Hybrid WANs that employ a combination of technologies—such as MPLS and internet connectivity—have become increasingly popular as enterprise customers and service providers embrace the software-defined WAN (SD-WAN).
But how do you know if a hybrid WAN is right for your network?
Here's what end users, service providers, and manufacturers shared about their experiences and lessons learned at the WAN Summit. These insights touch on:
- Cost savings
- Security
- Improvements of end-to-end performance
Hybrid WAN Can Cost Less and Be Implemented Quickly
While the desire to reduce network spend is often the topic that opens the door to migrating to a hybrid WAN, it's not always the driver for adopting the solution.
Potential cost savings will “get the discussion going . . . it opens doors,” observed Carl Flaherty of De Lage Landen (DLL), a global financial services organization that has adopted a hybrid WAN approach.
DLL took its first step toward a hybrid WAN to solve an isolated problem. The company was opening a branch office in the relatively remote community of Moberly, Missouri. As Flaherty recalled, management told him, “It needs to be up yesterday.”
After Flaherty and his team deployed a site-to-site VPN to address the need for quick, secure connectivity, management asked, “Why aren’t we doing that everywhere?”
SD-WAN Can Simplify Security
For DLL and other enterprises, hybrid WAN deployments that move even a portion of an organization’s traffic from a dedicated MPLS connection to an internet connection raise security issues that must be addressed.
As Steve Woo of SD-WAN technology provider Velocloud explained, when enterprises allow direct internet access from every branch site, organizations end up with a “big attack surface" that can also prove costly.
According to Woo, the way to address this is with what he called “security in the middle—not at the branch, but not all the way back to the data center.”
Rather than traditional centralized security where traffic is backhauled to a single data center, he cited the use of regional data or security centers. This has been difficult to orchestrate in the past due to managing the service chaining of internet traffic to multiple sites.
However, SD-WAN makes this process less complex, focusing on policy based routing rather than a device by device solution, thus a more viable option for organizing "security in the middle."
If you're considering SD-WAN and want to know the market for security features, get our 2025 SD-WAN Guide. It outlines the evolving vendor landscape so that you can understand the full scope of SD-WAN services offered by vendors, relevant security features, and emerging partnerships between companies developing these technologies.
Working with Internal Stakeholders on Security
Security concerns can also be organizational, rather than just technological, noted Flaherty.
“Sometimes you have to manage relationships outside the technology box,” he commented. For example, he advised IT personnel to “forge internal relationships with governance” and meet with those stakeholders regularly to discuss technologies under consideration.
Traditionally, Flaherty would get “four words into” a conversation about the internet and his governance contacts’ eyes “would glaze over” because they wouldn't consider moving corporate traffic to the Internet. Flaherty focused on education to assuage their fears, explaining how much corporate traffic already went over the internet without creating any major concerns.
Cloud-Based Security
Scott Cressman of cloud-based security provider ThousandEyes offered another take on the topic of hybrid WAN security: “It’s a mistake to think of security only in a network context,” he said. “It has to a holistic approach” that is also “application and data-centric.”
He noted, for example, that some end-user organizations are taking an approach that assumes a machine will be on an unprotected network, relying instead on security delivered from the cloud.
End-to-End Performance
Organizations will not be comfortable moving to a hybrid WAN approach unless they receive assurances that performance will be as good as what they were getting previously from an MPLS-centric network. Performance needed to not only be assessed at the network level, but also at the application level.
“Everybody has a network performance management platform” but “don’t forget about the application,” advised Flaherty. He noted that it’s common for end users within an organization to point to performance reports of the Oracle software on which they rely, which differ substantially from IT reports about the performance of the network on which the Oracle software actually runs.
Any organization adopting a hybrid WAN should “make sure application performance is baselined” before undertaking the migration, Flaherty advised.
Hybrid WAN Can Improve Latency
While it is important for IT personnel to be prepared to ensure the same level of performance when moving to a hybrid WAN, they may encounter some pleasant surprises in terms of performance improvement.
Alastair Johnson of SD-WAN technology developer Nuage Networks noted that organizations may find latency improves with a hybrid WAN approach because traffic could have shorter distances to travel.
He pointed to the example of a company that achieved 25-millisecond latency between the U.S. and Australia over an Internet link – a big improvement over previous architecture, which routed traffic over multi-hop dedicated connections.
Key Takeaways
- Reducing costs is an important benefit of the hybrid WAN—but only if security and performance is addressed. Organizations may be just as impressed by speed-to-deployment as they are by cost savings.
- Organizations should take a holistic approach to hybrid WAN security that looks at end-to-end security, not just the security of the network itself. IT also should also address security concerns of internal stakeholders.
- End-to-end performance monitoring is critical – as is addressing performance concerns of internal stakeholders. IT should consider benchmarking performance levels prior to migration.
Want to Reduce Spend On Your WAN?
TeleGeography's WAN Cost Benchmark is a tool allows you to model your hybrid WAN expansion plans and stay on top of the projected cost of your new sites. It's backed by TeleGeography's pricing databases with over 5.7 million data points.
Brianna Boudreau
Senior Research Manager Brianna Boudreau joined TeleGeography in 2008. She specializes in pricing and market analysis for wholesale and enterprise network services with a regional focus on Asia and Oceania. While at TeleGeography, Brianna has helped develop and launch several new lines of research, including our Cloud and WAN Research Service.