Compass Direction Points - nemertes.com€¦ · The CIO’s Guide to SD-WAN ... Compass Direction...
Transcript of Compass Direction Points - nemertes.com€¦ · The CIO’s Guide to SD-WAN ... Compass Direction...
N e m e r t e s R e s e a r c h G r o u p I n c . w w w . n e m e r t e s . c o m 1 - 8 8 8 - 2 4 1 - 2 6 8 5
TheCIO’sGuidetoSD-WANEmbracingLess-ExpensiveConnectivityMakesSD-WANaPowerfulEngineofWANSavings,EnterpriseAgility,andImprovedApplicationDeliveryMixingless-expensiveconnectivityintotheWANcannotonlyslowthegrowthofWANspending,butactuallyreduceit—whileimprovingagility,performance,anduptime.
2017
08
ByJohnBurkeCIOandPrincipalResearchAnalystNemertesResearch
CompassDirectionPoints:
± SD-WANcansavemoneyonconnectivity.ExploreSD-WANtocurtailgrowthofMPLSspendingorevenreduceitbysubstitutingInternetlinksforMPLSsomeorallofthetime.
± SD-WANcanimproveuptime.Nemertesresearchdatashowa92%reductioninWANoutagesatSD-WANsites.ExploreSD-WANtoreducethecosttothebusinessofWANproblems.
± SD-WANcanreduceITWANmanagementcosts.Nemertesresearchdatashowa95%reductioninWANtroubletickets.ExploreSD-WANtoreducemanagementoverhead.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
2
TableofContents
COMPASSDIRECTIONPOINTS: 1
TABLEOFFIGURES 4
EXECUTIVESUMMARY 5
THEISSUE 6
WHATISSD-WAN? 6
TYPESOFSD-WAN 7OVERLAYSD-WAN 7OVERLAY:PROS/CONS 8IN-NETSD-WAN 8IN-NET:PROSANDCONS 9
MAKINGABUSINESSCASE 9BOTTOMLINEBENEFITS 9TOP-LINEBENEFITS:BUSINESSAGILITY 9STRATEGICSUPPORTANDDIGITALTRANSFORMATION 10TOOMUCHRISK,ORRISKREDUCED? 10FORAGLOBALWAN,AGLOBALSD-WAN 11
THENEMERTESSD-WANCOSTMODEL 11COSTCOMPONENT:CONNECTIVITY 11COSTCOMPONENT:CAPITALEQUIPMENT 12COSTCOMPONENT:TROUBLESHOOTINGANDPROBLEMRESOLUTION 13
CUSTOMIZINGTHEMODEL:MAKINGITWORKFORYOU 14SIZEANDCONVERSIONPERCENTAGE 14CARRIERSERVICEOPTIONS 14CAPITALEQUIPMENTSHIFTS 15SD-WANAPPLIANCETYPE 15SITETYPES 15
MODELOUTPUTS 16SD-WANVSCLASSICALWAN 16OVERLAYVSIN-NETSD-WANSAVINGS 17
SD-WANUSECASES 17USECASE1:BENDINGTHECOSTCURVEONRESILIENCE,GROWTH 17
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 3
USECASE2:OPERATIONALEFFICIENCYFORITANDTHEBUSINESS 18USECASE3:BUSINESSAGILITYVIASMARTERBRANCHING(FASTERISBETTER) 19
CONCLUSIONANDRECOMMENDATIONS 19
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
4
TableofFiguresFIGURE1:SD-WANWITHMESHANDHUB/SPOKEVIRTUALWANS...................................................................6FIGURE2:OVERLAYSD-WANARCHITECTURE.............................................................................................................7FIGURE3:IN-NETSD-WANARCHITECTURE..................................................................................................................8FIGURE4:SD-WANMODELVARIABLES..........................................................................................................................14FIGURE5:MODELINGCONNECTIVITYTOTYPICALSITES.....................................................................................16FIGURE6:MODELOUTPUTS.................................................................................................................................................16FIGURE7:USECASE#1—BETTERBACKUP..................................................................................................................18FIGURE8:USECASE#2—MOVINGAWAYFROMMPLS...........................................................................................18
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 5
ExecutiveSummarySD-WANisapotentialgame-changerforwideareanetworking—onthesamelevelasservervirtualization,whichtransformeddatacentersoverthelast10years.SD-WANcombinestheuseofmultipleactivebranchlinks,intelligentdirectionoftrafficacrossthoselinks,andcentralized,policy-drivenmanagementoftheWANasawhole.Theabilitytoleveragemultiplelower-costservices(includingInternetand4Gwireless)aswellastraditionalserviceslikeMPLSholdsthepromiseoftransformingIT’srelationshiptotheWANandtheWAN’srelationshiptothebusiness.Transformationalpotentialisnotenough.IThastobuildacompellingbusinesscaseformakingthetransition.Thebaseofthecasemustbecost.NemerteshasdevelopedandvalidatedanSD-WANcostmodelthatenablesenterpriseuserstobuildthatbusinesscase.Theshortversion?SD-WANdeploymentscancutmillionsfromlargeWANservicebills.ButconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings;byprovidingcheaperandmoretransparentandautomaticfailoverwhenWANlinksfail,SD-WANcanreducebranchWANoutagesandtroubleshootingcostsby90%.ForITandnetworkingprofessionalsthemessageisclear:nowisthetimetotakeacloselookatyourWANarchitecture,withtheaimofidentifyinglocationsthatcouldbenefitfromhigherbandwidth,lowerrates,increasedreliability,orallthree.ModelthecostofstickingwiththecurrentarchitectureandcomparethatagainstatleasttwoSD-WANsolutions.IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscasebasedonthem,aswellasotheroperationalsavingsandanybusinessvalueassignedbythebusinesslinestofasterbranchturn-up.ITstaffshould:
• Assesstheamountoffailover-onlybandwidththeyarepayingfornow• AssesstheirdemandcurveforWANandInternetbandwidth:determinehow
theconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesforUC,collaboration,etc.
