This buying guide lays out some important factors to consider when selecting an SD-WAN solution. SD-WAN (software-defined wide area network) can help
8 pages

192 KB – 8 Pages

PAGE – 2 ============
2Selecting the optimal SD-WAN solution for your enterprise WAN edge is not easy. With vendors and industry analysts all talking about the same topics using the same buzzwords, it™s hard to decide what features are most important, and how to differentiate between products. This buying guide lays out some important factors to consider when selecting an SD-WAN solution. SD-WAN (software-de˜ned wide area network) can help enterprises improve application performance, lower WAN costs, and strengthen business continuity. But as you consider deploying SD-WAN, it™s important to understand the differences between solutions. Identifying which features matter to your enterprise is essential in making this selection. This buying guide discusses the most important considerations and outlines capabilities that separate fijust okayfl products from really good ones. While this buying guide does not compare speci˜c products, it does include examples of features from Citrix SD-WAN, one of the leading WAN edge solutions in the industry. SD-WAN: Architecture for digital transformationAdding capacity doesn™t address issues such as outages or poor application performance due to latency. When applications don™t perform well, it frustrates users, especially for latency sensitive applications like VoIP, video conferencing, video streaming, and virtualized applications and desktops. Complex WANs are also dif˜cult to manage and troubleshoot. But, low-cost and easy to deploy alternatives like broadband and 4G/LTE are readily available. The key is to make it more reliable, and that™s where SD-WAN comes in. SD-WAN provides high-quality application experiences by making the WAN more reliable and performant. Appliances (physical or virtual) are placed in remote and branch of˜ces, larger of˜ces, corporate data centers, and increasingly on cloud platforms. SD-WAN solutions can: Ł Deliver a better user experience for SaaS, cloud, and virtual apps Ł Allow enterprises to leverage low-cost and ˚exible Internet and 4G/LTE network connections in place of MPLS links Ł Accelerate the move to the cloud with automated on-ramps Ł Route traf˜c on the fastest available paths between any two points Ł Mitigate costly outages in branches Ł Prioritize business-critical applications Ł Improve network & cloud security, while allowing secure local traf˜c breakout Ł Simplify administration for remote and branch of˜ces Ł Provide visibility into WAN paths, links, users and applications for troubleshooting The difference is in the details Although most SD-WAN solutions address the same problems, they provide very different levels of capabilities. Enterprises evaluating SD-WAN solutions should understand the different levels of functionality available to solve different problems, determine what level they require, and look for products that offer those capabilities. The value of SD-WAN Wide area networks are a critical component of today™s enterprise digital infrastructure. But WANs suffer from many problems, including congestion, jitter, packet loss, and outages. To add to that, private WAN technology such as MPLS is costly, in˚exible, and wasn™t built for the cloud. Citrix | Finding the best WAN-edge solution: Evaluating SD-WAN SaaS direct/breakout of˜ce 365, SAP, salesforce Cloud on-ramps AWS, Azure, GCP Internet breakout Data center Internet/MPLS Branch

PAGE – 3 ============
3Resiliency and performance SD-WAN solutions are essential tools for improving resiliency and providing fast failover even with broadband. The failure of a network link can put users fiout of commission.fl Losing access to mission-critical applications can reduce productivity and affect customer service. Manually rerouting traf˜c to back-up however, automatically assign paths based on factors such as latency (i.e., the time required for a ping to make a round trip between the locations). The highest-priority applications are reassigned to the lowest-latency paths. Problems can still arise, however, when the selection criteria are too narrow, when thresholds are set too high or too low, or when it takes the product more than a few seconds to detect that the path has deteriorated or failed.More sophisticated SD-WAN solutions select paths using algorithms based on multiple factors such as packet loss, jitter, and congestion as well as latency. These solutions use a dynamic analysis of multiple criteria, rather than ˜xed thresholds, to determine when paths need to be changed. The highest-priority applications are re-assigned to the lowest-latency paths. These capabilities do a better job of matching high-priority applications