Which SD WAN services fit your business needs?

What are the top 5 features you should consider when buying SD WAN services? When comparing SD WAN capabilities, we recommend considering CNAC (Cloud Native Architecture), backbone type, SASE security & NGFW, underlay & overlay seperation and Gartner status.

Perhaps the main issue facing IT teams is how to compare SD WAN services, which all sound similar to a certain extent. To craft a blog post to help with this issue, we discuss the top 5 SD WAN features you need to consider when comparing vendors vs your business needs together with example vendors taken from the Netify marketplace.

In the process of bringing new technology to market, vendors are innovating at the fastest pace we’ve ever witnessed across WAN services. The market share is led by agile vendors who are essentially making the large telco service provider and their processes feel like they belong in the past.

“The market share is led by agile vendors who are essentially making the large telco service provider and their processes feel like they belong in the past.”

SD WAN services with overlay and underlay freedom are changing the WAN market.

1. CNAC (Cloud Native Architecture) - DIY vs Co-Managed vs Fully Managed SD WAN services

SD WAN vendors largely prefer to sell their services via channel sales which means it is often not possible to contract directly with the vendor. The reason is simple: engaging with resellers and integrators increases their reach and market share. But what does this mean to your business and IT team?

How the Enterprise engages with vendors is often overlooked but, in the opinion of Netify, is one area which requires careful attention early on during the initial comparison phase.

CNAC describes an SD WAN architecture where the vendor is in complete control of the technology stack. To understand the benefits of CNAC, we’ll delve a little deeper into the typical SD WAN buying options.

CNAC vendor solutions are owned and operated 100% end to end by the vendor both from a process perspective (think support, project management) and hardware ownership. CNAC is blurring the line across DIY, co-managed and fully managed capability with the ability to offer any level of services to clients. The result is that simple requirements - route or user additions - can be handled by easy to use SD WAN portal access. And where requirements demand co-managed involvement, your team can involve the vendor to provide extra support. Lastly, fully managed elements can be discussed with the vendor and added as required.

The typical CNAC vendor is much easier to engage with since processes do not revolve around legacy ticketing systems with multiple teams to get anything done. CNAC is in contrast to traditional service providers which wrap their solution in convoluted SLAs and slow processes.

In addition, CNAC vendors do not not need to involve partners to troubleshoot issues. An example is where a service provider support team need to engage with Cisco to help fix an issue or problem outside of their expertise which creates delay. The adoption of CNAC varies across vendors with some offering the true definition of ‘cloud-native’ and others implementing selected elements. The fundamental differences between each approach is outlined below.

“One of the significant benefits of SD WAN is agility, CNAC offers a framework to translate agility into a tangible product.”

CNAC is the framework many businesses are following when buying SD WAN.

Fully CNAC enabled.

Vendors who are capable of offering an end to end delivered solution.

Part CNAC enabled.

Vendors who require an integrator or partnerships to deliver their solution.

SD WAN vendor briefings over Zoom.

A Vendor Briefing is a research tool for IT teams to learn more about leading solutions vs your business needs, the sessions are free and hosted via Zoom

Book your Zoom briefing →

One of the significant benefits of SD WAN is agility, CNAC offers a framework to translate agility into a tangible product. If your IT team needs to discover which vendors are fully CNAC compliant, login to Netify to compare CNAC vendors.

2. How to evaluate SD WAN private vs public backbone

Public cloud adoption requires businesses to leverage the Internet, which brings forth challenges across network infrastructure performance, security and associated policies. Compared to private-based MPLS networks, SD WAN is often cited as a game-changer as companies look to embrace digital transformation to facilitate the need for users to work from any device and any location.

There are three types of network choice:


Silver Peak is a good example of an Internet-only SD WAN vendor where devices are deployed with end to end encrypted IPSec tunnels between branch-office, HQ, Data Center and remote users.

Create a free login to compare vendors →

Public Internet gateways.

VeloCloud offers a hybrid network of VPN from branch/user to their public gateways globally. The benefit is applied between each cloud node which is interconnected by multiple ISP connections. Clients and device destination route optimization is handled by the node depending on network conditions.

Create a free login to compare vendors →
Private backbone gateways.

Cato Networks have developed a global network of private MPLS connected PoP’s. The benefit to applications surrounds the best possible transport between global locations backed by an SLA across network performance. The branch or user connects to the local PoP via Internet VPN, ensuring the Internet is only used where needed.

Create a free login to compare vendors →

The choice for each option depends on requirements and location. As an example, a national retailer with hundreds of sites would not benefit from public or private gateways. In this scenario, the businesses would be best served via an Internet-only SD WAN solution. Global SD WAN deployments also need to consider the location of gateways to ensure the local PoP is within a reasonable distance. Access to Amazon Web Services (AWS), Azure and Google Cloud also differ between pubic and private backbone SD WAN vendors.

3. Which SD WAN services integrate with SASE security (Secure Access Service Edge)?

We’ve written several articles on selecting SASE security service vendors as IT teams consider SD WAN services with SASE built-in or leveraging multiple solutions to deliver network functions and security.

Working from a cafe using SD WAN

The place of work isn't changing. It has changed, we are now able to work from anywhere at any time.