• Modelthecostofusingthecurrentarchitectureforthreetofivemoreyears.• Evaluateandmodelcostsforatleasttwoin-netoroverlaySD-WANsolutions• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,they
shouldbuildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementstheyexpecttorealize.
• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranchesordeliveringnewservicesmorequickly;businessunitsmayhavebuiltasignificantportionofthebusinesscase.
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
6
TheIssueIntheclassicengineer’sformulation,“Youcanhaveitcheaper,faster,orbetter…picktwo.”Fromtimetotimenewtechnologycomesalongand,bychangingthebasicassumptionsunderlyingexistingsolutions,managestobecheaperandfasterandbetterallatonce.SD-WANpromisestohitthetrifecta.BychangingtheunderlyingassumptionsabouthowITconnectsabranchtotheWAN(and,indeed,whatconstitutesabranch)itoffersthechanceofimprovingagility(i.e.beingfaster)andperformanceandreliability(i.e.beingbetter)whilealsoreducingcosts.BuildingabusinesscasefordeployingSD-WANinvokesallthreebenefitsbutrestsmostlyonthestrengthofsavings,whetherintheformofexpectedcostincreasesavoided,orasactualcostdecreases.
WhatisSD-WAN?Let’sstartfirstwithdefinitions.Software-DefinedWAN,orSD-WAN,incorporatesseveralkeyconcepts:
• Abstractingedgeconnectivity:Makingalltheconnectionsintoalocationusefulasasinglepoolofcapacityavailabletoallservices.
• WANvirtualization:OverlayingoneormorelogicalWANsonthepoolofconnectivity,withbehaviorandtopologyforeachoverlayWANdefinedtosuittheneedsofspecifictypesofnetworkservices,locations,orusers.(PleaseseeFigure1.)
• Policy-driven,centralizedmanagement:KeytoanSD-WANistheabilitytodefinebehaviorsforanoverlayWANandhavethemimplementedacrosstheentireinfrastructurewithoutrequiringdevice-by-deviceconfiguration.
• Flexibletrafficmanagement
DC
BranchRTR
BranchRTR
BranchRTR
Internet
MPLSCarrierCore
SD-WANRTR
MeshWAN
SD-WAN
SD-WAN
SD-WAN
Hub-and-SpokeWAN
Figure1:SD-WANwithMeshandHub/SpokeVirtualWANS
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 7
forperformanceandsecurity:SD-WANscanoptimizetrafficinmanyways;foremost,theycanselectivelyroutetrafficacrosslinksbasedoncriteriasuchaslinkperformance.
TypesofSD-WANTherearetwokeywaystoprovidetheseservicesinaWAN.Nemertescallstheseoverlayandin-netSD-WAN.
OverlaySD-WANInanoverlaySD-WAN,thenewSD-WANappliancesaredeployedonanexistingroutednetwork,eitherbehindtheroutersorreplacingthemasthebranchconnectiontotheWAN.SD-WANappliancescanalsocollapsethetypicalbranchstackbyreplacingotherbranchWANappliancessuchasoptimizersandfirewalls.MorethanadozencompaniessellSD-WANappliances,bothphysicalandvirtual(whichallowextensionoftheSD-WANintopubliccloudspacessuchasAmazonEC2,MicrosoftAzureCompute,orGoogleComputeEngine).Someareintendedtoreplacerouters,sometoridebehindthem,otherscanfilleitherrole,andenterpriseITstaffneedtocarefullyevaluateeachagainsttheirspecificneeds.Forexample,thosewithanagingrouterplantbutmostlyMPLSandCarrierEthernetorbroadbandlinksmayfindrouterreplacementveryattractive.ThosewithalotofolderT1orT3connectionsthatcan’torwon’tbereplacedwithEthernetmaywanttokeeptheirexistingroutersinplace,toterminatetheolderconnectivity,whileusingtheSD-WANsolutiontosupplementitwithwiredor3G/4Gbroadband.
Figure2:OverlaySD-WANArchitecture
MPLS Carrier Core
Branch
DC
Branch
Inte
rnet
SD-WAN
Encrypted tunnels Optionally encrypted tunnels
SD-WAN
SD-WAN
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
8
Overlay:Pros/ConsIntheoverlayscenario,SD-WANappliancescomprisealayerofenterpriseinfrastructuredistinctfromtheWANconnectivitytheymanage,allowingITtoeasilyaddandremovenetworkserviceprovidersandlinktypes.Thisgivestheenterprisemaximumflexibilityonconnectivityservices,butincurstheburdenofmanagingthesolutionitself.Thisistypicallylesstroubletomanagethantheold-schoolrouterplant,andcanevenhelpmakeroutermanagementeasierwhereroutersstayinthepicture,butisstillasignificantoperationalresponsibilityforIT.
