANVNF.Inotherwords,anapples-to-applesbefore-and-aftercomparisonofcapitalequipmentmightinclude:

Ormanyothercombinations.Themodelaccommodatesselectinghowmanysiteshaveaseparatefirewallbeforethetransition,andhowmanyafter;likewiseWANoptimizers.Webundlebothsoftwarelicensingcostsandamortizedhardwareintoasinglelineitem.

CostComponent:TroubleshootingandProblemResolutionAlthoughtheyfeelkeenlythefactthattheyhavetoomuchtodoandtoolittletimeinwhichtodoit,networkprofessionalsusuallydon’tknowexactlyhowmuchtimethey(andtheirteams)spendintroubleshootingandresolvingWANproblems.That’sbecauseteamstypicallywearmultiplehats,andoutagesandissuesoccurrelativelyinfrequentlyinmostWANs.Overthecourseofayear,anetworkengineermightestimateshespends75%ofhertimeonupgradesandnewinstallations;10%ofhertimedoingarchitectureandplanning;andtheremainderontroubleshooting.Butunlessthecompanysheworksforisexceptionallyobsessiveabouttime-tracking,there’snowaysheknowsthis.Andwhensitesdoexperiencesignificantconnectivityissues,solvingtheproblemisparamountandtime-trackingwhatgoesintoitisnot;resolutionpushesasidenormalworkandofteninvolvesafter-hoursandweekendworkthatisrarelytrackedandaccountedforaccurately.Whatwefoundinresearchforthecostmodel,aswellasinthe2016CloudandDataCenterBenchmarkresearch,isthatregardlessofhowmuchtimenetworkengineersinvestintroubleshootingandproblemresolution,thatnumberdecreasedbyroughly90%withdeploymentofSD-WAN.Thatmayseemcounter-intuitive,giventhatwithSD-WANnetworkarchitectsareintheoryputtingless-reliableInternetlinksintheroleofprimaryconnectivitybeside(orinplaceof)morereliableMPLSlinks.However,inpractice,mostusecasesinvolvemovingfromsingleMPLSconnectionstopoolsconsistingofMPLS-plus-Internetormultiple-Internetconnections—andaconsequenceofmovingtomultipleconnectionswithtransparentfailoveristoreduceoreliminatetheimpactofanysinglelinkhaving

Before:• Hardwarerouter• HardwareWANoptimizer• Nofirewall• NoSD-WANappliance

After:• Softwarerouter(VM)• SoftwareWANoptimizer• Softwarefirewall(VM)• SD-WANappliance


14

problems.TheSD-WANtechnologyhappilyreroutestrafficoverthegoodlink(s),andsimplyresumesusingthelinkthatwentdownassoonasitisbackup.Whenthere’saserviceoutagewithasingleMPLScircuit,networkengineersneedtodropeverythinganddealwiththeoutageuntilthesiteisbackup.Butwhenacircuitgoesdownandothercircuitstakeitsplace,it’snotreallyanoutage;it’smerelyservicedegradation,andnotanemergency.Andgiventhatsuchoutagesareusuallytemporaryandself-correcting,oftennoactionbyITisrequired.

CustomizingtheModel:MakingItWorkForYouSizeandConversionPercentageForacostmodeltoapplytoanygivenenvironment,usersneedtobeabletocustomizeittoreflecttheircurrentenvironmentandplannedchanges.Thisabilityiskeytoconducting“what-if”analyses:determiningwhichoptionsmakethemostsenseforagivendeploymentscenario.Toenablecustomization,Nemertesfocusedonafewkeyvariables.(PleaseseeFigure2.)Firstandforemost:theWANsize(numberofsites)andthepercentageoftheWANconvertedtoSD-WAN,becauseSD-WANdoesn’thavetobeallornothing.Userscaninputboth,andseehowtheresultschange.

Figure4:SD-WANModelVariables

CarrierServiceOptionsThenextmostimportantvariableinthecostequationis,asnotedabove,thecostofconnectivityservices.Thiscomprisesmultiple,separatevariables:Whichproviderisdeliveringservices,andwhichservices—MPLS,businessInternet,consumerInternet,andLTE—areinuse,andathowmanysites.Themodelallowsuserstoselect“before”and“after”optionsforservicetypes,andtodefineconnectivityprofilesforafewcommonbranchscenarios(seebelow).Thecostforthoseserviceswilldrawfromoneofthreesources:

• Specificcarriercosts.Networkprofessionalswhoworkwithaspecificcarrier,orwhoareconsideringselectingthatcarrier,canselectthatprovider’scostsfortheoptions

How many sites on WAN? 100Carrier GenericPercentage of sites converted to SD-WAN 100%Percentage with full firewall before 5% 3 yearsPercentage with full firewall after 25%Percentage with WAN otimization before 50%Percentage with WAN otimization after 0%

