A software-defined WAN (SD-WAN) offers a simple way to merge the networks of a multi-site business into one. Individual networks that serve one location are called “local area networks” (LANs); networks that cover multiple sites are called “wide area networks” (WANs). Using the internet to facilitate communication between LANs does not create a WAN. In a WAN, all of the links are private, even though they are laid over long distances.
We get into a lot of detail on the vendors below, but if you only have time for summaries, here is our list of the ten best SD-WAN vendors:
- VeloCloud A UCaaS service driven by VMWare software.
- Citrix SD-WAN An appliance or a cloud deployment on Azure, AWS, or Google Cloud.
- FortiGate SD-WAN Available as an appliance, a virtual machine, or a cloud service.
- SilverPeak Unity EdgeConnect Implemented as an appliance or a virtual machine.
- Aryaka Networks An SD-WAN system delivered as a managed service.
- CenturyLink SD-WAN A managed or co-managed SD-WAN solution.
- Versa SD-WAN Cloud-based SD-WAN designed for MSPs. The service has security extras available.
- Cato Cloud A private internet backbone that carries SD-WAN traffic with added security features.
- Cisco Meraki SD-WAN Network security and SD-WAN in an appliance.
- Oracle SD-WAN Available as a virtual machine, an appliance, or a cloud service.
Buying all of the cable to link two sites together and getting permission to lay that cable over public and private land is very expensive and complicated. One solution is to lease a line from a telecommunications company. However, this strategy is also very expensive.
The most cost-effective medium to connect sites together is over the internet. SD-WANs deploy techniques to create a private link over the internet. This is known as an “overlay network” and it counts as a private line, even though the physical medium is not owned by the business operating the network. This is how SD-WAN got its name, it converts internet-connected LANs into a WAN through software methods.
SD-WANs require a device to connect to the internet. The system can be created by channeling all internet-bound traffic through a server that runs the WAN-creating software and then on to the network’s gateway. This is called a virtual solution. The other option is to buy a special appliance that is a gateway with the SD-WAN software embedded in it.
- 1 SD-WANs and UCaaS
- 2 More about SD-WANs
- 3 The best SD-WAN vendors
- 4 Set an SD-WAN strategy
SD-WANs and UCaaS
Thanks to the cloud, businesses don’t need to buy and manage the software to create an SD-WAN, nor the hardware needed to run communications software or a special appliance. A Cloud-based SD-WAN system is officially called “Unified Communications as a Service,” or UCaaS.
UCaaS is an edge service that takes care of all routing for your business. All traffic from all of your sites is channeled to the UCaaS server, which acts as a hub. The SD-WAN software on the cloud server routes company traffic through to the appropriate site and sends regular internet traffic destined to other organizations through a gateway.
The connections between sites are all secured with encryption. The IP packets that travel between sites and the cloud-based hub are hidden with encapsulation. This carries the original network packet inside an outer packet. All of the original packet, including its header is encrypted.
Network administrators get access to a console on the UCaaS server and can get traffic statistics from it, even watching live feedback on traffic flows.
More about SD-WANs
The SD-WAN software, whether hosted on a computer, embedded in an appliance or based on a cloud server, enables the address space of all participating LANs to be unified. This is what makes the WAN.
The internet is a separate address space and its inclusion in the system breaks the requirements for the definition of a private WAN. However, the encapsulation procedures of the SD-WAN bridge that address-related problem, enabling the network software to ignore the underlying internet’s addressing requirements.
You can read more about the methodology in creating a software-defined WAN in the article “What is SD-WAN?”
The best SD-WAN vendors
Thanks to UCaaS, you have cloud services to consider when looking for an SD-WAN as well as on-site solutions in the form of appliances or software. We have put together a shortlist of the best SD-WAN vendors, which includes all of these options.
You can read more about these solutions in the following sections.
VeloCloud is a property of VMWare, the leading virtualization software producer. The software-defined WAN is a very similar concept to virtualization because both remap physical resources through the way the software presents them to the human user. So, it makes sense for VMWare to get into this field.
