SD WAN and SASE are modest hype terms in the world of connectivity. They bring simplicity and flexibility to the customer, who becomes less dependent on vendors. In practice, however, this freedom quickly gives way to a new bond.

“I feel like SD Wan is slowly becoming established,” says Freek Pauwels, General Manager Citymesh Integrator. “Although I notice that not everyone really knows what it is about. When we ask customers what they expect from their SD-Wan, we sometimes get strange answers. Then the monkey gets out of control and it turns out that they don’t really understand what the solution exactly entails.”

Pauwels shares his insights at the round table on connectivity organized by ITdaily. Also at the table are Marc Vandeputte, CTO of Arcadiz, Mirko Montorro, Sales Director and Partner at Easi, Kristof Spriet, connectivity expert at Proximus NXT and Gilles Vergraven, Business Development Manager at Eurofiber. He is not really concerned about SD WAN, SASE or other solutions. “As long as they run over our fiber,” he laughs.

Relevant hype

Montorro notes that SD Wan is currently a bit of a hype. “Many companies initially wanted to implement an SD-WAN solution to save money,” he notes. “That is certainly not always the case in practice, and even more so in the national context, where MPLS is very competitive in terms of price. What you get is more flexibility and manageability. That’s why we are now seeing a big change, with some delay also in Belgium.”

Many companies initially wanted to implement an SD-WAN solution to save money.

Mirko Montorro, Sales Manager & Partner Easi

SD WAN stands for Software-defined wide area network and is in some ways the successor to MPLS (Multiprotocol label switching), although it actually uses MPLS networks on the backbone side as well. Traditionally, companies connect their branches in a WAN using MPLS, with traffic traveling along defined network paths thanks to MPLS routers and infrastructure to create a stable and secure connection. An MPLS network is a fairly complex matter, and one for which you will turn to a provider.

An SD-WAN solution offers similar functionality but connects LAN networks using software-defined connections, separate from the underlying connectivity solutions. This makes SD WAN more flexible and allows companies to connect their sites using alternative networks such as the public broadband network. “But don’t be under any illusions,” says Arcadiz’s Vandeputte. “In practice, large enterprise SD-WAN solutions still run over MPLS networks over the provider’s backbone.”

Free yourself from dependence on telecommunications

Verrupen also emphasizes this: “The speed and quality of your connection still depends on the network over which your SD-WAN solution sends your traffic.” However, there is a very big difference to classic MPLS implementations: Since SD WAN is software-defined, companies can separate themselves from the provider. It becomes much easier to switch between connectivity providers, whereas with regular networks over MPLS there was a vendor lock-in.

The speed and quality of your connection still depends on the network over which your SD-WAN solution sends your traffic.

Gilles Verschueren, Business Development Manager Eurofiber

“That’s a big difference,” agrees Spriet. “With SD Wan, companies suddenly become much less dependent on their connectivity provider and can switch more quickly.” But what do companies do with this new-found freedom?

“The lock-in is actually shifting to the SD-WAN vendors,” Montorro notes. “Customers are choosing one party to be responsible for all the devices that allow them to create software-defined connections, and there are many. It’s not surprising that an SD-WAN partner will provide all the hardware, from firewalls and switches to routers. Switching is possible and there is a zero-touch hardware rollout that will help with that, but migrating remains a large and complex task.”

Platform approach

Vandeputte also sees organizations opting for a monolithic approach where: Best of his breed in network and security are giving way to a platform approach with as many solutions as possible from one manufacturer. “And so we’re once again locked into suppliers, but on a different level.”

In this way, supplier loyalty is restored, but only on a different level?

Marc Vandeputte, CTO Arcadiz

This does not mean that companies should not look for new connectivity solutions. The vendor flexibility with SD-WAN already opens doors to several interesting possibilities. Montorro: “Organizations can now easily combine connectivity solutions from different vendors, for example a fiber optic line from vendor A with a coaxial connection from vendor B. We see that companies increasingly consider the availability of this to be sufficient to be able to say goodbye to more expensive solutions with more extensive Service Level Agreements (SLA’s).“

Modern connectivity solutions also provide more management capacity. Companies can use a dashboard to keep an eye on traffic flow, whereas previously they had to make do with reports using MPLS alone.

SD-WAN, SASE and SSE

SD WAN is not the end of the line, according to those present. “I wouldn’t be surprised if in a few years no one would be talking about SD WAN anymore,” thinks Montorro. He points to the rise of SASE (Secure Access Service Edge) and SSE (Secure Service Edge).

“From my experience, I see the transition from SD-WAN to SASE as a gradual process,” says Spriet. “SD-WAN and SSE are the first steps in the SASE story. Many companies are currently using hybrid networks, and these will be needed for some time. This requires local segmentation and security solutions that are both flexible and reliable.”

Many companies currently use hybrid networks, and these will be needed for some time to come.

Kristof Spriet, Connectivity Expert, Proximus NXT

In short, SASE combines SD-WAN with security features in the cloud. SSE is a variant for organizations that work primarily in the cloud and benefit less from the SD-WAN component, but want to have their security centrally in the cloud.

Is lock-in a problem?

In this case, too, companies enjoy freedom of choice in the underlying connectivity, but leave the keys to a single connectivity and security provider that takes care of the entire platform. Pauwels appreciates the simple approach, but also has some reservations. “In the past, companies deliberately chose two different manufacturers for their network on the one hand and their security on the other to build in an additional layer of security. Today, a single SD-WAN, SASE or SSE provider takes care of everything. If a security breach ever occurs, the consequences could be serious.”

So much is changing in the world of connectivity, while much is staying the same. Enterprises are buying flexibility and control by running their networks through software and cloud-based solutions, fighting to break free from telco lock-in. In the same breath, they are opting for a platform approach to connectivity and security at the level of their SD-WAN, SASE or SSE provider, which creates a new lock-in. “Is lock-in really that bad?” Vergraven wonders aloud.

This article is part of a series following the roundtable on connectivity organized by ITdaily. Read more here.