Enterprises looking to make their networks more cost-efficient and cloud-ready are adopting SD-WAN at a remarkable rate. Where traditional Wide Area Network (WAN) architectures can be static and onerous to configure, the software-defined evolution of the WAN is better suited to deliver quality digital experiences to employees. This article addresses how to enhance network visibility and application performance with SD-WAN.

This article was originally published by ThousandEyes.


The problem with introducing new employee work patterns and locations into the mix can compound SD-WAN configuration challenges. Similarly compounding are company acquisitions, which are on the rise, because IT teams must integrate the acquired business’ infrastructure into the larger enterprise.

To make the most of an SD-WAN offering, your team needs proper setup and dependency maintenance. And to simplify and streamline those processes, IT must monitor intelligently to de-risk its SD-WAN rollout and guarantee improved performance for hybrid workers.

Rise of Telecommuting

In the not-too-distant past, most employees began their workday with the physical task of arriving at a centralized office and logging onto their on-prem network computer to access business resources. However, according to Cisco’s new Hybrid Work Index, most employees will no longer continue this routine, with 81 percent preferring instead to work remotely three or more days a week moving forward.

The rise of telecommuting from a highly distributed workforce has accelerated cloud and SaaS adoption trends for essential work. This transformation has dramatically expanded bandwidth consumption for the enterprise network as it accommodates the growth in traffic to third-party digital services.

While some organizations backhaul employee and branch office traffic to regional data centers or headquarters, this approach can affect the performance of SaaS applications depending on where facilities are in relation to the SaaS provider’s edge. So, employees may experience noticeable delays when using SaaS productivity apps or real-time collaboration tools.

ITOps is also limited by traditional WANs’ inability to respond to a company’s changing needs, from geographic expansion to scale to flexibility.

Which Path

Others are rolling out SD-WAN to connect end users to business-critical applications via direct Internet access (DIA) and optimize interconnection with multi-cloud infrastructures. Yet, despite its many growth and resilience advantages, enterprises undergoing WAN modernization often find themselves challenged by how to maximize SD-WAN’s value before and after setup. One challenge stems from a lack of visibility into SD-WAN underlay performance and a limited understanding of the broader Internet context.

SD-WAN achieves its flexibility through a fabric of dynamically configurable tunnels. With tunneled connections, however, the underlying network path is hidden. Therefore, in designing and optimizing SD-WAN networks, businesses need to understand exactly how the transit providers that SD-WAN is built on are performing. That is why underlay visibility is so game-changing. It allows businesses to see the actual network path that makes up a particular tunneled connection.

Figure 1. SD-WAN monitoring needs for cloud, SaaS, and internal applications

Best Effort

SD-WAN’s enhanced flexibility and intelligence unlock many network architecture opportunities. This abundance is overall a good thing, but it introduces new challenges. For starters, increased dependence on the Internet obscures an organization’s view of its end-to-end environment. And ITOps often lacks critical visibility that allows them to baseline, test, and predict app performance with SD-WAN. As such, what typically results during rollout is a “best-effort” project that does not gauge by the numbers whether performance improved.

Limited visibility into the SD-WAN tunnel/overlay and lack of visibility into all the dependencies in the Internet transit underlay can hamper problem domain isolation. Delays in finding the troubled connection propagate even more delays in resolving the issue. Moreover, if the troubled domain sits within a third-party provider’s network—a likelihood with SD-WAN—there is a whole escalation process that IT must clear before productivity continues for employees.

All About the Application

One of the primary goals of SD-WAN is to give IT and network teams the ability to tailor their enterprise network architecture to optimize the delivery of applications to end users. Those teams that can understand the impact of various SD-WAN configurations on the performance of their applications are well-positioned to deliver great digital experiences to end-users. That is why ThousandEyes enables you to run synthetic application layer tests in parallel with network monitoring. Doing so allows network and IT teams to get concrete visibility to the performance of application metrics, including Page Load, Server Response, SSL connection, DNS lookups, and connection times.

By combining network visibility with application performance visibility, businesses can truly start focusing on how SD-WAN can maximize their end users’ digital experience. They can do this by proactively baselining performance, setting application KPIs, and selecting the best vendors and sites for the SD-WAN rollout based on what applications will be delivered over the network.

Bi-Directional Insights

But not all monitoring solutions are created equal. Cisco ThousandEyes is the leading provider of visibility into end-to-end network performance and throughput inside the VPN tunnel—meaning overlay plus underlay insights are available with the ThousandEyes platform.

ThousandEyes enables you to set up your SD-WAN architectures at pilot sites and data centers using Enterprise Agents, which helps decide branch readiness for DIA. You can then use ThousandEyes’ pre-deployed Cloud Agents to monitor ISP connectivity and health and connectivity to critical SaaS app networks. Using both vantage points, you can track bi-directional end-to-end throughput, which allows you to compare routing between SD-WAN VPN and MPLS paths.

With our cloud and internet intelligence, you can ensure over any network the reachability and availability of business-critical SaaS, internally hosted apps, and cloud-based services. Monitor and validate the performance of web apps with ThousandEyes so you can find and resolve issues down to the hop and optimize the digital experiences of your hybrid workforce.

Are you looking to validate control and management plane connectivity for components of your secure access service edge (SASE)? ThousandEyes enables you to do so while optimizing their influence on application performance.

De-Risked Rollout

A leading medical coverage provider to one in eight Americans recently began using ThousandEyes for its strategic digital experience initiatives. While migrating 200 applications to AWS Public cloud and deploying SD-WAN Viptela, the health benefits company used ThousandEyes to reduce MPLS provider costs and allow direct internet access for SaaS applications like Microsoft 365 and Salesforce.

By working with ThousandEyes network intelligence, this customer de-risked its SD-WAN rollout by proactively measuring and monitoring SD-WAN overlay performance and routing policy validation to identify issues fast. Therefore, with lower MTTI, the company achieved swift resolutions to problems before employees noticed them.

Furthermore, this customer met its performance gains by using ThousandEyes’ quantifiable and objective data to ensure its rollout process. Enriched with patented algorithms and innovations, ThousandEyes data guides actions and eases third-party collaborations—optimizing the experience for your employees, no matter where or when they are working.

Radiostud.io Staff

About the author

Showcasing and curating a knowledge base of tech use cases from across the web.

TechForCXO Weekly Newsletter
TechForCXO Weekly Newsletter

TechForCXO - Our Newsletter Delivering Technology Use Case Insights Every Two Weeks

>