Who are the best managed SD WAN vendors and MSPs?

An Exclusive Comparison Guide to the top & best UK, US and Global managed SD WAN vendors and providers including SASE security.

Create & save shortlists, filter features and compare vendors.

Create a free login to compare SD WAN vendors. Instantly shortlist solutions, filter features, price and book Zoom demos all from one platform. Or complete our quick assessment quiz to instantly display vendors vs your answers.


Author: Robert Sturt

Send me an Email
UK: 01603-273777 US: 209-392-5505

Last Updated: 9.11.2020

In this article, we review the top features of 5 managed SD WAN vendors and discuss the different trade-offs involved with a fully managed service versus the DIY option to WAN management.

Within the UK, Netify clients almost always opted for managed services when procuring Wide Area Network (WAN) services. This is in contrast to our US business where the majority of clients opt for agile network capability via wires only DIY solutions. SD WAN services are offering up somewhat of a dilemma as IT Managers are considering their resources in respect of DIY SD WAN. Does software-based networking mean businesses are positioned to remove the cost of managed services?

Table of Contents
    logo-placeholder-icon Who are the top/best 5 managed SD WAN vendors?

    Silver Peaksilverpeak
    Silver Peak requires careful thought as to which of their partners to use, they only sell their SD WAN service via the channel.
    Cato Networkscato
    Cato Networks offer full managed SD WAN without the need of a partner.
    Aryaka lead their proposition with managed SD WAN.
    VeloCloud velocloud
    VeloCloud offer different phases (options) for managed SD WAN customers.
    Masergy masergy
    Masergy offer local Internet access with managed SD WAN.

    Managed SD WAN service vendor solution comparison 1 to 5.

    Vendor Silver Peak Cato Aryaka VeloCloud Masergy
    Primary line of business SD WAN vendor SD WAN vendor WAN as a service SD WAN vendor Service provider
    SD WAN technology Own technology Own technology stack Own technology stack Own technology Fortinet, Silver Peak
    Sold standalone Yes, via selected partners with varying capability to deliver Silver Peak SD WAN Yes, Cato does not require a partner to deliver SD WAN but purchase is channel only Can be sold with the Aryaka backbone as overlay to existing circuits Yes, via selected partner to deliver against managed service requirements Can sell underlay only or underlay and overlay
    Circuit management No Yes Yes No Yes
    SD WAN management Fully managed, co-managed via partners DIY, Co-managed and Fully managed Fully managed, co-managed Via partners Fully managed Fortinet and Silver Peak
    SD WAN architecture End to end Internet, no public gateways or private backbone  Global private backbone architecture with access to 60 Pop locations 29 Global PoPs connected to the Aryaka private IP backbone, regional site to site traffic does not need to use the IP backbone 100+ public gateways across the globe Global network of Pops for both MPLS and Internet

    The Netify 10.

    Our 2020 exclusive top/best SD WAN providers and vendors available from the Netify marketplace. Create your free login to begin comparing vendor solutions.

    Prefer to speak to one of us? Book our free Zoom Netify 10 session where we walk you through leading vendor solutions and how they might fit your requirements.

    Silver Peak requires selecting the right MSP delivery partner.

    Silver Peak

    What is Silver Peak's Managed SD WAN solution?

    Silver Peak offers comprehensive SD WAN features to service most managed Enterprise customers and their networking needs. When reviewing managed WAN, readers should note that Silver Peak do not sell directly to end clients which means selection of their solution as a vendor also requires choosing the right partner.

    The level at which partners are involved with the customer is variable with some offering end to end management and others providing initial professional services configuration as the enabler to DIY and co-managed services.

    Silver Peak do not offer built-in SASE security, their preference is to enter partnerships with companies such as Zscaler with API integration into their management portal. If your business is requiring end to end SD WAN with SASE security, you will need to understand how integration occurs to meet the needs of fully managed SD WAN.

    Products: Unity EdgeConnect, Unity Orchestrator, Unity Boost.

    Notes: HPE has acquired Silver Peak in 2020.

