20
Nemertes Research Group Inc. www.nemertes.com 1-888-241-2685 The CIO’s Guide to SD-WAN Embracing Less-Expensive Connectivity Makes SD-WAN a Powerful Engine of WAN Savings, Enterprise Agility, and Improved Application Delivery Mixing less-expensive connectivity into the WAN cannot only slow the growth of WAN spending, but actually reduce it—while improving agility, performance, and uptime. 2017 By John Burke CIO and Principal Research Analyst Nemertes Research Compass Direction Points: ± SD-WAN can save money on connectivity. Explore SD-WAN to curtail growth of MPLS spending or even reduce it by substituting Internet links for MPLS some or all of the time. ± SD-WAN can improve uptime. Nemertes research data show a 92% reduction in WAN outages at SD-WAN sites. Explore SD- WAN to reduce the cost to the business of WAN problems. ± SD-WAN can reduce IT WAN management costs. Nemertes research data show a 95% reduction in WAN trouble tickets. Explore SD-WAN to reduce management overhead.

Compass Direction Points - nemertes.com€¦ · The CIO’s Guide to SD-WAN ... Compass Direction Points: ... In-net SD-WAN can be tied to Network Functions Virtualization

Embed Size (px)

Citation preview

N e m e r t e s R e s e a r c h G r o u p I n c . w w w . n e m e r t e s . c o m 1 - 8 8 8 - 2 4 1 - 2 6 8 5

TheCIO’sGuidetoSD-WANEmbracingLess-ExpensiveConnectivityMakesSD-WANaPowerfulEngineofWANSavings,EnterpriseAgility,andImprovedApplicationDeliveryMixingless-expensiveconnectivityintotheWANcannotonlyslowthegrowthofWANspending,butactuallyreduceit—whileimprovingagility,performance,anduptime.

2017

08

ByJohnBurkeCIOandPrincipalResearchAnalystNemertesResearch

CompassDirectionPoints:

± SD-WANcansavemoneyonconnectivity.ExploreSD-WANtocurtailgrowthofMPLSspendingorevenreduceitbysubstitutingInternetlinksforMPLSsomeorallofthetime.

± SD-WANcanimproveuptime.Nemertesresearchdatashowa92%reductioninWANoutagesatSD-WANsites.ExploreSD-WANtoreducethecosttothebusinessofWANproblems.

± SD-WANcanreduceITWANmanagementcosts.Nemertesresearchdatashowa95%reductioninWANtroubletickets.ExploreSD-WANtoreducemanagementoverhead.

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

2

TableofContents

COMPASSDIRECTIONPOINTS: 1

TABLEOFFIGURES 4

EXECUTIVESUMMARY 5

THEISSUE 6

WHATISSD-WAN? 6

TYPESOFSD-WAN 7OVERLAYSD-WAN 7OVERLAY:PROS/CONS 8IN-NETSD-WAN 8IN-NET:PROSANDCONS 9

MAKINGABUSINESSCASE 9BOTTOMLINEBENEFITS 9TOP-LINEBENEFITS:BUSINESSAGILITY 9STRATEGICSUPPORTANDDIGITALTRANSFORMATION 10TOOMUCHRISK,ORRISKREDUCED? 10FORAGLOBALWAN,AGLOBALSD-WAN 11

THENEMERTESSD-WANCOSTMODEL 11COSTCOMPONENT:CONNECTIVITY 11COSTCOMPONENT:CAPITALEQUIPMENT 12COSTCOMPONENT:TROUBLESHOOTINGANDPROBLEMRESOLUTION 13

CUSTOMIZINGTHEMODEL:MAKINGITWORKFORYOU 14SIZEANDCONVERSIONPERCENTAGE 14CARRIERSERVICEOPTIONS 14CAPITALEQUIPMENTSHIFTS 15SD-WANAPPLIANCETYPE 15SITETYPES 15

MODELOUTPUTS 16SD-WANVSCLASSICALWAN 16OVERLAYVSIN-NETSD-WANSAVINGS 17

SD-WANUSECASES 17USECASE1:BENDINGTHECOSTCURVEONRESILIENCE,GROWTH 17

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 3

USECASE2:OPERATIONALEFFICIENCYFORITANDTHEBUSINESS 18USECASE3:BUSINESSAGILITYVIASMARTERBRANCHING(FASTERISBETTER) 19

CONCLUSIONANDRECOMMENDATIONS 19

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

4

TableofFiguresFIGURE1:SD-WANWITHMESHANDHUB/SPOKEVIRTUALWANS...................................................................6FIGURE2:OVERLAYSD-WANARCHITECTURE.............................................................................................................7FIGURE3:IN-NETSD-WANARCHITECTURE..................................................................................................................8FIGURE4:SD-WANMODELVARIABLES..........................................................................................................................14FIGURE5:MODELINGCONNECTIVITYTOTYPICALSITES.....................................................................................16FIGURE6:MODELOUTPUTS.................................................................................................................................................16FIGURE7:USECASE#1—BETTERBACKUP..................................................................................................................18FIGURE8:USECASE#2—MOVINGAWAYFROMMPLS...........................................................................................18

