In the world of managed services, standing out means staying ahead. For Managed Service Providers looking to offer more than just a service – aiming to become a trusted advisor for their clients – the adoption of an SD-WAN solution is not just innovative; it’s imperative. Bigleaf Networks’ SD-WAN is more than a solution; it’s a partnership that propels both providers and their clients towards success.

A Transformative Leap: Why SD-WAN Matters for Service Providers

Gone are the days when traditional WAN could meet all the needs of growing businesses. In the fast-paced digital arena, Managed Technology Service Providers require a network solution that’s as agile and adaptable as the companies they support. Bigleaf’s SD-WAN is that evolutionary leap forward, ensuring that you can offer a network that bends without breaking.

Tailored Benefits: Bigleaf’s SD-WAN for Your Portfolio

When Technology Service Providers integrate Bigleaf’s SD-WAN into their offerings, they unlock a suite of advantages: improved bandwidth, enhanced application performance, and the agility to meet the demands of any client network environment. It’s the tool that turns complexity into simplicity, and challenges into opportunities.

Success in Action: Bigleaf’s SD-WAN Solution at Work

Real-world impact trumps all. Whether it’s streamlining operations across multiple client sites or seamlessly integrating cloud services, IT Service Management Companies empowered by Bigleaf’s SD-WAN aren’t just meeting expectations; they’re exceeding them. Through our success stories, witness the transformative effects of SD-WAN in the managed services realm.

Standout Features That Give You the Edge

What makes Bigleaf’s SD-WAN a game-changer for MSPs? Consider these key features and benefits:

• Dynamic QoS: Prioritize critical applications and ensure optimal performance across the network.
• Unparalleled IP Failover: Maintain continuous connectivity even in the event of a primary link failure.
• Insightful Traffic Intelligence: Gain valuable insights into network traffic patterns to optimize performance and security.
• Zero-Touch Installation: Seamlessly integrate our SD-WAN solution into existing networks with minimal disruption.
• Scalability and Flexibility: Adapt to changing business needs and scale your network infrastructure effortlessly.

This isn’t just technology; it’s the foundation for next-level managed services.

Effortless Integration: Bigleaf’s Promise to Partners

Offering an SD-WAN solution should be as smooth as the network it provides. That’s why Bigleaf’s zero-touch installation is a breath of fresh air. No disruptions, no downtime – just a sleek, efficient transition that adds immediate value to your services.

Fostering Growth: Bigleaf & MSPs Together

For Managed Service Providers, choosing Bigleaf’s SD-WAN is an investment in growth. It’s the decision to not just keep pace with the future but to define it. With Bigleaf, you’re not just adapting to change; you’re driving it.

In Conclusion: Elevating Managed Services

As MSPs, you are the navigators of the business technology landscape, and in a world wired for speed, your choice of networking solution can make all the difference. With Bigleaf’s SD-WAN, watch your offerings, and your clients’ businesses, soar.

The Invitation: Transform Your Managed Services as a Bigleaf Partner

Eager to expand your managed services with a robust SD-WAN solution? Discover the full potential of what you can offer with Bigleaf. Learn more here or reach out to see our SD-WAN in action. Your strategic advantage is just a conversation away.

Become a Partner Today

“My firewall can do that.”

That’s a phrase we often hear from IT professionals when we talk about Bigleaf. 

If you’re referring to basic security and disaster recovery, it might be true, in part. After all, firewalls have been the first line of defense in a network for over a quarter-century. A mature network should have a built-in firewall to ensure a certain level of security and many do that also provide a level of redundant connectivity. 

Your setup may look like Stage 1 of the Internet Maturity Model: where you have a dual-wan firewall that allows you to have a second internet connection that can be activated when your primary connection goes down. When your primary connection fails, your business traffic needs to be moved, either manually or automatically, to the backup circuit. 

Seasoned IT pros can spend hours ensuring layers of redundancy are in place, as well as create Quality of Service rules that play nice with existing firewalls and add a level of application performance management. Rudimentary failover strategies, backup circuits, and QoS configurations like those are better than nothing. However, they can come with a variety of weaknesses which we’ll cover below. 

Check out this head-to-head comparison of your standard firewall vs. integrating Bigleaf into your tech stack alongside your existing firewall.