    What are the strengths of Silver Peak Managed SD WAN?
    • Seriously capable SD WAN features, ideal for Enterprise Software-WAN.
    • WAN acceleration.
    What are the weaknesses of Silver Peak Managed SD WAN?
    • Requires careful thought regarding which partner to buy from as expertise is required.
    • No SASE security built-in to the solution.
    • No public or private gateway access, views differ as to whether this is indeed as disadvantage.
    30+ Global PoP locations.

    What is Cato's Managed SD WAN solution?

    Cato are one of the only full stack SD WAN vendors offering customers the ability to engage at all levels across DIY, co-managed and fully managed services.

    With CATO, simplicity aligned with a broad range of capability means they are a good fit for the majority of organisations. One key benefit for global organisations is their private backbone to help applications transit between countries.

    Cato offer an ‘all-in-one’ approach to SD WAN which combines typical features with SASE security (IPS, CASB, Cloud SWG, ATNA, WAAPaaS, FWaaS, RBI, DNS). Cato will also manage the underlay service provider by fielding support calls and working connectivity issues through to resolution.

    Products: Cloud Optimisation, WAN Optimisation, NGFW (Next-Generation Firewall), Secure Web Gateway, Advanced Threat Protection, Cloud and Mobile Security.

    What are the strengths of Cato's Managed SD WAN?
    • Simple to use but with powerful SD WAN features.
    • Full SASE security service and remote access options.
    • Private backbone connectivity.
    • 3rd party tail management for the local WAN connection.
    What are the weaknesses of Cato's Managed SD WAN?
    • Cato meets the needs of most businesses, more complex requirements may be better suited elsewhere.
    • No direct connection to Cloud providers, AWS, Azure, Google Cloud.
    • Businesses need to understand whether the Cato PoP locations fit branch-office locations.

    Aryaka can procure your tail circuits under one contract.


    What is Aryaka's Managed SD WAN solution?

    Aryaka offers a comparative solution to MPLS VPN services by offering customers VPN access into their local Global private based POPs. The Aryaka managed service encompasses connectivity with local loop SLAs based on 99.99% uptime guarantee.

    The typical SD WAN marketplace solution offers overlay with a set of features, Aryaka offer their purpose built managed underlay network with proprietary TCP proxies to provide improve application performance.

    While Aryaka is a strong managed SD WAN contender, readers should note that there is currently no SASE security offering.

    Products: Smart Connect (WAN optimisation), Smart CDN (IP and Web app acceleration) and Cloud VPN.

    What are the strengths of Aryaka's Managed SD WAN?

    • Fully managed, encompassing the purchase of service provider tail circuits.
    • Broad set of SD WAN features. 

    What are the weaknesses of Aryaka's Managed SD WAN?

    • No SASE security.
    • As with Cato, businesses need to check Aryaka Pops vs locations.
    100 Public gateways located around the globe.

    What is VeloCloud's SD WAN solution?

    The VeloCloud integrated SD WAN solution offers routing and Firewall functionality together with over 100 cloud gateways which are interconnected vi multiple ISPs to offer the best possible performance. The VeloCloud approach is positioned in the middle of Silver Peak (end to end Internet) and Cato / Aryaka (private backbone). 

    The VeloCloud managed SD WAN proposition is typically delivered by integrators and service providers which use their implementation of the VeloCloud orchestrator to deliver service. Businesses will be offered access to VeloCloud as an end to end managed service including service levels.

    Products: VMware SD-WAN Gateways, a cloud-based VMware SD-WAN Orchestrator and a branch platform, VMware SD-WAN Edge. 

    What are the strengths of VeloCloud's Managed SD WAN?
    • Backedy.
    What are the weaknesses of VeloCloud's Managed SD WAN?
    • Recently announced SASE

    What is Masergy's SD WAN solution?

    The history of Masergy surrounds one of the finest core MPLS networks provisioned between the worlds global financial locations offering excellent application support. Their managed SD WAN proposition is based around the Fortinet and Silver Peak appliances and NFV installations - Silver Peak can be sold as stand-alone appliances. Masergy are also recognised for the unified communications service offering, contact centre and managed security solutions.

