When considering SD WAN architecture, there are typically two main options across the procurement of services. The first is to select an appliance vendor offering SD WAN technology only, I.e. without connectivity.
The second option is to procure services from providers with their own backbone infrastructure resulting in a single solution for billing and support.
The table details the main features and benefits of each SD WAN appliance vendor, highlighted in yellow are the vendors offering appliances not tied to connectivity. Certain vendors (e.g. Silver Peak) only sell via Resellers, not direct. See this page for more information.
Using the table, you'll learn about SD WAN appliance vendors that offer hardware or NFV only with providers that are intrinsically aligned to their network infrastructure.
Below. SD WAN appliance vendors 1-5.
|SD WAN architecture||25+ private PoP locations||40+ private PoP locations||Edge-based||Edge-based||Edge-based|
|Gartner magic quadrant||Visionaries||Not ranked||Visionaries||Visionaries||Niche players|
|Form factor||Physical||Physical, virtual (VMware), Cloud (AWS, Azure)||Physical, virtual (VMware. KVM), Cloud (AWS)||Physical||Physical, Virtual (VMware. Hyper-V), Cloud (AWS, Azure)|
|Controller location||Cloud||Cloud distributed across PoP's||Cloud||Cloud||On-premise|
|Site disconnection from controller||Traffic is routed via a diverse site||Edge connection to backup PoP||No policy updated or new sites||Devices will run but no new routes/MAC addresses||No centralised policy updates or new sites|
|Firewall||Basic, advanced from partners||Advanced||Basic, advanced via partners||Advanced|
|WAN optimisation||Yes||Limited (TCP optimisation)||No||No||Yes, add on|
|Traffic handling||Packet-based||Packet-based||Session-based||Session-based is default, packet based is possible||Packet-based|
|Cloud app path selection||Partnered with AWS & Azure with manual for other SaaS providers||Cloud apps leverage private backbone||Measures app performance for best path||Monitors loss, latency & jitter and steers based on conditons||None|
|Fail to wire||Yes||No||Yes||No||Yes|
|4G/5G||No||No||No||Yes, SIM card on devices||No|
|Max WAN circuits||2||3 Internet, 1 private||4 to 6||2 wires+1 4G/5G||4 to 8|
|Differentiators||Global core network with WAN optimisation||Global core network with next generation firewall||Layer 7 application performance tracking||Simple site activation with mobile app, next generation Firewall||WAN optimisation, measurements taken with each packet|
Below. SD WAN appliance vendors 6-10.
|Feature||Cisco Meraki||Cisco Viptela||Fortinet||Silver Peak||VeloCloud|
|SD WAN architecture||Edge-based||Edge-based||Edge-based||Edge-based||100+ Global PoPs|
|Gartner magic quadrant||Challengers||Challengers||Challengers||Leaders||Leaders|
|Form factor||Physical, Cloud (AWS, Azure)||Physical (vEdge. ISR, ASR), Virtual (VMWare, Hyper V, KVM), Cloud (AWS, Azure)||Physical, Virtual (VMware, XS, Hyper-V and KVM(Cloud (AWS, Azure)||Physical, Virtual (VMware, Hyper V, Xen, KVM), Cloud (AWS, Azure, GCP, Oracle Cloud)||Physical, Virtual (KVM, ESXI), Cloud (AWS, Azure, GCP)|
|Controller location||Cloud||Cloud, On-premise as an option||On-premise||On-premise or cloud||Cloud|
|Site disconnection from controller||No policy updates or new sites||Operations continue, user defined timers||No impact on performance||No configuration or policy changes during outage||No policy updates or new sites|
|Firewall||Basic, Advanced||Basic on Viptela, Advanced on Cisco hardware||Advanced||Basic, advanced via partners||Basic, advanced via partners|
|WAN optimisation||Limited||Yes (Cisco add on, not available on vEdge)||Yes, 60E and above||Yes, add-on||No|
|Cloud app path selection||None||Limited, bidirectional forwarding direction (BFD)||None||SaaS optimisation chooses optimal WAN agrees point||Yes, 100+ shared gateways for path optimisation|
|Fail to wire||No||Yes (Cisco hardware)||No||Yes||No|
|4G/5G||Selected devices (MX67C or MX68CW), via USB on other devices||Yes, SIM card on selected hardware||Via separate FortiExtender device||No||Limited, via USB|
|Max WAN circuits||2 Wired, 1 wireless (backup only)||Selected vEdge devices||2 to 4||4 to 8||Selected Edge devices|
|Max capacity||1Gbps||Up to 38Gbps||8.2Gbps||10Gbps||5Gbps|
|Differentiators||Next generation firewall, single pane of glass management, switching, security cameras||Viptela can be installed on Cisco routers, ISR can terminate high throughput||Next generation firewall, WiFI on selected hardware, single pane of glass||Legacy WAN optimisation, adaptive FEC||Gateway allows a customer to optimise traffic to cloud and SaaS applications|
What do you need to consider when evaluating the best SD WAN appliance vendor?
