Are you struggling to decide between multiprotocol label switching (MPLS), a virtual private network (VPN), or a software-defined wide area network (SD-WAN)? Are you unsure about how to secure your evolving network, provide secure remote access and ensure compliance with data regulations? Do you want to know if SD-WAN will save you money and what other benefits it can offer?
As technology continues to advance and data compliance and security regulations become increasingly strict, these are some of the pressing questions that tech leaders need to be able to answer. In this article, our networking expert explores some of the differences between SD-WAN and MPLS to help you plan your next network move.
To find the right network for your business, it’s important to think about your IT strategy for the next 3-5 years. But sometimes, a transformative solution to support innovation is needed. That’s one of the benefits of SD-WAN. It helps solve some of the network challenges you might be facing currently, such as:
- Using SaaS apps such as Microsoft Teams, Salesforce, and Sage
- Dealing with poor service from your current network provider
- Not having enough information about your network and how users are using
- Wanting to adopt new last-mile technologies such as FTTP to reduce costs
1. Designing Your Network
Many organisation’s IT strategies will typically include a Data Centre, public cloud, and SaaS. These all need to be connected by the corporate-wide area network (WAN). A network is the critical channel that delivers various workloads and applications to end users. The type of network needed depends on the types of applications being used, as some applications require more bandwidth, less latency, or more security than others. To ensure the network performs well, all these factors need to be considered both at the design and implementation stages.
2. Adapting Your Network
Very often an enterprise will classify its sites based on their criticality – for example, P1 (24x7x365 business hours), P2 (8×7), P3 (8×5), with an uptime target for each. Those priorities will not always remain the same; sites may need to be repurposed, expanded, or contracted in response to business needs. In some industries, it may be necessary to add a site to the network using a temporary 4G connection. For example, if there is a push to quickly bring a new office site online, but the last mile connectivity cannot be provisioned quickly enough, then Mobile Data services could provide very basic internet connectivity for critical services internally.
The network, therefore, needs to be able to adapt to accommodate different business dynamics, both in the UK and overseas. A managed network contract with a partner should allow for this kind of flexibility and innovation as part of a long-term investment.
3. Planning Your Network with Data Insights: SD-WAN vs MPLS
The first step in planning a network should be to assess both the current and expected workloads, especially those you may be planning to roll out as part of a strategic digital transformation. If the current network is an MPLS, then this may present a challenge: with an MPLS router at every endpoint, there’s very little granularity of the information on the edge of the network as only layers 3, the network layer and layer 4, the transport layer are visible.
Therefore, when planning a network move, it’s critical to assess and understand how the computer network is being used by the employees in the organisation. To achieve this level of understanding, “sniffer” tools can be used to identify the activities happening on the network. By gathering a month’s worth of data, it’s possible to gain sufficient insight into commonly performed tasks and frequent traffic patterns. This kind of information is invaluable for upfront planning and future budgeting for optimum network performance.
4. Moving from MPLS to SD-WAN: A Useful Bridge
An SD-WAN can serve as a useful bridge. Its overlay can work on both MPLS and internet access circuits, regardless of provider. This means that enterprises can move from MPLS to internet access, or a combination of both, with less risk and less cost for the network required to handle the transformation of data centre workloads.
A lot of corporate traffic is routed out to the internet over the MPLS network, including web-hosted applications (SaaS), guest Wi-Fi, and traffic from employees’ personal devices. This mix of traffic travels through the corporate firewall and creates additional work to manage and separate it. A more efficient and cost-effective approach would be to split this traffic at the network edge and route directly to the internet from every premises. But in doing so, a wider attack surface is created, requiring more security.
5. Converging Security and SD-WAN
To send internet traffic to SaaS applications faster, it’s more efficient to connect to the internet locally at each location. However, this can make the company more vulnerable to attacks. To protect against these attacks, security equipment or firewalls need to be installed at each site, which can be costly and require specialised skills. Replacing MPLS routers with more intelligent devices should enable security and networking to converge as a fully managed service, where changes to network routing and security policies are dovetailed, and the complexities of integration between different vendors are eliminated.
Additionally, it’s unclear how much money can be saved by reducing MPLS bandwidth when internet traffic is routed locally. To figure this out, a careful analysis of current network traffic is needed to see how much less MPLS traffic will occur when applications and workloads are moved to the cloud or replaced with SaaS. It’s this kind of traffic insight that can also light up the answer to poor service. On-demand reporting of traffic usage, network health, and service availability is key to good supplier relationships. When it comes to guidance for IT managers, service delivery reviews and advice from technically astute account managers go hand in glove. Monthly face-to-face meetings should be part of the service wrap and include a discussion of security threats, defences, incidents, and events.
6. SD-WAN vs MPLS – Is SD-WAN More Cost Effective?
Now, let’s answer the big question: Will switching from MPLS to an SD-WAN be more cost-effective? It will depend on the providers you work with, but one key consideration is that MPLS is usually delivered with a backup circuit that’s only used if the primary circuit fails. In contrast, SD-WAN can use both circuits at the same time, which means you can get more bandwidth for the same price.
It’s also important to consider changes within the last mile technologies, the final part of the telecommunication network connecting a customer’s premises to their internet provider, and how recent upgrades in this area might impact your overall costs. For example, BT Openreach is retiring the copper infrastructure and faster access technologies such as FTTP and SoGea have become more widely available. Regional wireless providers and other independent competitors are also entering the market and as a result, bandwidth has come down in price significantly. Meaning there has never been a better time to include the WAN as part of the overall IT strategic review. SD-WAN also supports Long Term Evolution (LTE) access to the internet, so there’s a carrier-diverse alternative to broadband. If LTE can be factored in as a fail-over path – albeit with reduced bandwidth – then some MPLS ethernet access circuits at less critical sites could be terminated as soon as contracts expire.
In conclusion, if you’re moving to the cloud or your MPLS contract is ending, it’s a good time to consider switching to SD-WAN. However, making a change always involves some risk and, in this case, the better prepared you are, the smoother the transition. To ensure your transition is as smooth as possible, it’s important to create a plan, gather information about your WAN including which applications are most important, which sites are critical, be clear when your current contract ends, and finally define your service goals.
It’s no secret Enterprise Network Architecture is more distributed, complex, and vulnerable today than it has ever been. To rise to this challenge, Telefónica Tech and Fortinet have combined their expertise to reimagine networking and security. flexWAN is single solution where networking and security converge to empower the hybrid work era. Combining the global capabilities of Fortinet Secure SD-WAN with the managed security and cloud services of Telefónica Tech ensures quality of experience and security no matter where users are located by providing agile connectivity and next-generation managed cyber security ready for multi-cloud environments.
This service is built on the idea of prioritising security in networking, offering a combined solution for networking and security management. It also enables the extension to SASE (Secure Access Service Edge), ensuring customers can securely and efficiently digitise their workplaces with the best possible performance and state-of-the-art connectivity.
To understand the benefits of a converged networking and security transformation, click below.