List of the main features offered by 2024 SD-WAN solutions
- Multi-Cloud Connectivity: Enables robust connections across various cloud platforms, facilitating efficient data backups and application performance.
- Advanced Security Protocols: Integrates with SASE to provide comprehensive security, including enhanced edge protection and threat management.
- Automated Path Selection: Uses sophisticated algorithms to determine the most efficient routes for data, enhancing application performance and reducing latency.
- Zero-Touch Provisioning: Allows for the remote deployment and management of network devices, significantly reducing IT overhead and streamlining operations.
- Optimised Cloud Access: Prioritises cloud traffic to ensure high performance of cloud applications, essential for businesses with significant cloud reliance.
- Traffic Shaping and Prioritisation: Manages bandwidth allocation intelligently to prioritise critical business applications, ensuring optimal performance.
- AI and Machine Learning: Utilises AI to monitor network conditions and automate complex decisions, improving network reliability and performance insights.
- Bandwidth Aggregation: Combines multiple connections to maximize throughput and reliability, particularly beneficial for bandwidth-intensive applications.
- Real-Time Analytics and Reporting: Provides detailed insights into network performance and health, enabling proactive management and troubleshooting.
- Scalability and Flexibility: Supports dynamic scaling of network resources to meet changing business needs, accommodating growth without requiring significant restructuring.
How our Compare the Market Quiz can help you find the best fit SD-WAN Vendors
- Answer 10 questions to find out which SD-WAN solution fits your business
- Learn why each solution is a match for your business
- Used by companies including CDC, Permira, Square Enix, British Legion and more
- Totally free to use without commitment
Understanding Vendor Differences in SD-WAN Solutions
Whilst SD-WAN offers vast improvements over traditional WAN systems, not all SD-WAN solutions are made equal and so it is important for IT decision makers to consider and understand the vendor differences between SD-WAN solutions. By doing so, IT decision makers understand where vendors may offer more critical features that better align with their organisational requirements.
These features affect the connectivity, flexibility, performance, security and management of the network, which means that there are plenty of areas where vendors may differ. These differences may have knock-on effects that impact the network. For example, the ability to utilise more network links can lead to improved performance, and the ability to remotely configure newly deployed devices allows for quicker network scaling.
Some of the most important features of SD-WAN and how they differ between vendors, have been listed below:
Multi-Cloud Connectivity
As businesses begin to prepare for the future, more and more are integrating cloud solutions as part of their network infrastructure through SD-WAN. However, by integrating multi-cloud connectivity, businesses are ensuring that they can leverage the ability of several cloud solutions, their individual perks and the continuous uptime that comes with them.
By utilising multiple cloud services, this prevents businesses from "vendor lock-in" where there is dependence on a single provider. This dependence can be an issue should there be potential outages. Through multi-cloud, redundancy eliminates this issue. Should a single cloud service go offline, another service can pick up the slack. This means that crucial applications never experience any downtime and the overall user experience benefits.
Different cloud providers offer different perks with their services. For example, Google Cloud Platform (GCP) offers "Live Migration", the ability to seamlessly move virtual machines across Google's network infrastructure; however, Amazon Web Services (AWS) provides more raw computational power than GCP. By leveraging services from multiple providers, businesses can enjoy the benefits of each cloud system for improved network capabilities.