with the highest quality paths, and making adjustments faster when path quality deteriorates.Loss concealment Loss is often caused by congestion. The higher the loss, the more packets are needed to rebuild the lost packets. The more packets sent, the more bandwidth required, so FEC can worsen the problem it is attempting to resolve. Without the ability to mitigate loss, SD-WANs may use a pre-de˜ned level set on the SD-WAN device if the amount of loss on a WAN link is less than the static. Then, the end sites will use TCP ˚ow control which was not designed to work over a WAN which causes data transmission to slow substantially when loss is present. FEC exacerbates congestion by trading bandwidth for the potential loss of data. Without the ability to adapt to congestion, the loss is exacerbated. To avoid loss, more sophisticated SD-WAN solutions use all of the bandwidth on the best path, instantly shifting traf˜c away from lossy links, and duplicate packets for a subset of real-time traf˜c. In addition to these comprehensive loss prevention techniques, the system detects loss using built-in sequence numbering and can optionally re-transmit both UDP and TCP packets under appropriate conditions. Real-time detection of outagesWhen a network link goes down, lost connectivity can interfere with critical business processes and frustrate users. Even a short interruption can cause users to hang up on a VoIP call or video conference to try and restart applications. It can also disrupt virtual desktop sessions, backups, large ˜le transfers, and other applications. SD-WAN solutions can detect outages of network links and reroute traf˜c to alternate paths. The best products can identify outages and take corrective actions in a second or less, making the outages imperceptible to users (see the Sub-second Detection of Path Outages example below). Dynamic path selection for failover When a path outage is detected, some SD-WAN products redirect traf˜c to a prede˜ned backup link. More sophisticated solutions intelligently reroute traf˜c from high-priority applications to the remaining paths with the best performance and the lowest packet loss and jitter, and traf˜c from lower priority applications to the next-best path with available capacity. This ensures that high-priority applications not only continue to function, but in most cases suffer no performance degradation.links can take time and create even more user dissatisfaction. More commonly, brownouts such as congested links may be undetectable but negatively affect the application experience. Imagine VoIP calls with customers dropping and lost VDI sessions, for example.Reliable packet delivery SD-WAN solutions make application performance more reliable by routing network traf˜c at the packet level along the most optimal paths between two points, based on factors like the requirements and priority of each application and the capacity and quality of the available paths.Some SD-WANs rely on administrators to pre-de˜ne paths for all applications, and to make manual adjustments when contention and low quality are detected on a path. Most SD-WAN products, Adding capacity doesn™t address issues such as outages or poor application performance due to latency. When applications don™t perform well, it frustrates users, especially for latency sensitive applications like VoIP, video conferencing, video streaming, and virtualized applications and desktops. Complex WANs are also dif˜cult to manage and troubleshoot. But, low-cost and easy to deploy alternatives like broadband and 4G/LTE are readily available. The key is to make it more reliable, and that™s where SD-WAN comes in. SD-WAN provides high-quality application experiences by making the WAN more reliable and performant. Appliances (physical or virtual) are placed in remote and branch of˜ces, larger of˜ces, corporate data centers, and increasingly on cloud platforms. SD-WAN solutions can: Ł Deliver a better user experience for SaaS, cloud, and virtual apps Ł Allow enterprises to leverage low-cost and ˚exible Internet and 4G/LTE network connections in place of MPLS links Ł Accelerate the move to the cloud with automated on-ramps Ł Route traf˜c on the fastest available paths between any two points Ł Mitigate costly outages in branches Ł Prioritize business-critical applications Ł Improve network & cloud security, while allowing secure local traf˜c breakout Ł Simplify administration for remote and branch of˜ces Ł Provide visibility into WAN paths, links, users and applications for troubleshooting The difference is in the details Although most SD-WAN solutions address the same problems, they provide very different levels of capabilities. Enterprises evaluating SD-WAN solutions should understand the different levels of functionality available to solve different problems, determine what level they require, and look for products that offer those capabilities. The value of SD-WAN Wide area networks are a critical component of today™s enterprise digital infrastructure. But WANs suffer from many problems, including congestion, jitter, packet loss, and outages. To add to that, private WAN technology such as MPLS is costly, in˚exible, and wasn™t built for the cloud. Citrix | Finding the best WAN-edge solution: Evaluating SD-WAN

