As published in a recent article in SDxCentral based on research from MEF, both the SD-WAN and SASE markets show strong revenue and activity, but they both face challenges impacting market efficiencies and growth. Let’s review the related challenges presented in the article and see how a solid DDI Solution can help mitigate these challenges and ease multi-vendor SD-WAN and integration of Security options.
Challenges with SD-WAN for Service Providers and Enterprises
Across the globe, 36 Service Provider experts were surveyed and the results showed that the top three SD-WAN challenges are:
- Dealing with the complexity of operating and managing multi-vendor SD-WAN
- Integrating security options
- Defining end-to-end service level agreements (SLAs)
Let’s focus on the first two that can be addressed with a DDI Solution. Operating multi-vendor SD-WAN is a must for Service Providers to prevent vendor lock-in and offer various flavors of SD-WAN services to their end customers. It is also a common occurrence for Enterprises as due to Mergers and Acquisitions or by the sheer size of their global networks, they most often end up having to integrate solutions from different SD-WAN vendors delivered by various Services Providers throughout the world. The main problem for operating multi-vendor SD-WAN is the lack of common standards.
SD-WAN is a delivery framework of routing services and each SD-WAN vendor or Service Provider has developed and implemented their own solution and services without any interoperability in mind. So for both Service Providers and Enterprises, an SD-WAN network is always working on its own and is mutually exclusive with any other. The junctions are made in peering points. No problem for different customers subscribing to the same offer as their private networks are mutually exclusive by design but when it comes to integrating offers and services from various vendors, this becomes impossible.
The other deeper problem beyond that is the overall planning and management of multi-vendor SD-WAN networks. Each SD-WAN solution comes with its own set of planning and management tools, thus inhibiting consolidation at a higher level for the entire infrastructure. The same is true for integrating Security options as part of a SASE framework. There again the various levels of Security integration between the SD-WAN vendors and the lack of interoperability between the various implementations renders difficult the delivery of the same security level across SD-WAN vendors and Service Providers.
How an Integrated DDI Solution Can Help
This is where an Integrated DDI (DNS-DHCP-IPAM) Solution can help. To begin with, the IP Address Management service was previously bundled as part of the MPLS Service offer. With SD-WAN and more so with multi-vendor SD-WAN, the IPAM allows robust IP address management for a common single and unified Network Source of Truth for all multi-vendor SD-WAN networks providing an accurate dynamic data repository for enhanced control across the networks including the overlay network supporting IPsec tunnels. The solution provides cross-platform capabilities for management of millions of IP addresses and multi-vendor DNS and DHCP services within one unified platform and user interface, offering single viewpoint management for improved operational efficiency.
The Unified DDI Solution is vendor agnostic and enables global policy enforcement across the entire SD-WAN infrastructure allowing for instance a structured naming convention to be enforced. EfficientIP DNS Security provides real-time user behavior analytics and threat Intelligence to protect against DNS threats such as data exfiltration, and can even improve application access control. The solution can also work in conjunction with the security ecosystem to set up Application Zoning using DNS, restricting exposure and data visibility for unknown or unauthorized users.
With the introduction of multiple transport networks (MPLS, Broadband Internet, 4G/5G and even Satellite Constellations), SD-WAN provides diversity between sites allowing routing between sites based on multiple criteria such as capacity, cost, latency, and confidentiality on top of the basic availability. What SD-WAN does not deal with is when the server itself at the destination is no longer available. Provided a redundant infrastructure has been set up (multi datacenter application, Disaster Recovery Plan, etc.), Edge DNS GSLB will provide an alternate destination that could itself benefit from the SD-WAN network diversity thus delivering optimal application traffic routing for improved UX and resilience. Ultimately, whether for operational management or for security, both Service Providers and Enterprises need to automate their network operations to gain efficiency, reliability and strengthen security. EfficientIP SOLIDserver offers rich metadata to fuel powerful end-to-end network automation for deployment, operation and security.
Benefits of DDI for SD-WAN Projects
- Better rollout control of sites/services – orchestration of IP management
- Operational time savings – automate build/run/retire workflows and processes
- Streamlines security – aligned DNS security policy enforcement
- Strengthened resiliency – traffic routing fully leveraging network diversity
- Improved UX & Performance – traffic steering based on QoS criteria
- SD-WAN Vendor agnostic IPAM – aligned with the rest of IP infrastructure.
DDI as the Foundation of SD-WAN Management
Designing, rolling out, operating, and managing SD-WAN networks, securing them against newer network security threats while ensuring resiliency and state-of-the-art over-the-top Application Traffic Management, are new complex tasks for Service Providers and network teams.
An integrated DDI solution, offering easy and open integration as well as centralized management and unified user interface, allows MSPs and Enterprises to break from the silo approach and help overcome network management complexity.
On the one hand, the IPAM repository allows planning the network as it should be using best practices, while on the other hand, the discovery tools check what has been actually deployed on the network and provide the ability to reconcile the actual network with the plan as needed. Users need a solution that enables controlled, secured deployment and operations of IP infrastructure and DNS resources across multi-vendor SD-WAN.
Autor: Rocco Koll