Who are the top/best SD WAN providers & vendors?
In order to create this list, we've used a subset of the 15 top/best UK, US & Global SD WAN providers & vendors from the Netify research database. Although SD WAN is now firmly accepted as the next generation of WAN capability, IT teams and consultants are facing the challenge of aligning their requirements to the right SD WAN solution. The WAN cannot be procured in isolation, today IT Managers need to consider Cloud, Security and UCAAS as key pillars of the buying process.
In a recent Internet Quality Report detailing the performance of application traffic across public Internet connections, the results determined that 25% of the time (during business hours) the Internet could not be relied upon to deliver the same uptime as private MPLS connections. With this said, by combining multiple links with per packet, sub second, WAN optimisation and path selection, this could be increased to almost 100% but not all vendors are equal. Netify can compare each provider to show your business which solutions are best suited to maximise your application uptime.
Above: Netify back-end in action, comparing SD WAN vendors.
With the huge amount of marketing hype from SD WAN providers, aligning and comparing your requirements is a critical component of the presales process. In this article, we'll outline 15 Software WAN solutions we know to be market leaders. (This does not mean each vendor will align to your business)
The following vendors are listed 1 through to 15, the number does not denote the worth of their capability.
1. Cisco Meraki
Meraki is without a doubt the most popular vendor when discussing initial requirements with prospective buyers. The products are cost effective and feature-rich offering functions such as endpoint management which is positioning IT teams to share intelligence and enforce policies across the network based on the device status and where the services are located or installed, software and/or users.
One of the newer features is device enrolment which means policy is enforced without even having to handle the actual hardware. WiFi access can be delivered based on device type, users and security compliance. In short, Cisco Meraki is feature rich with the ability to support/deliver a full stack of connectivity from Security, Switching, WAN and Wireless via a single interface.
It is important to note, and perhaps obvious, but to take advantage of the Meraki capability, your network ‘needs’ to be Meraki end to end. (Not necessary but advised)
2. Cisco Viptela
Cisco also owns Viptela, how should you decide on Meraki vs Viptela? The major differentiators revolve around the ability to handle three or more uplinks, WAN multicast and TCP optimisation. The value proposition of Viptela is based on customisation allowing customers to control layers 4-7 of the OSI model.
Without going into too much detail, Viptela is extremely competent at WAN segmentation across both on-premise equipment and also cloud architectures. In other words, if your business is of a more complex, global nature, Meraki could be viewed as too simplistic to meet the demands of your network architecture requirements.
With the above said, Meraki and Viptela do intersect as both are able to adjust traffic routing based on the policies your business decides, they are scalable and offer cellular failover.
3. Silver Peak
The Silver Peak proposition looks to be based on cost savings by removing ‘expensive private MPLS’ with their SD WAN solution and Internet. While there is the capability to save money, the question at the core of their approach surrounds the service level agreements from low cost Internet providers.
The overall Silver Peak proposition is feature rich and very capable of supporting applications, user security and intelligent data flow. However, their marketing appears to push SD WAN as an Internet based service rather than a connectivity agnostic vendor. And while their tests show significant benefits when using Silver Peak across Broadband, this is only one part of the story.
If your low cost Broadband provider suffers an outage, the general SLA is generally nowhere near as robust vs private based networks. We take the stance that connectivity should be based on specific requirements when everything else is equal. If your sites are not mission critical, Internet Broadband is a great way to save money and deploy cost effective services.
Where a circuit with an end to end SLA is required, technologies such as MPLS are not going away. Silver Peak offer some interesting features such as forward error correction which is designed to essentially reconstruct packets with faulty data. A further key area of interest is their ability to from an overlay making the transition from MPLS to Internet a less complicated process. As we mentioned earlier, be aware that replacing MPLS with Internet may save money but there is more to consider.
Leading on from Silver Peak, the value from Aryaka is actually based on the best of both worlds. The underlying network is a well engineered private MPLS core resulting in end to end traffic prioritisation and better SLAs when compared to general Internet connectivity.
