SD WAN and SASE are humble buzzwords in the world of connectivity. They bring simplicity and flexibility to the customer, who becomes more independent of providers. In practice, however, that won freedom quickly gives way to a new lock-in.
“SD Wan has quietly become established, in my opinion,” says Freek Pauwels, General Manager Citymesh Integrator. “Although I notice that not everyone really knows what it’s about. When we ask customers what they expect from their SD Wan, we sometimes get strange answers. Then the penny drops, and it turns out that they don’t really understand exactly what the solution entails.”
Pauwels shares his observation at the round table on connectivity, organized by ITdaily. Also sitting around the table are Marc Vandeputte, CTO of Arcadiz, Mirko Montorro, Sales Manager and Partner at Easi, Kristof Spriet, Connectivity Expert at Proximus NXT and Gilles Verscheuren, Business Development Manager at Eurofiber. He’s not really worried about SD WAN, SASE other solutions. “As long as they run over our fiber,” he laughs.
Relevant hype
Montorro notes that SD Wan is a bit of a hype right now. “Many companies initially wanted to implement an SD WAN solution to save money,” he notes. “That is certainly not always the case in practice, and all the more so in a national context where MPLS is very competitively priced. What you do get is more flexibility and manageability. That’s why we are now seeing a big shift, with a little delay also with us in Belgium.”
Many companies initially wanted to implement an SD WAN solution to save money.
Mirko Montorro, Sales Manager & Partner Easi
SD WAN stands for Software Defined Wide Area Network and is in a way the successor to MPLS(Multiprotocol Label Switching), although on the backbone side it actually uses MPLS networks as well. Historically, organizations connect their branches in a WAN via MPLS, with traffic running along defined network paths thanks to MPLS routers and infrastructure to create a stable and secure connection. An MPLS network is a fairly complex affair, for which you turn to a provider.
An SD WAN solution provides similar functionality, but connects LAN networks via software-defined connections, independent of the underlying connectivity solutions. That makes SD WAN more flexible, and allows companies to connect their sites over alternative networks such as the public broadband network. “But have no illusions,” says Vandeputte of Arcadiz. “In practice, large companies’ SD WAN solutions still run over MPLS networks via the provider’s backbone.”
Get rid of telecom lock-in
Verscheuren also emphasizes this: “The speed and quality of your connection still depends on the network over which your SD WAN solution sends your traffic.” Although there is one very big difference from classic MPLS implementations: because SD WAN is software defined, companies can disconnect from providers. It becomes much easier to switch between connectivity providers, whereas with ordinary networks via MPLS there was vendor lock-in.
The speed and quality of your connection still depends on the network over which your SD WAN solution sends your traffic.
Gilles Verschueren, Business Development Manager Eurofiber
“That’s a big difference,” agrees Spriet. “With SD Wan, organizations suddenly become much more independent of their connectivity provider, and can switch more quickly.” But what do companies do with this newfound freedom?
“Actually, the lock-in is shifting to the SD-WAN providers,” Montorro notes. “Customers are choosing one party to vouch for all the devices that allow it to make the software-defined connections, and there are a lot of them. Not surprisingly, an SD-WAN partner provides all the hardware, from firewalls and switches to routers. Switching is possible and there is zero touch deployment of hardware that will help with that, but a migration is still extensive and complex work.”
Platform approach
Vandeputte also sees organizations going for a monolithic approach, with best of breed in networking and security giving way to a platform approach with as many solutions from one manufacturer as possible. “And so you get vendor lock-in again, but just on a different level.”
So you get vendor lock-in again, but just at a different level?
Marc Vandeputte, CTO Arcadiz
That doesn’t mean companies shouldn’t look at new connectivity solutions. The flexibility regarding providers with SD-WAN already opens doors to several interesting possibilities. Says Montorro, “Organizations can now easily combine connectivity solutions from different providers, such as a fiber line from provider A with a coaxial connection from provider B. We see that companies are increasingly assessing their availability as sufficient, so they can say goodbye to more expensive solutions with more extensive Service Level Agreements (SLAs).”
Modern connectivity solutions also bring more management capability. Companies can keep an eye on how traffic is flowing themselves via a dashboard, where with MPLS alone they had to settle for reports.
SD WAN, SASE and SSE
SD WAN is otherwise not the end station, according to those present. “I wouldn’t be surprised if in a few years no one is talking about SD WAN anymore,” Montorro believes. He refers to the emergence of SASE (Secure Access Service Edge) and SSE (Secure Service Edge).
“From my experience, I see the transition from SD-WAN to SASE more as a phased process,” Spriet reflects. “SD-WAN and SSE are the first steps in the SASE story. Many companies are currently using hybrid networks, and they will be needed for quite some time. This requires local segmentation and security solutions that are both flexible and reliable.”
Many companies are currently using hybrid networks, and they will be needed for quite some time.
Kristof Spriet, Connectivity Expert, Proximus NXT
In a nutshell, SASE combines SD WAN with security functionality in the cloud. SSE is a variant for organizations that work primarily in the cloud and benefit less from the SD WAN component, but want to see their security centralized in the cloud.
Is lock-in a problem?
Again, enterprises enjoy freedom of choice in their underlying connectivity, but further hand over the keys to one connectivity and security provider who takes care of the entire platform. Pauwels appreciates the simple approach, yet has some reservations. “In the past, organizations deliberately chose two different manufacturers for their network on the one hand, and security on the other, to build in an extra layer of security. Today, one SD WAN, SASE or SSE provider takes care of everything. Then if there is ever a security breach, the consequences can be dire.”
Thus, much is shifting in the world of connectivity, while just as much remains the same. Organizations are buying flexibility and control by running their networks through software- and cloud-based solutions and fighting free of telecom provider lock-in. In the same breath, they opt for a platform approach to connectivity and security at the level of their SD WAN, SASE or SSE provider, then a new lock-in emerges. “So is lock-in so bad?”, Verscheuren wonders aloud.
This article is part of a series following the roundtable on connectivity organized by ITdaily. Read more here.