Firewall Limitations & Strengths

Your trusted firewall is important as it provides security and can provide the level of compliance you need. Some also help with connectivity. We’re not here to argue the security point. Instead, we want to make the case that Bigleaf allows organizations to achieve better connectivity and cloud application performance than firewalls.   

Your firewall – whether a Stateful Inspection, UTM, or an NGFW – or your amalgam of them needs to do more than just keep you compliant. They need to be a part of your infrastructure that keeps your business running smoothly in today’s digital landscape (where the cost of downtime & unusable uptime are rising to levels SMBs can’t afford while remaining competitive).

Round 1: Failover

Referencing Stage 1 of the Internet Maturity Model and tying into Round 1, when failover does happen, reconnecting all your business’ IP-specific internet traffic to the backup circuit is not instant. Your firewall can take seconds to minutes to failover. We’ve seen times ranging between 45 seconds to 8 minutes and some require a manual switch. However long it takes, performance is compromised, focus is lost. In the case of real-time VoIP calls, which drop the instant the connection drops, work completely stops. 

Basic Failover only provides support during outages; when the Internet is completely down. However, as seasoned IT professionals know, poor performance, brownouts, smaller outages, and more, disrupt business connectivity more often than complete outages. 

Bigleaf’s Same IP Address Failover seamlessly reroutes all traffic when there are outages and circuit disruptions, constantly keeping every business-critical application working as it should. With Bigleaf, when one of your circuits has any sort of outage, you don’t. Your IP address doesn’t change so your traffic automatically moves to your other circuit. Your VPN, VoIP call, and business-critical apps stay up! 

Yes, Bigleaf saves the call that would otherwise need to be reinitiated. 

Winner: Bigleaf Networks

Round 2: Intelligent Traffic Management

Optimized cloud application performance is traditionally achieved with policies and manual configurations for QoS, traffic flow management across circuits, and failover. While some firewall solutions have tried to make some of this easier with preset selections, there is still a requirement that each policy is manually set. 

Bigleaf’s self-driving AI automatically identifies and prioritizes your application traffic, configures itself to optimize for your circuit conditions and traffic makeup, and instantly adapts to changes in real-time, improving call & video quality and app performance. 

With only a dual-WAN firewall solution in place, even if it advertised SD-WAN capabilities, an IT Manager would need to manually create or set rules for every app they know their users are using. Let’s explain using a real-world example: 

Firewall Only Example 

Given the state of SaaS adoption and different tools that SMBs use nowadays (and because you need to create rules with every app and every user with most dual-WAN firewalls), a company with only 18 employees could need to create over 400  rules for QoS alone. In other words, the simple solution requires more from your IT resources. 

With Bigleaf, circuit monitoring, load balancing, and traffic identification and prioritization happens automatically regardless of how many or what SaaS apps are being used by your team members. 

Winner: Bigleaf Networks

Round 3: Insights 

Lack of awareness of how your internet circuits are performing is a massive threat to an SMBs bottom line. If you don’t know a problem is happening, you can’t fix it. 

We briefly covered Stage 1 of the Internet Maturity Model – where you get a second circuit, plug it into your firewall, learn that an outage has occurred, then manually failover your traffic to the second line. It may seem “good enough” at first glance – it’s simple and low cost. What if we told you the low cost comes at a high one? 

Your firewall may let you know of outages at the time they happen, requiring you to act on the issue at that moment. However, you may not be aware of circuit and traffic performance issues that are consistently happening but seem minor or insignificant in your day-to-day application and internet performance. These issues can go unnoticed and cost you losses in revenue, productivity, user experience, reputation, and more. 

Visibility of your circuit and traffic performance across each of your ISP circuits delivers the insight you need when things change and need attention, and what to do to ensure reliable performance for each of your cloud applications and technologies. When it comes to reporting, Bigleaf edges out. Our Risk Monitoring feature goes above & beyond, taking the aggregate of the health and performance metrics we track and record to isolate critical events that can threaten your business continuity. Each risk alert is designed to give you a clear explanation and path to resolution so it can be resolved.  