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 5

ExecutiveSummarySD-WANisapotentialgame-changerforwideareanetworking—onthesamelevelasservervirtualization,whichtransformeddatacentersoverthelast10years.SD-WANcombinestheuseofmultipleactivebranchlinks,intelligentdirectionoftrafficacrossthoselinks,andcentralized,policy-drivenmanagementoftheWANasawhole.Theabilitytoleveragemultiplelower-costservices(includingInternetand4Gwireless)aswellastraditionalserviceslikeMPLSholdsthepromiseoftransformingIT’srelationshiptotheWANandtheWAN’srelationshiptothebusiness.Transformationalpotentialisnotenough.IThastobuildacompellingbusinesscaseformakingthetransition.Thebaseofthecasemustbecost.NemerteshasdevelopedandvalidatedanSD-WANcostmodelthatenablesenterpriseuserstobuildthatbusinesscase.Theshortversion?SD-WANdeploymentscancutmillionsfromlargeWANservicebills.ButconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings;byprovidingcheaperandmoretransparentandautomaticfailoverwhenWANlinksfail,SD-WANcanreducebranchWANoutagesandtroubleshootingcostsby90%.ForITandnetworkingprofessionalsthemessageisclear:nowisthetimetotakeacloselookatyourWANarchitecture,withtheaimofidentifyinglocationsthatcouldbenefitfromhigherbandwidth,lowerrates,increasedreliability,orallthree.ModelthecostofstickingwiththecurrentarchitectureandcomparethatagainstatleasttwoSD-WANsolutions.IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscasebasedonthem,aswellasotheroperationalsavingsandanybusinessvalueassignedbythebusinesslinestofasterbranchturn-up.ITstaffshould:

• Assesstheamountoffailover-onlybandwidththeyarepayingfornow• AssesstheirdemandcurveforWANandInternetbandwidth:determinehow

theconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesforUC,collaboration,etc.

• Modelthecostofusingthecurrentarchitectureforthreetofivemoreyears.• Evaluateandmodelcostsforatleasttwoin-netoroverlaySD-WANsolutions• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,they

shouldbuildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementstheyexpecttorealize.

• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranchesordeliveringnewservicesmorequickly;businessunitsmayhavebuiltasignificantportionofthebusinesscase.

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

6

TheIssueIntheclassicengineer’sformulation,“Youcanhaveitcheaper,faster,orbetter…picktwo.”Fromtimetotimenewtechnologycomesalongand,bychangingthebasicassumptionsunderlyingexistingsolutions,managestobecheaperandfasterandbetterallatonce.SD-WANpromisestohitthetrifecta.BychangingtheunderlyingassumptionsabouthowITconnectsabranchtotheWAN(and,indeed,whatconstitutesabranch)itoffersthechanceofimprovingagility(i.e.beingfaster)andperformanceandreliability(i.e.beingbetter)whilealsoreducingcosts.BuildingabusinesscasefordeployingSD-WANinvokesallthreebenefitsbutrestsmostlyonthestrengthofsavings,whetherintheformofexpectedcostincreasesavoided,orasactualcostdecreases.

WhatisSD-WAN?Let’sstartfirstwithdefinitions.Software-DefinedWAN,orSD-WAN,incorporatesseveralkeyconcepts:

• Abstractingedgeconnectivity:Makingalltheconnectionsintoalocationusefulasasinglepoolofcapacityavailabletoallservices.

• WANvirtualization:OverlayingoneormorelogicalWANsonthepoolofconnectivity,withbehaviorandtopologyforeachoverlayWANdefinedtosuittheneedsofspecifictypesofnetworkservices,locations,orusers.(PleaseseeFigure1.)

• Policy-driven,centralizedmanagement:KeytoanSD-WANistheabilitytodefinebehaviorsforanoverlayWANandhavethemimplementedacrosstheentireinfrastructurewithoutrequiringdevice-by-deviceconfiguration.

• Flexibletrafficmanagement

DC

BranchRTR

BranchRTR

BranchRTR

Internet

MPLSCarrierCore

SD-WANRTR

MeshWAN

SD-WAN

SD-WAN

SD-WAN

Hub-and-SpokeWAN

Figure1:SD-WANwithMeshandHub/SpokeVirtualWANS

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 7

forperformanceandsecurity:SD-WANscanoptimizetrafficinmanyways;foremost,theycanselectivelyroutetrafficacrosslinksbasedoncriteriasuchaslinkperformance.

TypesofSD-WANTherearetwokeywaystoprovidetheseservicesinaWAN.Nemertescallstheseoverlayandin-netSD-WAN.

OverlaySD-WANInanoverlaySD-WAN,thenewSD-WANappliancesaredeployedonanexistingroutednetwork,eitherbehindtheroutersorreplacingthemasthebranchconnectiontotheWAN.SD-WANappliancescanalsocollapsethetypicalbranchstackbyreplacingotherbranchWANappliancessuchasoptimizersandfirewalls.MorethanadozencompaniessellSD-WANappliances,bothphysicalandvirtual(whichallowextensionoftheSD-WANintopubliccloudspacessuchasAmazonEC2,MicrosoftAzureCompute,orGoogleComputeEngine).Someareintendedtoreplacerouters,sometoridebehindthem,otherscanfilleitherrole,andenterpriseITstaffneedtocarefullyevaluateeachagainsttheirspecificneeds.Forexample,thosewithanagingrouterplantbutmostlyMPLSandCarrierEthernetorbroadbandlinksmayfindrouterreplacementveryattractive.ThosewithalotofolderT1orT3connectionsthatcan’torwon’tbereplacedwithEthernetmaywanttokeeptheirexistingroutersinplace,toterminatetheolderconnectivity,whileusingtheSD-WANsolutiontosupplementitwithwiredor3G/4Gbroadband.