Percentage routers replaced by SD-WAN appliance

80%

Nemertes SD-WAN Cost Model and Business Value Analysis

Overlay solution selected

WAN Variables SD-WAN

Overlay

Amortization Period


• Specificenterprisecosts.Networkprofessionalswhoknowtheirowncostsforservicescanplugthosein,andhavethemodelcompareconfigurationsbasedontheactualcostspaidforservices

• Genericcosts.Networkprofessionalswhodon’tknowtheirowncostsandaren’tfocusingonaspecificcarriercanleverageanaverageofbenchmarkandsurveydatacollectedbyNemertes.Thesearepaidcosts,notlistprices,sotheyprovidearealisticsenseofactualmarketcosts.

CapitalEquipmentShiftsWealsoenableuserstoindicatebeforeandafterscenariosforcapitalequipment.Theseinclude:

• Routerreplacement.Asindicatedabove,somesolutionsallow(andevenencourage)routerreplacement.Atleastonemayrequireit(i.e.forin-routerSD-WANrequiringanewenoughroutertosupportit).Removingabranchrouterreducescapital,management,andmaintenancecosts

• Branchfirewalls,pre-andpost-transition.AsignificantappealofSD-WANistheabilitytosendcloud-boundtrafficdirectlytothecloudratherthanroutingitbackthroughadatacenter;deployingmoreDirectInternetAccess(DIA)inbranchesmeansdeployingmorefirewallstosecurethoseconnectionpoints.SomeSD-WANsolutionsprovidestrongfirewallfunctionality,othersdon’t,andinsomecasesITwillwanttodeployastandalonenomatterwhat,asamatterofpolicy

• WANoptimizers,pre-andpost-transition.Betweenincreasesinusablebandwidth(withconsequentdecreaseincontentionforcapacity)andtheabilityofSD-WANappliancestosupplycrucialWANoptimizationfunctionssuchasprioritizationandrouteoptimization,enterprisesoftenhavenoongoingneedforaseparateoptimizationapplianceinanSD-WANsite.

SD-WANApplianceTypeAlthoughthetypeofSD-WANappliancedoesn’taffectthecostofadeploymentdramatically,weletusersselecttheSD-WANappliancestheyareconsideringaspartofthemodeling.ThisisaparticularlyusefulcapabilitywhenitcomestocomparingoverlaySD-WAN(forwhichusersmustpurchasetheirownSD-WANappliances)within-netSD-WAN(inwhichprovidersdeliver,andmanage,theapplianceaspartoftheservice).

SiteTypesLastly,theNemertestoolallowstheusertodescribetheorganization’smostcommonsitetypesintermsoftheircurrentconnectivityprofileandtheprofiletheywouldliketoshifttoviaSD-WAN.(PleaseseeFigure3.)Sitetypescanrangefromalargeheadquartersordatacentertotypicalmidsizebranchofficestosmall


16

branchesorevenkiosksorotherunstaffednetworksites(e.g.anATMoraRedBoxorsimilarnetwork-connectedvendingmachine).

Figure5:ModelingConnectivitytoTypicalSites

ModelOutputsThemodel’sgoalistodeterminenotonlywhetherSD-WANcandelivercostbenefits,butparticularlywhatsortofSD-WANisoptimal:overlayorin-net.

SD-WANvsClassicalWANAsoutputs,themodelcomparescurrentcostswithSD-WANcosts,modelingbothanoverlayandanin-nettransition.(PleaseseeFigure4.)

Figure6:ModelOutputs

Per-Site Variables Site Type 1 15% Site Type

2 30% Site Type 3 50% Site Type

4 5%

Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100

Commodity Internet LTE

Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS Business Internet Commodity Internet LTE

Classic WAN (MPLS)

$1,884,162$477,350$8,827

$2,370,339

Cost Component SD-WAN In-Net SD-WAN

Annual Circuit Costs $1,335,627 $1,335,627Annual Capital/Licensing $298,300 $359,100Annual Troubleshooting $883 $88

Total Cost $1,634,810 $1,694,815Savings over classic model $735,529 $675,524

Nemertes SD-WAN Cost Model and Business Value Analysis

Overlay SD-WAN vs In-Net SD-WAN

Cost Component

Annual Circuit CostsAnnual Amoritized Capital/Licensing CostsAnnual Problem-Resolution Costs

Total Cost

Cost Analysis: Classic WAN (MPLS)


Thisprovidesnetworkprofessionalswiththeopportunitytogaintwopiecesofinsight.First,howmuch(ifany)willconvertingtoSD-WANsave?Andsecond,whichtypeofSD-WAN—overlayorin-net—savesmost?