In-NetSD-WANIncontrast,in-netSD-WANtiestheSD-WANfunctionalitytotheconnectivityservices.Thesefunctionsmayallbeprovidedintheserviceprovider’sedgeandcoreinfrastructure,withthebranchusingatraditionalroutertoconnecttotheprovider’snearestpointofpresence.Or,someorallfunctionsmaybeprovidedon-premisesviaappliancesunderserviceprovidermanagement;thispushesworkoutoftheserviceprovider’sinfrastructureandalsoallowsoptimizationoflast-mileconnectivityviacompression.
Figure3:In-NetSD-WANArchitecture
In-netSD-WANcanbetiedtoNetworkFunctionsVirtualization(NFV),withthevariousfunctionsprovidedbyseparate,cooperatingVirtualNetworkFunctions(VNFs)dynamicallydownloadedtotheon-premisesdevice(wherethereisone)orchainedintothetrafficpathinthecarrierinfrastructure.Thisopensthepossibility
SD-WAN Service Cloud
Branch Branch
DCSD-WAN
Internet
Encrypted tunnels
SD-WAN SD-WAN
PoP
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 9
oftheon-premisesdevicebeingwhite-box/genericratherthanbespokefortheservice,decreasingvendorlock-insomewhat.
In-Net:ProsandConsThetrade-offforhandingoffthemanagementburdenfortheSD-WANisthelossofautonomywithrespecttoconnectivity.Inthein-netscenario,youcan’tnecessarilymixandmatchlinksfromdifferentvendorsfreely.ThenewlevelofWANfunctionalityistiedtothein-netSD-WANprovider,afterall.Ifyouhavetroublegettingconnectivitytoallyoursitesfromasingleprovider,thatbecomesanissue.Likewiseifyouwanttohaveproviderdiversityforyourbranchconnectivity,aswellaspathandlink-typediversity:thatis,youwanttohaveeachbranchhavealinkfromatleasttwodifferentproviders,e.g.oneforMPLSandadifferentoneforInternet.Thein-netSD-WANproviderhastoallowfor(andpotentiallypartnerwith)theotherprovidersyouwanttouseinorderforyoutofoldinlinksfromthoseothervendors.Thissharplylimitsenterprisechoiceinthematter.
MakingaBusinessCaseBottomLineBenefitsFirstandforemostinthebusinesscasemostSD-WANuserswillbuildiscostsavings,andthemainsourceofhard-dollarcostsavingsinSD-WANisthesubstitutionoflower-costconnectivityinplaceofmoreexpensivekinds.Theorganizationmightbelookingforimmediatesavings.Inthatcase,thegoalwillbetodecreaseabsolutespendingonconnectivity.ThiscanbeaccomplishedbyreplacingMPLSorotherrelativelyexpensiveconnectivity(atleastasreckonedonacost-per-Mbpsbasis)infavorofalessexpensiveoption:replacingsomeMPLSlinkswithbusinessInternetservices,orevenconsumer-gradebroadband.Or,theorganizationmightbelookingforsavingsoveralongertimeframe—lookingto“bendthecostcurve”fortheirWANastheyprojectcurrentgrowthtrendsintothefuture.Inthiscase,theymaychangelittleornothingintheircurrentuseofMPLS,forexample,butshiftallgrowthtoothermedia.Fully78%oforganizationsdeployingSD-WANhavenoplantocompletelydropMPLSfromtheirWAN.However,mostintendtoreduceandrestricttheiruseofit,ifnotimmediatelythenoverthenextfewyears.
Top-LineBenefits:BusinessAgilitySpeedhasvalueinbusiness.Forthegrowingnumberofbusinessesadoptinga“getclosertothecustomer”approachtotheirphysicalstorefronts,thatspeedcanbemeasuredinpartbyhowmanydaysittakestoturnupanewbranch.SD-WANcan
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
10
radicallyalterthatnumber.Mostsolutionsallowfreemixtureofdifferentkindsofconnectivity.Consequently,anewlocationcanbebroughtupwithwhateverformofconnectivityismostreadilyavailable,beitcableorDSLoreven4G/LTE,andcanbecomeonlineinunderaweek,evenwithinadayofreceivingitsendpointequipment.Contrastthatwiththemoretypical30to90ormoredaystoconnectupanewbranchusingtraditionalapproaches.AnotherformofagilitythattheSD-WANapproachlendsitselftoisrapiddeploymentofnewWAN-basedservices.Centralized,policy-basedmanagementoftheWANasawholeallowsrapidreconfigurationtosupporttheadditionofnewservicesaswellaschangesintheprioritizationoftheapplicationportfoliooverall.Thebusinesslinesresponsiblefornewbranchoperationscanlikelyputadollarvalueoneveryadditionalweekorevendayofoperationsforanewlocation.ITshouldbereachingouttothemforthatinformationinconstructingthebusinesscase.Likewise,theywillhaveputavalueonthebenefitsofdeliveringthenewservicestheyarepursuing,andITshouldreachouttogetthatinformationforanyinitiativesplannedforthenearterm.
