6-Point Guide for Choosing the Right SD-WAN Solution

May 17, 2018

Now that you’ve made the vital decision of adopting SD-WAN as your branch network strategy, next challenge is selecting a solution which is the right fit for your environment and is scalable for future needs.

As per Gartner, there are 38 providers of SD-WAN solutions. Do all of them have the capacity to meet your needs? Maybe yes, maybe not. It really depends on what problems you are looking to solve, how your data is growing and which digital services you plan to deploy in future.

Assuming you have a clear idea as to what is your core focus in your SD-WAN strategy or what main concern(s) you are looking to address, the first thing you might want to consider is identifying the type of SD-WAN vendors that will be good match for you. Looking for specific competencies and strengths should steer your search to vendors you would be more inclined towards to work with.

SD-WAN Vendor Landscape

SD-WAN solutions are being offered by a variety of vendors. From pure-play SD-WAN software providers to companies that have a specialist background in areas such as Routing, WAN Optimization, Application Acceleration, Link Aggregation, Network-as-a-Service or M2M/IIoT Networking. They all offer SD-WAN platforms combined with their niche, bread-n-butter network solution, and of course open architecture to allow seamless integration with third party VNFs.

Beside solution developers, you have got Communication Service Provider (CSP) Managed SD-WAN option, which offers its own advantages.

6-Point Guide For Choosing the Right SD-WAN

A complete SD-WAN solution should address all of the below mentioned needs, that we can also consider as the key drivers of SD-WAN adoption:

  • Cost Reduction
  • Ease of Deployment. Provisioning of new services in matter of hours.
  • 360 degrees Visibility and Centralized Management.
  • Guaranteed Quality of Service.
  • Comprehensive Security: Hardware level and Software Level.
  • Network Segmentation. Important for Manufacturing and few other industries.

Most platforms in general will offer you a feature-set that covers these key concerns in many different ways. However, as always, devil lies in the details.

In this article, we will discuss these six points to guide your selection of a suitable SD-WAN solution for your enterprise network. So, let’s jump straight in.

1- Cost Reduction

Whether you go with a DIY, Hybrid or Fully Managed deployment model, SD-WAN should save you money. It’s something that has to be inquired in detail from the prospective vendors when evaluating and comparing different solutions. Service provider and software provider should provide very clear understanding of how cost reduction will be achieved.

Which legacy hardware pieces will have to be ripped and replaced by software and which ones can be integrated with the SD-WAN and phased out at a later stage? Would you have control over replacing internet and MPLS providers when their service and support degrades, or you find a more economical option? Do WAN optimization and load balancing come in the package or you must acquire separate VNF licenses for those? Are you able to compliment your security by integrating your existing NG firewall with the one embedded in the SD-WAN uCPE?

These and several other questions on those lines can give you an understanding of how one vendor stacks up against the rest.

SD-WAN is assumed to be replacing the expensive MPLS but practically it is not possible in many industries. If you run business-critical applications such as live video or voice, you will not be able to get rid of MPLS completely. However, you can downgrade your connection to a smaller pipe to reduce some costs. A solution that offers MPLS, Broadband and LTE combined in one box will be a good fit and enable dynamic traffic path selection. Some SD-WAN solutions offer smart path selection for the data based on application type, link cost, link quality and so on, hence optimizing your cost efficiency automatically.

Another large chunk of your savings should accrue from reduced allocation of man hours to manage, configure and support your branch applications and connectivity. To achieve maximum benefit in this regard, look for solutions that offer maximum automation in WAN optimization, security as well as in orchestration of applications.

integration with third party VNF’s to replace proprietary hardware appliances is another big cost saver. Pure-play SD-WAN offerings should have an open architecture to offer seamless integration with other  virtual network functions or services such as WAN optimization, Load Balancing, Firewall and so on. SD-WAN solution should also be able to support a range of OS and Hypervisors to facilitate easy deployment of a range of VNF options.

Besides reducing costs, SD-WAN enables opening new revenue streams much faster due to its quick provisioning and ease of deployment features. Think pop-up stores, remote construction sites and opening of new retail stores, franchises and even gas stations.

2- Ease in Deployment and Service Provisioning

An ideal scenario in this case is a solution that offers zero-touch provisioning. Meaning, you do not need extensive technical skills at the edge to get the new location up and running with internet and network services. You should not have to send or require on-site technical personnel. Service provisioning should be automated. Anybody at the branch should be able to take the vCPE/uCPE device out of the box and simply plug it with the internet and MPLS. uCPE should automatically request and complete deployment configuration and connect with the cloud and the core network for service provisioning.

Working with a vendor that offers other network services that can be integrated into the SD-WAN such application acceleration, path optimization and security will also make it very cost efficient and throughput-efficient due to information sharing across network services from same vendor.

Zero-touch provisioning is a huge cost saver and a popular feature of SD-WAN and must be examined in detail with the vendor.

3- Centralized Visibility and Management

SD-WAN solution should offer a single pane of glass console to provide complete visibility, control and analysis of your SD-WAN connectivity status, quality and resource allocation. This should cover your connectivity with the core network, cloud infrastructure as well as at the local branch level network to view local usage and demand metrics.

You should be able to view metrics such as:

  1. What is the data egress from X branch?
  2. Which applications are consuming most internet data?
  3. How is the QoS priority application performance?
  4. What is it performance of each link?

This is to allow you to manage and adjust your policies to best suit your business needs locally as well as orchestrate necessary network services as needed and on a timely manner.

