In the 90s, companies that had difficulty establishing a Wide Area Network due to lack of resources dramatically benefited from Virtual Private Networks or VPNs. VPN connected remote gateways in a cost-efficient manner, becoming a corporate staple for WAN architectures for many years.
With the emergence of Multi-protocol Label Switching (MPLS), VPN received less favor, particularly since the reliable connectivity offered by the new technology trumped that of VPNs. It wasn’t until MPLS was proven to have complex management that VPN regained favor with customers. Global connectivity became a specialty of VPNs, making it a top choice for businesses worldwide.
However, VPN is again on the verge of losing ground as network technology continues to evolve. Software-defined wide area network or SD-WAN has become the new trend in network solutions.
About two decades ago, VPN became a buzzword in the IT and corporate industries, defining the standards for secure connectivity over public internet. However, emergence of new technologies and a changing network requirements are making many older WAN technologies obsolete. The key change factors include:
Internet today is more prolific and has increased capacity, reducing bandwidth cost.
The processing power of various edge routing devices has increased exponentially. Encryption costs no longer present a roadblock to more extensive bandwidth encryption.
Enterprise software services are being massively migrated from private networks to cloud based service. For example, Google Drive, Dropbox, and Amazon Web Services can all be accessed, monitored, and configured anywhere and anytime, even via mobile phones.
Cloud-based SD-WAN technology fits better in the modern networking landscape.
SD-WAN and VPNs are designed to achieve the same goal in very different ways. Both are overlay networks for encrypted connections with the option to add on security functionality. Some of the major differences between the two options include:
Let us look at 5 key areas where SD-WAN outperforms VPN as a modern WAN solution.
VPNs tied to public internet inevitably depend on the performance of the connection. Latency is a standing issue with the internet, which is typically caused by geographically distant routing. Traffic congestion over the network also affects how VPN-based WANs perform.
In SD-WAN, these concerns are a non-issue because SD-WAN is optimized for high performance, thanks to many features like QoS, dynamic path selection, and application-aware routing. It can route business-critical processes to vendor’s global private backbone, performing better than VPN over long distances.
Both solutions enable access to cheap public Internet bandwidth. In small deployments, VPN can be an inexpensive solution for a few sites and simple WAN topology. For example, a simple site-to-site connection can be achieved using commodity servers and open source software.
However, as companies grow (i.e., adding multinational branches, remote workers, etc.), scaling VPN networks is inefficient. The complexity and bottlenecks created by the scaling VPN-based networks can outweigh upfront cost savings by a wide margin.
SD-WAN, on the other hand, simplifies routing and is integrated with WAN optimization, making it inherently more cost-effective for multinational enterprises.
VPNs are commonly set up by skilled network engineers because it requires extensive manual work. Scaling VPN and configuring the IPSec, Internet Key Exchange (IKE), NAT-T, and other technical parameters takes time and expertise.
With SD-WAN, companies can scale the network automatically, allowing policy-based configurations to streamline WAN solutions and reduce latency significantly. It’s much faster to implement SD-WAN, and easy to adopt additional features, whether built-in or from third-party providers.
As a business grows and new sites are added to WAN, network management complexity increases. However, it’s doubly cumbersome for VPN-based infrastructure since acquisitions and mergers would mean adding and configuring new VPN tunnels manually. Maintaining a VPN is a time-consuming process, which also calls for an investment of resources.
On the other hand, the SD-WAN design is convenient to monitor and maintain due to its centralized control function. Since it offers high visibility on the applications and users interacting on the network, it becomes easier to spot and resolve issues at run-time.
Both SD-WAN and VPN are lacking Service Level Agreements (SLAs) with the public internet. However, many SD-WAN vendors offer reliability and predictable service for their customers via coordination with several network providers. They establish SLA-backed network infrastructure to give connectivity that is comparable to the reliability of MPLS minus the exorbitant fees.
Yes, as part of an integrated solution, both SD-WAN and VPN can be used to enhance the Quality of Experience (QoE) for end-users. Since SD-WAN uses LTE/4G and the public internet as transport mediums, VPN can be leveraged to anonymize traffic on these circuits. VPN can be one of the many route options configured into the SD-WAN.
As more companies shift to cloud services, improving network efficiency has become imperative. Relying exclusively on VPN might be impractical given the current landscape, but also deploying SD-WAN on its own can block opportunities to maximize network capabilities.
The smarter approach to digital transformation would be to use technologies in parallel and determine which hybrid setup works best for the company. There should be alternative routes for data transport and business processes, ensuring that the delivery of services is efficient. Industries emphasize client-centricity more than ever, which means that it’s crucial to shaping the business in a way that yields the best customer satisfaction.