The VeloCloud system is available in a UCaaS format, as an appliance, or a combination of the two. The cloud service can overlay a WAN on internet connections and the appliance has multiprotocol label switching (MPLS) capabilities as well. The system is able to link together physical sites and also bring cloud resources into the WAN.
As a very successful virtualization provider, WMWare has the resources and the know-how to make its SD-WAN products robust, reliable, and efficient. The opportunity of integrating all infrastructure through VMWare products, which include cloud resources, is a very tempting proposition. These qualities make VeloCloud our top pick for SD-WANs.
Citrix is the second-largest provider of virtualization software in the world. The commercial and technical logic of fitting SD-WANs into the product list of a VM producer is just as compelling with Citrix as it is for VMWare. (The Citrix line of cloud and networking services was named NetScaler until recently.)
The service is delivered from the cloud and it manages all traffic from all of the client’s business sites and cloud resources. It is able to implement QoS prioritization by identifying the applications of passing traffic and accelerating time-critical interactive applications, such as VoIP.
Other benefits of the Citrix service include failover procedures that reroutes traffic automatically if a network fault is identified.
Citrix SD-WAN is also available as an appliance and as a cloud-resident virtual appliance for your own team to manage in-house. The system is also available as a multi-tenanted product aimed at managed service providers.
Fortinet made its name through the excellence of its network security software. It builds security features into its FortiGate SD-WAN. This product is an adaptation of the company’s top-selling firewall appliance, FortiGate.
The FortiGate SD-WAN is available as an appliance, a cloud service, or as a virtual machine. This is the Fortinet firewall with added SD-WAN capabilities. The WAN management tools in this package can create WANs across the internet. Features include WAN optimization and application prioritization.
Fortinet produces a long list of FortiGate appliance models with the main difference between them being the data throughput capacity that each can handle. The software version can run on AWS and Azure servers either as a SaaS package or on a “bring your own license” basis.
A companion product provides WAN management and monitoring functions. This is called FortiManager and it is also available as an appliance, as a virtual machine, and as cloud-based services resident on AWS and Azure servers.
SilverPeak Unity EdgeConnect is part of a suite of network support hardware that creates, improves, and monitors SD-WANs. The system is available as an appliance or as a virtual machine.
This system is an edge service and it is able to conduct more tasks than just creating an SD-WAN. Other features of this appliance include a firewall and a WAN optimizer. It is able to create several WAN overlays, creating separate streams for important, time-critical traffic, such as VoIP and interactive video applications.
As well as traffic shaping measures, the Unity EdgeConnect monitors for connection stability and quality. Multiple simultaneous connections also provide redundancy to protect against link failure over the internet. The system compensates for jitter and out-of-sequence packets by correcting transmission errors and irregularities.
The system comes with an attractive console, which shows live traffic statistics, both as data and as visualizations.
Other SilverPeak WAN management tools include Unity Orchestrator, a WAN monitor and Unity Boost, a WAN optimizer.
Aryaka is a managed service provider of network services, including an SD-WAN system. As this is a remote-based system, you don’t need to install any network management software on your site or buy appliances. Your sites connect to the Aryaka server via VPNs and then all switching between sites or to the internet is taken care of there.
You don’t need to keep on-site technicians to manage your WAN because the services of the Aryaka Network operators are included in the subscription price of the SD-WAN.
Aryaka excludes MPLS options and channels all traffic through its servers over the internet. As network data passes through the Aryaka servers, they apply traffic shaping measure including application prioritization and QoS procedures.
Although all of the management of the network is included in the price, Aryaka Networks customers get access to a system console that gives them live views on traffic flows and analytical tools.
CenturyLink offers a fully managed or co-managed SD-WAN service. What that means is that the service includes technicians to set up the WAN and monitor the dashboard of the system while the WAN is in operation. That managed service means that the subscriber not only doesn’t need to install software or run suitable hardware but doesn’t even need onsite technicians.
