SD-WAN may not be a new term, but it’s still a hot topic. As more and more enterprises shift to true SD-WAN deployments, there are beginning to realize that the promises of SD-WAN are harder to fulfill than anticipated.
The unfortunate reality is that the shortfalls of SD-WAN typically overshadow the opportunities, as they have a significant impact on deployments, day-to-day operations, and security. It’s a common conversation we have with our customers. So common in fact, we’ve begun to refer to them as the “Hidden Challenges of SD-WAN.” If your organization hasn’t already run into some of these hidden challenges yet, it’s likely you will at some point in the near future.
To help you overcome come, or even avoid them altogether, I want to share some insight and lessons learned to help understand why the shift to SD-WAN is well worth it, if done right, by leveraging automation.
The Promise of SD-WAN
To the network team, the WAN has always been like walking a tight rope without a net. Remote WAN sites use a variety of high-cost, low-speed, dedicated connectivity options from legacy fractional T1s, frame-relay, and ATM to modern MPLS deployments.
However, not every WAN site has the same options for connectivity, which results in vastly different network devices at each site with an array of configurations. Adding to the confusion, there’s usually no one technical at the other end of the WAN link that can help troubleshoot when there’s a problem. I won’t even mention the burden of working with the WAN provider to troubleshoot issues, because that may send some over the edge of sanity…
So, given the problems of managing WANs, it’s easy to identify and understand the solutions that SD-WAN could deliver. For enterprises looking at the bottom line, there was already a recognition that private line WAN services cost a fortune, and SD-WAN promised reduced costs with higher capacity by utilitzing less expensive internet connectivity and industry standard encryption. It certainly delivered on that, allowing organizations to reduce or eliminate spend on those expensive WAN links.
For the remote user, SD-WAN promised increased network performance and a better overall experience, whether they are accessing corporate resources in the data center or directly accessing the Internet. This meant fewer trouble tickets sent to the network team because “my computer/the internet/your server is slow.”
Finally, for the networking team, the promise of centralized management of WAN devices, increased network visibility, and easy automation was not only appealing, but it was a way to totally get off the tight rope and hopefully never, ever get back on. Ever again.
Where SD-WAN Falls Short & The Challenges It Brings
This point is where the hidden challenges began for the network team. Just like with all new technologies, there’s a learning curve and a realization that some of what was initially promised wasn’t fully delivered.
It makes sense to deploy SD-WAN initially at one or two sites to test the technology and figure out the process. Much of this process is new to network teams because it is a fundamentally different technology than MPLS. With SD-WAN, traditional WAN network teams are now dealing with complexities in cloud networking, understanding and troubleshooting VPN and overlay technologies, and perhaps for the first time, working with a network controller. There’s also a shift from hardcore CLI keyboarding on network devices to ClickOps heavy SD-WAN dashboards and tabbing when combined, slows down your ability to deploy sites resulting in missed deadlines and “upsets the management layer.”
Adding to the challenges, the shiny GUI gets in the way and can cause troubleshooting and network changes to take longer than before. This is because SD-WAN solutions have effectively removed the ability to use CLI as they require users to do without it. An SD-WAN controller for a particular vendor is locked into that solution and will never manage or control anything outside of it. That may sound obvious but consider how many other network solutions operate this way or are heading in that direction — data center controllers, wireless controllers, and every single cloud provider has a unique dashboard/controller. This means network teams are forced to swivel-chair between these unique network applications in order to make changes or troubleshoot problems, increasing ClickOps activities and reducing efficiency.
Finally, as more and more SD-WAN devices are deployed on the public Internet, it’s important to determine how configuration compliance is accomplished within each of these solutions. Every single SD-WAN vendor is unique and has a differing set of features and functionality. However, many of them completely overlook the ability to ensure consistent configuration compliance for all the remote network devices. They make it very easy for anyone to make changes with ClickOps but cannot determine if those changes adhere to a standard, comply to a best practice, or create a security risk.
Reap the Benefits of SD-WAN by Leveraging Automation
Fortunately, the world of network engineering isn’t entirely focused on dwelling on the challenges – instead it’s about finding solutions, putting them into practice, and overcoming those obstacles.
In order to overcome these hidden challenges, network teams have recognized that automation can help them, as nearly every major SD-WAN vendor has API methods available to be used with their controllers. Many of these methods allow for more flexibility in configuring devices, troubleshooting them, and result in a faster response over what is available through clicky dashboards.
The key for network teams is overcoming the skills gap to build automations that can utilize those SD-WAN APIs, which is why Itential’s suite of automation solutions were engineered to help network teams quickly build automations in a low-code canvas that can automate changes within the SD-WAN environment, across legacy data centers, or even across multiple cloud platforms. In addition, by using the same API integration technology used to communicate with your network controllers, teams can also integrate regularly used IT systems to become part of the automation. The outcome is an automation that can gather network information from a source of truth, open and update a change request ticket, make network changes, update the network monitoring system, and notify your team within your messaging system.
If you’re already experiencing some of these hidden challenges or anticipate encountering them in the future, Itential has a Pre-Built Collection of adapters and automations for SD-WAN solutions. If you want to see it for yourself, watch this demo video to see Itential can help overcome the challenges often associated with SD-WAN deployments and management.
Rich Martin
Director of Technical Marketing ‐ Itential
Rich Martin is the Director of Technical Marketing at Itential. Previously, Rich has worked at several networking vendors as a both a Pre-Sales Systems Engineer and Systems Engineering Manager but started his career with a background in software development and Linux. He has a passion for automation in the networking domain, and at Itential he helps networking teams to get started quickly and move forward successfully on their network automation journey.
