I consider these forms of possible lock-in for SD-WAN
- Vendor Lockin
- MSP Lockin
- Technology Lockin
- Interconnection / B2B Networking
Lock-in is a given, its a question of which lock-in you choose and how you get out it if you have to.
Today, all SDWAN solutions are loosely based on the same open source technologies but bundled together using proprietary operations.
From a technology perspective, the SDWAN lockin is NOT the devices or the protocols between them. The real lockin is the SDWAN controller.
SDWAN management software for WAN operations is very sticky for day two operations. Your run books have been created, help desk operators trained and executives expectations have been set – now its hard to change and thats lockin.
For any SDN solution, the lockin has moved to the controller. The devices can always be replaced but the migration to a new controller is the pain point.
SDWAN is an edge technology where the devices on your sites are the only vendors complement. This is the best lockin.
Due to overlay networking:
- There is not dependency with the telco circuits.
- You can start deploying a new SDWAN alongside the legacy deployment. No interoperability is necessary.
- You will be operating two SDN platforms for a while but thats easier than attempting to integrate two vendors routing protocols that are unpredictable in operation without advanced skills.
- SDWAN using a central controller with ZTP, asset management etc will provide support for installing and de-commissioning reducing the migration work.
At time of writing, implementing SDWAN will create substantial savings.
Managed Service Provider Lockin
The worst possible SDWAN lockin in my view. The MSP owns the circuits, the equipment and the operational platform.
- Any move to a new strategy requires changing all aspects of the networks
- The MSP likely owns the equipment and you will be forced to replace the hardware at contract termination
- The MSP will terminate the circuits at contract expiration or charge penalty fees for short terms overruns.
- You probably reduced head count when you outsourced to the MSP and lack the skills to take it back.
- IT Leadership will lack experience to make informed decisions about networking after abrogating the responsibility to a third party.
It will take a massive effort to take over ownership of the circuits or install new services before contract termination. Your MSP will be unprepared to help you leave them.
MSP operated SDWAN controllers are likely not transferable. MSPs will have a custom software version for MSP operations. Devices may also have proprietary images to remove features and functions according to their equipment.
The most common way out of locking requires a full lift-and-shift including telco circuits, edge devices and building a team that can deploy and operate it.
Interconnection / B2B Networking
Many corporate networks connect over the Public WAN (internet) to share data using IPsec VPNs. These B2B services are not part of the SDWAN today.
Given that SDWAN vendors already use a version IPsec/TLS for encryption it is reasonable to assume that standards based IPsec will be a standard feature. Its likely too difficult to implement today because of poor vendor interoperability and the extensive variety of proprietary extensions added.
The Cost of Lockin
Lets talk money. The cost savings of SDWAN compared to traditional routed network with standalone, isolated edge devices is substantial. Cheaper WAN circuits, modern devices and improved deployment and operations.
When lock-in is balanced against substantial cost reductions, lock-in isn’t the issue. Take the lock-in, reduce costs and solve the lock-in next time.
Having an MSP makes changing difficult and expensive. Owning a SDWAN is much simpler than a router WAN, making it cheaper in the short term. Its also cheaper when the time comes to switch solutions in a few years.
You don’t do SDWAN once, its something you will do a few times in the next decade. Buy cheap, implement it quickly, and get ready to replace it.