The SD WAN functions are broadly inline with other vendors resulting in the best of both worlds - software flexibility/management with MPLS privacy. The cost and proportion from Aryaka places their business in alignment with large global Enterprise business sending traffic over long distances.
The connectivity offering is based on a tail circuit into their closest point of presence. Aryaka offers accelerated delivery for CDN which again plays into the global WAN customer.
The Aryaka SmartCONNECT product is suited to organisations with a desire to outsource more complex elements of the WAN. Where more detailed configuration changes are required, Aryaka previously required involvement from their support team. However, as of writing this article, a self service portal achieves end to end management.
5. VMWare VeloCloud
The VMWare proposition offers some similarities with Silver Peak, they also offer FEC (Forward Error Correction) and TCP optimisation.
VeloCloud offers both hardware and software clients with full Firewall functionality. While researching the VeloCloud proposition, their cloud resident gateways are of benefit to companies requiring a secure overlay that is transport independent, operating across any combination (public or private circuits), with secure connectivity to enterprise data centers, cloud compute and SaaS applications.
Some further key benefits are their application improvement performance over degraded links which also includes delay sensitive apps such as voice and video. The VeloCloud strategy looks very strong over the next 12 months with marketing suggesting intent based WAN features are on the horizon.
After the main Citrix brand application, the Netscaler SD WAN appliance is perhaps one of the best known products when discussing software WAN services with IT Management and their teams. NetScaler offers physical, virtual and cloud products with their management and analytics system - MAS. The Citrix offering includes both WAN optimisation and stateful packet inspection Firewall.
With such a large market share from their core Citrix product, the market for SD WAN across existing customers is significant. The actual SD WAN product is managed by the same UI platform.
There’s a large focus on the ability for Talari to control WAN path access via on premises or cloud management. The capability to aggregate links offering seamless failover even for Voice and UCaas has always been a strong proposition even in the early days of SD WAN.
With this said, Talari does not have the experience of dealing with large WAN deployments - as of writing this article, their global telco provider relationships are limited.
An International company based out of Hong Kong with a reputation for supporting bandwidth constrained/variable performance circuits.
The Peplink strategy offers flexible WAN edge connectivity via products such as SpeedFusion with their Max cellular tower and InControl management system. In short, for companies with a large number of sites requiring connectivity outside of fixed Ethernet services, the Peplink offering has a good level of features. With their current operations small in comparison to other SD WAN providers, large Global should consider other options.
The SteelHead SD WAN platform supports WAN optimisation in a single appliance. With SteelConnect SD WAN gateways and their Ethernet switch devices, they are well position to offer services for both the WAN and LAN.
There are no cloud gateway offerings but the service can be virtualised via AWS or Azure. The competition for SD WAN is becoming stronger month on month, other vendors are looking more capable when compared to resilience and firewall security functions.
10. BigLeaf Networks
Founded in 2012, BigLeaf Networks provide cloud-based SD-WAN for enterprises. With its service design meant to speed up applications that depend on the cloud, BigLeaf is able to detect any performance in real-time.
What's really great about BigLeaf is that this company is able to automatically adjust patterns for traffic as new apps are brought onto the network. With their Cloud Access Network relying entirely of dynamic load-balancing technology, BigLeaf Network reacts in real-time to any new disposals of the cloud.
This means that whenever there are any changes made to the cloud, there's an adjustment n the Internet performance to make sure your programs that depend on the network are always running as quickly as they possibly can.
11. Cato Networks
Cato Networks was founded in 2015 and provides customers with cloud-based SD WAN services. Cato Cloud, which is Cato Network's SD WAN solution, attaches all network elements of a business. From mobile workforces, to cloud data center, to branch locations, the Cato Cloud secures all of your company's information into an encrypted cloud.
Made up of two layers, the Cato Cloud Network, and Cato Security Services, this SD WAN solution is interconnected by several tier one carriers.
This network also provides a secure web gateway, mobile access protection, secure web gateway, network forensics, and cloud access protection. If you're looking to protect the traffic of your company, you should look further into Cato Networks.