Figure2:OverlaySD-WANArchitecture

MPLS Carrier Core

Branch

DC

Branch

Inte

rnet

SD-WAN

Encrypted tunnels Optionally encrypted tunnels

SD-WAN

SD-WAN

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

8

Overlay:Pros/ConsIntheoverlayscenario,SD-WANappliancescomprisealayerofenterpriseinfrastructuredistinctfromtheWANconnectivitytheymanage,allowingITtoeasilyaddandremovenetworkserviceprovidersandlinktypes.Thisgivestheenterprisemaximumflexibilityonconnectivityservices,butincurstheburdenofmanagingthesolutionitself.Thisistypicallylesstroubletomanagethantheold-schoolrouterplant,andcanevenhelpmakeroutermanagementeasierwhereroutersstayinthepicture,butisstillasignificantoperationalresponsibilityforIT.

In-NetSD-WANIncontrast,in-netSD-WANtiestheSD-WANfunctionalitytotheconnectivityservices.Thesefunctionsmayallbeprovidedintheserviceprovider’sedgeandcoreinfrastructure,withthebranchusingatraditionalroutertoconnecttotheprovider’snearestpointofpresence.Or,someorallfunctionsmaybeprovidedon-premisesviaappliancesunderserviceprovidermanagement;thispushesworkoutoftheserviceprovider’sinfrastructureandalsoallowsoptimizationoflast-mileconnectivityviacompression.

Figure3:In-NetSD-WANArchitecture

In-netSD-WANcanbetiedtoNetworkFunctionsVirtualization(NFV),withthevariousfunctionsprovidedbyseparate,cooperatingVirtualNetworkFunctions(VNFs)dynamicallydownloadedtotheon-premisesdevice(wherethereisone)orchainedintothetrafficpathinthecarrierinfrastructure.Thisopensthepossibility

SD-WAN Service Cloud

Branch Branch

DCSD-WAN

Internet

Encrypted tunnels

SD-WAN SD-WAN

PoP

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 9

oftheon-premisesdevicebeingwhite-box/genericratherthanbespokefortheservice,decreasingvendorlock-insomewhat.

In-Net:ProsandConsThetrade-offforhandingoffthemanagementburdenfortheSD-WANisthelossofautonomywithrespecttoconnectivity.Inthein-netscenario,youcan’tnecessarilymixandmatchlinksfromdifferentvendorsfreely.ThenewlevelofWANfunctionalityistiedtothein-netSD-WANprovider,afterall.Ifyouhavetroublegettingconnectivitytoallyoursitesfromasingleprovider,thatbecomesanissue.Likewiseifyouwanttohaveproviderdiversityforyourbranchconnectivity,aswellaspathandlink-typediversity:thatis,youwanttohaveeachbranchhavealinkfromatleasttwodifferentproviders,e.g.oneforMPLSandadifferentoneforInternet.Thein-netSD-WANproviderhastoallowfor(andpotentiallypartnerwith)theotherprovidersyouwanttouseinorderforyoutofoldinlinksfromthoseothervendors.Thissharplylimitsenterprisechoiceinthematter.

MakingaBusinessCaseBottomLineBenefitsFirstandforemostinthebusinesscasemostSD-WANuserswillbuildiscostsavings,andthemainsourceofhard-dollarcostsavingsinSD-WANisthesubstitutionoflower-costconnectivityinplaceofmoreexpensivekinds.Theorganizationmightbelookingforimmediatesavings.Inthatcase,thegoalwillbetodecreaseabsolutespendingonconnectivity.ThiscanbeaccomplishedbyreplacingMPLSorotherrelativelyexpensiveconnectivity(atleastasreckonedonacost-per-Mbpsbasis)infavorofalessexpensiveoption:replacingsomeMPLSlinkswithbusinessInternetservices,orevenconsumer-gradebroadband.Or,theorganizationmightbelookingforsavingsoveralongertimeframe—lookingto“bendthecostcurve”fortheirWANastheyprojectcurrentgrowthtrendsintothefuture.Inthiscase,theymaychangelittleornothingintheircurrentuseofMPLS,forexample,butshiftallgrowthtoothermedia.Fully78%oforganizationsdeployingSD-WANhavenoplantocompletelydropMPLSfromtheirWAN.However,mostintendtoreduceandrestricttheiruseofit,ifnotimmediatelythenoverthenextfewyears.

Top-LineBenefits:BusinessAgilitySpeedhasvalueinbusiness.Forthegrowingnumberofbusinessesadoptinga“getclosertothecustomer”approachtotheirphysicalstorefronts,thatspeedcanbemeasuredinpartbyhowmanydaysittakestoturnupanewbranch.SD-WANcan

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

10

radicallyalterthatnumber.Mostsolutionsallowfreemixtureofdifferentkindsofconnectivity.Consequently,anewlocationcanbebroughtupwithwhateverformofconnectivityismostreadilyavailable,beitcableorDSLoreven4G/LTE,andcanbecomeonlineinunderaweek,evenwithinadayofreceivingitsendpointequipment.Contrastthatwiththemoretypical30to90ormoredaystoconnectupanewbranchusingtraditionalapproaches.AnotherformofagilitythattheSD-WANapproachlendsitselftoisrapiddeploymentofnewWAN-basedservices.Centralized,policy-basedmanagementoftheWANasawholeallowsrapidreconfigurationtosupporttheadditionofnewservicesaswellaschangesintheprioritizationoftheapplicationportfoliooverall.Thebusinesslinesresponsiblefornewbranchoperationscanlikelyputadollarvalueoneveryadditionalweekorevendayofoperationsforanewlocation.ITshouldbereachingouttothemforthatinformationinconstructingthebusinesscase.Likewise,theywillhaveputavalueonthebenefitsofdeliveringthenewservicestheyarepursuing,andITshouldreachouttogetthatinformationforanyinitiativesplannedforthenearterm.

