Software-defined wide area networks (SD-WAN) and secure access service edge (SASE) architectures are growing in popularity. And for good reason.
Leveraging SD-WAN’s software-based architecture, SASE delivers security controls as a cloud service rather than from enterprise data centers. SASE provides scalable and low-latency security for distributed WAN access, such as by remote workers, branch offices, and cloud applications and data. It also enables security policies to be set, updated and enforced centrally, regardless of the user’s location.
With SASE, end users have an improved quality of experience with single-sign-on access based on digital identity (zero-trust policy) and real-time context, not only by location and IP address. Enterprises benefit from data loss protection, compliance with company policies and government privacy and security laws (e.g., Europe’s General Data Protection Regulation), advanced security protection and threat detection capabilities.
It's no wonder enterprises are eagerly exploring how SASE can support next-gen networking strategies.
SD-WAN and SASE increase MSP complexity
While SD-WAN and SASE simplify networking and security for enterprises, managed service providers (MSPs) are faced with the increased complexity of management and configuration across multivendor devices, multiple network domains and virtual network functions (VNFs), controllers, gateways and firewalls in a hybrid cloud environment. To meet varying market needs and price points, MSPs will typically offer enterprise customers a mix of SD-WAN and SASE vendor solutions.
The complexity of this multi-vendor, multi-domain, hybrid environment provides challenges to MSPs, such as the need to:
Integrate and correlate operational data across isolated domains and up the L1-7 stack to provide end-to-end views of performance.
Have e2e visibility of network and security policies with all cross-dependencies on multiple layers through correlation reporting
Provide performance and functional monitoring with integrated root cause analysis to isolate problems and their sources.
Reduce costly manual test configuration and monitoring of each vendor device and the many configurations (one person can execute 2-3 tests per day.)
Next-generation end-to-end testing for a holistic view
As a result, MSPs are moving from niche product testing of specific domains and vendor devices to integrated solutions that test domains end-to-end and vertical layers across physical, virtual, and cloud environments. These next-generation solutions test and validate performance, security and applications at scale. By generating encrypted and non-encrypted real-world traffic and attack scenarios, they can stress test the network and push security and application policies to their limits.
Based on our extensive experience testing networks around the world, we advise MSPs to test across the entire lifecycle, from design tests to lab tests that include full mirroring and emulation of live network and payloads to the use of active test agents in the live production environment. This ensures expected performance and service levels before going live, as well as in real time as enterprises or MSPs make configuration changes in the production network.
For SASE and SD-WAN, Spirent recommends that MSPs:
Test the SASE, SD-WAN network functionality up to the application layer to provide a comprehensive measure of the customer’s experience. SD-WAN test cases should target conformance and performance; SASE test cases should target security and applications, such as data loss, policy and firewall rules and their impact on the cloud.
Create end-to-end test scenarios to assess network vulnerabilities, total latency, etc.
Emulate live network and cloud payloads and run performance and functional assurance tests using test agents to segment and isolate problems and determine root cause. Traffic load stress tests are also essential.
Automate the creation of individual test scripts based on configurations and automatically execute a series of tests that run through a set of parameters.
Comprehensive testing of SASE and SD-WAN products in the lab and live network ensures MSPs that the products work individually as designed but also provide expected capabilities and Quality of Service in a multi-vendor, multi-domain environment, including the public cloud.
For more details on how to deploy, onboard, actively test and assure cloud and virtualized networks, please read our eBook on testing SASE and SD-WAN.