Best Practices for Operating and Monitoring an SD-WAN Network

SD-WAN has emerged as a game-changer for organizations seeking to optimize network performance and enhance connectivity across geographically dispersed locations. However, you need effective operational and monitoring practices to get the full benefit of SD-WAN. This becomes increasingly important due to the operational and security challenges that arise as SaaS applications become more popular and end users can work from anywhere.

VMware VeloCloud SD-WAN™ has powerful capabilities, including VMware Edge Intelligence™, that will help you identify and address network issues before they become problems, use resources to their fullest potential, and deliver an outstanding user experience. This blog and video explore some of the best practices for operating and monitoring an SD-WAN network, with a focus on real-time performance monitoring, security monitoring, and application visibility.

Real-time performance monitoring

Visibility into real-time network behavior is essential to ensure optimal network performance and proactively identify and address potential issues. Here are some SD-WAN best practices:

• Monitor network health: The VMware Edge Cloud Orchestrator provides granular visibility into network performance metrics such as latency, jitter, and packet loss of every available WAN link. While the Dynamic Multipath Optimization™ (DMPO) feature automatically takes sub-second action to mitigate against link health issues, it can also monitor real-time network health and bandwidth consumption to proactively identify and address any performance bottlenecks.
• Enable alerting mechanisms: Configure alerts to network performance management platforms for network parameters for metrics like link utilization, packet loss, or deviations in application performance. This enables timely notifications when performance deviates from expected levels, allowing for proactive troubleshooting. Streaming metrics such as those provided by Webhooks and NetFlow may be ingested and analyzed to provide a near-real-time view of network conditions and performance. On-demand mechanisms such as SNMP and API calls may also be used to periodically pull an automated snapshot of network conditions.
• Utilize AI/ML analytics: Advanced network analytics platforms provide valuable, actionable insights into SD-WAN edge networking environments. VMware Edge Intelligence utilizes artificial intelligence (AI) and machine learning (ML) techniques to collect, analyze, and process network telemetry data in real-time from edge devices, such as IOT devices and employee workstations. VMware Edge Intelligence enables users to perform real-time monitoring, anomaly detection, predictive analytics, security insights, visualization, reporting, integration, and automation. It continuously monitors network traffic and performance metrics at the edge and can detect anomalies and abnormal patterns in network behavior.
• Implement continuous validation: Employ continuous monitoring tools to collect and analyze performance data on an ongoing basis. This enables the identification of patterns and trends, empowering network administrators to make informed decisions for capacity planning and optimization. It also captures valuable historical performance baselines that may be used to determine if network changes resulted in performance improvements or degradations. Periodic automated reports may also be used to provide valuable historical insights and points of comparison.

While all of these mechanisms may be used, most organizations will benefit by focusing on a subset that best suits their operational requirements and performance goals. The integration capabilities of any existing organizational logging and alarming platforms may also play a role in selecting which alerting mechanisms work best.

Also, an integrated AI/ML solution such as VMware Edge Intelligence may reduce the need to off-board metrics to a third-party solution for analysis and shorten the mean time to resolution.

Application visibility

To ensure optimal performance and user experience, it is crucial to have comprehensive visibility into application traffic. Consider the following practices:

• Leverage application-aware routing: Provide an additional way to control traffic, meet an organization’s business intent, and utilize available network resources more efficiently. For example, higher-priority critical or sensitive application traffic may be configured to use more secure private links, while lower-priority applications can remain on lower-cost internet links. VMware VeloCloud SD-WAN enables application-aware routing, allowing you to prioritize critical applications over less important traffic, and the ability to dynamically move application traffic from one link to another should the need arise.
• Layer 7 Application Monitoring: Enable emulating end users’ paths and actions as they use an application to determine any degradation in response time. AppNeta by Broadcom uses standardized measurements that evaluate application performance in a user-centric manner.
• Monitor Client and IoT Devices: Manage a distributed and secure enterprise deployment with a client experience that eliminates IT visits. VMware Edge Intelligence delivers deep visibility into a client’s wireless or wired state and proactively manages end-user and IoT device issues across the entire network stack.
• Monitor Underlay Performance: Leverage active and passive monitoring methods to fully understand the correlation between overlay and underlay performance issues. AppNeta enables teams to reduce mean time to innocence (MTTI) for issues happening outside their sphere of responsibility.

Security monitoring

Ensuring the security of your SD-WAN network is paramount.  As SD-WAN evolves towards an integrated SASE solution, it is important that the network and security teams also integrate their operational policies to ensure that monitoring, logging, alarming, and reporting are coordinated, consistent, and managed together. Rather than two separate activities, a unified approach ensures that both teams have “the big picture” when it comes to network conditions.

Here are key practices to implement SD-WAN best practices for security:

• Use secure connections: Secure protocols such as IPsec should be used to protect the confidentiality and authenticity of traffic traversing the SD-WAN network overlay. VeloCloud SD-WAN uses an IPsec-based encrypted overlay to provide authenticity and privacy to traffic using WAN transport networks. IPSec and GRE-based tunnels are also supported to connect to non-SD-WAN destinations.
• Implement next-generation firewalls (NGFW): Organizations have the option to leverage VeloCloud SD-WAN’s integrated edge-hosted application-aware firewall, IDS and IPS with VMware VeloCloud SD-WAN Enhanced Firewall Service, and Symantec SSE for VeloCloud to inspect and filter traffic for potential threats. Integration with third-party NGFW solutions is also supported. This provides a layered security approach against malicious activities, as well as granular visibility into attempted malicious activities. This visibility is crucial for quickly analyzing the threat and taking mitigating steps against it if necessary.
• Monitor security events: Utilize security information and event management (SIEM) solutions to monitor and correlate security events across the SD-WAN network. By analyzing logs and generating alerts, administrators can swiftly respond to security incidents.

Security events can be recorded and analyzed via firewall logging and integration with SIEM platforms. The VMware Edge Cloud Orchestrator also offers a real-time dashboard of threats detected, including impacted locations, threat distribution, and threat origins.

Conclusion

The decision to adopt SD-WAN for an organization’s evolving transport needs is only the first step. Once deployed, a comprehensive strategy for SD-WAN best practices to operate and monitor the network efficiently is vital for ensuring optimal performance, security, and application experience. By following best practices such as real-time performance monitoring, security monitoring, and application visibility, organizations can proactively identify and address issues, optimize resource allocation, and deliver an exceptional user experience.

VMware VeloCloud SD-WAN, with its powerful VMware Edge Intelligence features and integrations provides robust capabilities to help organizations achieve these objectives. AppNeta adds validation of VeloCloud SD-WAN deployments via network and application performance monitoring. By baselining performance before changes, validating the underlay and overlay performance in production, and continuously monitoring from the end-user perspective, AppNeta can help realize the full potential of VMware VeloCloud SD-WAN implementations.

To read more about VMware VeloCloud SD-WAN, visit the blog.