Winner: Bigleaf Networks

Champion: Bigleaf by Unanimous Decision

In summary, Bigleaf delivers much more than your firewall in ensuring reliable connectivity and optimal cloud application and Internet performance. We like to say that “having Bigleaf in your network is like having a Network Engineer on staff 24×7, who doesn’t take vacations, need breaks, or is subject to human error.” From Same IP Address Failover and Intelligent Load Balancing to Dynamic QoS and World-Class Support – we’ve got you covered.  

The results indicate that Bigleaf Networks beat your firewall by unanimous decision; but a knockout would be a more accurate conclusion. 

Next time you feel the urge to say, “My Firewall does that,” remember Bigleaf offers:  

• true redundancy 
• end-to-end network and cloud application performance optimization 

• self-correcting network resilience 
• insight that enables problem-solving before users are impacted 

Does your firewall do that?

*Bonus* Firewall-Friendly SD-WAN

If you’re convinced of the value that an SD-WAN solution like Bigleaf’s can bring your business, like it has 100,000 other users, you’ll be pleased to know that Bigleaf is a firewall-friendly solution. Bigleaf installs outside firewalls. So, an organization can use a firewall for the security and compliance it provides AND add on Bigleaf for the same IP-failover, intelligent and automated QoS prioritization, circuit monitoring, and load balancing that delivers above and beyond what most firewalls will ever. – it’s the easiest way to implement SD-WAN.

Wrap Up

If your business or customers use cloud-based and SaaS apps, if you can’t afford to have poor internet connectivity or downtime, have enterprise-grade goals, and you want to focus your IT efforts on strategic business initiatives, then Bigleaf Networks may be the best solution for you. 

Can your firewall really do all this? 

SMBs rely more on their Internet connectivity than ever, and while a firewall has its strengths, good enough is not good enough to improve business continuity and internet performance. If you’re curious to learn more about this topic or Bigleaf in general, request a demo, ping us at sales@bigleaf.net, or check out our other SD-WAN resources. 

With all the industry excitement and fervor around SD-WAN, I feel compelled to leave my own mark by addressing one of the most exciting aspect of SD-WAN — Price Comparison! I know this might not be the sexiest thing to talk about in the fastest growing sector of telecom, but it’s very important. It’s also something many of our partners and customers see as a Bigleaf advantage, and something we need to do a better job of highlighting. So, here we are.

At the surface, our pricing model looks very similar to that of other SD-WAN service providers and 3rd party carriers. However, upon closer examination, there is a significant differentiator that must be factored in when comparing Bigleaf to other options in the market.

How does Bigleaf Pricing Work?

As we’ve probably shared with you in the past, our team’s background and foundation is rooted squarely in the telecom industry. We don’t come from the network hardware world. I jokingly tell people I can’t tell you the cheapest place to buy RAM in China, but I can share my many experiences in dealing with customers who’ve experienced issues with their voice or Internet services.

This telecom background and mindset drove our pricing convention of offering Bigleaf as a monthly service with package pricing determined by symmetric speeds, similar to the way in which SLA-backed Internet services are offered. When looking at a Bigleaf quote or speed package, note that the listed speed is symmetric and supported in both directions. In plain English, when we say 50Mbps Bigleaf package, we mean both 50Mbps upload and 50Mbps download.

How is that any different from others?

In comparison, most of the SD-WAN industry (not including 3^rd party resellers like ISPs and carriers – but rather the people who are actually developing SD-WAN platforms and technologies), come from a hardware development background. If you are looking, they probably do know where to find cheap RAM in China!

As expected, their pricing convention follows common hardware industry trends of quoting aggregate speed, or as some say “total horsepower”. So, their pricing is the sum of both upload and downloads speeds at the same time. Again, in plain English, when they say 50Mbps SD-WAN package, that’s a combination of both upload and download speeds totaling up to 50Mbps (i.e. 40Mbps down + 10Mbps up = a 50 Mbps package).

What does this mean for me?

To help clarify this differentiation and further drive home our commitment to providing a finished service, we have updated our pricing to clarify that our speeds are symmetric. For example, we have changed our 100Mbps package labeling to a 100Mpbs/100Mbps package.

Please take note of this when quoting or reviewing Bigleaf services. Again for example, when reviewing options from multiple SD-WAN providers, a more accurate comparison would be Bigleaf’s 50Mbps/50Mbps solution to other’s 100Mbps option. While we happen to think one pricing convention is significantly better than the other, we’ll leave the final determination up to you. We just want to make sure you aren’t comparing apples to oranges!