While many companies may recognize Ecessa for it's WAN solutions. However, Ecessa now provides companies with an SD Wan model that compliments companies that have as little as ten sites. However, this SD WAN provider will cater to companies that have more than 200 locations.
Founded in 1968, Ecessa is experienced in providing customers with custom plans to complement their company's individual needs. Some of the key points that the SD WAN plans that Ecessa offers are traffic routing, automatic failover, flawless connectivity, and loading balance.
Ecessa aids customers in the process of bringing all of the applicancies and applications online. Plus, this SD WAN provider helps customer to stand up site-to-site tunnels in full mesh, partial mesh, or hub-and-spoke topology after figuring out what the perfect fit is for the customer.
13. Fortinet Secure SD WAN
Previously only functioning as a security vendor, Fortinet has now added SD WAN functions to their list of appliances. Founded in 2000, this SD WAN provider caters to customers who are interested in consolidating their physical appliances and branch operations into one vendor flag.
Fortinet monitors their SD WAN links ofr packet loss, hitter, and latency by using several different techniques, such as HTTP, TWAP, and ping. They support hub and spoke, full mesh, on-demand VPN, and partial mesh. Plus, there are up for 4,000 administrative domains and virtual domains that can be supported.
14. Multapplied Networks
Multapplied Networks provides SD WAN solutions to both services produced and managed service providers. Founded in 2012, the technology that Multapplied Networks uses works by delivering IP over a variety of physical layers, enabling carriers, and diversity the circuit design to make sure that your applications are available.
In addition, the SD WAN services that Multapplied offer include a layer of several tiers of encryption that vary on an application-by-application basis. Plus, they use a single flow distribution across several physical circuits at once, while at the same time, the flow of real-time transfer decreases from circuits that aren't properly performing.
Plus, the licenses that Multapplied Networks uses are on a month-by-month basis. This means that if your company is looking for low up-front costs, Multapplied Networks allows small businesses tons of flexibility.
Founded in 2014, Speedify (we like the name) provides SD WAN services that connects Ethernet, cellular, and WIFI connects into one link, which helps to increase the bandwidth of the list applications.
By using channel bonding techniques to help integrate several Internet connections into a secure pipe, all at once, Speedity offers its customers a software app for both their mobile devices and their computers.
Due to the streamlining of several Internet connections at once, the provided connection has an increased redundancy, efficiency, and automatic failover protection.
Why Hybrid networks are often the outcome
When considering SD WAN providers and vendors, we would recommend a hybrid approach to architecture. You've no doubt read about the 'death of MPLS' but this kind of content is misleading. While the use of private WAN technologies will almost certainly reduce as companies turn to the Internet as a WAN transport mechanism, layer 3 and layer 2 MPLS VPN's are very much a component of software WAN services.
Readers should also note that using the Internet between key HQ and branch offices is recommended over a single public IP backbone where possible. This is especially true for global organisations.
Of course, your underlying transport mechanism is only one component. The considerations to security are huge in 2019 meaning the challenge for your IT team is bigger than ever.
Looking back at recent years, the market has moved toward a software WAN environment which is typically delivered as a hybrid of private circuits (MPLS, Ethernet) and Internet VPN. At the core of solutions is some capability to deliver SD WAN features. The complexity for IT teams revolves around the need to consider Cloud and Security along side their WAN projects. And to compound your challenge, deciding which provider is a good fit for your requirements.
Whats more, SD WAN providers are creating huge sweeping marketing statements around cost savings. While there is definitely truth behind using SD WAN and Internet connectivity to save expenditure, the detail behind such a move is often not discussed to any level of detail.
Is MPLS dead?
No, the technology is evolving. Our group is witnessing a transformation of MPLS where edge devices are now software enabled. Cisco is one such example where Meraki technology is deployed across MPLS networks to bolster security, improve upon reporting and application performance.