Gartner introduced the SASE framework to define the security requirements of organizations leading with a cloud-first public Internet strategy. The framework encompasses CASB, DNS protection, Firewall-as-a-service and ZTNA (Zero Trust) delivered and orchestrated by the cloud.

Read our article on SD WAN vendor selection to learn more.

SD WAN services are typically split by vendors leading with SASE propositions and vendors that are integrating best of breed security solutions from companies such as zScaler and Checkpoint. The deciding factor typically surrounds your LAN/WAN complexity and any security solutions that may already be in play today. We typically find that most Enterprise businesses may have already invested in one of the major security vendors so are reluctant to adopt SD WAN with built-in SASE. When this scenario occurs, IT teams should consider vendors with 3rd party security integration.

The evaluation of SASE SD WAN services requires analysis since certain vendors are further ahead regarding attributes such as false positives.

4. Does the SD WAN service support underlay?

The procurement of SD WAN is typically split into two thought processes.

  1. SD WAN vendor separate to connectivity underlay
  2. Procurement of SD WAN from a single service provider

Over the past 30 years, we have witnessed ‘service provider lock-in’ which is essentially where managed services (routers) and connectivity are tied together with contracts which do not terminate on the same date. The ‘lock-in’ scenario is probably the number one reason why IT teams decide not to proceed with WAN change.

SD WAN helps make a change as the Enterprise is positioned to procure their SD WAN overlay separate to their SD WAN underlay (the connectivity). The outcome of overlay and underlay separation means freedom of choice concerning either the SD WAN service element. If the connectivity is experiencing ongoing latency issues, alternative service providers can be considered without impacting the overlay technology.

Service providers (large telcos) are bundling their IP connectivity with selected SD WAN vendors. Whether or not this scenario suits your business vs overlay and underly network separation requires further analysis.

5. Does the Gartner quadrant really matter?

While Netify respects Gartner consultancy, the magic quadrant does not typically result in alignment of business requirements with the right vendor. With respect to this article, we would also agree that Gartner is not a feature as such. Nethertheless, most IT teams mention Gartner content at some point during discussions.

There is value in understanding where each vendor is positioned across leaders, visionaries, niche players, and challengers. However, the requirement still remains to align business requirements across each vendor fully regardless of where they are positioned on the quadrant.

What other SD WAN service features should you consider?

The digital transformation from legacy private WAN services is nearly complete. While there will be notable changes to SD WAN solutions, the fundamental need to connect users and their devices to Internet-based Saas and SaaS cloud-based resources is driving adoption. The challenge for IT departments is to gain an understanding of the SD WAN services market. It is tempting to contact the usual service providers or SD WAN leaders who are perhaps more prominent in the market, but these services may not align fully to your business needs.

Security is now the number one consideration when considering WAN vendors as the perimeter becomes less defined. With high bandwidth, realtime and mission-critical applications accessing the network from any location, the WAN is not the static full mesh solution of even a few years ago. IT teams are also dealing with BYOD (Bring your own device) and public cloud applications creating the need for sophisticated SD WAN and security orchestration.


Within the next few years, Netify predicts the transformation from SD WAN to SDP (Software Defined Perimeter) to recognize the need to offer WAN and security at a device level and not via the traditional CE (Customer WAN Edge). Software-defined technology is ideally placed to meet future requirements with zero-touch provisioning, easy to use network management, application-aware out of the box policies and WAN optimization.

If we accept network security as the leading component of WAN architecture, what else should we consider?

The right Internet circuit must serve applications which require resiliency and real time traffic treatment with acceptable networking latency and jitter. The choice of Ethernet leased line for primary SD WAN overlay connectivity is no different to legacy private MPLS networks, dedicated bandwidth with corresponding SLA remain the defacto standard. SD WAN services also offer the capability to balance traffic across multiple circuit types, including cellular over the air connectivity. And while leveraging cost-effective connectivity might appear to look no different vs more expensive providers initially, other challenges present themselves from support to uptime and application traffic performance.

Alongside Ethernet leased lines, SD WAN is well served by hybrid connectivity, including Broadband internet, 4G and 5G to ensure almost every branch-office or user connection types are covered.

What are the top/best SD WAN services for your business?

Netify have written an extensive article on SD WAN vendors which discussed how to compare their features in more depth together with their features displayed as a matrix.

Note: See our US blog post on SD WAN vendors.

SD WAN service providers include: 

  • Silver Peak
  • Cato Networks
  • Open Systems
  • Aryaka
  • VeloCloud
  • Palo Alto (CloudGenix)
  • Fortinet
  • Meraki
  • Cisco SD WAN Viptela
  • Citrix

Suggested Posts

Search for Articles

Looking for something specific? Enter your search below to find information from all of Netify.

Explore Topics

Popular Article Topics

Find articles and helpful resources about any of the following:

Subscribe to Notifications

The Netify Learning Center

Provider and Vendor comparison advice across SD WAN, MPLS, UCAAS and Cloud Voice.

See All Articles

Forbes Netify Badge


Find Your SD WAN & SASE/SSE Cybersecurity Top 3 Match In 90 Seconds

Compare the market across 100+ SD WAN & SASE/SSE Cybersecurity solutions in less than 90 seconds.
And receive our top 10 vendor and managed provider guides.