StrategicSupportandDigitalTransformationThatrapiddeploymentandintegrationofnewservicesisinturnthecornerstoneofanotherlevelofvaluetoconsiderinabusinesscase:supportforstrategicinnovationsandespeciallyDigitalTransformation(DT)efforts.ManyDTinitiativesrevolvearoundnewusesofreal-timecommunicationstointeractwithcustomersandprospects.Others,aroundinsertionintotheenvironmentofnewtechnologiesthatgeneratestreamsofdatathatflowbacktothedatacenterorouttothecloud—sensors,digitalsignage,locationtrackingdevices.Ineithercase,theWANbecomesthechannelbywhichDTdataflowstoandfrombranches,andSD-WANprovidestheabilitytoswiftlyaddnewflowstothemixwithouthurtingperformanceforwhatisalreadythere,aswellastoeasilymeetnewbandwidthdemandsusingmoreaffordableconnectivity.

TooMuchRisk,orRiskReduced?SD-WANsolutionscanalsocontributetothesecurityofanorganization.AlthoughtheymakeitpossibletomoreeasilysendtrafficdirectlytotheInternetfromthebranch,avoidingbackhaulsthroughthedatacenter,mostbuildfirewallfunctionalityaroundthat,andallallowforcarefulselectionofwhichtrafficisallowedtoflowdirect.Forexample,policycanallowtraffictoandfromOffice365orSalesforcetogodirect,whileotherweb-boundtrafficisnot.And,onanotherfront,creatingaholisticallymanagedWANusingproviderendpointsallowstheorganizationtoeasilyandreliablykeeptheendpointscurrent

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 11

onallsecurity-relatedupdatesandpatches.MostorganizationsarereluctanttoapplypatchesandupdatestoalltheirWANrouterstoofrequently,sincetheyhavetoinvestsignificantstaffhoursinpushingoutpatchesbranchbybranch,anddoingsousuallyinvolvesaninterruptioninservices.Toomanyorganizationsapplypatchesandupdatesonlywhentheyhavenootheroption,ratherthanwheneveroneisavailablethatwilltightenupsecurity.Asystemintendedtoallowno-down-time,comprehensiveupdatingchangesthisdynamicentirely,andimprovestheoverallsecuritypostureoftheorganization.

ForaGlobalWAN,aGlobalSD-WANSD-WANcanbeakeyenablerofsimplifiedglobaloperations.SD-WANcanmakeiteasierfortheorganizationtospinupnewbranchesanywheretheyneedto,globally,bydeliveringaconsistentsetofserviceswhiletakingadvantageofwhateverlocalconnectivityoptionsareavailable.And,fornewandexistingbranchesboth,securelydeliveringgreaterconsistencyandbetterperformancetobothin-houseandcloudapplicationscanboostproductivityglobally.In-netSD-WANcanenjoyaparticularadvantageinthisscenariobyusinganoptimizedbackbonetodeliver“middle-mile”optimizationsindependentoflocale.Assumingabroadenoughdistributionofproviderpointsofpresence,thiscaneliminatemostoftheunpredictabilityofmulticontinentalInternetperformance,ahugeboonwhenthedatacenters(whethertheenterprise’sortheenterprise’scloudproviders)areaworldawayfromthebranch.

TheNemertesSD-WANCostModelTheNemertesmodelincorporatesthreekeycostcomponentsoftheWANandofSD-WANsolutions:connectivity,capital,andoperations.Itisbuilttosupportmultipledecisionpointsinregardstoeach.

CostComponent:ConnectivityInassessingcostsforanyWANarchitecture,circuitandservicecostsrepresentthelion’sshare.And,asnoted,thelargestpieceofcostsavingsfromSD-WANcomesfromchangesincircuitandservicecosts.Whetheroverlayorin-net,afundamentalconceptbehindSD-WANistouseanyavailablenetworkroutesthatdeliveranapplication’srequiredqualityofservice;wherebigcheapInternetlinksareavailable,alotoftrafficwillshiftontothemoffmoreexpensiveMPLSlinks,whichcanshrinkorgoaway.ThisprovidesITwitharangeofoptionsforaddingbandwidth,andletsnetworkprofessionalstakeadvantageofthefullrangeofoptionstodelivertheirparticularmixofservices,sitetypes,andusecases.Dependingontheorganizationanditsapplications,thatmaymean:

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

12

• Routingunifiedcommunicationsandotherreal-timetrafficoverMPLSwhileshiftingotherapplicationtraffic,filetransfers,andotherlatency-insensitiveapplicationstobusinessorconsumerInternetservices(whichcostupto10timeslessthancomparableMPLSservices)

• RoutingallapplicationsacrossMPLSwhereavailable,andusing4Gwirelessasbackuporforoverflowtraffic

• ShiftingallapplicationsfromMPLStobusinessorconsumerInternetservicestomaximizecostsavings,withtwoormoreprovidersperbranchbothforresilienceandtoallowthesolutiontotakeadvantageofwhicheveroneofthemprovidesthebestperformanceforservicestheenterpriseuses.