StrategicSupportandDigitalTransformationThatrapiddeploymentandintegrationofnewservicesisinturnthecornerstoneofanotherlevelofvaluetoconsiderinabusinesscase:supportforstrategicinnovationsandespeciallyDigitalTransformation(DT)efforts.ManyDTinitiativesrevolvearoundnewusesofreal-timecommunicationstointeractwithcustomersandprospects.Others,aroundinsertionintotheenvironmentofnewtechnologiesthatgeneratestreamsofdatathatflowbacktothedatacenterorouttothecloud—sensors,digitalsignage,locationtrackingdevices.Ineithercase,theWANbecomesthechannelbywhichDTdataflowstoandfrombranches,andSD-WANprovidestheabilitytoswiftlyaddnewflowstothemixwithouthurtingperformanceforwhatisalreadythere,aswellastoeasilymeetnewbandwidthdemandsusingmoreaffordableconnectivity.
TooMuchRisk,orRiskReduced?SD-WANsolutionscanalsocontributetothesecurityofanorganization.AlthoughtheymakeitpossibletomoreeasilysendtrafficdirectlytotheInternetfromthebranch,avoidingbackhaulsthroughthedatacenter,mostbuildfirewallfunctionalityaroundthat,andallallowforcarefulselectionofwhichtrafficisallowedtoflowdirect.Forexample,policycanallowtraffictoandfromOffice365orSalesforcetogodirect,whileotherweb-boundtrafficisnot.And,onanotherfront,creatingaholisticallymanagedWANusingproviderendpointsallowstheorganizationtoeasilyandreliablykeeptheendpointscurrent
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 11
onallsecurity-relatedupdatesandpatches.MostorganizationsarereluctanttoapplypatchesandupdatestoalltheirWANrouterstoofrequently,sincetheyhavetoinvestsignificantstaffhoursinpushingoutpatchesbranchbybranch,anddoingsousuallyinvolvesaninterruptioninservices.Toomanyorganizationsapplypatchesandupdatesonlywhentheyhavenootheroption,ratherthanwheneveroneisavailablethatwilltightenupsecurity.Asystemintendedtoallowno-down-time,comprehensiveupdatingchangesthisdynamicentirely,andimprovestheoverallsecuritypostureoftheorganization.
ForaGlobalWAN,aGlobalSD-WANSD-WANcanbeakeyenablerofsimplifiedglobaloperations.SD-WANcanmakeiteasierfortheorganizationtospinupnewbranchesanywheretheyneedto,globally,bydeliveringaconsistentsetofserviceswhiletakingadvantageofwhateverlocalconnectivityoptionsareavailable.And,fornewandexistingbranchesboth,securelydeliveringgreaterconsistencyandbetterperformancetobothin-houseandcloudapplicationscanboostproductivityglobally.In-netSD-WANcanenjoyaparticularadvantageinthisscenariobyusinganoptimizedbackbonetodeliver“middle-mile”optimizationsindependentoflocale.Assumingabroadenoughdistributionofproviderpointsofpresence,thiscaneliminatemostoftheunpredictabilityofmulticontinentalInternetperformance,ahugeboonwhenthedatacenters(whethertheenterprise’sortheenterprise’scloudproviders)areaworldawayfromthebranch.
TheNemertesSD-WANCostModelTheNemertesmodelincorporatesthreekeycostcomponentsoftheWANandofSD-WANsolutions:connectivity,capital,andoperations.Itisbuilttosupportmultipledecisionpointsinregardstoeach.
CostComponent:ConnectivityInassessingcostsforanyWANarchitecture,circuitandservicecostsrepresentthelion’sshare.And,asnoted,thelargestpieceofcostsavingsfromSD-WANcomesfromchangesincircuitandservicecosts.Whetheroverlayorin-net,afundamentalconceptbehindSD-WANistouseanyavailablenetworkroutesthatdeliveranapplication’srequiredqualityofservice;wherebigcheapInternetlinksareavailable,alotoftrafficwillshiftontothemoffmoreexpensiveMPLSlinks,whichcanshrinkorgoaway.ThisprovidesITwitharangeofoptionsforaddingbandwidth,andletsnetworkprofessionalstakeadvantageofthefullrangeofoptionstodelivertheirparticularmixofservices,sitetypes,andusecases.Dependingontheorganizationanditsapplications,thatmaymean:
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
12
• Routingunifiedcommunicationsandotherreal-timetrafficoverMPLSwhileshiftingotherapplicationtraffic,filetransfers,andotherlatency-insensitiveapplicationstobusinessorconsumerInternetservices(whichcostupto10timeslessthancomparableMPLSservices)
• RoutingallapplicationsacrossMPLSwhereavailable,andusing4Gwirelessasbackuporforoverflowtraffic
• ShiftingallapplicationsfromMPLStobusinessorconsumerInternetservicestomaximizecostsavings,withtwoormoreprovidersperbranchbothforresilienceandtoallowthesolutiontotakeadvantageofwhicheveroneofthemprovidesthebestperformanceforservicestheenterpriseuses.