PAGE – 4 ============
4Resiliency and performance SD-WAN solutions are essential tools for improving resiliency and providing fast failover even with broadband. The failure of a network link can put users fiout of commission.fl Losing access to mission-critical applications can reduce productivity and affect customer service. Manually rerouting traf˜c to back-up however, automatically assign paths based on factors such as latency (i.e., the time required for a ping to make a round trip between the locations). The highest-priority applications are reassigned to the lowest-latency paths. Problems can still arise, however, when the selection criteria are too narrow, when thresholds are set too high or too low, or when it takes the product more than a few seconds to detect that the path has deteriorated or failed.More sophisticated SD-WAN solutions select paths using algorithms based on multiple factors such as packet loss, jitter, and congestion as well as latency. These solutions use a dynamic analysis of multiple criteria, rather than ˜xed thresholds, to determine when paths need to be changed. The highest-priority applications are re-assigned to the lowest-latency paths. These capabilities do a better job of matching high-priority applications with the highest quality paths, and making adjustments faster when path quality deteriorates.Loss concealment Loss is often caused by congestion. The higher the loss, the more packets are needed to rebuild the lost packets. The more packets sent, the more bandwidth required, so FEC can worsen the problem it is attempting to resolve. Without the ability to mitigate loss, SD-WANs may use a pre-de˜ned level set on the SD-WAN device if the amount of loss on a WAN link is less than the static. Then, the end sites will use TCP ˚ow control which was not designed to work over a WAN which causes data transmission to slow substantially when loss is present. FEC exacerbates congestion by trading bandwidth for the potential loss of data. Without the ability to adapt to congestion, the loss is exacerbated. To avoid loss, more sophisticated SD-WAN solutions use all of the bandwidth on the best path, instantly shifting traf˜c away from lossy links, and duplicate packets for a subset of real-time traf˜c. In addition to these comprehensive loss prevention techniques, the system detects loss using built-in sequence numbering and can optionally re-transmit both UDP and TCP packets under appropriate conditions. Application experience Not all applications need the same levels of service from the network. Some applications require high performance, high reliability, and high-quality links in order to deliver the expected user experience. For example, many users will get very angry if quality is erratic for VoIP or video streaming, or if performance deteriorates for virtualized applications and desktops. In these situations, poor quality can cause users to stop and restart the phone call, the download, or the virtualized application, making network performance even worse. But what SD-WAN capabilities can ensure excellent QoS for key applications? Real-time detection of outagesWhen a network link goes down, lost connectivity can interfere with critical business processes and frustrate users. Even a short interruption can cause users to hang up on a VoIP call or video conference to try and restart applications. It can also disrupt virtual desktop sessions, backups, large ˜le transfers, and other applications. SD-WAN solutions can detect outages of network links and reroute traf˜c to alternate paths. The best products can identify outages and take corrective actions in a second or less, making the outages imperceptible to users (see the Sub-second Detection of Path Outages example below). Dynamic path selection for failover When a path outage is detected, some SD-WAN products redirect traf˜c to a prede˜ned backup link. More sophisticated solutions intelligently reroute traf˜c from high-priority applications to the remaining paths with the best performance and the lowest packet loss and jitter, and traf˜c from lower priority applications to the next-best path with available capacity. This ensures that high-priority applications not only continue to function, but in most cases suffer no performance degradation.Application ˚uency and video delivery