4- Guaranteed Quality of Service

SD-WAN solutions offer multiple WAN links that enable dynamic path selection for the traffic based on application type, link type and transport quality. If you are bundling in MPLS, Broadband Internet and LTE connections into your SD-WAN, you can set up QoS rules to prioritize business-critical application data over the most stable of the connections. Check with the vendors the specific features and technologies they offer for application-specific quality detection and link quality detection.

LTE is critical in remote locations where Broadband and MPLS are not available, such as remote construction or energy sites.

Also, if you are implementing a Mobile SD-WAN or Vehicle SD-WAN solution, let’s say, on a First Responders fleet, you will need LTE or multiple LTE with hot failover feature and possibly support for Band-14 to ensure continuous QoS. For Mobile application you may also want to ensure quality of hardware to withstand constant movement and vibration. An ML-STD 810-G compliant fanless hardware based mobile SD-WAN solution will be able to offer much better stability for the SD-WAN enabled cloud services First Responders need access to on the go and at the emergency sites.

5- Comprehensive Security: Hardware level and Software Level

SD-WAN’s are expected to have an embedded security mechanism, most preferably some sort of built in firewall. Top SD-WAN solutions offer embedded firewall, IPS and malware protection for network security at the edge. They also offer integration with third party NG Firewall VNF’s or with existing firewall hardware for augmenting security.

For secure edge-to-edge data transport, vendor must be enquired about the type of transport tunnel and encryption technologies they offer. IPSec VPN, DMVPN and MPLS are popular transport technology options for secure data transport, however they may vary in costs, security features and in quality of link.

At branch level, a user or role-based control policy can help delegate authorized access to customers and employees on the site. A pre-defined policy in this regard can ensure automated user identification and access delegation. SD-WAN should offer features that automate and facilitate role-based user access policy.

Ideally an SD-WAN vendor provide a detailed description of security at all three levels: Application, Cloud Platform and hardware appliance level.

Carrier-grade hardened white box uCPE appliances offer multi-core architecture, powerful CPU’s and hardware crypto acceleration technology to support security and routing intensive operations such as SD-WAN, SD-VPN and SD-Security. Data Plane Development Kit (DPDK) packet process software also enhances hardware’s performance capacity to run multiple security VNFs in SD-WAN environment.

Lanner’s NCA-2510, that is equipped with above mentioned technologies as well as Intel’s AES NI for data encryption at the processor level, has demonstrated exceptional results in SD-WAN deployments. It is one of the leading hardware platforms for SD-WAN on the market.

Using purpose built uCPE Hardware that is tested and approved by the ecosystem partners and is recommended for CSP Managed SD-WAN, is the way to go. In Lanner white box uCPE appliances you can find carrier-grade as well as enterprise class edge CPEs that you can rely on for continuous operation providing SD-Security and SD-WAN services seamlessly.

Firmware update automation is another essential feature that can help you get your appliances secured immediately from emerging threats and vulnerabilities.

6- Network Segmentation

If you provide any type of access to your customers, suppliers or other business units to have some sort of real-time network access into a business segment / process of your company, you may want to consider Network Segmentation as a critical SD-WAN feature to add in your list.

If you are a manufacturing company with integrated supply chain networks and distributed plant networks, you will surely want to find a way to isolate traffic specific to each of those entities that are connected with your factory. This allows you to quickly quarantine compromised 3rd party network or your internal device and avoid getting the whole network affected by it, which could be disastrous. Retail chains are also a big benefactors of network segmentation capabilities as they deal with tens of thousands of suppliers and vendors.

Segmentation can be implemented in various ways, allowing you full control over how you want to isolate different functions and entities in your company. Besides isolating your partners and suppliers, you can segregate the network based on business lines across the company sites, you can isolate guest WiFi, you can also create a segment for any IoT application that you deem necessary.

Final Decision – How to Deploy SD-WAN and Who Should Manage It?

Choosing the right solution is not complete without deciding on how you want to implement SD-WAN. Do you want to deploy and manage it using internal resources or you rather outsource to a service provider. This a crucial decision after you have made a list of all your requirements and preferences.

Let’s briefly discuss SD-WAN deployment options available today.


Large corporates with global or nationwide branch network or locations are more likely to opt for migrating and managing their SD-WAN in house. Companies making on the upside of $10B annually normally have a very well-staffed IT department in multiple locations and can manage all aspects of SD-WAN deployment internally.

Hybrid – best of the both worlds

SD-WAN deployment is a popular deployment approach where the customer has access to apply and change certain policies and rules on top of the configuration set by the CSP. Choosing a platform that supports multi-tenancy to allow user control based on their role is key to deploying a Hybrid SD-WAN. This approach is popular equally in Small and Medium Enterprises as well as in Fortune 500.

Fully Managed SD-WAN

It’s the most attractive SD-WAN deployment model given the short term and long term benefits it offers. Going DIY does require a lot of resources and management of multiple vendors, from internet to SD-WAN software platform and other cloud services you want to implement. Working with a full-scale managed service provider can help you save time as well as resources and bundle your bill of multiple network services into one.

Internal resource allocation and maintenance cost are two major deciding factors when choosing which deployment model you want to go with.


Business around the world are striving to improve their information technology infrastructures to reduce costs, enhance efficiency and security. Achieving network agility through SD-WAN is one big step towards achieving these goals and harnessing the innumerable benefits offered by advancements in cloud computing and emerging technologies such as Internet of Things, Big Data and Machine Learning. Doing the due diligence and extensive pre-purchase evaluations will ensure your SD-WAN project is plain sailing and you achieve your objectives.

Latest blogs