The managed SD-WAN service is certainly a good option for small businesses. Larger businesses can also benefit if their IT strategy is working towards doing away with an internal network altogether and relying on cloud services. In this plan, the SD-WAN system will end up substituting for the internal network as well as the connections between sites.
Whether you take the managed service option or not, the CenturyLink SD-WAN system will create priorities for speed-sensitive applications and will monitor all connections to look out for failure, which the CenturyLink service can workaround. CenturyLink is also able to offer add-on security measures to the SD-WAN service.
If you want to manage the SD-WAN system yourself and pass on the managed service option, the CenturyLink has a useful dashboard, which is accessed through any browser. The dashboard shows live traffic flows and also has analytical tools that work on historical data to let you plan your future capacity needs.
Versa SD-WAN is designed for managed service providers. The service itself is a managed service, so MSPs can pass the service to their clients and also use it for their own system requirements.
The Versa system is multi-tenanted, so MSPs can request sub-accounts for their clients that need an SD-WAN service. That gives the MSP’s clients direct access to the dashboard of the system to enables them to see data about their own networks. As this is a managed service, those end clients don’t need to do anything to monitor or adjust the performance of the WAN. Neither do the MSPs that are the middlemen in the service relationship. They don’t even need to set up the sub-accounts or get the SD-WAN running. They just have to pass on the client’s details and the Versa technicians will do the rest.
Versa has other network products that are also operated as managed services. Those give the MSP opportunities to sell on other services to their end clients. Examples of those other services are a next-generation firewall and a secure web gateway.
Cato Networks operates a high-speed internet backbone service and also runs a range of cloud services for network and communications businesses. Among those network services, the company provides an SD-WAN system.
The SD-WAN is implemented through an appliance. This is called the Cato Socket and it routes all business traffic over a local connection to the nearest access point of the Cato backbone. The software embedded in the socket apples a range of services, including QoS procedures, traffic shaping, application prioritization, and packet duplication to overcome packet loss.
Not all traffic is sent over the private backbone. Where that line is too distant to be a viable carrier, the Socket chooses MLPS and internet transport options to reach nearby WAN sites.
The Socket coordinates with cloud-based processes run on the Cato servers to provide better routing and traffic management services and also to add a security layer to transmissions.
Cisco’s Meraki division provides cloud services to businesses, including an SD-WAN system. Cisco is a major supplier of network equipment and also supplies many of the routers on the internet. What users like most about this service is that the console is easy to access from anywhere through a browser and the system is easy to learn.
The interface makes setting policies and implementing them very easy. All branches link to the cloud Meraki server through VPNs. So, you do need to install VPN client software on the routers on each site, but that’s all you will need on-site. All of the work of selectively switching traffic between sites or out to the internet is taken care of by the Meraki SD-WAN service.
Oracle stresses its SD-WAN service’s ability to link up the cloud services used by its clients to their LANs. At the same time, the service will connect different sites together. The Oracle’s SD-WAN is cloud-based and communicates with all client sites and resources over the internet, so it doesn’t have any MPLS capabilities.
Oracle paid close attention to failover procedures and stresses its reliability goals. The SD-WAN system can be expanded into a full “edge” service. This includes a cloud-based firewall and traffic optimization measures. Edge services can also be deployed as a virtual machine or as an appliance.
Another SD-WAN related service offered by Oracle is its WAN monitoring system, called SD-WAN Aware. This service is also delivered from the Cloud.
Set an SD-WAN strategy
Your starting point on your SD-WAN buyer’s journey is to decide whether you want to host the SD-WAN software, buy a specialized appliance to implement the WAN connections, or opt for a cloud-based SD-WAN service. As you can see from our list, we have looked into all three deployment methods and found solutions for each.
Once your strategy is sorted out, your search becomes a lot easier. Our shortlist of the best SD-WAN vendors should help to speed up that process.