OverlayvsIn-NetSD-WANSavingsWhichsolutiongeneratesgreatersavingsdependsonthetransitionscenariosenvisioned.Currently,userswillbemostlikelytoseein-netSD-WANgeneratinggreatersavingsinscenarioswhereMPLSconnectivityisleftintactandnoconsumerbroadbandisaddedtothemix.WhenconsumerservicescomeintoplayandMPLSuseisscaledback,overlayusuallytakesthelead.Itisimportant,though,tokeepinmindthattheattractionofoutsourcingabigpartofSD-WANmanagementviaanin-netsolutionmayoutweighsmalldifferencesinsavings.Someorganizationswouldthinktheprospectofsaving20%overcurrentspendinglevelsandoffloadingmanagementmoreattractivethansaving30%andkeepingit;offloadingtheworkfreesstaffuptoaddvalueinotherways.SD-WANUseCasesUseCase1:BendingtheCostCurveonResilience,GrowthMostWAN-connectedbranchesofsignificantimportancehaveaprimarylink(typicallyMPLS)andabackuplink(usuallyanIP-VPNrunningacrossanInternetlink).Undernormalcircumstances,theyuseonlytheprimarylink.If,andonlyif,thatprimarylinkfailswilltheyusethebackuplink,andtheywillusethatonlyuntilserviceontheprimaryisrestored.Usually,thefailoverbetweenprimaryandsecondaryisslowenoughtobreakallnetworksessionscurrentlyrunningtoorfromthebranch,bootingpeopleoutofconferencesandhangingupvoiceorvideocalls,terminatingsessionsoncoreapplications.Inalltoomanycases,itwillbemanualandrequireWANstafftimetoexecute.Thewholedramaisreplayedwhentheprimarycomesbackupandservicesaremovedbacktoit,unlesstheWANstaffwaituntil“afterhours”tomaketheswapback—typicallystillpenalizingstaffwithpoorerWANperformance(andpenalizingthemselveswithafter-hourswork).ThepresenceofunusedbackuplinksisoneofthechiefavenuesbywhichSD-WANsolutionscanprovidevaluequickly.UsingNemertes’SD-WANTCOTooltomodelvariousscenarios,itiseasytoseethatevensomeonemakingthemostconservativechoicesaboutconnectivity—e.g.keepingexistingMPLSlinksinplaceandatcurrentspeeds,andusingonlybusinessInternetcan,bymakingactive/activeuseofexistingIP-VPNlinkstodoubleavailablebandwidth,offsetbigspendingincreasesassociatedwithbigbandwidthincreases.Forexample,considera100-siteWANspending$1.88MayearonMPLSandbackupInternet.Doublingthespeedtothebranchesresultsina35%costincrease,to$2.54M,usingtheconventionalprimary-plus-


18

failoverarchitecture.(PleaseseeFigure5.)Switchingtohot/hotuseofbothoriginallinksviaSD-WANinstead,doublingeffectivebandwidthwithoutactuallyincreasinglinkspeeds,avoidsthathugeaddedcost.

Figure7:UseCase#1—BetterBackup

DecreasingMPLSportspeeds(butretainingMLPSasacoretechnology)andshiftingsomesmallerlocationsoffitentirely,caneasilydecreaseconnectivitycostsbynearly30%,to$1.33M.(PleaseseeFigure6.)Moreradical(andconsequentlyriskier)shiftsoffMPLScandrivesignificantlydeepersavings.

Figure8:UseCase#2—MovingAwayfromMPLS

UseCase2:OperationalEfficiencyforITandtheBusinessInadditiontoprovidinglowercostformoreconnectivityforbrancheswithduallinksalready,fullyleveragingInternetlinksviaSD-WANgivesmanyotherbranchessomethingtheynevercouldaffordbefore:resilience.ManysmallandmidsizebrancheshaveonlyasingleMPLSlinkandnobackup,orasingleInternetVPNlink.Forsuchbranches,thecostofasecondlinkusefulonlywhenthefirstfailedwasseenasunjustifiablewhencomparedtothecostofdowntime.ButbyfullyexploitingasecondInternetlinkassoonasitisavailable,SD-WANmakesinvestinginthesecondlinkpartofagrowthandperformancestrategyatthesametimethatitprovidesbusinesscontinuity.SD-WANlowersthebarrierstoinvestinginredundancyandimprovesenterpriseuptimeevenfurtherasaresult.