Soatthecoreofourcostmodelisthe“circuitcosts”component,whichincludesallservicesthatanenterprisehasinthe“beforeSD-WAN”stateandthoseitwillhaveafterdeployingSD-WAN,including:

• MPLScircuits:TraditionalMPLSserviceswithSLAandpossiblymultiplelevelsofQoS

• BusinessInternet:InternetservicesprovidedwithanSLAandsymmetricalservice,i.e.thesamebandwidthuptotheInternetanddownfromit

• ConsumerInternet:Consumer-gradeInternetservices(althoughalsotypicallyprovidedforsmallerbranchoffices)whichdon’thaveanSLAandmay,ifbasedoncableorDSL,beasymmetrical,withlowerbandwidthfortrafficgoinguptotheInternetthanfortrafficcomingdownfromit

• 4GorLTEwireless:Broadbandwirelessservicesusuallyusedasinitialconnectivityinanewbranch,orasbackuporoverflowcapacityforanestablishedbranchwithotherconnectivityavailable.

CostComponent:CapitalEquipmentGivenhowlarge,comparatively,thespendonconnectivityis,withalongenoughreplacementcycle(fivetosevenyears,althoughcostsareusuallyamortizedoverthreetofiveyears)thecostofcapitalequipmentcanseeminsignificant.Evenasthebranchstackhasgrownfromjustaroutertoincludealsooptimizationandfirewalls,thiscanstilllooktrue.Thatis,itcanseeminsignificantifyouhaveeasyaccesstocapitalfunds.However,manyorganizationsfindcapitalfundsincreasinglypinched.That,coupledwithanacceleratingpaceoftechnologychangemakesabigupfrontinvestmentinalongreplacementcycleuntenable,fornow.So,theimpetusistoreducecapitalspendbyconsolidatingthestackintoasinglebox;ortoshiftcostsfromcapitaltooperatingexpenses.SD-WANappliances,especiallythenewestgenerationonesusedbycarriersandserviceprovidersintheirin-netsolutions,areintendedtobeabletoreplaceroutersandfirewallsandsomefunctionsofWANoptimizers,whetherviaintegralfunctionsofaunifiedappliance,or,intheNFVscenario,viarouter,firewall,oroptimization

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 13

VNFsrunalongsidethecoreSD-WANVNF.Inotherwords,anapples-to-applesbefore-and-aftercomparisonofcapitalequipmentmightinclude:

Ormanyothercombinations.Themodelaccommodatesselectinghowmanysiteshaveaseparatefirewallbeforethetransition,andhowmanyafter;likewiseWANoptimizers.Webundlebothsoftwarelicensingcostsandamortizedhardwareintoasinglelineitem.

CostComponent:TroubleshootingandProblemResolutionAlthoughtheyfeelkeenlythefactthattheyhavetoomuchtodoandtoolittletimeinwhichtodoit,networkprofessionalsusuallydon’tknowexactlyhowmuchtimethey(andtheirteams)spendintroubleshootingandresolvingWANproblems.That’sbecauseteamstypicallywearmultiplehats,andoutagesandissuesoccurrelativelyinfrequentlyinmostWANs.Overthecourseofayear,anetworkengineermightestimateshespends75%ofhertimeonupgradesandnewinstallations;10%ofhertimedoingarchitectureandplanning;andtheremainderontroubleshooting.Butunlessthecompanysheworksforisexceptionallyobsessiveabouttime-tracking,there’snowaysheknowsthis.Andwhensitesdoexperiencesignificantconnectivityissues,solvingtheproblemisparamountandtime-trackingwhatgoesintoitisnot;resolutionpushesasidenormalworkandofteninvolvesafter-hoursandweekendworkthatisrarelytrackedandaccountedforaccurately.Whatwefoundinresearchforthecostmodel,aswellasinthe2016CloudandDataCenterBenchmarkresearch,isthatregardlessofhowmuchtimenetworkengineersinvestintroubleshootingandproblemresolution,thatnumberdecreasedbyroughly90%withdeploymentofSD-WAN.Thatmayseemcounter-intuitive,giventhatwithSD-WANnetworkarchitectsareintheoryputtingless-reliableInternetlinksintheroleofprimaryconnectivitybeside(orinplaceof)morereliableMPLSlinks.However,inpractice,mostusecasesinvolvemovingfromsingleMPLSconnectionstopoolsconsistingofMPLS-plus-Internetormultiple-Internetconnections—andaconsequenceofmovingtomultipleconnectionswithtransparentfailoveristoreduceoreliminatetheimpactofanysinglelinkhaving

Before:• Hardwarerouter• HardwareWANoptimizer• Nofirewall• NoSD-WANappliance

After:• Softwarerouter(VM)• SoftwareWANoptimizer• Softwarefirewall(VM)• SD-WANappliance

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

14

problems.TheSD-WANtechnologyhappilyreroutestrafficoverthegoodlink(s),andsimplyresumesusingthelinkthatwentdownassoonasitisbackup.Whenthere’saserviceoutagewithasingleMPLScircuit,networkengineersneedtodropeverythinganddealwiththeoutageuntilthesiteisbackup.Butwhenacircuitgoesdownandothercircuitstakeitsplace,it’snotreallyanoutage;it’smerelyservicedegradation,andnotanemergency.Andgiventhatsuchoutagesareusuallytemporaryandself-correcting,oftennoactionbyITisrequired.

