Skip to main content

Permissions

Add user
Done

Start your AI search

AI search
Outbound call compliance Gamification for customer service Outsourcing services

How to write an RFP for SDN

Requirements, questions, and evaluation criteria specific to SDN procurement

6 min read

Software-Defined Networking (SDN) procurement demands a comprehensive RFP due to the intricate interplay of networking, security, and cloud infrastructure. A well-crafted RFP ensures that the selected SDN solution aligns with the organization's specific security posture and business objectives.

What makes SDN RFPs different

SDN RFPs are unique because they require a deep understanding of network architecture, security protocols, and automation capabilities. Unlike traditional networking procurements, SDN involves a shift from hardware-centric to software-driven approaches, demanding a clear articulation of business intent and security policies within the RFP. Furthermore, the integration of SDN with adjacent technologies like SASE, ZTNA, and cloud orchestration platforms adds another layer of complexity.

The RFP must address the vendor's ability to seamlessly integrate with existing ecosystems and support hybrid or multi-cloud environments.nnAnother distinguishing factor is the emphasis on automation and programmability. The RFP needs to assess the vendor's capabilities in intent-based networking (IBN), micro-segmentation, and real-time telemetry. These features are crucial for achieving agility, reducing manual errors, and proactively mitigating cyber threats.

Finally, compliance requirements, such as PCI-DSS and HIPAA, play a significant role in SDN procurement, necessitating detailed inquiries about data encryption, access control, and auditability.nnIn short, SDN RFPs require a holistic approach that considers not only the technical aspects of networking but also the security, compliance, and operational implications for the entire organization.

  • Integration with existing security tools and platforms (SIEM, SOAR, firewalls)
  • Support for hybrid and multi-cloud environments
  • Automation and programmability features (intent-based networking, micro-segmentation)
  • Compliance with industry-specific regulations (PCI-DSS, HIPAA)

RFP vs RFI vs RFQ

Here's when to use each document type when procuring SDN software.

RFI

Request for Information

Use early in your search to understand what vendors offer and narrow your list. Gather general capabilities, company background, and high-level pricing ranges.

RFP

Request for Proposal

Use when you know your requirements and want detailed vendor solutions and pricing. This is your main evaluation document for shortlisted vendors.

RFQ

Request for Quote

Use when requirements are fixed and you just need final pricing. Often used after RFP when you're ready to negotiate with finalists.

For SDN, an RFI is useful to explore the vendor landscape and understand emerging SDN technologies. An RFP is essential for detailed evaluation, while an RFQ is typically not suitable due to the complexity and customization required.

Technical requirements checklist

Use this checklist when defining your RFP scope.

Security Requirements

  • Micro-segmentation capabilities
  • Zero Trust Network Access (ZTNA) integration
  • Threat detection and prevention features
  • Role-Based Access Control (RBAC)
  • Data encryption in transit and at rest

Automation & Orchestration

  • Intent-Based Networking (IBN)
  • Automated provisioning and configuration
  • Centralized policy management
  • Multi-cloud orchestration
  • API integration with ITSM platforms

Performance & Scalability

  • Low-latency routing
  • High availability and redundancy
  • Scalability to support future growth
  • Real-time telemetry and analytics
  • DDoS protection

Compliance & Auditability

  • Support for PCI-DSS, HIPAA, SOC 2
  • Automated audit trails
  • Compliance reporting
  • Data residency options
  • FIPS 140-2 encryption

SD-WAN Integration

  • Application-aware routing
  • Dynamic path selection
  • Centralized SD-WAN management
  • Bandwidth optimization
  • Secure branch connectivity

Questions to include in your RFP

Architecture & Deployment

  • Describe your SDN architecture and its key components.
    Understanding the architecture is crucial for assessing scalability and resilience.
  • What deployment options are available (cloud, on-premise, hybrid)?
    This ensures the solution aligns with the organization's infrastructure strategy.
  • How does your solution support hybrid and multi-cloud environments?
    This is important for organizations with workloads distributed across multiple clouds.
  • What is your disaster recovery and business continuity approach?
    This ensures minimal downtime in case of a failure.