optimizationfiApplication ˚uencyfl refers to a technology that can parse application traf˜c and leverage knowledge about features in speci˜c applications, rather than treating all application traf˜c as an undifferentiated stream (See the Microsoft Apps and Virtualized Apps example below). SD-WAN solutions can optimize video delivery by identifying, classifying and caching video ˜les based on video format, as well as by object-level compression of video ˜les. This can result in major bandwidth savings and performance improvements when multiple people at the one location view the same video. Application prioritization Most SD-WAN solutions allow administrators to assign applications to a series of categories that range from fihigh priorityfl to filow priority,fl or from fireal-timefl to fibulk.fl More sophisticated solutions allow administrators to prioritize applications at an even more granular level by creating rules based on parameters such as the application, protocol, or source and destination IP address. In cases where companies are using Citrix Virtual Applications/Desktops, only one SD-WAN solution stands apart by being able to prioritize streams in the ICA protocol even over a single port.Traf˜c shaping and bandwidth reservation Some SD-WAN products include features for traf˜c shaping and dynamic bandwidth reservation. For example, a minimum bandwidth can be speci˜ed for a certain class of application on a given path. This feature ensures that no matter how congested a path becomes, no important application class will ever be forced below a minimum bandwidth allocation. A re˜nement on this approach is to also specify a fisharefl for each class of application, so that when capacity is limited, bandwidth will be allocated between them based on their relative shares. Another traf˜c shaping technique is detecting fibackpressurefl from a destination. If the SD-WAN appliance at the destination indicates that there is no spare capacity, the appliance at the source will hold links can take time and create even more user dissatisfaction. More commonly, brownouts such as congested links may be undetectable but negatively affect the application experience. Imagine VoIP calls with customers dropping and lost VDI sessions, for example.Reliable packet delivery SD-WAN solutions make application performance more reliable by routing network traf˜c at the packet level along the most optimal paths between two points, based on factors like the requirements and priority of each application and the capacity and quality of the available paths.Some SD-WANs rely on administrators to pre-de˜ne paths for all applications, and to make manual adjustments when contention and low quality are detected on a path. Most SD-WAN products, back traf˜c to that location, and use the resulting free bandwidth to send traf˜c somewhere else. This promotes ef˜cient use of overall bandwidth while preventing the destination from becoming even more overloaded.Dual-ended QoS Dual-ended QoS measures latency, packet loss, and jitter at both the sending end and destination. Administrators con˜gure QoS globally from a single source and senders only send at the peers advertised receive rate. Unidirectional local measurements are shared with peer devices in the network. All sites get their fair share of bandwidth preventing oversubscription and wasted utilization.Packet duplication An advanced SD-WAN solution can ensure high application performance and zero packet loss by sending duplicate packets from the source location to the destination via two independent paths. The ˜rst packet to reach the destination is used and the second is discarded. This approach uses some extra bandwidth, but it is a powerful tool for ensuring high reliability and quality for applications like VoIP, video conferencing, and virtualized desktops. Citrix | Finding the best WAN-edge solution: Evaluating SD-WAN

PAGE – 5 ============
Application experience Not all applications need the same levels of service from the network. Some applications require high performance, high reliability, and high-quality links in order to deliver the expected user experience. For example, many users will get very angry if quality is erratic for VoIP or video streaming, or if performance deteriorates for virtualized applications and desktops. In these situations, poor quality can cause users to stop and restart the phone call, the download, or the virtualized application, making network performance even worse. But what SD-WAN capabilities can ensure excellent QoS for key applications? 