CustomizingtheModel:MakingItWorkForYouSizeandConversionPercentageForacostmodeltoapplytoanygivenenvironment,usersneedtobeabletocustomizeittoreflecttheircurrentenvironmentandplannedchanges.Thisabilityiskeytoconducting“what-if”analyses:determiningwhichoptionsmakethemostsenseforagivendeploymentscenario.Toenablecustomization,Nemertesfocusedonafewkeyvariables.(PleaseseeFigure2.)Firstandforemost:theWANsize(numberofsites)andthepercentageoftheWANconvertedtoSD-WAN,becauseSD-WANdoesn’thavetobeallornothing.Userscaninputboth,andseehowtheresultschange.

Figure4:SD-WANModelVariables

CarrierServiceOptionsThenextmostimportantvariableinthecostequationis,asnotedabove,thecostofconnectivityservices.Thiscomprisesmultiple,separatevariables:Whichproviderisdeliveringservices,andwhichservices—MPLS,businessInternet,consumerInternet,andLTE—areinuse,andathowmanysites.Themodelallowsuserstoselect“before”and“after”optionsforservicetypes,andtodefineconnectivityprofilesforafewcommonbranchscenarios(seebelow).Thecostforthoseserviceswilldrawfromoneofthreesources:

• Specificcarriercosts.Networkprofessionalswhoworkwithaspecificcarrier,orwhoareconsideringselectingthatcarrier,canselectthatprovider’scostsfortheoptions

How many sites on WAN? 100Carrier GenericPercentage of sites converted to SD-WAN 100%Percentage with full firewall before 5% 3 yearsPercentage with full firewall after 25%Percentage with WAN otimization before 50%Percentage with WAN otimization after 0%

Percentage routers replaced by SD-WAN appliance

80%

Nemertes SD-WAN Cost Model and Business Value Analysis

Overlay solution selected

WAN Variables SD-WAN

Overlay

Amortization Period

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 15

• Specificenterprisecosts.Networkprofessionalswhoknowtheirowncostsforservicescanplugthosein,andhavethemodelcompareconfigurationsbasedontheactualcostspaidforservices

• Genericcosts.Networkprofessionalswhodon’tknowtheirowncostsandaren’tfocusingonaspecificcarriercanleverageanaverageofbenchmarkandsurveydatacollectedbyNemertes.Thesearepaidcosts,notlistprices,sotheyprovidearealisticsenseofactualmarketcosts.

CapitalEquipmentShiftsWealsoenableuserstoindicatebeforeandafterscenariosforcapitalequipment.Theseinclude:

• Routerreplacement.Asindicatedabove,somesolutionsallow(andevenencourage)routerreplacement.Atleastonemayrequireit(i.e.forin-routerSD-WANrequiringanewenoughroutertosupportit).Removingabranchrouterreducescapital,management,andmaintenancecosts

• Branchfirewalls,pre-andpost-transition.AsignificantappealofSD-WANistheabilitytosendcloud-boundtrafficdirectlytothecloudratherthanroutingitbackthroughadatacenter;deployingmoreDirectInternetAccess(DIA)inbranchesmeansdeployingmorefirewallstosecurethoseconnectionpoints.SomeSD-WANsolutionsprovidestrongfirewallfunctionality,othersdon’t,andinsomecasesITwillwanttodeployastandalonenomatterwhat,asamatterofpolicy

• WANoptimizers,pre-andpost-transition.Betweenincreasesinusablebandwidth(withconsequentdecreaseincontentionforcapacity)andtheabilityofSD-WANappliancestosupplycrucialWANoptimizationfunctionssuchasprioritizationandrouteoptimization,enterprisesoftenhavenoongoingneedforaseparateoptimizationapplianceinanSD-WANsite.

SD-WANApplianceTypeAlthoughthetypeofSD-WANappliancedoesn’taffectthecostofadeploymentdramatically,weletusersselecttheSD-WANappliancestheyareconsideringaspartofthemodeling.ThisisaparticularlyusefulcapabilitywhenitcomestocomparingoverlaySD-WAN(forwhichusersmustpurchasetheirownSD-WANappliances)within-netSD-WAN(inwhichprovidersdeliver,andmanage,theapplianceaspartoftheservice).

SiteTypesLastly,theNemertestoolallowstheusertodescribetheorganization’smostcommonsitetypesintermsoftheircurrentconnectivityprofileandtheprofiletheywouldliketoshifttoviaSD-WAN.(PleaseseeFigure3.)Sitetypescanrangefromalargeheadquartersordatacentertotypicalmidsizebranchofficestosmall

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

16

branchesorevenkiosksorotherunstaffednetworksites(e.g.anATMoraRedBoxorsimilarnetwork-connectedvendingmachine).

Figure5:ModelingConnectivitytoTypicalSites

ModelOutputsThemodel’sgoalistodeterminenotonlywhetherSD-WANcandelivercostbenefits,butparticularlywhatsortofSD-WANisoptimal:overlayorin-net.

SD-WANvsClassicalWANAsoutputs,themodelcomparescurrentcostswithSD-WANcosts,modelingbothanoverlayandanin-nettransition.(PleaseseeFigure4.)

