SD-WAN: A Better Way to Connect

Author: Joe Spoon | Senior Network Engineer, Network Operations


For years in the IT and networking industry, connecting locations together meant having to pay. We paid in time, knowledge, and money by implementing MPLS networks with advanced configurations and routing to support connecting locations or with DM-VPNs that required their own separate knowledge base for configuration and support.

In the past few years with the explosion of the SD-WAN technology this payment is drastically reduced in terms of time, knowledge, and money. SD-WAN solutions allow busy network administrators to easily implement inter-site connectivity with little effort and time. Also, by partnering with an SD-WAN Managed Service Provider, customers now can implement a very advanced inter-site network with quality of service and full redundancy in just a matter of days or weeks.

Great SD-WAN providers give customers access to a simple yet informative dashboard where the customer can not only configure their locations but also graphically monitor what is connected and what type of traffic is moving through the network. In legacy networks, this visibility was only available by calling the Internet Service Provider (ISP) or waiting until the end of the month for a report on what had been going on in the network.

To drive the point home a little more, I’ve listed below a few normal configurations that network administrators would make on legacy networking systems and how that is done on newer SD-WAN systems by VMware.

Site to Site Connectivity

Legacy System: In a legacy network, you could only really get site-to-site connectivity by purchasing a frame relay network (very old), MPLS, or some type of Site-to-Site VPN. These solutions required a great deal of networking knowledge and if something went wrong on one of these types of networks, it generally took a lot of time and coordination with the carrier to troubleshoot and correct.

SD-WAN: For site-to-site connectivity, you click an option within the VMware Orchestrator (Management, Control, and Reporting server) at all locations and they automatically spin up VPN tunnels between each location and strategically located VMware Cloud Gateways.

Connecting to a 3rd Party Resource (ex: AWS)

Legacy System: To connect in a 3rd party resource like AWS in an MPLS system, you had to work with their ISP to connect this into the ISP’s data center and the cost is normally pretty steep.

SD-WAN: To connect a 3rd party resource in VMware, you create what’s called a “Non-VMware Site” directly from the VMware Orchestrator and if configured properly, the VPN tunnel will come up quickly.

Quality of Service

Legacy System: To get effective QoS on a legacy system you would most likely ditch options like site- to-site VPN and go straight to MPLS. MPLS is a pricey solution and takes time, coordination, and work with the ISP to get your QoS policies applied correctly for the services that are the most important to you.

SD-WAN: To implement QoS in the VMware SD-WAN solution, you create business policies directly in the VMware Orchestrator and configure the priority of the packet in a top down order. This configuration can be done at any time with no coordination from the ISP.

Cloud Security

Legacy System: Some MPLS providers offer a firewall solution based in their data center before packets egress to the internet. Customers normally do not have visibility into this solution and very little control without calling into the ISP and coordinating changes with them.

SD-WAN: With VMware and Zscaler combined, customers can now spin up tunnels to the Zscaler Cloud Firewall service and send all internet bound traffic through it. Customers can now see exactly where their users are going and allow or block appropriate content to make their day to day work time more efficient.

SD-WAN truly is revolutionizing the way customers can implement, watch, and control their network and the data traveling across their network. It’s so much better and the savings in time, knowledge, and money make it every more appealing. Once users see how much better it is on this side of the fence, there will be no going back.