SD-WAN has become a confusing term. Just like “Cloud”, it can mean a few things. Here at Bigleaf we’ve put a stake in the ground — we are Cloud-first, providing the best possible experience for Cloud and other Internet based applications.

When I say “Cloud” in this post, I’m talking about public cloud, SaaS, hosted services like VoIP and virtual desktop, and other Internet-accessible resources. So when I say we’re “Cloud-first”, that means we built our platform from the start to optimize the experience for those applications rather than other networking needs.

The alternative, which other SD-WAN vendors have built for, is MPLS replacement. These “private networking first” products provide VPNs to connect offices together, to datacenters, or to private cloud environments. While we acknowledge there’s a need for private connectivity, and we have a strategy for it, it isn’t our primary focus.

These distinctions of SD-WAN/Cloud designs and use cases are crucial to understanding the value that SD-WAN brings for a business.

The Evolution of Enterprise Networking

Analysts and other industry experts agree that Cloud is taking over and private networking will become less and less important over time. But how long is that going to take? It certainly varies based on company culture, size, and geography. Based on conversations we’ve been in with IT executives, other vendors, and analysts, we believe the shift for the majority of businesses will happen over the next 2-5 years.

Here’s a great example from Cisco’s Global Cloud Index:

Public cloud services are growing far more aggressively (44% CAGR) than private (16% CAGR).

So if you agree with the industry experts that in 2-5 years Cloud connectivity will be more crucial than private connectivity, how should that educate your networking decisions?

Investing in the Future

We decided to build Bigleaf specifically for Cloud and other Internet based applications. We built our SD-WAN platform with a dedicated back-end core network. We co-locate our own equipment in datacenters, connecting over our own network, peering directly with every major Cloud provider, ensuring peak performance for Cloud applications. We deliver this as a fully managed, SLA-backed service, so customers can rely on us 24×7.

We also knew that customers would need time to migrate to the Cloud, so we built Same-IP failover and a dedicated outside-the-firewall deployment model. This provides the easiest possible deployments and migrations, plus a comforting security story, since customers don’t need to bypass or replace their firewall.

We believe Cloud and Internet optimization is the best and highest use of SD-WAN technology. If you want more from your network than just a cheaper alternative to MPLS, then we should talk. Bigleaf Cloud-first SD-WAN is the future of enterprise networking.

Bigleaf VPN Enhancement

You probably know that Bigleaf is the best way to connect to cloud-based applications like VoIP, VDI, and SaaS, over standard broadband. However, you may not know that many of our customers also use Bigleaf as their foundation for site-to-site connectivity, in combination with VPNs running on their firewalls. This diagram shows what that looks like:

Diagram showing how a VPN works with Bigleaf’s overlay tunnels

SD-WAN Complexity and Security Challenges

In the growing SD-WAN space many vendors seek to replace the customer’s firewall and establish site-to-site connectivity using their own equipment. The benefit of this approach is that it makes hybrid WANs leveraging both MPLS and broadband connectivity easier to deploy. This can be a useful design for Enterprise customers with large IT teams that want to keep MPLS as part of their WAN architecture. However, the downside of this approach is that it requires complex deployments and forces the customer to turn their security and firewalling over to their new (and often young) SD-WAN provider.

Bigleaf, Plug-and-Play, Outside the Firewall

Bigleaf provides a plug-and-play implementation that allows for a quick 5-10 minute self-install. Our onsite router drops-in outside of the customer’s existing firewall — no need for complex changes in security policies or equipment. Our philosophy is that most small/mid-sized customers (and many distributed Enterprise customers) would prefer to leave their security policies and firewalling to the trusted vendors that are well-established in the space (Cisco, Juniper, Palo Alto, Barracuda, etc.). We also believe site-to-site connectivity needs are diminishing every day as businesses move more and more of their key applications out to the cloud. Site-to-site connectivity needs that remain can often be addressed through a trusted VPN architecture, with a high-performance Bigleaf foundation.