Security Capabilities

  • Describe your micro-segmentation capabilities and how they enhance security.
    Micro-segmentation is essential for limiting the blast radius of attacks.
  • How does your solution integrate with Zero Trust Network Access (ZTNA) principles?
    ZTNA ensures secure access based on identity and device posture.
  • What threat detection and prevention features are included in your SDN solution?
    Proactive threat detection is critical for preventing breaches.
  • How does your solution enforce Role-Based Access Control (RBAC)?
    RBAC ensures that only authorized personnel can access sensitive network resources.
  • What data encryption methods are supported for data in transit and at rest?
    Data encryption protects sensitive information from unauthorized access.

Automation & Orchestration

  • Describe your Intent-Based Networking (IBN) capabilities.
    IBN simplifies network management by translating business intent into technical configurations.
  • How does your solution automate provisioning and configuration of network resources?
    Automation reduces manual errors and accelerates deployment times.
  • How does your solution provide centralized policy management?
    Centralized policy management ensures consistent security policies across the network.
  • What APIs are available for integration with ITSM platforms and other third-party tools?
    API integration enables seamless workflow automation.

SD-WAN Integration

  • How does your SDN solution integrate with SD-WAN?
    This integration extends SDN principles to geographically dispersed networks.
  • Describe your application-aware routing capabilities.
    Application-aware routing optimizes network performance based on application requirements.
  • How does your solution provide dynamic path selection?
    Dynamic path selection ensures optimal routing based on network conditions.
  • What security features are included in your SD-WAN integration?
    Security features protect branch offices and remote users.

Performance & Scalability

  • What is the maximum throughput and latency of your SDN solution?
    These metrics indicate the performance capabilities of the solution.
  • How does your solution ensure high availability and redundancy?
    High availability is crucial for minimizing downtime.
  • How does your solution scale to support future growth?
    Scalability ensures that the solution can accommodate increasing network demands.
  • What real-time telemetry and analytics capabilities are included?
    Real-time telemetry provides visibility into network performance and security threats.

Pricing & Licensing

  • What is your pricing model (per-port, per-user, subscription)?
    Understanding the pricing model is essential for budgeting.
  • What are the costs for implementation, training, and support?
    These costs can significantly impact the total cost of ownership.
  • Are there any hidden costs or additional fees?
    Hidden costs can inflate the total cost of ownership.
  • What are the licensing terms and conditions?
    Understanding the licensing terms is crucial for compliance.

Compliance and security requirements

Depending on your industry, you may need to require proof of these certifications and standards.

PCI-DSS

Required if handling payment card data. If applicable, request current PCI-DSS compliance certificate and AOC

HIPAA

Required for healthcare data. If applicable, request BAA template and HIPAA compliance documentation

SOC 2 Type II

Required for saas providers. If applicable, request SOC 2 Type II report

GDPR

Required if processing eu citizen data. If applicable, request GDPR compliance documentation and data processing agreement

FIPS 140-2

Required for government agencies and regulated industries. If applicable, request FIPS 140-2 compliance certification

Evaluation criteria

Here is the suggested weighting for SDN RFPs.

Functionality Fit How well the solution meets stated requirements
25%
Security Capabilities Effectiveness of security features and compliance with industry standards
20%
Total Cost of Ownership Implementation, licensing, and ongoing costs
20%
Integration Capabilities
15%
Vendor Stability & Roadmap Financial health and commitment to innovation
10%
Ease of Use & Management Intuitive interface and simplified management workflows
10%

Some weights were adjusted based on your priorities.

  • Increase if replacing a highly customized legacy system
  • Increase if complex integration landscape exists

Red flags to watch

  • Vague pricing responses

    Vendors who can't provide clear pricing often have hidden costs or complex fee structures that inflate TCO

  • No customer references in your industry

    Lack of relevant references suggests limited experience with your specific requirements and use cases

  • Limited integration capabilities

    Poor integration can lead to data silos and workflow inefficiencies

  • Lack of automation features

    Insufficient automation can increase manual effort and reduce agility

  • Weak security posture

    Inadequate security measures can expose the organization to cyber threats

Key metrics to request

Ask vendors to provide benchmarks from similar customers.

Implementation timeline for similar customers

Helps set realistic expectations and identify potential delays

Average time to first value

Indicates how quickly you'll see ROI from the investment

Mean Time to Resolution (MTTR) for security incidents

Measures the effectiveness of incident response capabilities

Reduction in manual network change tickets

Quantifies the benefits of automation

Improvement in application uptime

Demonstrates the reliability of the SDN solution