SD-WAN: A game-changer for the Engineering and Construction Sector

One of the greatest challenges facing large multi-site organisations in the construction and engineering sectors, when it comes to implementing new locations, is the lead time it takes to get a site up and running and connected to the corporate network. Add to this the challenges of providing enterprise-grade connectivity to enable access to data-heavy and cloud-based applications. Waiting weeks or even months for a fixed-line connection has, in the past, brought unwanted delays and ultimately additional project cost.

The answer to these challenges now lies in the clever application of SD-WAN technology – and it’s already transforming business performance in the construction and engineering services industries, unlocking what we’ve seen until now as unrealisable productivity and cost gains. When integrated with 4G, it negates the costs of using expensive MPLS leased line services, adds a whole new level of security to your network and, through a managed service, can offer a whole new level of actionable, real-time performance monitoring.

Ask yourself:

  • Is poor network connectivity and performance at sites adversely impacting your business performance?
  • Do you have poor or limited access to cloud-based applications on sites?
  • Do you limit site communication by restricting voice and video or other applications?
  • Is the cost of MPLS leased line services at sites proving prohibitive?
  • Do you have problems with 4G connectivity when using standard 4G Sims?
  • Would you like better information on your network performance and understand what it is being used for?
  • Would you like confidence that your site communications are inherently secure?

If these challenges are facing your organisation, then the time is right for you to look seriously at SD-WAN technology – when it’s skilfully deployed and managed, it really is a game changer.

At Xalient, where we specialise in managed SD-WAN services, we’re seeing clients’ businesses benefit significantly and fast – delays and frustrations are gone, full access to video and voice can happen regardless of location, corporate cloud-based apps can be accessed readily direct to site and costs of MPLS lines removed. And, most importantly for this sector, new sites can be commissioned and decommissioned in just hours rather than the typical weeks and months that our clients had previously experienced.

Business Benefits:

  • An unrestrictive business platform –voice and video can be delivered at lower cost
  • Improved application access and performance – fast and responsive – less frustration, better communication, better project delivery
  • Simple and fast deployment – gain the benefits quickly and get to work on the project
  • Gain valuable insights into network performance through next-gen monitoring and management tools, enabling informed decision-making, in real time
  • Rapid deployment at any location supporting your projects
  • Logistics and continuity of communications at sites managed for you so your business can operate more efficiently and productively.

Read on to learn more about the feature-rich technology below or contact Xalient to hear how you can reap the SD-WAN benefits for your company.

Technology Components:

Path Conditioning: Provides private-line-like performance over the public Internet. Includes techniques to overcome the adverse effects of dropped and out-of-order packets that are common with broadband Internet and MPLS connections to improve application performance.

Tunnel Bonding: Configured from two or more physical WAN transport services, bonded tunnels form a single logical overlay connection, aggregating the performance of all underlying links. If a link fails, the remaining transport links continue to carry all traffic avoiding application interruption.

Dynamic Path Control (DPC): Real-time traffic steering is applied over the 4G connection based on company- defined policies based upon business intent. In the event of an outage or brownout, DPC automatically switches-over to a secondary connection.

QoS Policies: As per traditional routers and WAN architectures, all of the usual queueing techniques are available to ensure traffic is prioritised in an appropriate manner.

Virtual WAN Overlays: The SD-WAN solution is built upon an application-specific virtual WAN overlay model. Multiple overlays may be defined to abstract the underlying physical transport services from the virtual overlays, each supporting different QoS, transport, and failover characteristics. Applications are mapped to different overlays based upon business intent. Virtual WAN overlays may also be deployed to extend micro-segmentation of specific application traffic from the data center across the WAN to help maintain security compliance mandates.

WAN Hardening: Each WAN overlay is secured edge-to- edge via 256-bit AES encrypted tunnels. No unauthorized outside traffic can enter the branch. With the option to deploy the solution directly onto the Internet, WAN hardening secures branch offices without the appliance sprawl and operating costs of deploying and managing dedicated firewalls.

Application Visibility and Control: The SD WAN device identifies applications on the first packet to deliver SaaS and trusted web application traffic directly to the Internet while directing unknown or suspicious traffic to the data center firewall or IDS/ IPS. First packet application identification is especially important when branches are deployed behind Network Address Translation (NAT); the correct path must be selected based on the first packet to avoid session interruption.

Internet Breakout: Intelligently steer trusted Internet bound application traffic from the branch directly to the Internet, eliminating inefficient backhaul of all HTTP traffic to the data center. First

packet application identification directs other applications and unknown traffic to corporate security firewall and IDS/IPS services.

Stateful Firewall: An extension of WAN hardening, stateful firewall integrated with the SD WAN device ensures no unauthorized outside traffic can enter the branch, but branch-initiated sessions are allowed enabling secure Internet Breakout.

Routing: The solution supports standard Layer 2 and Layer 3 open networking protocols such as VLAN (802.1Q), LAG (802.3ad), IPv4 and IPv6 forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP (version 4).

Cloud Intelligence: Real-time updates on the best performing path to reach hundreds of Software-as-a- Service (SaaS) applications, ensuring users connect to those applications in the fastest, most intelligent way available.