SD WAN virtual appliance vs traditional WAN edge
One of the key tenants of Software-defined WAN surrounds the capability to deliver intelligence via management servers. The theory is that SD WAN would essentially remove the configuration from the traditional on-premise device thus lowering cost as the actual intelligence is delivered from a cloud-based management x86 server. (for example)
Within the networking arena, most SD WAN solutions remain based on conventional WAN edge appliances for branch offices, HQ and data centre with an upward trend toward NFV deployments. With this said, there is cross over as aspects such as cloud-based security and WAN optimisation are available as stand-alone cloud NFV features depending on the vendors offering. This is more of a hybrid WAN edge and NFV approach.
WAN architecture includes:
- Traditional WAN edge, hardware with the configuration delivered from Cloud management servers (often requires zero-touch deployment)
- PC server architecture with virtualised versions of typical solutions
- White Box architecture uCPE/vCPE where the vendor features are selected
How to decide on the best SD WAN appliance vs your needs?
In general terms, appliances and their corresponding features, are consistently at the basis of decision making. There are certain vendors which can be removed since their solution is not available as an appliance only product because the proposition is intrinsically linked to network connectivity. In many ways, Software-WAN is attempting to uncouple the connectivity from network functions; buying together is often viewed as a legacy way of procuring WAN services.
Once your business has shortlisted vendors to initially engage, the next step is to evaluate capability based on business needs. The typical headline buying decisions are made on cost, next-generation security (IPS, content filtering), WAN optimisation, cloud path selection, bandwidth with support for Ethernet, 4G/5G & Broadband and Cloud access
Do you want to manage your own appliance?
If you intend to purchase SD WAN as an appliance only solution, there is a need to think about the expertise required to make decisions on how best to deploy configuration. With the breadth of capability across Software-WAN features, the complexity is more about how to make the most of the solution and how to make the right decisions when deploying security policies.
Do you require co-managed or fully managed SD WAN appliances?
Co-managed services are becoming more popular as businesses recognise there are often unforeseen challenges during the deployment phase. The majority of SD WAN providers and vendors offer consultancy packages, an example is one month of configuration and deployment support, including initial work to bring your WAN up with a base configuration for testing. A scenario of where co-managed services often benefit is the afore mentioned setup of security which requires expertise to ensure the right decisions are made for the organisation.
Is your network complicated, requiring complex dynamic routing?
In some instances, large networks often bring with them a layer of complexity which may have developed over years of adds, moves and changes. Where dynamic routing is required, understanding how the SD WAN appliance supports specific protocols is a must within the presales process.
Do you have a specific cost budget in mind?
The cost conversation often leads SD WAN vendor discussions with floods of marketing. Vendors are suggesting ROI (Return on Investment) figures often result in cost reduction vs MPLS. The cost differences are often based on using lower-cost Internet vs.more costly private layer 3 MPLS or layer 2 VPLS circuits rather than the actual appliance lowering costs vs traditional edge devices. Businesses are also looking to leverage low cost Broadband and 4G/5G to lowers costs and add diversity.
Do you require cloud-based services, i.e. SaaS applications?
Access to cloud-based applications via Microsoft Azure, AWS and Google cloud may require an instance or WAN hardware device within a data centre environment depending on WAN architecture. There are vendors who offer in-network access to the cloud, but they are often providers of both the appliance and network services connectivity.
Do you require Global in-country support?
While most vendors suggest their capability is Global, their actual in country support may not offer physical employees to deal with issues. Whether the lack of physical presence in certain regions is an issue depends on how the appliance vendor deals with the replacement of any hardware and language barriers.
Should you consider an open-source appliance technology vendor?
When we think about the original vision for Software Defined Networking (SDN), an open-source approach is perhaps at the concept's core. In theory, the WAN is no longer tied to a specific vendor because Software replaces proprietary hardware and their respective operating systems.
In reality, and while there is the option to pursue open source solutions, the majority of leading appliance vendors offer their own take on SD WAN capability. With this said, within our partner portfolio, there is a halfway house with certain vendors offering white box appliances with the choice of which features to deploy.