SD-WAN is a hot topic today when discussing communications. However, everyone seems to have a different definition of SD-WAN. This makes it hard to discuss the concept. Let’s try and dig in and understand what this technology is and how it can help your business.
SD-WAN in a Nutshell
In short, Software-Defined Wide Area Networks (SD-WANs) are networks that allow businesses to connect their geographically dispersed users, data centers, and endpoints into a contiguous network without being dependent upon any single carrier or type of connection. Having to operate in a public carrier environment, SD-WANs must provide secure connectivity between endpoints to create a secure business network that goes beyond the confines of the business’ private network. Additionally, some SD-WAN providers allow local internet breakout for traffic that does not need to traverse the business WAN.
Who Needs SD-WAN?
Any company that needs to extend the reach of their network beyond a single brick and mortar building and maintain a secure network needs SD-WAN. Businesses that require circuit redundancy at one or more locations will also benefit from SD-WAN. SD-WAN is applicable in the following examples and more:
- Retail stores and restaurants that belong to a franchise and must send credit card transactions to a central data center: The franchise sets up an SD-WAN connection to each of the retail locations enabling a PCI-compliant and secure connection to protect sensitive customer and payment information.
- Multi-site company: Any organization with multiple offices needs to connect the locations via a secure network. Whether it’s for sharing applications and files or the company just needs to have secure communications between sites (text, voice, or video).
- Remote offices and teleworkers: SD-WAN gives teleworkers access to the same applications and network resources as local workers. SD-WAN delivers high up-time at a lower cost than private circuits.
Besides Connectivity, What Does SD-WAN Offer?
In addition to secure connectivity, SD-WAN providers can also deliver the following:
- Cost reduction compared to other solutions such as MPLS
- PCI compliance to meet requirements of retailers
- Utilization of any broadband and wireless internet connection for site connectivity
- Elimination of dependency on any single public carrier allowing customers to choose the most cost-effective broadband in each location
All access across the VPN Cloud is controlled by firewall rules. Most users simply apply straight-forward allow-in and allow-out policies. Advanced firewall rules are also available for added security and control over the organization’s network. Rules can be applied at both traffic egress and ingress. Mako Enterprise Templates can be used to ensure firewall rules are consistent across all locations.
All communications are securely encrypted using strong, industrial grade AES (128bit/256bit) encryption required by the Payment Card Industry Data Security Standard (PCI DSS). Perfect Forward Secrecy
(ECDHE) is used to protect private data against brute force offline attacks.
All endpoints, including both edge appliances and Mako VPN Concentrators, are securely identified and authenticated using industrial grade certificates (ECDSA). Seamless certificate management and revocation is handled by the Mako central management system (CMS).
How Does SD-WAN Compare to MPLS?
Unlike MPLS, traditional private networks and many alternative SD-WAN providers, each Mako-connected site can access the Internet directly from their local Internet connection, without the use of a centralized Internet breakout hosted at a data center. This reduces the throughput requirements of data center VPN concentrators, and provides a more responsive Internet experience for local users through reduced latency and greater bandwidth. Mako Enterprise Templates and Mako Guardian content filtering can be used to apply a consistent Internet firewall and web policy at all sites, removing one of the main drivers for a centralized Internet breakout at a data center.
Mako VPN Cloud co-exists with existing MPLS and other private networks by deploying one or more Mako VPN Concentrators within the MPLS environment, along with a breakout to the Internet for the VPN Cloud traffic. This can be achieved by assigning the Mako VPN Concentrator(s) a public, Internet routable IP address, or by assigning a private NAT IP to the concentrator and port forwarding traffic from a public, Internet routable IP address to it.
The MPLS infrastructure and Mako VPN Concentrators will have routing table entries for each other. Individual entries can be used for each site, however it’s preferable if they can be grouped into supernets to simplify routing tables. For example, 10.0.0.0/9 could be for MPLS sites, and 10.128.0.0/9 could be for Internet Mako sites. BGP between the Mako VPN Concentrators and the MPLS routers is also an option.
The key difference for your business is cost. The SD-WAN solution offers a much lower cost compared to MPLS solutions while delivering network redundancy and similar performance. The cost difference can be hundreds of dollars a month per site! Even if you have just a few locations, this makes SD-WAN a serious consideration for your business. If you have 10 or more locations, it’s a no-brainer!
There are a number of companies that provide SD-WAN solutions as shown in the side-by-side comparison chart below. Vertical Communications has partnered with Mako Networks for our solution of choice for the following reasons:
- Mako offers their solution in a cloud service and a purchase model. This means that the customer can choose how to purchase the solution.
- Mako is unique in offering PCI-DSS compliance that is extended all the way to the merchant (endpoint). This results in lower PCI compliance costs for businesses.
- Mako holds a unique patent that allows data from the endpoints to travel directly to the datacenter without having to traverse through the cloud. This provides a much more direct and efficient flow of data, further enhancing security.
- Mako offers easy connectivity to multiple networks including cellular failover. This is a key benefit for really taking advantage of SD-WAN.
- Mako includes additional applications that provide full internet security as well as user content filtering. A Mako unit can replace multiple network devices into a single solution for your business.
How does Mako stack up?
What is needed to get Mako SD-WAN?
Simply contact Vertical who is a full-service partner of Mako. The Vertical solution team can evaluate your current network, determine the best solution, and get you up and running within days. The Mako hardware requires little on-site configuration. It’s just plug and play with all features managed centrally through Mako’s cloud console.
Getting Started with SD-WAN
Are you ready to learn more or get started with SD-WAN? Vertical can help you implement a secure, scalable, and highly-redundant wide area network that allows for transport across multiple carriers using any internet connection. Fill out the form below to get in contact with Vertical about a SD-WAN solution for your business.