This article is an excerpt from AOTMP’®s Efficiency First® Tools portal about SD-WAN technology.
Software-Defined Wide Area Network (SD-WAN) technology has capabilities that allow enterprises to exercise more control over data. As organizations consider implementing SD-WAN solutions, they will need to define policy and service-level agreement (SLA) performance standards to optimize the security features, cost-reduction potential, and dynamic network capabilities of SD-WAN.
SD-WAN technology allows the enterprise to create virtual overlays to segment applications traffic. This gives organizations greater control in securing communications across satellite branches and enterprise-wide. SD-WAN supports a myriad of connections such as Multiprotocol Label Switching (MPLS), internet, and Long-Term Evolution (LTE) through dynamic pathways – determined by policy – to allow for load sharing over Wide-Area Network (WAN) connections. This enables enterprises to utilize already-existing security solutions, such as segmentation, encryption, and firewalls by unifying security from a central point in the SD-WAN.
Centralized connectivity allows the enterprise to enforce policy from a single point ensuring synchronization throughout the organization. Additionally, since SD-WAN is not tied to underlying hardware, defining policy is flexible and solutions can be deployed ad hoc across the organization if necessary. For example, if an enterprise discovers a new security threat, instead of sending a patch or updating each end device, network administrators can release the fix to all devices simultaneously.
Segmentation in SD-WAN requires organizations to consider how to categorize applications and how traffic from those applications will flow through the network. Defining policy based on network traffic is essential to providing secure and seamless network connections. With its dynamic pathways, SD-WAN provides detours for data to reduce latency, packet loss, and jitter. For instance, voice application traffic and video application traffic have similar characteristics, so they are grouped together under the same policy requirements. Now, let’s say several instances of the applications are running at the same time over the SD-WAN. If the defined SLA parameters in the policy are not met, instead of bottlenecking, traffic is detoured over another path instantly.
Defining policy for SD-WAN technology requires the enterprise to consider existing business rules within the organization to identify policy intents. Additionally, SLA performance profiles should be defined including the source, destination, and required constraints of application traffic. Further, instead of thinking about the network in a hardware-based manner, view network configuration from an application perspective by considering the characteristics and conditions of the applications.
When determining how to categorize applications, consider defining profile categories by prioritizing applications based on throughput, latency, packet loss, and jitter to determine preferred paths (MPLS, internet, or LTE) for traffic. For security and performance, consider these examples:
- Segregate guest Wi-Fi from employee Wi-Fi traffic
- Group together BYOD (bring your own device) traffic and other applications with higher security risks
- Separate IoT (internet of things) traffic
- Isolate voice and high bandwidth applications
Once the categories have been set, the enterprise will need to determine:
- How performance and security monitoring will be tracked
- Who monitors the performance and security
- How any adverse issues will be addressed
- Who will handle those issues
AOTMP® Policy Development Recommendations
It is important to engage those within the organization who have knowledge and insight into the policy objectives. More specifically, include anyone with insight into network activity relating to technical, financial or operational aspects, business rules, and anyone else needed to shape the SD-WAN technology policy for the organization. Once the stakeholders have been identified, outline the general categories to include in the policy. Next, categorize topical areas with stated objectives; then group each topic into broader areas or categories for ease of management.
After gathering and organizing pertinent information, it is time to draft the policy language. Determine who has expertise in each section of the policy and assign those sections to the appropriate teams or individuals. Once drafts sections are submitted, review, discuss and finalize policy language as a team to ensure the policy is clearly articulated.
The next step is to educate any users affected by the policy. The organization will need to ensure the policy is enforced and monitored by:
- Identifying specific activities constituting policy monitoring and enforcement
- Identifying who is responsible for specific monitoring and enforcement efforts
- Establishing metrics that quantify compliance
As business needs evolve and change, you need to continue to revisit your policy content. Talk to us to learn how we can help.