    An ideal option for businesses considering using the service provider model to deliver SD WAN with end to end billing of both the underlay and the overlay.

    Products: SD-WAN with Threat Monitoring and Response, Managed xG, Secure Wi-Fi, Secure Managed Switch, Managed CASB.

    What are the strengths of Masergy's Managed SD WAN?
    • Highest NPS of almost any service provider in the industry.
    • Excellent backbone, recognised for global performance.
    • Masergy have implemented early SD WAN technology for many years.
    What are the weaknesses of Masergy's Managed SD WAN?
    • They do not own the complete technology stack - i.e. partners are required to deliver the solution.
    • The Masergy backbone is suited to metro locations.

    What to know before you read this article?

    While we certainly hope the content on this page is useful and serves as an introduction to leading SD WAN vendors and service provider companies, the list is by no means exhaustive. In fact, numerous other options exist from fully managed service providers to niche players.

    If you would like to understand which vendors and providers fit your organisation, not just the 10 on this page, start with the SD WAN quick assessment tool. Simply answer some questions and our tool will instantly display results.

    Netify also offer a free SD WAN vendor 30 minute Zoom call where we walk you through each vendor and why they fit specific requirements.

    SASE (Secure Access Service Edge) is a Gartner framework which recognises the need to secure users across public cloud.


    Login to the Netify Market Network.

    The Netify SD WAN Market Network is free to use. Simply create your login to begin building and saving vendor shortlists, filter the top features, examine solutions side-by-side and book Zoom demo calls.

    Register now

    What SD WAN managed service options are typically included?

    • An IP based overlay network using encryption and authentication technology end to end.
    • Independence from the underlay network, i.e. select your best fit ISP, MPLS or VPLS provider.
    • Assurance of network performance across SD WAN tunnels.
    • Packet forwarding based on the application.
    • Uptime high availability using multiple WAN connection circuits.
    • Per-session or per-packet based forwarding via configured policy.
    • Automation of configuration via zero-touch managed SD WAN deployment, orchestration and centralised management.
    • Consolidation of features including SASE security, WAN optimisation, NGFW Security, path selection for Cloud apps.
    • Diversity using support for multiple WAN connectivity links such as Ethernet, Broadband, 4G and 5G to avoid downtime and packet loss.
    • Moving toward an SD WAN as a Service consumption model.
    • Sourcing of hybrid WAN services is available from selected vendors.
    • Support for traditional WAN services such as MPLS VPN connectivity.

    Over time, the service provider sector is trending toward consumption models, similar to cloud-based applications, where IT infrastructure technologies are purchased and maintained as a service.

    This is in contrast to the traditional model where you buy the equipment and other resources up front and have access to all of their licensed capabilities in perpetuity.

    The great appeal of the SD WAN solution consumption model for business managers is that it becomes easier to move potentially unpredictable capital expenditures (CAPEX) into more stable operational expenditures (OPEX). Likewise, it is easier with the consumption model to purchase only what you need and gracefully expand later.

    This is known as elasticity. The traditional DIY approach to purchasing and operating your own IT infrastructure requires upfront investments in physical customer premises hardware. It also requires technical expertise to maintain the WAN infrastructure.

    By moving to a managed services model, you have the opportunity to reduce upfront costs and potentially lower requirements for in-house expert-level technical staffing. Regarding the initial deployment of SD WAN services, frequently the most expensive and time-consuming portion involves replacing legacy WAN solution routing equipment at each location with new devices that support the SD WAN platform.

    Some recent network services equipment may become SD WAN enabled with software upgrades, as is the case with Cisco Meraki MX appliances and more recent Cisco ISR/ASR routers capable of running Cisco IOS-XE code. But if your existing equipment is more than five years old, it will most probably need replacing to support SD WAN. With the DIY approach, this can represent a very large expense in both hard and soft costs for the business.

    With a managed services provider, the SD WAN hardware may be included as part of your monthly spend rather than requiring the large initial investment. When you subscribe to services from public cloud providers such as Amazon AWS , Microsoft Azure , and Google GCP , the elastic consumption model allows you to easily purchase more resource capacity as it becomes necessary.