Soatthecoreofourcostmodelisthe“circuitcosts”component,whichincludesallservicesthatanenterprisehasinthe“beforeSD-WAN”stateandthoseitwillhaveafterdeployingSD-WAN,including:
• MPLScircuits:TraditionalMPLSserviceswithSLAandpossiblymultiplelevelsofQoS
• BusinessInternet:InternetservicesprovidedwithanSLAandsymmetricalservice,i.e.thesamebandwidthuptotheInternetanddownfromit
• ConsumerInternet:Consumer-gradeInternetservices(althoughalsotypicallyprovidedforsmallerbranchoffices)whichdon’thaveanSLAandmay,ifbasedoncableorDSL,beasymmetrical,withlowerbandwidthfortrafficgoinguptotheInternetthanfortrafficcomingdownfromit
• 4GorLTEwireless:Broadbandwirelessservicesusuallyusedasinitialconnectivityinanewbranch,orasbackuporoverflowcapacityforanestablishedbranchwithotherconnectivityavailable.
CostComponent:CapitalEquipmentGivenhowlarge,comparatively,thespendonconnectivityis,withalongenoughreplacementcycle(fivetosevenyears,althoughcostsareusuallyamortizedoverthreetofiveyears)thecostofcapitalequipmentcanseeminsignificant.Evenasthebranchstackhasgrownfromjustaroutertoincludealsooptimizationandfirewalls,thiscanstilllooktrue.Thatis,itcanseeminsignificantifyouhaveeasyaccesstocapitalfunds.However,manyorganizationsfindcapitalfundsincreasinglypinched.That,coupledwithanacceleratingpaceoftechnologychangemakesabigupfrontinvestmentinalongreplacementcycleuntenable,fornow.So,theimpetusistoreducecapitalspendbyconsolidatingthestackintoasinglebox;ortoshiftcostsfromcapitaltooperatingexpenses.SD-WANappliances,especiallythenewestgenerationonesusedbycarriersandserviceprovidersintheirin-netsolutions,areintendedtobeabletoreplaceroutersandfirewallsandsomefunctionsofWANoptimizers,whetherviaintegralfunctionsofaunifiedappliance,or,intheNFVscenario,viarouter,firewall,oroptimization
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 13
VNFsrunalongsidethecoreSD-WANVNF.Inotherwords,anapples-to-applesbefore-and-aftercomparisonofcapitalequipmentmightinclude:
Ormanyothercombinations.Themodelaccommodatesselectinghowmanysiteshaveaseparatefirewallbeforethetransition,andhowmanyafter;likewiseWANoptimizers.Webundlebothsoftwarelicensingcostsandamortizedhardwareintoasinglelineitem.
CostComponent:TroubleshootingandProblemResolutionAlthoughtheyfeelkeenlythefactthattheyhavetoomuchtodoandtoolittletimeinwhichtodoit,networkprofessionalsusuallydon’tknowexactlyhowmuchtimethey(andtheirteams)spendintroubleshootingandresolvingWANproblems.That’sbecauseteamstypicallywearmultiplehats,andoutagesandissuesoccurrelativelyinfrequentlyinmostWANs.Overthecourseofayear,anetworkengineermightestimateshespends75%ofhertimeonupgradesandnewinstallations;10%ofhertimedoingarchitectureandplanning;andtheremainderontroubleshooting.Butunlessthecompanysheworksforisexceptionallyobsessiveabouttime-tracking,there’snowaysheknowsthis.Andwhensitesdoexperiencesignificantconnectivityissues,solvingtheproblemisparamountandtime-trackingwhatgoesintoitisnot;resolutionpushesasidenormalworkandofteninvolvesafter-hoursandweekendworkthatisrarelytrackedandaccountedforaccurately.Whatwefoundinresearchforthecostmodel,aswellasinthe2016CloudandDataCenterBenchmarkresearch,isthatregardlessofhowmuchtimenetworkengineersinvestintroubleshootingandproblemresolution,thatnumberdecreasedbyroughly90%withdeploymentofSD-WAN.Thatmayseemcounter-intuitive,giventhatwithSD-WANnetworkarchitectsareintheoryputtingless-reliableInternetlinksintheroleofprimaryconnectivitybeside(orinplaceof)morereliableMPLSlinks.However,inpractice,mostusecasesinvolvemovingfromsingleMPLSconnectionstopoolsconsistingofMPLS-plus-Internetormultiple-Internetconnections—andaconsequenceofmovingtomultipleconnectionswithtransparentfailoveristoreduceoreliminatetheimpactofanysinglelinkhaving
Before:• Hardwarerouter• HardwareWANoptimizer• Nofirewall• NoSD-WANappliance
After:• Softwarerouter(VM)• SoftwareWANoptimizer• Softwarefirewall(VM)• SD-WANappliance
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
14
problems.TheSD-WANtechnologyhappilyreroutestrafficoverthegoodlink(s),andsimplyresumesusingthelinkthatwentdownassoonasitisbackup.Whenthere’saserviceoutagewithasingleMPLScircuit,networkengineersneedtodropeverythinganddealwiththeoutageuntilthesiteisbackup.Butwhenacircuitgoesdownandothercircuitstakeitsplace,it’snotreallyanoutage;it’smerelyservicedegradation,andnotanemergency.Andgiventhatsuchoutagesareusuallytemporaryandself-correcting,oftennoactionbyITisrequired.