5Application ˚uency and video delivery optimizationfiApplication ˚uencyfl refers to a technology that can parse application traf˜c and leverage knowledge about features in speci˜c applications, rather than treating all application traf˜c as an undifferentiated stream (See the Microsoft Apps and Virtualized Apps example below). SD-WAN solutions can optimize video delivery by identifying, classifying and caching video ˜les based on video format, as well as by object-level compression of video ˜les. This can result in major bandwidth savings and performance improvements when multiple people at the one location view the same video. Application prioritization Most SD-WAN solutions allow administrators to assign applications to a series of categories that range from fihigh priorityfl to filow priority,fl or from fireal-timefl to fibulk.fl More sophisticated solutions allow administrators to prioritize applications at an even more granular level by creating rules based on parameters such as the application, protocol, or source and destination IP address. In cases where companies are using Citrix Virtual Applications/Desktops, only one SD-WAN solution stands apart by being able to prioritize streams in the ICA protocol even over a single port.Traf˜c shaping and bandwidth reservation Some SD-WAN products include features for traf˜c shaping and dynamic bandwidth reservation. For example, a minimum bandwidth can be speci˜ed for a certain class of application on a given path. This feature ensures that no matter how congested a path becomes, no important application class will ever be forced below a minimum bandwidth allocation. A re˜nement on this approach is to also specify a fisharefl for each class of application, so that when capacity is limited, bandwidth will be allocated between them based on their relative shares. Another traf˜c shaping technique is detecting fibackpressurefl from a destination. If the SD-WAN appliance at the destination indicates that there is no spare capacity, the appliance at the source will hold WAN optimizationBasic compression and caching Some SD-WAN products provide basic compression (removing unneeded and repetitive characters) and basic caching (storing copies of frequently used ˜les at the destination node so they don™t have to be retrieved multiple times across the WAN). These capabilities improve application performance, which makes users happy, and decreases congestion on networks which further reduces networking costs. Advanced deduplication and protocol acceleration with wan optimization Some SD-WAN solutions provide advanced techniques for application optimization on top of basic compression and caching.back traf˜c to that location, and use the resulting free bandwidth to send traf˜c somewhere else. This promotes ef˜cient use of overall bandwidth while preventing the destination from becoming even more overloaded.Dual-ended QoS Dual-ended QoS measures latency, packet loss, and jitter at both the sending end and destination. Administrators con˜gure QoS globally from a single source and senders only send at the peers advertised receive rate. Unidirectional local measurements are shared with peer devices in the network. All sites get their fair share of bandwidth preventing oversubscription and wasted utilization.Packet duplication An advanced SD-WAN solution can ensure high application performance and zero packet loss by sending duplicate packets from the source location to the destination via two independent paths. The ˜rst packet to reach the destination is used and the second is discarded. This approach uses some extra bandwidth, but it is a powerful tool for ensuring high reliability and quality for applications like VoIP, video conferencing, and virtualized desktops. Advanced deduplication includes the ability to cache and reuse individual blocks and bytes, in addition to entire ˜le objects. A related feature is storing in memory small, frequently used data streams so they can be accessed extremely fast.With protocol acceleration, details of speci˜c protocols can be used to eliminate unnecessary actions that take up network capacity. Examples include proxying client-server handshakes, reducing protocol chattiness, and optimizing payloads. Citrix | Finding the best WAN-edge solution: Evaluating SD-WAN

PAGE – 6 ============
6SecurityMost SD-WAN solutions use IPsec encryption to protect data in motion. Some include additional security features such as rotating keys, and splitting designated application traf˜c across multiple links so it can™t be understood even if a hacker can eavesdrop on one network segment. A few SD-WAN solutions can also inspect SSL/TLS encrypted tunnels. This allows them to apply traf˜c shaping to traf˜c from Facebook, YouTube, Twitter, Google Apps, Box, Salesforce.com, GitHub, and the many other web applications that use SSL/TLS encryption. Built-in layer 4 stateful ˜rewall (ICSA certi˜ed) Some SD-WAN vendors have an integrated branch ˜rewall while others require a separate solution. Integrated branch ˜rewall that