A safe network with SD-WAN, SD-branch and SASE

IT-medewerker beheert netwerk
16.12.2024

SD-WAN, SD-branch and SASE are three network and security technologies that are gaining traction. Our expert explains the technologies and the practical benefits they offer. 

Today, all companies face network challenges. As businesses grow, they need watertight security or a hybrid working solution, and the latest network and security technologies provide the answer. We spoke with Marc Schuermans, Solution Architect ITN at Orange Belgium, who works closely with customers every day in search of the ideal solution to their needs.

 

What inspires organisations to consider solutions such as SD-WAN, SD-branch and SASE?

“I think the most important trend is that organisations are increasingly turning to cloud solutions, which requires secure access methods. In addition, there has been the shift to hybrid work, which means organisations need secure access from various locations. With cyberattacks becoming increasingly advanced, secure access is an absolute priority. Traditional IT architectures approach network and security separately, resulting in more security loopholes. Conversely, SASE, or secure access service edge, integrates both domains in order to provide overall protection.

“In more general terms, we are also witnessing a search for ways to bring down IT infrastructure expenses. SD-WAN enables companies to use a cheaper internet connection without compromising on performance. And finally, there is a growing demand for network flexibility. Some applications require low latency while others need high bandwidth. SD-WAN and SD-branch use dynamic path selection to improve the performance and user experience of applications.”

 

With cyberattacks becoming increasingly advanced, secure access is an absolute priority.

Marc Schuermans 

 

What is the difference between SD-WAN and traditional WAN solutions?

“SD-WAN stands for software-defined wide area network, a name that is actually self-explanatory. It’s a technology that uses software to both manage and optimise a combination of network connections. By contrast, the architecture in a traditional WAN is hardware-based. SD-WAN is actually a software layer that is superimposed on the underlying hardware layer of the network. While a traditional WAN typically has a single network provider, for instance via MPLS, an SD-WAN lets you combine different connections, such as MPLS, internet and 4G or 5G, even if they come from different providers.”

 

How do those differences manifest?

“With a traditional WAN, the configuration in every branch must be carried out manually. With SD-WAN, this can be done automatically from a central location. For instance, you can define in a policy that a specific application will take precedence over other applications. This is then automatically applied across the infrastructure of every branch. This is typically used to keep the latency with such applications as VoIP and video conferences as low as possible.

“Routing network traffic is another aspect that is handled very differently. A traditional WAN does this based on the IP addresses of source and destination machines and a series of fixed rules are established for this purpose. SD-WAN uses a more dynamic routing method: the optimal path is determined using application-aware routing, for instance the path with the lowest latency. As soon as conditions change, for example due to network congestion, the policy automatically triggers a reconfiguration that sends the application’s network traffic along a new path. This is because SD-WAN continuously monitors and reacts to all available network connections.”

 

What are the other benefits?

“If you have multiple WAN connections and automatically use the best one, this means you have redundancy. If one connection goes down completely, network traffic automatically switches to one of the remaining available connections, without interruption. Another benefit is direct access to cloud services from the different branches. With a traditional WAN, access to cloud services at every branch goes through a data centre or the head office. With SD-WAN, this is done directly from every branch, which boosts responsiveness.”

 

If one connection goes down completely, network traffic automatically switches to one of the remaining available connections, without interruption.

Marc Schuermans 

 

What is SD-branch?

“SD-branch stands for software-defined branch, a network solution that implements the principles of software-defined networking across the entire network of branches. While SD-WAN focuses on the connection between a branch and cloud services and other infrastructure, SD-branch concentrates on unifying multiple branches.”

 

So unification simplifies IT infrastructure management across multiple locations?

“Exactly. Everything is managed from a central location, both WAN and LAN, switches, wireless access points and network security equipment, for all branches. But it’s not just about centralising management – it’s also about monitoring, automation and deployment. It gives you end-to-end visibility across your entire network, too, so you can track the entire flow of an end user.”

 

Does SD-branch also offer benefits with the deployment of network devices?

“That’s right. SD-branch makes it possible to carry out zero-touch deployments. You’re configuring a device you want to install. When it is installed at the branch in question, it connects with the central server and downloads the right configuration. As a result, you no longer have to dispatch engineers to every branch to configure network devices. The configuration of different devices can also be based on the same template, guaranteeing consistency.

“Even after installation, you can easily manage all your devices across all branches with SD-branch, ensuring consistency through automatic firmware updates, security patches, etc. So you don’t have to update every device manually and risk forgetting one.”

 

Let’s look at the last of these three technologies: SASE, or secure access service edge. Can this be seen as an expansion of SD-WAN?

“Not entirely. SD-WAN is one of the building blocks of SASE. It’s more like an evolution of SD-WAN, and is a cloud-based unified approach to network and security. While SD-WAN is network-oriented and designed to optimise connectivity, SASE is user-oriented. The emphasis is on secure access to applications, regardless of the location of applications, users or their devices.

“The SASE architecture doesn’t link users directly with their applications; instead it uses an SASE PoP, or point of presence. The connection with a PoP is established with SD-WAN and in the event of problems SD-WAN will automatically connect with a different PoP.”

 

Is implementing a zero trust model essential to guarantee secure access to SASE?

“It is not strictly necessary, but it is highly recommended. The zero trust model and its ‘never trust, always check’ approach also dovetails closely with the core principles of SASE. A fair number of SASE solutions have been developed using that same approach, whereby no user, device or application is trusted as standard, whether inside or outside the network perimeter. Personally, I think zero trust is essential to realise SASE’s full potential.”

 

Do you have any tips for organisations migrating to SD-WAN, SD-branch or SASE?

“Although these solutions offer a range of benefits, it is important to identify a clear and measurable goal. Decide how much cost reduction you wish to realise or how you want to improve security. Without clearly identifying your goal, it’s impossible to evaluate the migration.

“Also keep in mind that these migrations are often complex. Plan tryouts and assess whether your IT department has sufficient expertise. You may have to schedule additional training. A typical scenario is that while your team includes a LAN technology expert, you have no one with the required expertise in security. You should also determine whether you want to manage everything yourself or opt for a provider to manage the infrastructure for you.”

 

What criteria can organisations use when selecting a provider?

“Consider the solution the provider implements. Does it include all the features you expect? Can you use it to manage the entire infrastructure in all your branches from a central dashboard? Does the solution comply with all the regulations you have to follow, such as the GDPR? When comparing solutions, you need a good idea of the costs because these solutions come in various flexible price models. Take into account the provider’s reputation, the support they provide for their solution, the possibility of integration with other applications, whether the solution is regularly updated and whether there is a road map.

”On the other hand, you must realise that SD-WAN is a layer on top of the network. It is always preferable to choose a provider that offers both layers, so you have a single point of contact in case of problems. If not, you run the risk of having your network provider and SD-WAN provider blame each other in the event of problems. Also determine whether your provider has expertise in both networks and security.”

 

Are these solutions only available to major corporations? Or can SMEs also enjoy the benefits?

“They are definitely suited for SMEs as well. You don’t need dozens of branches to enjoy the benefits: it can be useful with just two branches, and SASE also works with a small number of users. These technologies are ideal for companies that have integrated hybrid working, and the centralised approach is ideal for an SME with a small IT team.”

 
 

Are you interested in deploying these network and security technologies in your organisation? Contact our IT experts at business@ictexperts.orange.com.

Hello, Interested
in our offer?
Welcome to
Orange Business.

Thanks for your interest in our offers, let's schedule a meeting.

Contact us

I have a question or a complaint