    Similarly, the SD WAN managed services approach lets you easily upgrade your SD WAN capabilities when the necessity arises. A common example is when experiencing rapid growth within your business.

    When you run out of processing capacity in your WAN, you will need to acquire larger routers, which is another CAPEX purchase when using the DIY model. With the managed services approach, you can acquire the larger routers or SD WAN appliances and simply have your contract adjusted accordingly while only incurring the incrementally lesser OPEX costs instead.


    Is the SD WAN market predominately a DIY approach?

    Larger organisations frequently have teams dedicated to managing the underlay networking infrastructure.

    This is because the design, configuration and ongoing operations and maintenance often require expert-level knowledge. Some businesses outsource the knowledge needed for initial design and configuration of complex infrastructures and then perform ongoing operations with in-house talent. SD WAN is frequently marketed toward a DIY approach because once the initial design and configurations have been performed, ongoing operations become radically simplified when compared to the traditional text command-line interface (CLI) model.

    This is because all SD WAN products are designed with a simplified cloud services style web-based interface that makes it easy to maintain the system. The web-based graphical user interface (GUI) model usually has configuration defaults and best practices already defined. Likewise, many of the more advanced implementation details (affectionately known as “nerd knobs”) are hidden away.

    When an SD WAN platform is acquired using the managed services approach, the MSP takes care of the design and configuration. Depending on the expertise level of your in-house staff, this aspect alone may make using an MSP worth it as your company begins to take advantage of what SD WAN can do for you.

    Most SD WAN platforms additionally offer the best of both worlds where the MSP can still perform the initial design and setup, but let the customer participate in ongoing operations.

    This includes both monitoring and management in the form of making business policy changes without requiring involvement from the MSP. For example, your business may deploy a new company-wide application and decide to provide preferential treatment to the network traffic generated by the new software. With the hybrid managed SD WAN model, you could be granted the ability to make those kinds of changes without waiting for the MSP to do them for you.

    Another common example with a managed services deployment is having an enterprise account with read-only access into the platform. This is useful for performing your own monitoring via cloud-based services and associated portal gateways. Your company’s help desk or network operations centre (NOC) can keep an eye on the overall state of the WAN and contact individual locations when issues arise.

    Having this view into the system is also useful for trend analysis, such as physical links that consistently exhibit poor performance or deciding when it is time to upgrade the bandwidth of a particular connection. SD WAN makes these kinds of operations easy whether using the MSP or DIY approach.

    Knowledge base - Create vendor shortlist-3

    What are the risks with a DIY approach?

    Note: Picture shown displays the Netify market network, create a shortlist based on managed services.

    Choosing to deploy and manage a Software Defined environment yourself is certainly possible, and many organisations have done so. 

    However, as with all things, there are certain risks and trade-offs that must be considered before jumping down this path. Most of these considerations are based on the size of your business and the expertise level of your staff.

    With the traditional wires only approach, your business purchases the SD WAN platform and the underlying physical connections independently. Smaller organisations may have an easier time with this type of deployment because there are fewer circuits to manage and the overall network design will most likely be simpler as well.

    When your company grows in size, different network designs and operations must be considered as the overall environment grows accordingly in complexity. Different network-level optimisations must be made to keep performance high and to keep costs down. These network designs frequently require staff with expert-level skills.

    SD WAN attempts to simplify some of these operations through the use of GUI cloud applications and by implementing safe defaults, but networking staff with the requisite skills will understand the ramifications of performing the different available optimisations to give your users a better overall experience and increase your total value of the SD WAN deployment.

    Expert-level staffing is included with the managed services deployment. When you attempt the DIY model, without having appropriately skilled staff in place, you potentially open yourself up to additional vulnerabilities such as security risks and potential downtime due to poor network designs across branch locations.

    Staff with lower skill levels may not even be aware of the various risks associated with making decisions across security policies associated with SD WAN deployments which could leave your business open to outside attackers.

    A poor network design may not have the required redundancy levels to keep your network operating smoothly when outages or misconfigurations occur.