CustomizingtheModel:MakingItWorkForYouSizeandConversionPercentageForacostmodeltoapplytoanygivenenvironment,usersneedtobeabletocustomizeittoreflecttheircurrentenvironmentandplannedchanges.Thisabilityiskeytoconducting“what-if”analyses:determiningwhichoptionsmakethemostsenseforagivendeploymentscenario.Toenablecustomization,Nemertesfocusedonafewkeyvariables.(PleaseseeFigure2.)Firstandforemost:theWANsize(numberofsites)andthepercentageoftheWANconvertedtoSD-WAN,becauseSD-WANdoesn’thavetobeallornothing.Userscaninputboth,andseehowtheresultschange.
Figure4:SD-WANModelVariables
CarrierServiceOptionsThenextmostimportantvariableinthecostequationis,asnotedabove,thecostofconnectivityservices.Thiscomprisesmultiple,separatevariables:Whichproviderisdeliveringservices,andwhichservices—MPLS,businessInternet,consumerInternet,andLTE—areinuse,andathowmanysites.Themodelallowsuserstoselect“before”and“after”optionsforservicetypes,andtodefineconnectivityprofilesforafewcommonbranchscenarios(seebelow).Thecostforthoseserviceswilldrawfromoneofthreesources:
• Specificcarriercosts.Networkprofessionalswhoworkwithaspecificcarrier,orwhoareconsideringselectingthatcarrier,canselectthatprovider’scostsfortheoptions
How many sites on WAN? 100Carrier GenericPercentage of sites converted to SD-WAN 100%Percentage with full firewall before 5% 3 yearsPercentage with full firewall after 25%Percentage with WAN otimization before 50%Percentage with WAN otimization after 0%
Percentage routers replaced by SD-WAN appliance
80%
Nemertes SD-WAN Cost Model and Business Value Analysis
Overlay solution selected
WAN Variables SD-WAN
Overlay
Amortization Period
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 15
• Specificenterprisecosts.Networkprofessionalswhoknowtheirowncostsforservicescanplugthosein,andhavethemodelcompareconfigurationsbasedontheactualcostspaidforservices
• Genericcosts.Networkprofessionalswhodon’tknowtheirowncostsandaren’tfocusingonaspecificcarriercanleverageanaverageofbenchmarkandsurveydatacollectedbyNemertes.Thesearepaidcosts,notlistprices,sotheyprovidearealisticsenseofactualmarketcosts.
CapitalEquipmentShiftsWealsoenableuserstoindicatebeforeandafterscenariosforcapitalequipment.Theseinclude:
• Routerreplacement.Asindicatedabove,somesolutionsallow(andevenencourage)routerreplacement.Atleastonemayrequireit(i.e.forin-routerSD-WANrequiringanewenoughroutertosupportit).Removingabranchrouterreducescapital,management,andmaintenancecosts
• Branchfirewalls,pre-andpost-transition.AsignificantappealofSD-WANistheabilitytosendcloud-boundtrafficdirectlytothecloudratherthanroutingitbackthroughadatacenter;deployingmoreDirectInternetAccess(DIA)inbranchesmeansdeployingmorefirewallstosecurethoseconnectionpoints.SomeSD-WANsolutionsprovidestrongfirewallfunctionality,othersdon’t,andinsomecasesITwillwanttodeployastandalonenomatterwhat,asamatterofpolicy
• WANoptimizers,pre-andpost-transition.Betweenincreasesinusablebandwidth(withconsequentdecreaseincontentionforcapacity)andtheabilityofSD-WANappliancestosupplycrucialWANoptimizationfunctionssuchasprioritizationandrouteoptimization,enterprisesoftenhavenoongoingneedforaseparateoptimizationapplianceinanSD-WANsite.
SD-WANApplianceTypeAlthoughthetypeofSD-WANappliancedoesn’taffectthecostofadeploymentdramatically,weletusersselecttheSD-WANappliancestheyareconsideringaspartofthemodeling.ThisisaparticularlyusefulcapabilitywhenitcomestocomparingoverlaySD-WAN(forwhichusersmustpurchasetheirownSD-WANappliances)within-netSD-WAN(inwhichprovidersdeliver,andmanage,theapplianceaspartoftheservice).
SiteTypesLastly,theNemertestoolallowstheusertodescribetheorganization’smostcommonsitetypesintermsoftheircurrentconnectivityprofileandtheprofiletheywouldliketoshifttoviaSD-WAN.(PleaseseeFigure3.)Sitetypescanrangefromalargeheadquartersordatacentertotypicalmidsizebranchofficestosmall
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
16
branchesorevenkiosksorotherunstaffednetworksites(e.g.anATMoraRedBoxorsimilarnetwork-connectedvendingmachine).
Figure5:ModelingConnectivitytoTypicalSites
ModelOutputsThemodel’sgoalistodeterminenotonlywhetherSD-WANcandelivercostbenefits,butparticularlywhatsortofSD-WANisoptimal:overlayorin-net.
SD-WANvsClassicalWANAsoutputs,themodelcomparescurrentcostswithSD-WANcosts,modelingbothanoverlayandanin-nettransition.(PleaseseeFigure4.)