|
Vendor |
Features |
Description |
|
Flexible Multi-Cloud Connectivity |
VMware enables the utilisation of multi-cloud connectivity in order to spread traffic across various cloud services. By using a distributed network of gateways, VMware is capable of improving cloud performance, gives businesses a greater flexibility and ensures redundancy failover in the event of an outage at a given provider. |
|
|
Juniper Networks |
Artificial Intelligence Multi-Cloud Connectivity |
Juniper Networks uses Artificial Intelligence to drive its multi-cloud connectivity through 'Session Smart Routing'. |
|
High Performance Multi-Cloud Connectivity |
Cato Networks provides integrated security with high-performance connectivity to multi-cloud environments through its own global private backbone and datacenter integrations. |
|
|
Huawei |
Reliable Multi-Cloud Connectivity |
Huawei offer comprehensive multi-cloud connectivity, using intelligent traffic steering and multi-path duplication to ensure the most reliable connections to the cloud. |
|
Secure Multi-Cloud Connectivity |
Fortinet ensures the security of connections, supporting both hybrid and multi-cloud environments. |
Advanced Security Features
SD-WAN provides advanced security features pre-packaged. These can often include features such as next-generation firewalls (NGFW) and intrusion prevention systems (IPS). These security features are just some of many that ensure the protection of the network, ensuring that no breach of the system occurs. Other advanced security features include the use of Artificial Intelligence (AI) and Machine Learning (ML) for anomaly detection. These indicate potential threats to the network and, by allowing for proactive mitigation, SD-WAN enables administrators to rapidly respond to network threats.
It should be noted that different SD-WAN vendors offer different advanced security features.
Fortinet offers advanced security features such as:
- Next-Generation Firewall (NGFW)
- AI-powered Secure Web Gateway
- Zero-Trust Network Access (ZTNA)
- Cloud Access Security Broker (CASB)
- Firewall-as-a-Service (FaaS)
Whereas Cisco Umbrella offers:
- Secure Web Gateway
- Cloud Access Security Broker (CASB)
- DNS-layer security features
Whilst each offer Secure Web Gateway and CASB, Fortinet offers features such as Zero Trust Network Access and Cisco offers DNS-layer security. Depending on the requirements of the system, IT decision makers should consider the features offered by different SD-WAN vendors in order to determine the offering most suitable for their system.
|
Vendor |
Features |
Description |
|
Integrated SASE |
VMware offers integrated SASE within their SD-WAN solutions. This forms a secure virtual network, providing greater flexibility and the option to use multi-site cloud. |
|
|
Netskope |
Integrated SASE |
Netskope offers integrated SASE via the form of intelligent traffic management and security management all within a single platform. |
|
Cloud-Native and Integrated Security |
Cato Networks merge the management of the network with its security features (such as Intrusion Prevention Systems, Anti-Malware) which makes Cato a good system for distributed networks. |
|
|
Integrated Security and SASE |
Open Systems offers SASE alongside advanced security features such as Network Detection & Response and Cloud Access Security Broker. |
|
|
SASE-enabled |
Palo Alto Networks SD-WAN can integrate with SASE, allowing for optimisation of the network, and the ability to manage the network security. This makes Palo Alto Networks SD-WAN best for enterprise solutions. |
|
|
integrated SASE |
Aruba Networks embed SASE into their SD-WAN, providing in-built Next-Generation-Firewall and Zero Trust principles which are best for protecting branch networks. |
Automated Path Selection
Unlike traditional WAN, SD-WAN offers automated path selection for network traffic. In traditional WAN systems, MPLS is used to define static routing paths. These are configured manually and therefore it can be difficult to change routing protocols, which can be problematic during peak-use as this can cause latency.
SD-WAN, however, uses dynamically selected routing. By analysing real-time data, historical data and the currently available network links, SD-WAN is able to automatically route traffic over the optimal path, whilst also prioritising crucial data flows, reducing network latency. This provides a much better user experience than traditional WAN system as it increases the reliability of the network.
How vendors like VMware and Silver Peak Systems implement automated path selection to enhance application performance.
Both VMware and Silver Peak Systems implement automated path selection to enhance application performance. Silver Peak's SD-WAN uses 'Host-Base redirection' routes all devices to a local Silver Peak appliances and the appliances then performs dynamic path selection in order to determine the next hop. With VMware SD-WAN, edges can identify and prioritise different application types to use the optimal path based on real-time traffic data.
