Securing user mobility and automating patches
With regard to the boundary-less office, securing your network perimeter in an agile manner is essential, particularly as compliance and security become increasingly important. With more workers alternating between working from home and the office, user mobility has become more important than ever. Traditionally, securing their access is based on location and IP addressing: SD-LAN takes this further with micro-segmentation to secure access to corporate resources based on user identity, device type, application and even workloads, and regardless of location.
Another key concern for network managers is being able to quickly update their LAN and Wi-Fi equipment in the event of a vulnerability being identified in the operating system (OS). In complex environments, this could take weeks or even months to complete and include testing the new OS, reviews at change advisory boards, and even many hours spent outside work time for actual deployment. SD-LAN can help you manage these challenges of an on-demand environment with centralized management and automating deployment of the patches to hundreds or thousands of devices.
Lessons learned and best practices
Orange understands SD-LAN: from basic greenfield office deployments to complex campus refresh projects to full wireless setup requiring detailed on-site inventory audits and transformation plans. From our experience, some best practices and lessons learned when migrating to SD-LAN worth bearing in mind include:
- SD-LAN is still evolving, and there will be more and more providers in the market before it matures fully. It is therefore vital you evaluate your partner on their proven capabilities and experience in deploying and supporting SD-LAN in the long-term, as well as the SLAs and local coverage they offer
- It’s possible you will need new hardware, so you might need help with financing using monthly billing. With that in mind, you may need your SD-LAN partner to own the equipment in some circumstances
- The operational model should help your KPIs. This could be a “build, train and handover to your team” or a “managed services” model with on-site engineer and lifecycle management
- If you are considering a managed services approach, be sure to ask your provider how they manage, monitor and secure the ecosystem for SD-LAN centralized management orchestrators and controllers. Are they able to integrate with your existing IT setup and investments while still providing you with a sufficient level of control?
- Don’t forget the wide area network (WAN). If you need to refresh both WAN and LAN, you might want to evaluate SD-Branch which combines both SD-LAN and SD-WAN
- For complex features and requirements, it might be worth asking for a proof of concept or identify pilot sites
- Getting the most out of SD-LAN requires a strong transformation plan that factors in how you integrate with your existing monitoring platforms. Take time to carry out due diligence to identify all LAN devices and decide what could be refreshed and consolidated under a single management and monitoring platform. Then add on user and device level security policies with micro-segmentation as required. Cost reductions will not happen overnight, but a well thought-out transformation and implementation plan will go a long way
Working with the right partner
There is no one “exact” best way of transforming your LAN, but working with the right partner maximizes your potential for maximizing returns. The above considerations can help you migrate to SD-LAN with minimum disruption to your business.
If you would like to learn more about how Orange Business can help you transform to an automated, secure and resilient SD-LAN that supports your ongoing business digitalization, please download our new SD-LAN ebook, SD-LAN: enabling resilient networking.
James Soo is the SDx Expert for Orange Business APAC, headquartered in Singapore. He leads the SD-WAN and SD-LAN practice for the APAC region and has over 19 years of experience across the financial, consulting and telco industries, with global experience covering the UK, Singapore, China and India. He is passionate about how disruptive technology such as SD-WAN, SD-LAN and IoT can bring value to enterprises and how automation and visibility can help create a boundaryless world. When not working, James enjoys diving.