Figure6:ModelOutputs

Per-Site Variables Site Type 1 15% Site Type

2 30% Site Type 3 50% Site Type

4 5%

Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100

Commodity Internet LTE

Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS Business Internet Commodity Internet LTE

Classic WAN (MPLS)

$1,884,162$477,350$8,827

$2,370,339

Cost Component SD-WAN In-Net SD-WAN

Annual Circuit Costs $1,335,627 $1,335,627Annual Capital/Licensing $298,300 $359,100Annual Troubleshooting $883 $88

Total Cost $1,634,810 $1,694,815Savings over classic model $735,529 $675,524

Nemertes SD-WAN Cost Model and Business Value Analysis

Overlay SD-WAN vs In-Net SD-WAN

Cost Component

Annual Circuit CostsAnnual Amoritized Capital/Licensing CostsAnnual Problem-Resolution Costs

Total Cost

Cost Analysis: Classic WAN (MPLS)

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 17

Thisprovidesnetworkprofessionalswiththeopportunitytogaintwopiecesofinsight.First,howmuch(ifany)willconvertingtoSD-WANsave?Andsecond,whichtypeofSD-WAN—overlayorin-net—savesmost?

OverlayvsIn-NetSD-WANSavingsWhichsolutiongeneratesgreatersavingsdependsonthetransitionscenariosenvisioned.Currently,userswillbemostlikelytoseein-netSD-WANgeneratinggreatersavingsinscenarioswhereMPLSconnectivityisleftintactandnoconsumerbroadbandisaddedtothemix.WhenconsumerservicescomeintoplayandMPLSuseisscaledback,overlayusuallytakesthelead.Itisimportant,though,tokeepinmindthattheattractionofoutsourcingabigpartofSD-WANmanagementviaanin-netsolutionmayoutweighsmalldifferencesinsavings.Someorganizationswouldthinktheprospectofsaving20%overcurrentspendinglevelsandoffloadingmanagementmoreattractivethansaving30%andkeepingit;offloadingtheworkfreesstaffuptoaddvalueinotherways.SD-WANUseCasesUseCase1:BendingtheCostCurveonResilience,GrowthMostWAN-connectedbranchesofsignificantimportancehaveaprimarylink(typicallyMPLS)andabackuplink(usuallyanIP-VPNrunningacrossanInternetlink).Undernormalcircumstances,theyuseonlytheprimarylink.If,andonlyif,thatprimarylinkfailswilltheyusethebackuplink,andtheywillusethatonlyuntilserviceontheprimaryisrestored.Usually,thefailoverbetweenprimaryandsecondaryisslowenoughtobreakallnetworksessionscurrentlyrunningtoorfromthebranch,bootingpeopleoutofconferencesandhangingupvoiceorvideocalls,terminatingsessionsoncoreapplications.Inalltoomanycases,itwillbemanualandrequireWANstafftimetoexecute.Thewholedramaisreplayedwhentheprimarycomesbackupandservicesaremovedbacktoit,unlesstheWANstaffwaituntil“afterhours”tomaketheswapback—typicallystillpenalizingstaffwithpoorerWANperformance(andpenalizingthemselveswithafter-hourswork).ThepresenceofunusedbackuplinksisoneofthechiefavenuesbywhichSD-WANsolutionscanprovidevaluequickly.UsingNemertes’SD-WANTCOTooltomodelvariousscenarios,itiseasytoseethatevensomeonemakingthemostconservativechoicesaboutconnectivity—e.g.keepingexistingMPLSlinksinplaceandatcurrentspeeds,andusingonlybusinessInternetcan,bymakingactive/activeuseofexistingIP-VPNlinkstodoubleavailablebandwidth,offsetbigspendingincreasesassociatedwithbigbandwidthincreases.Forexample,considera100-siteWANspending$1.88MayearonMPLSandbackupInternet.Doublingthespeedtothebranchesresultsina35%costincrease,to$2.54M,usingtheconventionalprimary-plus-

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

18

failoverarchitecture.(PleaseseeFigure5.)Switchingtohot/hotuseofbothoriginallinksviaSD-WANinstead,doublingeffectivebandwidthwithoutactuallyincreasinglinkspeeds,avoidsthathugeaddedcost.

Figure7:UseCase#1—BetterBackup

DecreasingMPLSportspeeds(butretainingMLPSasacoretechnology)andshiftingsomesmallerlocationsoffitentirely,caneasilydecreaseconnectivitycostsbynearly30%,to$1.33M.(PleaseseeFigure6.)Moreradical(andconsequentlyriskier)shiftsoffMPLScandrivesignificantlydeepersavings.

Figure8:UseCase#2—MovingAwayfromMPLS

UseCase2:OperationalEfficiencyforITandtheBusinessInadditiontoprovidinglowercostformoreconnectivityforbrancheswithduallinksalready,fullyleveragingInternetlinksviaSD-WANgivesmanyotherbranchessomethingtheynevercouldaffordbefore:resilience.ManysmallandmidsizebrancheshaveonlyasingleMPLSlinkandnobackup,orasingleInternetVPNlink.Forsuchbranches,thecostofasecondlinkusefulonlywhenthefirstfailedwasseenasunjustifiablewhencomparedtothecostofdowntime.ButbyfullyexploitingasecondInternetlinkassoonasitisavailable,SD-WANmakesinvestinginthesecondlinkpartofagrowthandperformancestrategyatthesametimethatitprovidesbusinesscontinuity.SD-WANlowersthebarrierstoinvestinginredundancyandimprovesenterpriseuptimeevenfurtherasaresult.