IT are proactively researching WAN technology to avoid making buying decisions based on marketing hype. We have listed the main SD WAN providers/vendors, most of which are partners to help your IT team look at some example capabilities.
Does SD WAN over the Internet replace MPLS or compliment private based services? Is the Internet mature enough to support SD WAN? With the huge expansion of cloud services and the need to drive down costs, we believe the technology is an essential component of your WAN strategy.
There are a number of challenges when IT teams look to procure SD WAN services. The first surrounds gaining clarity on which IP network providers are suited to your specific branch office locations. The second is understanding the vendor / SD WAN service providers that have the capability to layer on managed services or supply hardware for wires only deployment. A data network architecture should be flexible and include ALL WAN connectivity offerings as options without increasing the complexity of the overall design. We meet this initial issue head on with our capability to bring together BT Business with the leading providers of SD WAN services.
IT teams are now positioned to control the flow of user data, self manage their own WAN where required, leverage low-cost Internet, monitor user and application flow, WIFI and even CCTV. What's more, SD WAN services are meeting the demands of multiple connectivity requirements from 3G, 4G and Broadband through to Global Ethernet.
With this said, the basic requirement remains the same. When selecting a WAN vendor/provider, customers needs must be translated into clear products and services that meet specific requirements. If your sales team is not listening, there is the potential for misunderstanding your demands. The sales process should demonstrate capability (not just another solution) in order for businesses and organisations to make an informed decision.
The SD WAN proposition represents the here and now but at the same time, the future of networking regardless of whether you prefer Internet, MPLS, VPLS or metro Ethernet. In the majority of hybrid network designs we put together, based on Cisco involvement, the output is largely based around Meraki or Viptela with BT Internet/MPLS. Just a year or so previous. we would be positioning standard Cisco routers. The main challenge for IT teams working on their WAN procurement project is to understand the detail behind marketing. We’ve written a comparison article for readers considering SD WAN vendors.
In addition to the usual telco suspects, I have also included a list of the top SD WAN vendors to align with connectivity service providers. If your business is embarking on a WAN procurement project, your IT team will need to consider hardware and software, the physical and virtual across CPE, gateways and controllers. In addition, delivery and support remain at the top of the buying criteria points list. While software solutions do offer significant capability, the challenge is in deciphering marketing material. There is also the challenge of understanding how underlying connectivity will support your applications. We’re reading about the demise of MPLS and while not every site will require end to end privacy and QoS, we cannot see every Global Enterprise selecting low-cost Internet.
As businesses create RFP content, the basics remain important. How prospective vendors fit across their financial health, how they invest in their own products but equally the strength of relationships with telcos when a vendor does not operate or own network connectivity.
The list below details the considerations your team should note when buying SD, MPLS or VPLS WAN provider services.
How does the provider interface with 3G, 4G and 5G connectivity from the perspective of degraded services but also into their respective connectivity whether Internet, MPLS or VPLS?
- What options are available for branch form factors, i.e. hardware or virtual?
- How does the provider integrate with IaaS providers, Azure or Amazon Web Services (as an example)?
- In the event connectivity is degraded, how will your network route data during periods of high latency and jitter or even complete outage?
- Does your provider offer integrated WAN optimisation, caching, compression?
- Security has to be the most hotly contested topic at workshops, IT must consider end to end policies and vendor capability.
- Be mindful of marketing hype, MPLS is not doomed. In fact, certain SD WAN providers such as Aryaka offer a private backbone. (based on MPLS, shock)
- The majority of vendors now offer some kind of edge hardware between £1000 to £1500 to support multiple interfaces.
- What reporting is available?
- How are adds, moves and changes made?
- A popular feature of software WAN services is application profiles which enables extremely fast zero-touch deployment.
What is driving the interest in SD WAN service providers?
Without wanting to make sweeping statements based on inconclusive research, I would probably say that cost is a significant driver creating the buzz surrounding SDN services. However, in addition to pricing, some important business drivers cannot be ignored.