provides visibility and control of the traf˜c that is either going directly to the internet or getting backhauled to the head-end. The network is segmented into multiple ˜rewall zones to control the traf˜c between them. It uses the deep packet inspection to identify the type of application and apply the con˜gured ˜rewall policy to its traf˜c. This integration of ˜rewall on the branch appliance helps reduce the unnecessary traf˜c getting backhauled and wasting valuable WAN resources only to be blocked at the headend. Deployment options and scaling Most SD-WAN solutions are available as pre-con˜gured appliances. However, some vendors offer a choice of deployment options that includes pre-con˜gured appliances (easy to deploy), virtual appliances that run on the enterprise™s existing hardware (low cost and easy to upgrade), and virtual appliances on cloud platforms (see the Cloud Deployment callout box). SD-WAN solutions can also help enterprises scale their WANs very cost-effectively, by adding capacity with broadband and 4G/LTE connections, rather than by investing in expensive additional MPLS circuits. WAN optimizationBasic compression and caching Some SD-WAN products provide basic compression (removing unneeded and repetitive characters) and basic caching (storing copies of frequently used ˜les at the destination node so they don™t have to be retrieved multiple times across the WAN). These capabilities improve application performance, which makes users happy, and decreases congestion on networks which further reduces networking costs. Advanced deduplication and protocol acceleration with wan optimization Some SD-WAN solutions provide advanced techniques for application optimization on top of basic compression and caching.Advanced deduplication includes the ability to cache and reuse individual blocks and bytes, in addition to entire ˜le objects. A related feature is storing in memory small, frequently used data streams so they can be accessed extremely fast.With protocol acceleration, details of speci˜c protocols can be used to eliminate unnecessary actions that take up network capacity. Examples include proxying client-server handshakes, reducing protocol chattiness, and optimizing payloads. Automated service/connection provisioning While many SD-WAN solutions have the ability to connection to secure web gateways, they are not automated and admins must manually con˜gure the IPsec tunnels to the cloud security services. A joint solution help reduce the surface attacks at the branch of˜ces tremendously. An added functionality is being able to redirect internet traf˜c to a secure web gateway for next-generation ˜rewall by automatic creation of IPsec tunnels from the branch to the secure web gateway using API integration. APIs synchronize with the management systems of partners such as Zscaler and Palo Alto Networks to enable fast and effortless cloud security setup from Citrix SD-WAN. Next-gen ˜rewall as VNF For customers who require a strong perimeter security and compliance with stringent healthcare or ˜nancial regulations, an SD-WAN solution that offers an SDN/NFV ready platform capable of hosting several industry-leading next-generation virtual ˜rewalls is important. The combined solution is optimized to deliver high performance of App-ID enabled ˜rewall in a compact footprint. Citrix | Finding the best WAN-edge solution: Evaluating SD-WAN

PAGE – 8 ============
ConclusionsSD-WAN solutions have been proven to increase application performance and reliability and to dramatically reduce the costs of expanding and managing wide area networks. But not all SD-WAN solutions are the same. Evaluators should weigh alternatives based on the features and levels of capabilities outlined in this buying guide in the areas of: Ł Resiliency and performance Ł Application experience Ł WAN optimization Ł Security Ł Deployment options and scaling Ł Administration and troubleshooting Ł Vendor track record and support 8Enterprise Sales North America | 800-424-8749 Worldwide | +1 408-790-8000Locations Corporate Headquarters | 851 Cypress Creek Road, Fort Lauderdale, FL 33309, United StatesSilicon Valley | 4988 Great America Parkway, Santa Clara, CA 95054, United States©2020 Citrix Systems, Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Of˜ce and in other countries. All other marks are the property of their respective owner(s).Potential buyers should also validate the capabilities most important to them by looking at each vendor™s customer base and performing hands-on trials where appropriate.Citrix invites you to explore how an advanced SD-WAN solution can address the business and technical requirements of your enterprise. For more information, visit www.citrix.com/sdwan Citrix | Finding the best WAN-edge solution: Evaluating SD-WAN

192 KB – 8 Pages