Per-Site Variables Site Type 1 15% Site Type

2 30% Site Type 3 50% Site Type

4 5%

Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100

Commodity Internet LTE

Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 100 1 20 1 10 2 100Business Internet 1 100 1 20 1 10 2 100Commodity Internet LTE

Per-Site Variables Site Type 1 15% Site Type

2 30% Site Type 3 50% Site Type

4 5%

Links per typical site (CURRENT) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 50 1 10 1 5 2 100Business Internet 1 50 1 10 1 5 2 100

Commodity Internet LTE

Links per typical site (AFTER) Number Mbps Number Mbps Number Mbps Number MbpsMPLS 1 30 1 5 2 100Business Internet 1 100 1 20 1 5 2 100Commodity Internet 1 5LTE

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607 19

Andofcourse,whenabranchhasmultipleactivelinksandintelligenceinhowtheyareused,difficultiesonanyonelinkhavelessimpact.Branchesexperiencelessdowntime,abouta90%reductioninNemertes’2016CloudandDataCenterBenchmarkdata.Thiscanrepresentenormousimprovementsinproductivityforbrancheswithpoorconnectivitycurrently.Suchimprovements,whichmostbusinessacknowledgeexisteventhoughtheyhaveahardtimequantifyingthem,shouldbementionedasancillarybenefitsinanySD-WANbusinesscase,eventhoughtheyaregenerallynotenoughtodriveapprovalofadeploymentinandofthemselves.Similarly,anSD-WANbusinesscaseshouldmentionITtimesavings,aswell.Whenlinkproblemsdon’thavediscernibleimpactonusers,theurgencyoftroubleshootingtheissuesdecreases.Giventhatmostsuchproblemsaretransitory,ITcurrentlyengagesinalotoftroubleshootingonWANissuesthateventuallyjustresolvethemselves.Bymakingmostlinkissuesnon-eventsfortheusersandthebusiness,aswellasbyprovidingintelligenceontheexactnatureandtimingoftheproblems,SD-WANcandriveasmuchas90%reductioninWANtroubleshootingtime,accordingto2016CloudandDataCenterBenchmarkdata.

UseCase3:BusinessAgilityviaSmarterBranching(FasterIsBetter)It’simportanttotrackanother“soft-cost”improvementofSD-WAN:businessagility.ForWANs,thisaspectof“faster”boilsdowntoonething:branchleadtime,thelengthoftimeittakestolightupanewnetworksite.ForMPLSnetworks,ITexecutivesbemoanlengtheningleadtimes,whichformanyofthemhavecreptupfrom30to60dayseightyearsagoto90to120now.BycontrasttheycanoftenprovisionwiredInternetserviceinaweekortwo;LTE,inadayortwo.Withbusinessagilityonmanyminds,thisisnosmallimprovement.Youcan’tbuildthebusinesscaseonit,usually,buteverybusinesscaseshouldmentionit.And,ifthereisanexplicitcorporatestrategybuiltaroundanimblerbranchstrategy,thebusinessmayhavedonetheworkofquantifyingthevalueofeachdayshavedofftheleadtimeforlightingupanewbranch,andITshouldleanheavilyonthatinbuildingtheSD-WANbusinesscase.

ConclusionandRecommendationsSD-WANcombinesactiveuseofmultiplebranchlinks,intelligentdirectionoftrafficacrossthoselinkstoprovidebetterperformance,security,andreliability,andcentralized,policy-drivenmanagementoftheWANasawhole.ItholdsthepromiseoftransformingIT’srelationshiptotheWANbysimplifyingmanagementofcomplexbehaviors,promotingresilienceandcontinuityofservice,empoweringmorenimble

©NemertesResearch2016±www.nemertes.com±888-241-2685±DN5607

20

branchstrategies,andradicallydecreasingthecostofmeetingrisingbandwidthandperformanceneeds.Asalways,IThastobuildacompellingbusinesscaseformakingatransitionlikethis,especiallywhereanup-frontinvestmentwillberequired.Thebaseofthecasemustbecost,and,basedonNemertes’SD-WANcostmodel,savingsshouldbeeasytocomeby.ThebiggestcostcomponentintheenterpriseWANistheconnectivity,andSD-WANcandrivemajorsavingsonconnectivityinacoupleways:preventingthemajorcostincreasesassociatedwithmajorbandwidthincreases,bymakingalllinkstoasiteusablesimultaneously;andallowingactualspendingreductionsbymeansofsubstitutingless-expensiveInternetbandwidthforsomeorallofanenterprise’smore-expensiveMPLS.Note,though,thatconnectivityisnottheonlyavenuebywhichSD-WANcandrivesavings.Bymakingredundantlivelinkscheapertodeployandmakingfailoveramonglinkstransparenttoendusers,SD-WANcanreducebothWANoutagesandWANtroubleshootingcostsby90%.ITstaffshould:

• Assesstheamountofbackupbandwidthyouarepayingfornow—thelinksonlyavailableasfailoverconnectivityintheeventanMPLSlinkfails.

• AssessyourdemandcurveforWANandInternetbandwidth:determinehowtheconnectivityprofilefortypicallocationsislikelytoevolveinthenextfewyearsbasedonexistingITstrategiesandroadmapsforUC,collaboration,andotherapplicationorservicerollouts.

• Modelthecostofstickingwiththecurrentarchitecture,goingoutatleastthreeyears.

• EvaluateatleasttwoSD-WANsolutions,overlayorservicebased,andmodelthecostofswitchingtothem.

• IftheSD-WANnumbersshowsignificantpotentialsavingsovertime,buildabusinesscaseonthem—butdon’tleaveoutanyotheroperationalimprovementsyouexpecttorealize.

• Lookforquantificationofthebusinessvalueofagilityinstartingnewbranches;businessunitsmayhavebuiltasignificantportionofthebusinesscaseforyou.

AboutNemertesResearch:NemertesResearchisaresearch-advisoryandconsultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].