Figure6:ModelOutputs
Per-Site Variables Site Type 1 15% Site Type
2 30% Site Type 3 50% Site Type
4 5%
Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100
Commodity Internet LTE
Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS Business Internet Commodity Internet LTE
Classic WAN (MPLS)
$1,884,162$477,350$8,827
$2,370,339
Cost Component SD-WAN In-Net SD-WAN
Annual Circuit Costs $1,335,627 $1,335,627Annual Capital/Licensing $298,300 $359,100Annual Troubleshooting $883 $88
Total Cost $1,634,810 $1,694,815Savings over classic model $735,529 $675,524
Nemertes SD-WAN Cost Model and Business Value Analysis
Overlay SD-WAN vs In-Net SD-WAN
Cost Component
Annual Circuit CostsAnnual Amoritized Capital/Licensing CostsAnnual Problem-Resolution Costs
Total Cost
Cost Analysis: Classic WAN (MPLS)
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 17
Thisprovidesnetworkprofessionalswiththeopportunitytogaintwopiecesofinsight.First,howmuch(ifany)willconvertingtoSD-WANsave?Andsecond,whichtypeofSD-WAN—overlayorin-net—savesmost?
OverlayvsIn-NetSD-WANSavingsWhichsolutiongeneratesgreatersavingsdependsonthetransitionscenariosenvisioned.Currently,userswillbemostlikelytoseein-netSD-WANgeneratinggreatersavingsinscenarioswhereMPLSconnectivityisleftintactandnoconsumerbroadbandisaddedtothemix.WhenconsumerservicescomeintoplayandMPLSuseisscaledback,overlayusuallytakesthelead.Itisimportant,though,tokeepinmindthattheattractionofoutsourcingabigpartofSD-WANmanagementviaanin-netsolutionmayoutweighsmalldifferencesinsavings.Someorganizationswouldthinktheprospectofsaving20%overcurrentspendinglevelsandoffloadingmanagementmoreattractivethansaving30%andkeepingit;offloadingtheworkfreesstaffuptoaddvalueinotherways.SD-WANUseCasesUseCase1:BendingtheCostCurveonResilience,GrowthMostWAN-connectedbranchesofsignificantimportancehaveaprimarylink(typicallyMPLS)andabackuplink(usuallyanIP-VPNrunningacrossanInternetlink).Undernormalcircumstances,theyuseonlytheprimarylink.If,andonlyif,thatprimarylinkfailswilltheyusethebackuplink,andtheywillusethatonlyuntilserviceontheprimaryisrestored.Usually,thefailoverbetweenprimaryandsecondaryisslowenoughtobreakallnetworksessionscurrentlyrunningtoorfromthebranch,bootingpeopleoutofconferencesandhangingupvoiceorvideocalls,terminatingsessionsoncoreapplications.Inalltoomanycases,itwillbemanualandrequireWANstafftimetoexecute.Thewholedramaisreplayedwhentheprimarycomesbackupandservicesaremovedbacktoit,unlesstheWANstaffwaituntil“afterhours”tomaketheswapback—typicallystillpenalizingstaffwithpoorerWANperformance(andpenalizingthemselveswithafter-hourswork).ThepresenceofunusedbackuplinksisoneofthechiefavenuesbywhichSD-WANsolutionscanprovidevaluequickly.UsingNemertes’SD-WANTCOTooltomodelvariousscenarios,itiseasytoseethatevensomeonemakingthemostconservativechoicesaboutconnectivity—e.g.keepingexistingMPLSlinksinplaceandatcurrentspeeds,andusingonlybusinessInternetcan,bymakingactive/activeuseofexistingIP-VPNlinkstodoubleavailablebandwidth,offsetbigspendingincreasesassociatedwithbigbandwidthincreases.Forexample,considera100-siteWANspending$1.88MayearonMPLSandbackupInternet.Doublingthespeedtothebranchesresultsina35%costincrease,to$2.54M,usingtheconventionalprimary-plus-
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
18
failoverarchitecture.(PleaseseeFigure5.)Switchingtohot/hotuseofbothoriginallinksviaSD-WANinstead,doublingeffectivebandwidthwithoutactuallyincreasinglinkspeeds,avoidsthathugeaddedcost.
Figure7:UseCase#1—BetterBackup
DecreasingMPLSportspeeds(butretainingMLPSasacoretechnology)andshiftingsomesmallerlocationsoffitentirely,caneasilydecreaseconnectivitycostsbynearly30%,to$1.33M.(PleaseseeFigure6.)Moreradical(andconsequentlyriskier)shiftsoffMPLScandrivesignificantlydeepersavings.
Figure8:UseCase#2—MovingAwayfromMPLS
UseCase2:OperationalEfficiencyforITandtheBusinessInadditiontoprovidinglowercostformoreconnectivityforbrancheswithduallinksalready,fullyleveragingInternetlinksviaSD-WANgivesmanyotherbranchessomethingtheynevercouldaffordbefore:resilience.ManysmallandmidsizebrancheshaveonlyasingleMPLSlinkandnobackup,orasingleInternetVPNlink.Forsuchbranches,thecostofasecondlinkusefulonlywhenthefirstfailedwasseenasunjustifiablewhencomparedtothecostofdowntime.ButbyfullyexploitingasecondInternetlinkassoonasitisavailable,SD-WANmakesinvestinginthesecondlinkpartofagrowthandperformancestrategyatthesametimethatitprovidesbusinesscontinuity.SD-WANlowersthebarrierstoinvestinginredundancyandimprovesenterpriseuptimeevenfurtherasaresult.
