Skip to main content

How to compare DIY and outsourced SD-WAN

(Image credit: Image source: Shutterstock/ Supphachai Salaeman)

Software-defined WANs (SD-WANs) are growing at an incredibly fast pace. When you look at the benefits, it’s not hard to understand why.  The cost savings for MPLS, the flexibility for application performance, ease of management and the security benefits for branch offices make it an attractive option. According to IDC and Dell’Oro Group, the SD-WAN market is predicted to grow between 35-40 per cent each year over the next five years. Many in the IT solution provider market have taken notice and are seeing more and more customers asking, “Should I build this in-house or should I outsource it to a managed service provider?”

While I can’t definitively answer that question for you, I can shed some light on several key areas customers should be thinking about and considering as they evaluate the options. Let’s jump into them.

What size is your organisation?

Choosing between in-house (or DIY) and a managed SD-WAN service can come down to the size of the organisation. Smaller companies in which the WAN is less critical or have limited staff may find that taking the managed approach might be a good option (perhaps they want to save cost, but setting super granular policies is less important). The smallest companies are much less likely to need a managed service provider (MSP), as they might just be able to connect directly to the internet. For organisations that only have a few sites – and don’t do much inter-site communication (for example it’s all through a SaaS app, like Office365) – SD-WAN may not be necessary to begin with.

The number of sites is also a factor for large organisations. Are they global? Are they running critical applications across large networks that traverse multiple carriers and regions? The amount of control and visibility required for certain applications is key to determining whether or not an organisation would be best served building an SD-WAN internally or using an MSP. For example, with big retailers, most locations have to go back through centralised applications for real-time process queries, checkouts, inventory, etc. This means the WAN is critical to business operations, so they might choose to deploy and manage it internally for ultimate control.

Do you have the in-house skill set?

While building an SD-WAN in-house is much easier than raw WAN construction or VPN deployments, it still requires some expertise. When evaluating the best technology approach to SD-WAN, every organisation must establish a complete understanding of the networking team’s skillset. Network engineers with excellent technical chops are a must for rolling out and maintaining large deployments, especially at scale and in mixed WAN environments (after all, who is going to set all the policies, deploy vEdge devices, make routing changes on legacy networks, etc.?).

Customers need to ask themselves what happens when the SD-WAN is performing sub-optimally, which could be due to errors specifying the policy or due to bugs causing  connectivity issues to particular sites or the controller. If the management of the SD-WAN is outsourced to a provider, organisations are heavily reliant on the MSP for a fix (just like using any SaaS app). This can be a major objection for companies considering outsourcing an SD-WAN deployment. That’s why it’s so important that you understand these potential risks and build a plan for how to deliver critical applications. Businesses will need to figure out if they’re comfortable having an MSP fix issues or if certain applications are essential enough that they want complete control.

Do you understanding the value of visibility?

At the end of the day, where companies decide to build an SD-WAN themselves or rely on a service provider, they still need visibility into the performance of key applications. For those that elect to build and manage their SD-WAN in-house, unified Network Performance Monitoring and Diagnostic (NPMD) solutions can help plan, deploy, manage and optimise the network. Most MSPs can usually offer some level of visibility and might provide access to telemetry from edge devices and controllers (for example, telemetry from API, SNMP or IPFIX) for customers to use in their tools. Regardless of the approach, every organisation will need some level of visibility to narrow down application issues and identify if it’s the service provider, network or wherever else the problem might be.

Proactively debugging SD-WAN can be a challenge even for MSPs providing customers with the proper level of granular visibility to debug if it’s really their issue or that of the MSP managed SD-WAN.  Without the properly visibility, issues tend to get blamed on the least visible part of the network path. Many organisations will ask theirs providers about how they plan to troubleshoot, what information they’ll share with them, and how they handle reporting.

For example, with SD-WAN you can specify a preferred transport for specific applications based on performance thresholds. A customer might be running VOIP, but experiencing sub-par performance, or perhaps experiencing occasional outages and want to know why this is happening. Basic SD-WAN reporting can usually illustrate the quality of the transport (is it good or bad?), but at times make it difficult to map the exact application flow down to the reason.  The reason could be that multiple transports are seeing packet drops so there’s no way for the SD-WAN to optimise paths. In order to get that level of visibility, it’s critical that you utilise an NPMD solution that can actually look at that granular level, which may include packet-level analysis. Whether the SD-WAN is managed in-house or by a service provider, transport costs are expensive, so organisation need some way to validate the level of performance they’re receiving.

How much control do you need?

There are many features SD-WAN offers and the amount of control a customer requires for each can be a factor when they’re deciding to build in-house or outsource. For example, with traffic prioritisation, companies can create very specific topologies tailored to their unique needs. Take a financial services company for instance, and the required policies they have for security and performance. Realistically, all their financial transactions should never go through the public internet, especially the banking transactions on the backend, which should only go through secure MPLS transport. Therefore, policies need to exist that follow their rules from an application and security perspective. In this case, the level of granularity required is likely only available by managing the SD-WAN in-house, or through additional professional services offer by an MSP.

Or, what about multi-cloud support? Most SD-WAN vendors support some kind of cloud connect. Cisco definitely does. And that’s pretty important because every enterprise has a footprint in AWS, Azure, or Google Cloud. Organisations dealing with this scenario need it to be easy and if they have a data centre, they may need it to interoperate with the cloud. Whether an organisation builds internally or outsources to an MSP, whenever traffic comes out of the SD-WAN fabric, they still need to monitor it.

And organisations also value other additional features like ease-of-use, centralised management, reporting and security. All need to be evaluated based on the requirements of their business. For example, the MSP route for SD-WAN will be an ease-of-use slam dunk for a smaller business, but could be less appealing for a larger company that requires high levels of control, specifically for application performance or for security reasons such as the financial use case. 

Vendors and service providers are bringing new features and technologies to the market that help companies take advantage of the many business benefits it has to offer. But this does leave customers with questions and concerns about the best way to adopt the technology. I hope the above information gives you some insight into the challenges and mindset of organisations considering a new SD-WAN deployment.

John Smith, Co-Founder and CTO, LiveAction