We see the cloud as representing the biggest force behind software-based networking. If you consider the majority of leading cloud providers, their services are accessed by public based networks (i.e.The Internet). There are of course exceptions, cloud services are also made available via private data center interconnects but the majority of growth surrounds public based access.
The reasons are fairly obvious with huge growth in remote access, BYOD (bring your device) and collaboration with outside entities. In the majority of cases, smartphones are becoming a natural way of communicating across 3G and 4G networks on an almost permanent basis. In this sense, the business case for using the Internet as a platform for your WAN combined with software-driven functionality which allows greater flexibility to control user access, branch and remote user security, performance and more makes perfect sense.
Public IP Internet vs Private IP MPLS / VPLS
The Internet of today is maturing and developing faster than ever before. If we think back to connectivity just a decade ago, the difference in performance is startling.
With the past in mind, MPLS Layer 3 routed networks grew out of the need to provide predictable performance without the complexity and overhead of security with encryption. The internet of the 2000’s simply was not up to the task of providing a consistent experience. Also, the technology of today (tablets, phones etc) did not exist, therefore the reliance on a 'permanently on' internet connection was not a requirement. If you’re phone looses connectivity for an hour in 2016, you soon realise the productivity decline. In 2006, you would be lucky to have connectivity. A huge step change.
The Internet is now a viable platform to deliver mission critical data applications including voice and video. As a home or business user, the Internet is regularly leveraged, and for the most part, the experience is positive. In many cases, access to a private data network is a restrictive experience unless setup correctly.
An SD WAN Internet deployment represents a lower cost vs. MPLS private networks; availability is everywhere, in the main, and the platform just gets better and better. At this stage, you would be forgiven for not reading any further with the belief that SD WAN is leading the way. However, your organisation must carefully consider your locations and requirements vs. using a private or public based network. There are still use cases for both scenarios.
Which SD-WAN providers & vendors are suitable?
SD-WAN is currently offered by some vendors providing some choice with regards to cost and capability.
However, connectivity procurement is clearly a large part of the decision regardless of whether you have selected a vendor. There are certain WAN providers who are offering SD-WAN as part of their overall offering, but the capability is often only a tiny subset of SDN capability. The potential issue is one of change control. As an example, the promise of SDN revolves around flexibility and agility.
However, if a cumbersome and bureaucratic service provider offers a five-day turn around on charge requests, it doesn't matter how flexible your new software driven WAN is if you’re still at the mercy of your provider. It makes sense to ensure your prospective WAN services are well aligned.
MPLS vs. SD-WAN networking
As we alluded to earlier, Internet connectivity is growing exponentially. It is a common misconception that an MPLS network is somehow different in technology to public IP. In fact, core network engineers working on both private and public networks use MPLS as a traffic management technology. The difference covers three distinct areas:
- A private VPRn (Virtual Private Routed Network) does not require encryption.
- MPLS technology across private networks offers traffic prioritisation via QoS (Quality of Service).
- Core data network engineers are often able to better predict growth on private networks vs. public networks.
To conclude, the Internet is a much more robust and well-scaled platform today vs the past. Software Defined Networking has developed some different use mechanisms to meet with the lack of application data QoS which in many ways is much more flexible than QoS. We’ll be covering these features in more depth over the next few months. The encryption created by devices such as Cisco iWAN is also highly secure which, is always a concern with Internet-based services and when coupled with deep packet inspection, the risks of a network intrusion are minimal. It would, in fact, be easier for a hacker to gain physical entrance to your premises.
Further reading on Software Defined Networking
An further article on SDN networking
Wiki article on SDN services
About Jedadiah Casey
Senior Network Engineer for 5 years General IT/sysadmin experience 10 years prior Bachelor of Science degree in Information Systems Certifications: Cisco CCNP Routing & Switching, CCDP Network Design, CCNA Routing & Switching, CCNA Wireless, CCNA Industrial, CCNA Service Provider Certified Wireless Network Professional CWNA VMware VCP-DCV Juniper JNCIA Working toward Cisco CCIE R&S, first lab attempt was June 2018.