|
Vendor |
Features |
Description |
|
Dynamic Path Selection with Cloud |
VMware offers dynamic path selection with the Cloud. This is best for networks with changing network conditions. |
|
|
Dynamic Path Selection for High Performance |
Cisco Meraki offers advanced path selection for ensuring high performance of the network. This means that critical applications are prioritised and maximises uptime. |
|
|
Granular Application Steering and Prioritisation |
Fortinet offers granular-level application steering, with detailed prioritisation. This is best for networks required greater control over application traffic. |
|
|
Dynamic Path Selection for Avoiding Latency & Jitter |
Versa Networks uses real-time data in order to dynamically select paths to avoid latency and jitter. This aids the reliability of the system. |
|
|
Juniper Networks |
Dynamic Path Selection using Artificial Intelligence |
Juniper Networks uses Artificial Intelligence to provide dynamic path selection using real-time data. This is best for cloud-centric businesses. |
Zero-Touch Provisioning
Zero-Touch Provisioning (ZTP) can be used for rapid expansion of network architecture. Via Zero Touch Provisioning, SD-WAN enables a simplified deployment model. SD-WAN is able to be deployed, controlled and configured remotely to provide the best configurations at any given moment, based on real-time network traffic.
Aruba provides Zero-Touch provisioning via the form of plug and play deployment of branch controllers. With Aruba branch controllers, administrators can activate them via a cloud service for provisioning and the controller authorises with the cloud in order to activate.
Juniper Networks have enabled Zero-Touch provisioning on their switches and routers. These enable remote deployment by downloading and installing the required software and configuration files from the network.
| Vendor | Feature | Description |
|---|---|---|
| Palo Alto Networks | Firewall onboarding | Palo Alto Networks SD-WAN can simplify the process of deploying firewalls via Zero Touch Provisioning. ZTP automates the onboarding of firewalls, allowing administrators to deploy firewalls to a branch location and configure them remotely. |
| Digi | IoT configuration | Digi offers a Remote Manager within the cloud, which can be used to configure Internet of Things (IoT) devices, including the initial provisioning, firmware upgrades and the ability to set unique policies for individual devices. |
| Juniper Networks | Provisioning and Reinstallation | Juniper Networks allows for automatic provisioning, updating and reinitialising to previous software images all via ZTP. |
Optimised Cloud Access
SD-WAN optimises cloud access by changing the way cloud data is routed. Within traditional WAN architectures, traffic was backhauled via a central data centre before accessing the cloud, however with SD-WAN, this is no longer necessary as SD-WAN can provide a direct connection to different public cloud services. This dedicated path means that direct connections between the network and cloud have higher bandwidth, with the network experiencing higher speeds and less latency.
Aryaka optimises cloud access by providing its own global private network. This network has its own Points-of-Presence (PoPs) scattered across the globe, which reduces geographical distance and therefore increases the cloud access speeds. Aryaka also supports hybrid WAN systems, allowing the use of the Aryaka global network as a backbone whilst allowing access locally from site-to-site. Aryaka primarily uses AWS and Azure for these cloud services, selecting the best provider based on real-time data to reduce latency and jitter.
Prisma, however, relies on the internet and an advanced software WAN. This means that Prisma analyses Layer 7 metrics such as server response time, application response time and application transaction failures in order to determine the best routing. This allows for optimal performance of cloud-based applications, enhancing the user experience with these critical applications.
| Vendor | Feature | Description |
|---|---|---|
| VMware | Efficient Cloud Access |
VMware offers efficient cloud access. VMware's distributed network of service gateways allows for efficient access to the Cloud and greater flexibility, as this reduces the complexity for multi-cloud utilisation. |
| Fortinet | Safe Cloud Access |
Fortinet offers links tailored for cloud applications, integrated with advanced security to enable safe access to the cloud. |
| Palo Alto Networks | Prioritised Cloud Access |
Palo Alto Networks uses prioritised cloud access to ensure that critical applications always have access, with added security to securely connect branch networks to the cloud. |
| Cato Networks | Native Cloud Access |
Cato Networks provides a Cloud-Native SD-WAN solution. This optimises cloud access, as it ensures that quality metrics (jitter, latency, packet loss) are met and is the best solution for distributed networks. |
Traffic Shaping and Prioritisation
SD-WAN provides traffic shaping and prioritisation in order to optimise the network performance. To perform traffic shaping, SD-WAN allows network administrators to define bandwidth limits (minimum and maximum), priority levels of different traffic classes and set prioritised traffic paths from within the network policies. This ensures that critical applications always get the required bandwidth and latency is minimised.
