The implementation of Software-Defined Wide Area Networks (SD-WANs) boosts enterprise operational efficiency, saves money, and enhances security. These impacts are so significant that they’re sometimes visible on a national scale. According to The Transformative Impact of SD-WAN on Society and Global Development article from the International Journal for Multidisciplinary Research, the technology’s implementation can result in a 1.38% increase in GDP for developing countries. At the company level, the effects are even more pronounced. For example, in modern, deeply digitized industrial manufacturing, it can reduce unplanned downtime by 25%.

Furthermore, SD-WAN implementation projects not only offer a fast return on investment, but also continue to deliver additional benefits and increased efficiency as the solution receives updates, and new versions are released. To demonstrate this, we present the new Kaspersky SD-WAN 2.5 and its most compelling features.

Optimized traffic rerouting algorithms

This is a classic SD-WAN feature, and one of the technology’s primary competitive advantages. Traffic routing depends on the nature and location of the business application, but it also considers current priorities and network conditions: in some cases, reliability is paramount; in others, speed or low latency is key. The new version of Kaspersky SD-WAN improves the algorithm, and factors in detailed data about traffic loss on every possible path. This ensures the stable operation of critical services across geographically distributed networks — for example, by reducing issues with large-scale, nationwide video conferences. Crucially, this increase in reliability is accompanied by a reduced workload on network engineers and support staff, as the route adaptation process is fully automated.

Conditional DNS forwarding

This feature optimizes the speed of domain name resolution, and helps maintain security policies for different types of applications. For example, requests related to MS Office cloud infrastructure will be forwarded directly from the local office to Microsoft’s CDN, while internal network server names will be resolved through the corporate DNS server. This approach significantly improves the speed of establishing connections, and eliminates the need for manual configuration of routers in every office. Instead, a single, unified policy is sufficient for the entire network.

Scheduled CPE configuration changes

Any large-scale network reconfiguration increases the risk of interruptions and outages — even if brief. To ensure such an event doesn’t disrupt critical business processes, any policy change within Kaspersky SD-WAN can be scheduled for a specific time. Want to change the router settings in a hundred offices simultaneously? Schedule the change for 02:00 local time or Saturday morning. This eliminates the need for regional IT staff to be physically present during the deployment.

Simplified BGP and OSPF debugging

Analysis of BGP routing can now be done entirely through the orchestrator’s graphical interface. Did a routing loop suddenly appear somewhere between the Milan and Paris offices? Instead of logging into the equipment in each office and all intermediary nodes via SSH, you can now identify and resolve the issue through a single interface — significantly reducing downtime.

Easy CPE replacement

If the network equipment in an office needs to be replaced, you can now preserve all existing settings when swapping it out. The technician in the office simply plugs in the new CPE unit, and the Kaspersky SD-WAN orchestrator automatically restores all policies and tunnels on it. This offers several immediate benefits: it significantly reduces downtime; the replacement can be performed by a technician without deep expert knowledge of network protocols; and it substantially reduces the probability of additional failures caused by manual configuration errors.

LTE diagnostics

While often the fastest and most cost-effective corporate communication channel to deploy, LTE comes with a drawback: instability. Both cellular coverage and operational speed can fluctuate frequently, requiring network engineers to take action — such as relocating the CPE to an area with better reception. Now, you can make these decisions with diagnostic data collected directly within the orchestrator. It displays the service parameters of connected LTE devices, including the signal strength level.

Handling power failures

For companies with the most stringent requirements for fault tolerance and recovery time, specialized CPE variants equipped with a small built-in power source are available by special order. In the event of a power failure, the CPE will be able to send detailed data about the failure type to the orchestrator. This gives administrators time to investigate the cause so they can resolve the issue much faster.

 

These are just some of the innovations in Kaspersky SD-WAN. Others include the ability to configure security policies for connections to the CPE console port, and support for large-scale networks with 2000+ CPEs and load balancing across multiple orchestrators. To learn more about how all these new features increase the value of SD-WAN for your organization, our experts are available to provide a personalized demo. The solution is available in select regions.

Kaspersky official blog – ​Read More