    On the opposite side of the spectrum, you may have very skilled networking staff, but the size of your business makes a DIY approach cost prohibitive. For example, if your company has hundreds or thousands of locations that all require equipment upgrades to take advantage of SD WAN, the upfront cost of replacing the equipment may be less palatable to you than with the managed services approach where the SD WAN edge devices are typically included as part of the service. Another risk of the DIY approach is that some SD WAN platforms are offered only to service providers and are unavailable to the general public.

    This is becoming less of a consideration, though, as SD WAN platforms continue to mature with new features and more stable code. Chances are relatively slim that a platform offered only to service providers will have features unavailable with other vendors that do support a DIY deployment. But, with an MSP, you won’t have to give this any consideration at all.

    What kinds of device and service consolidations are available with SD WAN?

    The managed services approach to SD WAN has additional benefits with the option of device and service consolidation.

    For instance, most SD WAN vendors offer appliances with “branch in a box” functionality where multiple discrete devices are replaced with a single appliance that contains the required features.

    A typical legacy branch deployment may have a separate router, switch, wireless access point, and potentially a firewall. Depending on your needs and the size of the location, each of these devices can be replaced with a single SD WAN device that covers all of the features and presents a single point of management.

    A lot of companies have centralised or regionalised Internet backhaul where all traffic to and from the general Internet passes through a main firewall cluster. Most SD WAN platforms have integrated firewalls that allow for localised Internet breakout where you still have site-to-site VPN traffic, but traffic destined to and from the Internet can be kept local to the branch based on policy.

    A common scenario is to have trusted whitelisted Internet sites use the local Internet connection, while all other Internet-bound traffic continues to traverse the central firewall for deeper inspection. While localised Internet breakout can be done with the DIY approach, a distinct advantage of the managed services approach is that the MSP can offer their own centralised firewall along with other public and private network services, such as private interconnections with major public cloud vendors.

    The MSP can offer regionalised gateways into these services which saves you money and increases the performance of your managed SD WAN environment.

    How to ensure the connectivity underlay is included within the managed wrap?

    One of the advantages of SD WAN vs MPLS deployments is the ability to select from whichever ISP is a good fit vs your branch offices. What is the cost of managed SD WAN?

    Most considerations in business ultimately come down to cost. Organisations continue to seek new ways to predict and stabilise ongoing expenses. The DIY approach can work for businesses of all sizes, and so can managed services. However, managed services may be a better fit for all but the smallest and very largest companies.

    A very small company might not see an appreciable difference in what an MSP can offer because they are generally going to have smaller requirements including a simpler network design that is usually not too complicated.

    On the other side, the very largest organisations might not see a lot of benefit from an MSP because chances are they already have a sufficient number of expert-level staff along with established vendor relationships. For just about everyone else, the managed services approach can represent cost savings through both CAPEX and OPEX as the SD WAN equipment is typically included as part of the service and often updated on a schedule.

    Likewise, the MSP will have a staff of engineers who can take your business requirements and create an appropriate network design for you. The trade-off is that architectural level changes need to be worked out with the MSP which can take longer than the DIY approach, but with the MSP approach, you save by not necessarily needing to keep experts on staff.

    Finally, there is the cost of acquiring and managing the circuits themselves. For larger companies with hundreds or thousands of sites, managing this many global SD WAN circuits is at least a full-time job unto itself.

    You save money and aggravation by offloading this management task to the MSP. Some MSPs even have agreements with various carriers that lower overall costs, which can then be passed on to you as the ultimate customer.

    A common example is an MSP’s ability to create a single pool of data across all of your individual 4G/5G connections, which can be a substantial saving across many locations.

    The simplest way to create your SD WAN vendor shortlist? Complete the Netify quiz, with instant recommendations.

    Learn more
    Stephanie MPLS Providers Mindmap-1


    Download the SD WAN Playbook

    An at-a-glance comparison of leading SD WAN vendors. We've also included the important areas IT teams must consider when comparing solutions.

    Don't forget - we send content immediately, check your junk folder if the email does not arrive.