Bigleaf Directs VPN Traffic

When a customer sets up a traditional VPN architecture via their firewalls, Bigleaf’s SD-WAN optimization directs and controls the tunnel traffic to provide a previously-unachievable level of VPN stability and performance. Bigleaf’s system will:

• Ensure the customer’s VPN rides the most stable ISP connection
• Fail-over the VPN tunnels when necessary (during both full outage and brownout situations) without dropping the VPN sessions
• Prioritize critical traffic within the customer’s VPN tunnels, through coordinated packet marking
• Prioritize the VPN tunnel traffic above other bulk traffic like Microsoft patch updates and YouTube streaming
• Provide all this functionality over commodity broadband ISPs with variable bandwidth, like cable

This is a great solution for customers looking to move away from an MPLS network to take advantage of cost savings, WAN redundancy and/or more ubiquitous connectivity options to cloud applications. For customers that don’t have the IT expertise to configure the VPN features on their firewall, there are many quality providers out there that can assist with managed VPN services. Please let us know if you would like us to connect you with one.

Bigleaf is here to make your IT experience easier and less stressful. SD-WAN technologies can be exciting and enable a ton of new capabilities, but if the end result is a complicated mix of expensive equipment and mind-numbing installation procedures and management, it can be a wrong-fit for many customers. At Bigleaf, our use of SD-WAN technology to complement (not replace) traditional VPNs provides a plug-and-play experience, and makes us truly unique in the marketplace.

SD-WAN stands for Software Defined Wide Area Networking. It’s a combination of Software Defined Networking (SDN), which was created for use in cloud data centers, and Wide Area  Networking (WAN) which is the network outside of your office (e.g. the internet, or site-to-site networks  like MPLS and Metro Ethernet).

The SD-WAN umbrella

Network engineers would love to strictly define SD-WAN, but marketing departments have turned it into an umbrella term, like “cloud.” There are many types of cloud services, like SaaS, PaaS, Public, Private, and Hybrid Cloud; and similarly there are multiple categories of offerings that come with an SD-WAN label. This guide will help you decipher the choices and shed some light on the decision-making process.

The 3 categories of SD-WAN

1. Cloud-managed routers and firewalls

How do you make 15-year old router and firewall technology look appealing? Add a cloud-based web management interface and market it as SD-WAN! That’s essentially what you’re getting with this category. You buy a network appliance to connect your ISP circuits into, and instead of logging into an interface on the actual device to configure it, you now log into the vendor’s shiny new cloud-hosted management dashboard.

Common labels

• Load Balancer, Aggregator, Firewall, Bonding Appliance, Link Balancer, Failover Router, Dual-WAN
• Cloud Managed, Cloud Provisioning, Cloud Based
• Centralized Management, Single Pane of Glass, Dashboard

Pros

• Low Cost
• Familiar Vendor

Cons

• 15-year-old technology at the core
• No real-time adaptation to ISP performance issues for cloud traffic
• Ineffective (upload-only, fixed rate) QoS
• Generally have access to all your private LAN data (see note on security in category below)

2. VPN services and devices

Most “real” SD-WAN offerings fall into this category. They are meant as a lower cost tool to displace MPLS for site-to-site connections. At their core, these devices and services provide site-to-site VPNs, just like standard firewalls or routers.

So the question becomes: what’s the difference between these SD-WAN solutions and standard network edge devices like firewalls? Well, there’s nothing significant at first glance. They boast of cloud-based management (as noted above), plus other existing networking hardware features like application or user-based security and routing policies, or WAN-optimization features like compression or TCP optimization.

But there is a major differentiator, and that is awareness of and adaptation to quality issues on the network paths between sites. Traditional firewalls and routers don’t monitor for or adapt to issues like 3% packet loss or 70ms jitter. These performance issues that affect real-time applications can now be identified and resolved through SD-WAN. Buyer beware: how this detection and adaptation works differs greatly by vendor, with varying results.

One big factor you’ll want to consider when looking at this category is that you’re now trusting your network security to your SD-WAN vendor. Since they’re providing the site-to-site VPNs, all of your private traffic is now touching their equipment, unencrypted. That brings up some questions:

• If someone hacks their cloud-based management can they access your private data? Are you sure?
• Is their system and/or company PCI, HIPAA, or [insert your compliance need here] compliant?
• How do their security practices and implementations compare with the security offered by major brands like Palo Alto, Watchguard, Checkpoint, Cisco, and others that spend huge resources on this?