4 5%



Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 100 1 20 1 10 2 100Business Internet 1 100 1 20 1 10 2 100Commodity Internet LTE



4 5%



Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 30 1 5 2 100Business Internet 1 100 1 20 1 5 2 100Commodity Internet 1 5LTE


Andofcourse,whenabranchhasmultipleactivelinksandintelligenceinhowtheyareused,difficultiesonanyonelinkhavelessimpact.Branchesexperiencelessdowntime,abouta90%reductioninNemertes’2016CloudandDataCenterBenchmarkdata.Thiscanrepresentenormousimprovementsinproductivityforbrancheswithpoorconnectivitycurrently.Suchimprovements,whichmostbusinessacknowledgeexisteventhoughtheyhaveahardtimequantifyingthem,shouldbementionedasancillarybenefitsinanySD-WANbusinesscase,eventhoughtheyaregenerallynotenoughtodriveapprovalofadeploymentinandofthemselves.Similarly,anSD-WANbusinesscaseshouldmentionITtimesavings,aswell.Whenlinkproblemsdon’thavediscernibleimpactonusers,theurgencyoftroubleshootingtheissuesdecreases.Giventhatmostsuchproblemsaretransitory,ITcurrentlyengagesinalotoftroubleshootingonWANissuesthateventuallyjustresolvethemselves.Bymakingmostlinkissuesnon-eventsfortheusersandthebusiness,aswellasbyprovidingintelligenceontheexactnatureandtimingoftheproblems,SD-WANcandriveasmuchas90%reductioninWANtroubleshootingtime,accordingto2016CloudandDataCenterBenchmarkdata.

UseCase3:BusinessAgilityviaSmarterBranching(FasterIsBetter)It’simportanttotrackanother“soft-cost”improvementofSD-WAN:businessagility.ForWANs,thisaspectof“faster”boilsdowntoonething:branchleadtime,thelengthoftimeittakestolightupanewnetworksite.ForMPLSnetworks,ITexecutivesbemoanlengtheningleadtimes,whichformanyofthemhavecreptupfrom30to60dayseightyearsagoto90to120now.BycontrasttheycanoftenprovisionwiredInternetserviceinaweekortwo;LTE,inadayortwo.Withbusinessagilityonmanyminds,thisisnosmallimprovement.Youcan’tbuildthebusinesscaseonit,usually,buteverybusinesscaseshouldmentionit.And,ifthereisanexplicitcorporatestrategybuiltaroundanimblerbranchstrategy,thebusinessmayhavedonetheworkofquantifyingthevalueofeachdayshavedofftheleadtimeforlightingupanewbranch,andITshouldleanheavilyonthatinbuildingtheSD-WANbusinesscase.

ConclusionandRecommendationsSD-WANcombinesactiveuseofmultiplebranchlinks,intelligentdirectionoftrafficacrossthoselinkstoprovidebetterperformance,security,andreliability,andcentralized,policy-drivenmanagementoftheWANasawhole.ItholdsthepromiseoftransformingIT’srelationshiptotheWANbysimplifyingmanagementofcomplexbehaviors,promotingresilienceandcontinuityofservice,empoweringmorenimble


20

branchstrategies,andradicallydecreasingthecostofmeetingrisingbandwidthandperformanceneeds.Asalways,IThastobuildacompellingbusinesscaseformakingatransitionlikethis,especiallywhereanup-frontinvestmentwillberequired.Thebaseofthecasemustbecost,and,basedonNemertes’SD-WANcostmodel,savingsshouldbeeasytocomeby.ThebiggestcostcomponentintheenterpriseWANistheconnectivity,andSD-WANcandrivemajorsavingsonconnectivityinacoupleways:preventingthemajorcostincreasesassociatedwithmajorbandwidthincreases,bymakingalllinkstoasiteusablesimultaneously;andallowingactualspendingreductionsbymeansofsubstitutingless-expensiveInternetbandwidthforsomeorallofanenterprise’smore-expensiveMPLS.Note,though,thatconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings.Bymakingredundantlivelinkscheapertodeployandmakingfailoveramonglinkstransparenttoendusers,SD-WANcanreducebothWANoutagesandWANtroubleshootingcostsby90%.ITstaffshould:

• Assesstheamountofbackupbandwidthyouarepayingfornow—thelinksonlyavailableasfailoverconnectivityintheeventanMPLSlinkfails.

• AssessyourdemandcurveforWANandInternetbandwidth:determinehowtheconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesandroadmapsforUC,collaboration,andotherapplicationorservicerollouts.

• Modelthecostofstickingwiththecurrentarchitecture,goingoutatleastthreeyears.

• EvaluateatleasttwoSD-WANsolutions,overlayorservicebased,andmodelthecostofswitchingtothem.

• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementsyouexpecttorealize.

• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranches;businessunitsmayhavebuiltasignificantportionofthebusinesscaseforyou.

AboutNemertesResearch:NemertesResearchisaresearch-advisoryandconsultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].

Compass Direction Points - nemertes.com€¦ · The CIO’s Guide to SD-WAN ... Compass Direction Points: ... In-net SD-WAN can be tied to Network Functions Virtualization ...

Documents