Citrix offers Quality of Service (QoS) functionality within its traffic management system. This identifies specific applications that may be crucial to businesses (such as VoIP) and ensures the ability to automatically and seamlessly switch to a reliable backup system should the primary path drop out or latency increase.
Cisco Meraki introduces 3 levels of traffic prioritisation and the ability to limit bandwidth usage across a traffic group. This means that administrators can force the distribution of bandwidth to specific applications and prevent less-crucial applications from using excessive bandwidth, producing latency across the network.
| Vendor | Feature | Description |
|---|---|---|
| Fortinet | Granular traffic prioritisation | Fortinet allows up to 30 traffic groups to be configured, with custom priority levels in order to give greater control over traffic. Administrators can set guaranteed and maximum bandwidth limits. Fortinet uses static queues (which can be inefficient during peak-traffic) and prioritisation acts on the local port-level so cannot provide true end-to-end Quality of Service. |
| Cisco Meraki | Some traffic prioritisation with QoS support | Cisco Meraki offers 3 levels of prioritisation, giving some level of control over network traffic. There is the ability to limit bandwidth usage but no function to guarantee bandwidth to a set traffic group. Cisco Meraki uses dynamic queues for different traffic conditions and adds support for Quality of Service, however this requires upstream network equipment to function. |
| InfoVista | QoS built-in | InfoVista offers dynamic classification and optimises application performance therefore has no ability to manage bandwidth. However, InfoVista offers dynamic application-aware queues, which provides an application overlay SLA for Quality of Service. |
AI and Machine Learning Integrations
As Artificial Intelligence and Machine Learning integrations within SD-WAN become more prevalent, it is important to understand the different use cases for each across different SD-WAN vendors.
Artificial Intelligence (AI) and Machine Learning (ML) have been integrated to produce tools that assist with the predictive maintenance and anomaly detection of SD-WAN networks. These technologies monitor network traffic, finding patterns within said traffic. These are then able to match these patterns up against expected behaviours (from users) or potential threats to the network and thus enables a proactive approach to dealing with these potential threats.
Additionally, AI and ML are being used to automate networks through the process of managing traffic routing and security policy updates. This reduces the workload on network administrators and simplifies the management of the network.
VMware have developed VersaAI as part of their unified SASE platform. VersaAI is capable of detecting malicious behaviour in real-time, enhance network performance through traffic routing and secure operations. VersaAI can be considered a reliable AI tool due to VMware training VersaAI on their large customer-base's analytic data in order to refine advanced functionality.
Juniper Networks use AI to optimise the network performance. Through analytics (and via Juniper Apstra), Juniper's AI can perform predictive maintenance and anomaly detection to ensure the security of the network.
|
Vendor |
Feature |
Description |
|
Pinpoints Network Issues |
Uses machine learning to forecast equipment failure. Utilises Artificial Intelligence to optimise routing. AI monitors network traffic for potential threats. Uses machine learning to analyse and pinpoint source of network issues. |
|
|
Troubleshooting Recommendations |
Utilises Artificial Intelligence to optimise routing. AI monitors network traffic for potential threats. AI automates troubleshooting, providing intelligent recommendations to resolve issues. |
|
|
Automated Troubleshooting |
Utilises Artificial Intelligence to optimise routing. AI monitors network traffic for potential threats. AI automates troubleshooting, with the ability to try to rectify issues without human intervention. |
Bandwidth Aggregation
SD-WAN improves the network performance by dynamically routing traffic via the best path based on real-time traffic analysis. This is further extended by the ability of SD-WAN to leverage multiple ISPs (broadband, 4G, 5G, LTE, internet leased lines and satellite services) and combine them to provide greater bandwidth for the network - Bandwidth Aggregation. This decreases the latency of the network and ensures reliability to crucial applications across the network.