If you choose one of these devices or services, be sure you feel good about the answers to those questions.

Common labels

• SD-WAN, Cloud WAN, Intelligent WAN, MPLS replacement, Hybrid MPLS, Cloud Networking, Overlay WAN
• Realtime, Adaptive, Dynamic, Variable
• Cloud-Managed, Orchestrated, Controller, Control Plane, Forwarding Plane
• Security Policy, Application Aware, Application SLA

Pros

• Usually lower cost than MPLS
• Adapts site-to-site traffic to changing network performance (but generally not public cloud applications)
• Strong QoS for site-to-site (not cloud) traffic, as long as network bandwidth is 100% stable (generally only SLA-backed fiber or T1s)
• All-in-one box for firewalling, VPNs, DHCP, NAT and other network edge needs

Cons

• Ineffective QoS for cloud traffic like VoIP, VDI/DaaS, and SaaS
• Non-seamless or no network performance adaptation for real-time public cloud traffic
• Many solutions are very expensive hardware, plus yearly maintenance/support fees
• Typically highly complex, requiring lots of configuration and fine-tuning
• Generally require ripping out your existing firewall, or disabling many of its features
• Often trusting your security to a younger company focused on fast growth

3. Internet and cloud optimization

Bigleaf is the leader in this category, providing optimization for access to the cloud, and for remote access to on-site resources. Public-cloud and other Internet-based applications are the most difficult to optimize connectivity for, because traditionally there is so little visibility and control to the public cloud. Unlike site-to-site VPNs, which are relatively simple to set up and monitor, connections to cloud services like VoIP and SaaS involve a lot more complexity.

To optimize internet-based applications like cloud, you first need visibility. Bigleaf monitors each internet connection from your office to the core of the internet 10 times per second, across the exact same paths that all of your data travels. This end-to-end monitoring typically covers over 98% of the path from your office to your cloud applications.

You then need control. Bigleaf routes all your traffic via our redundant gateway clusters in the core of the internet. We collocate these in datacenters called “Carrier Hotels.” These locations are the major internet peering points in each region, ensuring you have the lowest possible latency. Because we route all your traffic through these gateway clusters we have 100% control of the routing and QoS prioritization of your traffic. This dedicated network architecture is core to our success in optimizing cloud-based applications.

Of course, you also need the best possible network security. There are many vendors that have spent hundreds of millions of dollars building advanced network security offerings, and you’re probably already using them. With Bigleaf, you can keep using your best-of-breed security solutions, and still get cutting-edge SD-WAN benefits for your traffic! Bigleaf drops-in between your firewall and your ISP connections, optimizing traffic while your firewall handles security and VPNs. This creates a stable, reliable, and adaptive foundation for both cloud-based applications and site-to-site VPN traffic.

Common labels

• Internet Optimization, Cloud Optimization, Cloud Acceleration
• Distributed Architecture, Split Architecture, Cloud Routing
• Seamless Failover, Same-IP Failover, No-Drop Failover
• Intelligent Load Balancing, Mid-Stream Adaptation
• Cloud-Managed, Automated, Seamless, Simple, Plug-n-Play
• Dynamic QoS, Cloud QoS, QoS over Broadband, VoIP QoS, SIP QoS

Pros

• Automatically adapts both site-to-site VPN and public-cloud traffic to changing network performance
• Strong bi-directional QoS for both site-to-site VPNs and public-cloud traffic that adapts to changing network bandwidth (great for cable and wireless)
• Compliments existing firewall/security
• Doesn’t touch private network data
• Usually lower cost than SLA-backed circuits (plus Bigleaf adds a service SLA even when circuits don’t have one)
• Easy to use with no complex configuration

Cons

• Not an all-in-one network-edge box with advanced security functions
• Typically small increase in baseline latency
• Overlay tunnels add slight throughput overhead

Which SD-WAN option is right for you?

While there can be many considerations to end up at the right vendor, the decision of which category is pretty simple. Here’s an infographic with some basic questions to help you choose:

While SD-WAN can be confusing, I hope this guide has made the options clear and oriented you in the right direction. If you have any questions please don’t hesitate to request a demo, we would be glad to discuss if Bigleaf is best for your environment.