AI is set to make its mark on SD-WAN technology. For starters, generative AI capabilities will improve how enterprise IT teams deploy and manage their SD-WAN architecture. In addition, AI workloads have distinctive requirements that will influence SD-WAN connectivity choices.
SD-WAN – which stands for software-defined wide area network – has been around for a decade, pitched to enterprises as a way to cut costs and improve WAN flexibility. The technology lets organizations steer traffic across multiple WAN links, such as broadband, MPLS, or cellular WAN links, to provide secure, high-quality connectivity to campus, branch, and edge locations. By abstracting the underlay data plane from the management and control plane, SD-WAN enables organizations to send traffic directly from various locations to cloud-based resources without having to first route it through a centralized enterprise data center.
Recent research from IDC digs into how SD-WAN will evolve with the integration of AI and machine learning capabilities to provide more advanced automation, management, and security functionality. With AI-driven network management and optimization capabilities, enterprises will be able to prioritize traffic and application performance based on user needs and business requirements, according to IDC. If network performance issues arise, SD-WAN users can identify and remediate those issues faster through advanced, AI-enhanced automation.
“There are two aspects to how AI will impact SD-WAN products. The first is how AI will be used to improve the management of SD-WAN,” says Brandon Butler, senior research manager, enterprise networks, at IDC. “An example of this is in the area of analyzing real-time network telemetry data to improve network performance as well as user and application experiences. For example, AI-powered capabilities can monitor user and application traffic flows in real time and dynamically optimize WAN path selection.”
The second way in which AI will impact SD-WAN relates to how it enables more efficient connectivity for AI workloads running on the WAN, Butler explains. “As organizations increasingly use AI applications, traffic flows and patterns will change compared to traditional applications. AI, and particularly genAI workloads, have a variety of different characteristics compared to traditional applications. For example, high amounts of both downlink and uplink traffic, ‘bursty’ workloads, and in some cases, the need for real-time delivery of data across a distributed AI engine,” he says. “SD-WAN offerings are increasingly able to automatically recognize AI applications and ensure optimal connectivity between edge devices and AI workloads.”
Other automated capabilities include zero-touch provisioning that accelerates the deployment of large numbers of SD-WAN sites. “Advanced troubleshooting capabilities can speed the identification of SD-WAN performance problems or security incidents and provide guided or automated remediation,” Butler adds.
SD-WAN, security, and SASE
As SD-WAN technology continues to mature with such advanced features, it will also play a pivotal role in enterprise organizations’ secure access service edge (SASE) strategies going forward, according to Butler. Integration of security features within SD-WAN platforms will also be a major focus this year as organizations work to enhance network protections.
“The newest innovations in integrated SD-WAN security capabilities include data loss prevention (DLP) capabilities targeted at GenAI workloads; in these use cases, the DLP system can ensure no sensitive company data exfiltrates over the SD-WAN to an AI’s large language model (LLM),” Butler explains.
IDC projects that many organizations will continue to leverage SD-WAN as a base for implementing SASE, utilizing its network optimization capabilities to deliver secure connectivity to cloud applications and services. While the SD-WAN and SASE markets continue to converge, Butler says enterprises should evaluate the natively integrated security capabilities offered by SD-WAN vendors, which include intrusion detection and prevention systems (IDS/IPS), next-generation firewall (NGFW), and content/web/URL filtering.
Depending on the SD-WAN provider, enterprises might need to explore secure services edge (SSE) as well as SASE in combination with their SD-WAN investment. Enterprises must also examine the continued maturation of SASE architectures, which combine SD-WAN with cloud-based security tools, such as secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA).
IDC survey data shows a strong preference among SD-WAN users or prospective users for single-vendor SASE architectures. In a May 2024 survey of 768 respondents, IDC found that 73% of respondents who are using or planning to use a SASE architecture prefer to use the same vendor for SD-WAN and security solutions.
“SD-WAN customers can work with their existing SD-WAN vendor to deploy a SASE architecture or use a multi-vendor approach,” Butler says. “Customers should evaluate their specific needs when it comes to single or multi-vendor SASE, taking into consideration existing deployments/relationships, use cases, and specific features/functionality that are important to them.”
Source:: Network World