By Marc Ferranti, Network World
Zwanger-Pesiri Radiology's journey from MPLS to SD-WAN networking began last spring when Joseph Funaro sat down to review carrier contracts that were up for renewal and realized that he could not only save his company money, but also improve network resiliency and his users' application experience.
With 24 outpatient radiology clinics throughout the greater New York metro area requesting or transmitting a terabyte of imaging records a day and requiring access to more than 1.2 petabytes of stored patient data, Zwanger-Pesiri, the largest outpatient medical imaging center in the country by volume, depends on its WAN to provide timely, effective patient service.
What's more, with plans for rapid expansion, the company could no longer tolerate the link brownouts, inadequate resiliency and poor bandwidth-for-the-price of its MPLS-based WAN.
Zwanger-Pesiri was paying about $3,800 a month for MPLS at each of its locations, with the cheapest link priced at about $2,200 for single 100Mbps connections.
Meanwhile, Funaro had been reading up on SD-WAN. After resigning as Zwanger-Pesiri’s CIO in 2015, he had been lured back to head up a number of projects including a review of its network architecture. Rather than renewing the contracts for MPLS, Funaro decided to take action and go in a different direction.
SD-WAN can be a negotiating tool in carrier deals
"We sent out an RFP to four or five carriers with a caveat, and that was that we were moving to SD-WAN, that we were no longer interested in these expensive MPLS connections, and that we were gonna mange the conditioning and everything on our lines ourselves – and this is the future and your days of holding us hostage on your MPLS connections are over," Funaro says.
The reaction? "Everyone balked and laughed," Funaro recalls.
But not for long. Funaro had for some time been familiar with WAN optimization technology from Silver Peak, had studied up on the company's SD-WAN offerings, and was convinced that software-defined networking was the way to go, not just for the potential cost savings, but also to support a shift in the type of applications being used outside of the branch-to-branch WAN connections.
"When I first became CIO about five years ago I would say maybe one or two percent of the applications that we used internally came from a cloud or web-based provider," Funaro says. "Today probably about 25 percent of the applications that we use are coming from web-based providers."
SD-WAN's flexibility is a big benefit
Funaro (left) believed that by re-architecting the network and using SD-WAN, he could give his users a better experience with applications. By replacing the expensive MPLS connections, he could use the money saved to get better bandwidth for applications for SaaS applications, while using SD-WAN to reduce latency on WAN traffic. SD-WAN provides dynamic connectivity optimization and path selection, through a policy-driven, centrally managed, distributed network architecture.
"I think of SD WAN as not a connectivity technology per se but a software-defined overlay – a control and management architecture that enables the underlying technologies to be used more in a more efficient and dynamic manner," says IDC analyst Rohit Mehra. SD-WAN supports multiple connection types.
All of this appealed to Funaro, though he faced challenges. "The difficult part there was that there was a lot of engineering involved, and convincing people that what I had in my head was possible," Funaro says.
The turning point came during a proof-of-concept test with Silver Peak, when network performance via SD-WAN over generic cable modems bettered the MPLS connections. "After that it was a no-brainer," Funaro says. "I felt that I was empowered over my network, and the carrier couldn't hold me hostage."
By moving to SD-WAN, Joseph Funaro saved Zwanger-Pesiri Radiology money and improved application performance.
The SD-WAN technology became a negotiating tool, and Zwanger-Pesiri ended up with a carrier contract that saved the company $1.2 million over five years – a cost saving of about 37 percent. Meanwhile, the company inked a three-year deal with Silver Peak for SD-WAN technology that cost $270,000. Essentially, the savings on carrier costs not only paid for the SD-WAN technology, but put Zwanger-Pesiri ahead financially on the whole technology shift.
Zwanger-Pesiri ended up using Silver Peak's Unity EdgeConnect SD-WAN virtual appliances. The technology comes with the Unity Orchestrator, which centrally automates assignment of business intent policies across multiple branches. It also provides application and network statistics, monitoring performance of throughput, loss, latency and packet ordering for all network paths. The information gathered by the monitoring features can be used to tweak the routing algorithms when necessary.
For less money than it was paying its carrier for single 100Mbps MPLS links, Zwanger-Pesiri now gets redundant 500Mbps broadband connections at each branch, with service contracts that guarantee bandwidth. The broadband cabling terminates directly into a firewall at each branch. Larger or more critical branches have an high-availability design, with multiple, redundant firewalls. In these cases the broadband cabling terminates into a switch placed in front of the firewalls. The company plans to eventually roll out the HA design to all branches.
At each branch, Zwanger-Pesiri runs Silver Peak’s Unity EdgeConnect as a virtual appliance on VMWare on a Dell PowerEdge VRTX server. Each branch also has a Dell Networking N3048 Switch and one or more Fortinet FortiGate firewalls. When a user at a branch office needs to transmit or request something from another branch, traffic from the user’s client device hits the N3048 switch, is routed to the VRTX server and Silver Peak’s Unity EdgeConnect SD-WAN virtual appliance. Unity EdgeConnect determines the best path to the end destination, and sends out the packets to the FortiGate firewall and then over VPN to wherever it needs go on the WAN.
In addition, with the re-engineered network, performance of SaaS applications hosted outside the WAN is better than it used to be. Traffic at the company’s branches that is destined for SaaS applications on the public internet hits the Dell N3048 switch, and is routed directly to the FortiGate firewall, bypassing the VRTX server and the SD-WAN technology, and out to the internet via the new 500Mbps connections, which replace the old 100Mbps MPLS connections.
In addition to the redundant internet connections and firewalls, redundancy is built into the network design to handle a failure of the Dell VRTX server. If the server goes down, traffic can still go out on the WAN: in this case, the Dell switch, using iBGP, routes the WAN-destined traffic directly to the FortiGate firewall, which uses IPsec for the VPN and OSPF for routing. Though in this case the packets sent over the WAN won’t take advantage of the Silver Peak technology, they will get to where they need to go until the server is back up and running.
Using SD-WAN to lay a path for growth
SD-WAN makes it easier for Zwanger-Pesiri to set up new offices. When technicians come in to set up imaging equipment, they need internet connections to test alert features and call-home capabilities. Now, they can come in to a new office even before the 500Mbps carrier connections are set up and connect the equipment to the SD-WAN wirelessly via LTE cards. This gives the company more flexibility in scheduling, allowing it to avoid the confusion of having multiple crews working on different parts of the office setup at once.
Though Zwanger-Pesiri's move to SD-WAN has cut costs, the flexibility of SD-WAN is ultimately what is driving most users to the technology. "Our surveys have shown that cost savings is not a primary driver – it's more the agility, the flexibility and the ability to really enhance the user experience that’s driving the move to SD-WAN," says IDC's Mehra. "SD-WAN is being embraced at a very rapid pace because architecturally so much change is happening, but it needs to be done in a balanced manner."
Zwanger-Pesiri is getting rid of MPLS entirely, but more often than not, SD-WAN supplements, rather than replaces MPLS, Mehra says, and is used to improve users' experience with cloud applications. Though SD-WAN's algorithmic routing capabilities can reduce latency on the public internet, global enterprises are not likely to use it for their most geographically dispersed offices.
The appeal of SD WAN is great, though, and IDC estimates that worldwide SD-WAN infrastructure and services revenues will experience a compound annual growth rate of 69.6 percent, reaching $8.05 billion in 2021.