Per-Site Variables Site Type 1 15% Site Type
2 30% Site Type 3 50% Site Type
4 5%
Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100
Commodity Internet LTE
Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 100 1 20 1 10 2 100Business Internet 1 100 1 20 1 10 2 100Commodity Internet LTE
Per-Site Variables Site Type 1 15% Site Type
2 30% Site Type 3 50% Site Type
4 5%
Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100
Commodity Internet LTE
Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 30 1 5 2 100Business Internet 1 100 1 20 1 5 2 100Commodity Internet 1 5LTE
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 19
Andofcourse,whenabranchhasmultipleactivelinksandintelligenceinhowtheyareused,difficultiesonanyonelinkhavelessimpact.Branchesexperiencelessdowntime,abouta90%reductioninNemertes’2016CloudandDataCenterBenchmarkdata.Thiscanrepresentenormousimprovementsinproductivityforbrancheswithpoorconnectivitycurrently.Suchimprovements,whichmostbusinessacknowledgeexisteventhoughtheyhaveahardtimequantifyingthem,shouldbementionedasancillarybenefitsinanySD-WANbusinesscase,eventhoughtheyaregenerallynotenoughtodriveapprovalofadeploymentinandofthemselves.Similarly,anSD-WANbusinesscaseshouldmentionITtimesavings,aswell.Whenlinkproblemsdon’thavediscernibleimpactonusers,theurgencyoftroubleshootingtheissuesdecreases.Giventhatmostsuchproblemsaretransitory,ITcurrentlyengagesinalotoftroubleshootingonWANissuesthateventuallyjustresolvethemselves.Bymakingmostlinkissuesnon-eventsfortheusersandthebusiness,aswellasbyprovidingintelligenceontheexactnatureandtimingoftheproblems,SD-WANcandriveasmuchas90%reductioninWANtroubleshootingtime,accordingto2016CloudandDataCenterBenchmarkdata.
UseCase3:BusinessAgilityviaSmarterBranching(FasterIsBetter)It’simportanttotrackanother“soft-cost”improvementofSD-WAN:businessagility.ForWANs,thisaspectof“faster”boilsdowntoonething:branchleadtime,thelengthoftimeittakestolightupanewnetworksite.ForMPLSnetworks,ITexecutivesbemoanlengtheningleadtimes,whichformanyofthemhavecreptupfrom30to60dayseightyearsagoto90to120now.BycontrasttheycanoftenprovisionwiredInternetserviceinaweekortwo;LTE,inadayortwo.Withbusinessagilityonmanyminds,thisisnosmallimprovement.Youcan’tbuildthebusinesscaseonit,usually,buteverybusinesscaseshouldmentionit.And,ifthereisanexplicitcorporatestrategybuiltaroundanimblerbranchstrategy,thebusinessmayhavedonetheworkofquantifyingthevalueofeachdayshavedofftheleadtimeforlightingupanewbranch,andITshouldleanheavilyonthatinbuildingtheSD-WANbusinesscase.
ConclusionandRecommendationsSD-WANcombinesactiveuseofmultiplebranchlinks,intelligentdirectionoftrafficacrossthoselinkstoprovidebetterperformance,security,andreliability,andcentralized,policy-drivenmanagementoftheWANasawhole.ItholdsthepromiseoftransformingIT’srelationshiptotheWANbysimplifyingmanagementofcomplexbehaviors,promotingresilienceandcontinuityofservice,empoweringmorenimble
©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607
20
branchstrategies,andradicallydecreasingthecostofmeetingrisingbandwidthandperformanceneeds.Asalways,IThastobuildacompellingbusinesscaseformakingatransitionlikethis,especiallywhereanup-frontinvestmentwillberequired.Thebaseofthecasemustbecost,and,basedonNemertes’SD-WANcostmodel,savingsshouldbeeasytocomeby.ThebiggestcostcomponentintheenterpriseWANistheconnectivity,andSD-WANcandrivemajorsavingsonconnectivityinacoupleways:preventingthemajorcostincreasesassociatedwithmajorbandwidthincreases,bymakingalllinkstoasiteusablesimultaneously;andallowingactualspendingreductionsbymeansofsubstitutingless-expensiveInternetbandwidthforsomeorallofanenterprise’smore-expensiveMPLS.Note,though,thatconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings.Bymakingredundantlivelinkscheapertodeployandmakingfailoveramonglinkstransparenttoendusers,SD-WANcanreducebothWANoutagesandWANtroubleshootingcostsby90%.ITstaffshould:
• Assesstheamountofbackupbandwidthyouarepayingfornow—thelinksonlyavailableasfailoverconnectivityintheeventanMPLSlinkfails.
• AssessyourdemandcurveforWANandInternetbandwidth:determinehowtheconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesandroadmapsforUC,collaboration,andotherapplicationorservicerollouts.
• Modelthecostofstickingwiththecurrentarchitecture,goingoutatleastthreeyears.
• EvaluateatleasttwoSD-WANsolutions,overlayorservicebased,andmodelthecostofswitchingtothem.
• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementsyouexpecttorealize.
• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranches;businessunitsmayhavebuiltasignificantportionofthebusinesscaseforyou.
AboutNemertesResearch:NemertesResearchisaresearch-advisoryandconsultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].