Peplink has the ability to combine DSL, LTE and satellite, to provide a greater bandwidth and failover for the network. Peplink also has the capability to aggregate up to 4 LTE links. Whereas, Riverbed has the ability to aggregate multiple WAN links including broadband, 4G, 5G, LTE and MPLS to provide increased bandwidth and redundancy.
| Vendor | Feature | Description |
|---|---|---|
| Cisco | WAN aggregation | Ability to aggregate multiple WAN links |
| Fortinet | Tunnel WAN aggregation | Offers tunnel bandwidth WAN aggregation, with per-packet load balancing to ensure bandwidth availability for all applications. |
| Peplink | LTE aggregation | Ability to aggregate up to 4 LTE links. |
Real-Time Analytics and Reporting
SD-WAN provides the ability for administrators to review analytics and reports in real-time. This includes the ability to view current traffic against historical traffic across different links, whilst also being able to generate on-demand reports for later review. This is important as it allows network administrators to determine where there may be potential weaknesses or issues within the network.
Cato Networks offer a "single pane of glass" in order to manage the network and its security. Within this pane, administrators can manage analytics, policy configuration, incident review and troubleshooting all within real-time.
VeloCloud provides real time analytics on user traffic, such as the top bandwidth consuming applications, individual user flows and the routing of the flow so that traffic can be viewed at the next hop. VeloCloud also enables administrators to output this data into a CSV format, allowing for further analysis.
| Vendor | Feature | Description |
|---|---|---|
| Cisco | On-demand reports | Provides real-time visibility to performance, bandwidth-usage, site availability, on-demand reporting and the ability to generate reports in Excel format. |
| Lumen | Custom reports | Provides analytics dashboards for traffic monitoring, mean-opinion-scores (MOS) and the ability to produce custom reports in PDF, XLS and JSON format. |
| Palo Alto Networks | Firewall monitoring | Generates reports for application or links with potential degradation issues and for firewall activity. |
Scalability and Flexibility
As SD-WAN aligns with the SASE framework it enables IT decision makers to incorporate a more holistic, cloud-centric approach to network security by applying the same policies regardless of device or location. When integrated as a component of SASE, SD-WAN provides the scalable and flexible network architecture for delivery of cloud-based services. This is especially true within Internet of Things (IoT) environments, where large numbers of devices require streamlined policy enforcement.
As SD-WAN can function entirely within the cloud (cloud-native), the security services that SD-WAN contributes within the SASE model simplifies an organisation's network and security architecture, enhances it's security posture, scalability, and agility.
SD-WAN solutions such as Viptela scale by introducing more vEdge (software or hardware router responsible for the data plane within SD-WAN). This means that scaling is very quick and easy, making the process more flexible for businesses. Viptela vEdges also have the ability to integrate with the rest of Cisco products, making the onboarding process for each vEdge less complex.
| Vendor | Feature | Description |
|---|---|---|
| Palo Alto Networks | Supports thousands of distributed locations |
Prisma can scale to support thousands of distributed locations, offering a variety of hardware to accommodate different branch sizes. |
| VMware | Overlays existing network infrastructure. | VMware can act as an overlay to existing network infrastructure, enabling rapid scaling of SD-WAN without impacting infrastructure. Also supports ZTP. |
| Cisco | Multi-region SD-WAN fabric | Offers multi-region SD-WAN fabric and support for advanced routing protocols. |
Conclusion
When evaluating SD-WAN solutions, it's important to consider the key differences in offerings provided by vendors. Whilst all SD-WAN vendors aim to improve upon traditional WAN systems, the importance placed on features such as performance, security, manageability and deployment models varies from solution to solution.
By carefully evaluating network requirements, IT decision makers can consider the right SD-WAN vendor offering for their requirements to not only improve their network for the short term but also improving the network infrastructure for the future.
