Managed SD-WAN: Buy or DIY?

1 min. read


For all IT and Networking solutions, one of the most frequent questions is ‘do I want to look after this myself or do I buy them as a service?’

For SD-WAN this is no different. SD-WAN brings many benefits - that are described on the SD-WAN solutions page. You can build an SD-WAN yourself or you can outsource it and let someone else deliver it as a service. In fact depending on where you’re based, over 50% of all SD-WAN solutions are being delivered through Service Providers (SP) or Managed Service Providers (MSP). To these users, this approach makes sense as you also need WAN-links to build an SD-WAN. And you’re not going to build WAN-links yourself.

Despite the fact that SD-WAN and WAN-links obviously go hand-in-hand, buying them from a single source is not necessarily a no-brainer. One of the benefits of separating them is that independence of the WAN-link provider can be a big plus in terms of flexibility and cost. Effectively an (M)SP does tied selling and while this may not be a bad thing per se, there could be some other caveats that should be considered before going down that route.

SD-WAN SLA’s and the importance of flexibility

Apart from the inflexibility that buying WAN capacity from the same provider causes, there are other considerations. When the provider delivers a service that is defined in a Service Level Agreement they won’t offer that many capabilities to make key adjustments. What the SLA will do is make sure that any adjustment that you are allowed to make yourself is 100% guaranteed to not break anything. Anything else such as more advanced or ‘risky’ type of adjustment would only be available via a service request that will be reviewed and implemented by the provider. Naturally you would need to pay for these adjustments, either per change or the cost is simply embedded into the service, while the number and type of requests are likely to be limited.

Reporting capabilities with SD-WAN as a Service

The reporting from your SD-WAN as a Service will be based on the flavours that the individual (M)SP has to offer. All the reporting will likely be based on a portal that they have built some time ago and to which they have added SD-WAN reporting capabilities. Effectively this means you will probably not receive all of the details that your SD-WAN can report on, plus is your (M)SP really keen on showing stats that are only on or below the agreed upon SLA? The SD-WAN is also a great tool for troubleshooting applications in your network and doing application-based reporting. Both of these work best with no or only payload encryption. Sharing these insights with your provider might not be desirable.

SD-WAN key management and end-to-end encryption responsibilities

When it’s a must to use the internet to transport traffic with end-to-end encryption, this can only take place after classifying the application traffic. The responsibility for fully encrypting the traffic and managing keys lies with the provider. Not all CISOs find this an acceptable solution. While on the subject of using internet as an underlay, how much freedom do you really have in choosing a connection that is not provided by your (M)SP when tying it to the SD-WAN controller? Often the provider will not provide support for this, just like your garage would not be happy if they were to find replacement parts in your car that are different from the car brand itself.

Benefits of Managed SD-WAN from a (Managed) Service Provider

This is no all bad news - buying a SD-WAN from an (M)SP does have some benefits. As SD-WAN is a fairly new technology, you won’t need to worry about the possible complexities and the technical feasibilities of the solution and the company that developed it. You are buying a service and it is the (M)SP’s responsibility to make it work and to keep it working. They won’t be offering anything they aren’t sure will work. If after two or three years it doesn’t pan out or if there are be better solutions out there that cost less to operate, it is up to them to make the switch.

As with all services a managed SD-WAN requires no Capex and no or little extra man power on your side. These are often the two main reasons for choosing a managed service. The good news though is that we are also seeing SD-WAN services where the choice is not that black or white in terms , DIY or completely outsourced.

Co-managed SD-WAN and sourcing your own WAN-Links

SD-WAN solutions are increasingly being offered as a service independent of the WAN-link (and other) services. Some SD-WAN-as-a-Service providers will also be able to provide WAN-links but will actually source them from a provider most suited to specific requirements and geographical spread. These links can be private or internet links depending on the need. They also allow you to source your own (additional) WAN-links or just the WAN-links in geographies where you feel you have the capabilities yourself. Either way, these providers will take responsibility for implementing the best SD-WAN solution for your needs and will be managing it for you.

What to look for in SD-WAN Orchestrators?

Co-management is also becoming popular. With co-management you become responsible for managing certain parts of the solution such as the policies and encryption keys, while the provider is responsible for basic monitoring and fixing of basic issues such as hardware or software failures. Obviously, a co-management solution requires a clear agreement between parties on who covers which responsibilities as well as a technical solution that supports it. With SD-WAN this is not a problem for most vendors because all of them implemented a central SD-WAN Orchestrator. Most Orchestrators have extensive features to separate reporting, troubleshooting and configuration tasks. A properly configured SD-WAN Orchestrator will allow one user to do only basic reporting while other users can modify policies without being able to perform software upgrades.

Besides the caveats there are many more elements to look at for a Managed SD-WAN or DIY solution that fits best with your organization. At Nomios we can help you make the best choice for your organization. Visit our Managed SD-WAN page, or get in touch with us to enable WAN-connectivity around the globe throughout (M)SP's we work with. If you do decide to go for a DIY solution, make sure to double check your technical and organizational requirements.

SD-WAN as a service versus Do it Yourself

Nomioshas identified the 5 most important areas of interest for you to consider for the right deployment model for SD-WAN:

  • Security
  • Applications
  • Monitoring
  • HW/SW
  • Connectivity.

On these 5 areas you need to identify your requirements and match these honestly with your capabilities/ambitions. Based on the outcomes you will find the right deployment model which has more types of gray, than just having black (DIY) or white ( SD-WAN as a service).

Nomios helps you to make these assessments and guides you to the right deployment model which is in our humble opinion far more important than just selecting the right vendor or technology. Unfortunately like all innovations there is a clear risk and reward model in place. The more effort and preparation you put in the better the potential results in terms of flexibility and costs.

Sign up for our newsletter

Get the latest security news, insights and market trends delivered to your inbox.


More updates