GigaOm Radar for Software-Defined Wide Area Networksv3.0

1. Summary

Simplifying remote connectivity while ensuring optimal application performance, a software-defined wide area network (SD-WAN) virtualizes the underlying WAN connection—either between remote offices or to the internet—over multiple underlying connectivity technologies—including fiber, mobile, multiprotocol label switching (MPLS), and digital subscriber lines (xDSL)—presented as a single internet or site-to-site connection. Branch offices can be provisioned, monitored, and managed from a central location using an SD-WAN controller, giving network administrators complete control over their WAN and remote devices via a single interface. In addition, SD-WAN provides remote offices with secure local network access to cloud applications and resources via encrypted virtual private networks (VPNs). An SD-WAN makes secure VPNs faster and more affordable by combining the bandwidth of multiple connections into a single logical WAN connection.

However, prospective users should be aware that simply plugging existing broadband circuits into an SD-WAN device won’t necessarily improve performance or drastically reduce costs. While an SD-WAN can be optimized via careful planning, configuration, and oversight, the speed at which traffic routed over the public internet or mobile networks reaches its destination will ultimately depend on usage levels and delivery capabilities. Furthermore, while an SD-WAN can save money by replacing expensive MPLS with inexpensive broadband, enterprises may choose to retain their MPLS to meet the needs of latency-sensitive workloads.

Representing features and capabilities widely adopted and well implemented in the industry, the following table stakes are the minimum requirements for solutions to be included in the GigaOm Radar for SD-WAN.

• Virtual overlay network: An SD-WAN virtual overlay allows enterprises to retain existing network investments—either in-house or from an MNSP—as an underlay while implementing a virtualized overlay network to increase agility, availability, and performance at a reduced cost. Based on tunnels carrying traffic over multiple underlay networks, an SD-WAN typically comprises a hybrid of existing carrier services and unmanaged connections via the public internet. In addition, an SD-WAN virtual overlay network incorporates IPsec, secure socket layer (SSL)/transport layer security (TLS), or other forms of encryption for data security.
• Centralized orchestration: Providing global, granular control regardless of where end users are or the device being used, centralized orchestration ensures the application of consistent network access, governance, and policies via a single portal, saving time and allowing administrators to respond more quickly to business demands. Automation enables policy-based zero-touch provisioning (ZTP) to deploy and configure SD-WAN controllers and edge infrastructure while application- and performance-aware routing automate traffic steering to and between remote locations and to trusted IaaS and SaaS providers based on business intent.
• Built-in resilience: Leveraging a mix of private lines and the internet for connectivity, an SD-WAN separates the control plane from the physical network underlay, increasing aggregate bandwidth, fault tolerance, and resilience. For example, if one of the links fails or becomes congested, the SD-WAN platform will automatically divert traffic to a more optimal path, creating seamless connectivity without users experiencing any delay or downtime. In addition, some SD-WAN solutions include self-healing capabilities, minimizing operator intervention by automating configuration updates and software upgrades at scale to maximize uptime and throughput.
• Integrated security: With a rapidly expanding threat surface, a fully integrated platform approach ensures that security seamlessly adapts and scales with SD-WAN connectivity, minimizing the risk of security gaps that often occur when deploying an overlay security solution. Enabling direct, private, and secure internet access, an SD-WAN solution should include a full stack of enterprise-grade security at all edges, including anti-malware, a next-generation firewall (NGFW), an intrusion prevention system (IPS), and web filtering in accordance with regulatory network and security compliance requirements.
• Dynamic traffic engineering: Leveraging centralized policy-based management to determine which traffic should go over which link based on bandwidth, latency, packet loss, or other characteristics, dynamic traffic engineering dramatically reduces the number of round trips required to complete a transaction or transfer data. Moreover, since migrating applications to the cloud often increases latency, dynamic traffic engineering should address the behavior of network and application protocols over long distances, including accelerating applications hosted in the cloud and IaaS or SaaS environments.

Once the table stakes are met, each solution is scored on key criteria and evaluation metrics. Key criteria are the basis on which organizations decide which solutions to adopt for their particular needs, while evaluation metrics determine the impact the solution may have on the organization.

This GigaOm Radar for SD-WAN provides an overview of notable vendors and their available offerings. The corresponding GigaOm “Key Criteria Report for Evaluating SD-WAN Solutions” outlines critical criteria and evaluation metrics for selecting an SD-WAN solution. Together, these reports offer essential insights for secure enterprise networking initiatives, helping decision makers evaluate solutions before deciding where to invest.