Making the jump from a traditional network and security model to embrace the benefits of a consolidated, software-defined approach is not as straightforward as some vendor marketing would have us believe.
While the advent of ZTP (Zero Touch Provisioning) and ZTC (Zero Trust Configuration) can simplify the physical migration process, the reality is that to truly take advantage of these features, it’s important to stop, think, plan, design, and test to make sure these models will work in the real world.
As a part of Teneo’s ‘Shared Risk’ approach to delivering SD-WAN and SASE projects, we focus on the following 6 design considerations to ensure minimal risk and a smooth transition.
1 – Background & Architecture
Although it might sound obvious to start with a review of where you are now before embarking on a new project, we continue to be surprised by the number of organizations that don’t do this as a first step. SD-WAN and SASE are not single-department projects, and adopting these architectures will have far-reaching impacts across the business. Identifying and aligning all stakeholders, including 3rd parties, is vital to the project’s ultimate success.
In addition, ensuring that the project is aligned to the strategic direction of the business must be taken into consideration. Failure to select the right technology or design now could be very costly later if project leadership teams are not privy to or focused on where the business is going.
In terms of current architecture, we see that while the majority of companies have network diagrams, they often demonstrate what the network looked like previously or how they want it to look today. The reality is that networks are living, breathing things, and engineers often make changes on the fly without updating documentation. Worst still, the changes might have been made by someone who is no longer with the organization. The best approach is to audit what you currently have before you think about what you want to achieve.
2 – Performance
Adopting a software-defined approach gives you far greater control of performance across the network. Therefore, it is crucial to understand the needs of your users and the needs of your applications. Traffic manipulation techniques like Forward Error Correction (FEC) and WAN Optimization can be applied where needed, but it is important to know how and when to use them for maximum gain.
3 – Agility
As hybrid working becomes the norm for millions of employees, network and security policies must adapt to keep pace. SASE encompasses a Zero Trust Security model and allows for policy to be delivered at the point of need. It is critical to identify the level of agility needed before you transition to these models. Failure to do so can cause problems further down the line and could lead to expensive redesigns.
4 – Security
When considering the digital transformation of connected devices, a surprising number of network teams don’t speak to security teams within the same organization. To fully realize the benefits of a SASE architecture, it is vital to identify the required defense posture and where security functions will be performed on the network.
Cloud security services are becoming commonplace but are not without limitations. Due consideration must be given to how and where data is sent. As our reliance on connected services for both work and recreation evolves, the protection of sensitive information is vital to how networks are designed.
5 – Connectivity
A key consideration here is how far you want to stretch the SD-WAN fabric. While SD-WAN is transport agnostic, it is traditionally a branch-based solution. Driven by the pandemic, Work From Anywhere (WFA) has seen the need to deliver office-like connectivity to home users. However, physical hardware solutions are often not cost-effective to deploy in the average end user’s home office.
While some SD-WAN and SASE vendors offer agent-based connectivity solutions, others rely on ecosystem partners to move users securely from their public internet connection to the corporate environment. There are pros and cons to both approaches; the key is understanding user behavior and connectivity requirements.
6 – Migration
Once you have worked through the first 5 considerations, it is time to give some thought to how you will transition to the new world. Even for ‘small’ deployments, it is all but impossible to cut over in one go. How you manage to connect SD-WAN/SASE sites to legacy sites must be built into the migration plan.
Although the above hints at a small number of the design considerations to address when embarking on an SD-WAN or SASE transformation project, it is worth noting that this is not an extensive list.
Teneo has supported organizations with network transformation projects for over 20 years. Our experts can guide you through these key considerations to ensure your project is a success.
For more information about Teneo’s SD-WAN services, visit: https://www.teneo.net/sd-wan/
For more information about Teneo’s SASE services, visit: https://www.teneo.net/solutions/sase/
Blog Author: Brett Ayres, Services Director, Teneo