Your thoughts on VPN vs SD-WAN

[DirtyDingusMcgee]

I've a client with multiple branches and i'm thinking about switching from VPN to SD-WAN for the 2 remote sites. It isn't really so much a necessity, as it performs well enough as is, but it will make the insurance/risk management folks happy. I have managed gateways at the sites, so i really don't have to do much. What am i really gaining? I've done it some, and am confident in making it work, I just thought I would get some input from the other network folks out there.

So, your thoughts on VPN vs SD-WAN?

 

[Bill_Bright]

I recently had a similar conversation with a colleague. Much came down to size of the organization, future expansion plans, and, of course, money.

From a IT manager's perspective, I would prefer SD-WAN because of its centralized network management capability and better security. Latency issues were another issue, but we decided in most cases, those are much less significant - but depending on client demands and expectations, may move up in priority.

However, SD-WAN is more expensive to set up and, sadly, many bean-counters are unwilling or incapable of looking past today. The big challenge in many companies is convincing those holding the purse-strings to spend money on things that NEVER bring money back into their purses. There is no profit in having a secure, easy to manage network. To them, every dollar spent is a lost dollar. They don't see the value in preventing $1000s ($millions!!!) of lost dollars down the road.

So your challenge then is to convince the bean-counters/C-level executives to think strategically - that is, past today and out into tomorrow and even years down the road. That's where investing in SD-WAN today will pay good dividends (or at least prevent major losses) tomorrow.

Good luck with that! At least it appears convincing your insurance/risk management folks will not be an issue as they tend to be strategic thinkers. Now if they control the purse-strings, you are in!

I found this article that makes for pretty good reading, explaining pretty well the terms lay-people may [hopefully] understand.

 

[DirtyDingusMcgee]

Fortunately, I can bypass the bean-counters in this instance. The owner Ok'd it, so now i just need to get the equipment lined up with the MSSP (which is Nuspire). By my calculations, the insurance discount will mostly offset the cost. Guess I'm putting in SD-WAN. As much as anything, I was looking for unseen downsides, but the consensus from you and other colleagues is that there aren't any besides cost. Thank you for the input Bill.

 

[Bill_Bright]

I learned the hard way years ago that "bypassing" bean-counters can backfire when seeking funds for future projects "IF" they feel slighted because you did a "runaround" on them this time. I obviously don't know the "atmosphere" (office politics) in your organization so this may be a non-issue. I am just saying, if the bean-counters suddenly get an order they were not expecting (or budgeted for) to cough up money for a project they didn't know about, hard-feelings may ensue.

I would give them a heads-up and keep them in the loop. And if you learn they were not aware of the project already, blame the owner for keeping them in the dark!

Good luck!

 

[DirtyDingusMcgee]

An update.

Got my SD-wan running. works great. Going from main site to remotes via primary fiber links and wireless secondaries. just a couple router swaps, not too big a deal really.

Cisco catalyst 8300s.....can barely even put a load on them.

Everything is cloud, so entire network is pretty flat. Simple NAT. Runs good....totally transparent to the users.

 

[Arjai]

I found this article that makes for pretty good reading, explaining pretty well the terms lay-people may [hopefully] understand.

That article was a good one. I am not a network guy but, I feel I learned some more about it. I love TPU for just this reason. Picking up knowledge, without even trying to! LOL.