List and overview across 10 SD WAN as-a-service solutions
In this article, we will review the top 10 SD WAN as-a-Service (SD WANaaS) providers currently available to UK and North American businesses.
What is SD WAN-as-a-Service?
SD WAN delivered as a service (SD-WANaaS) combines connectivity with orchestration software to create a managed outsourced services for clients. Essentially, it is a consumption model where a company (usually a service provider) will pay a license fee to a vendor for components required - clients can choose which components they want to include. The solution is typically associated with fully outsourced managed SD WAN, but in some cases co-managed services may be available.
List of SD WAN as-a-service solutions:
Amazon Web Services
Netify has collated the top ten SD WAN as a service solutions to help companies choose an appropriate offering to suit their business needs.
Here's the 10 top/best SD WAN as-a-service solutions for September 2021:
1. Aryaka SD WAN as-a-service
Aryaka offer cloud-based managed services under the product name SmartManage. The solution combines globally managed services, leveraging their own Layer-2 global private backbone. All aspects of the Aryaka managed services solutions can be accessed via the MyAryaka portal.
The Aryaka SmartManage offering contains the following components:
SmartConnect: Aryaka’s managed SD WAN offering- which includes hybrid WAN, end-to-end SLAs and last mile management.
SmartOptimize: An application acceleration and WAN optimization service which includes load balancing, path selection and error correction algorithms and single/dual link packet loss recovery.
SmartCloud: Managed cloud connectivity to various cloud providers, with a choice of deployment via IPsec tunnels, Aryaka PoPs or via direct connections to IaaS and SaaS providers worldwide.
SmartSecure: Includes managed firewall and security as a service (SaaS) which is integrated into SD WAN.
SmartInsights: Accessible via the MyAryaka Portal, SmartInsights offers clients greater visibility into their network, by allowing them to make management changes.
According to Gartner Reviews, 98% of users were satisfied with Aryaka SmartConnect, saying that the solution was strong in evaluation and contracting, integration and deployment and services and support along with high level product capabilities. However, some customers did caution by saying that SmartConnect is expensive when compared with other offerings and others reported that they felt the MyAryaka Portal could be more granular.
Take Away Point:
Aryaka can be considered for multinational companies and small-medium enterprises (SMES) requiring global fully managed SD WAN.
Cato Networks offer fully managed SD WAN and SASE solutions, supported by their global private backbone and ability to cater for regional customers using site-to-site VPNs. Users can access analytic information via the Cato Portal, which provides traffic summaries and information about application usage as well as network activity data for increased visibility. Co-managed services are also available, where clients can choose to divide management between themselves, Cato and one of Cato’s partners.
Hands-free Management: Cato’s fully managed services offering. A team of staff from either Cato or one of their partners will completely manage the network, making any necessary changes to networking and security policies as required.
Intelligent Last-Mile Management: Cato provides constant monitoring per-site of last-mile ISPs. If a problem occurs, Cato will work directly with the ISP until the issue is resolved, whilst keeping the client informed throughout the process.
Managed SASE: Cato will manage SASE security solutions for clients as part of their Security as a Service.
Cato Security as a Service (SaaS): Built directly into the Cato Cloud network, Cato SaaS is a set of tools that are designed to work across the entire network, removing the need for disparate edge security devices.
Managed Threat Detection and Response (MDR): The network is continuously monitored to detect compromised and malware-infected endpoints. Machine learning algorithms are used to scan for signs of security breaches, which are verified by Cato IT teams.
Managed Site Deployment: SD WAN can be deployed via a Cato Socket (SD WAN device) on a zero-touch basis. Clients can choose to deploy this themselves, or using Cato for on-site support or remote assistance.
User reviews suggest that Cato’s managed services are easy to use and are a good option for SMEs (Cato often cater for smaller clients). Their security-as-a-service offering is very accurate - in a study by Cato, it was found that only 7 false security alarms were raised in 400 customers over a three month period, saving time and money.
Take Away Point:
A good choice for SMEs looking for managed SD WAN, SASE and security services. However, for those with more complex requirements Cato may not be a good option, as they lack some of the granular capabilities of their competitors.
Masergy deliver SD WAN and SASE services, leveraging their global IP backbone with 51 PoPs worldwide. They offer a variety of managed and co-managed SD WAN services, as well as managed SASE and managed cloud connectivity.
Fully Managed SD WAN Secure: Masergy’s fully managed SD WAN services leverage their secure Edge network, with built-in Fortinet security devices. Fully managed services are supported by network operations centers (NOCs) and security operations centers (SOCs), along with a team of highly skilled engineers who constantly monitor the network. Clients have access to the Masergy management portal, which offers end-to-end visibility and the use of AIOps, an AI powered virtual assistant that analyzes the network and makes recommendations to improve reliability.
Managed SD WAN Secure Over The Top (OTT): Clients are able to use their own existing underlay (such as MPLS or broadband) and Masergy will build an overlay to fit that network. The service leverages the same fully managed capabilities with the use of NOCs and the management portal with AIOps and Shadow IT Discovery tools.
Co-Managed SD WAN: Allows clients to reduce the pressure on their IT teams by diverting mundane tasks such as admin to Masergy staff, whilst retaining control over SD WAN policies and configurations, customizing rules to meet network and application requirements. This service leverages the management portal, where the SD WAN Orchestrator’s self service controls allow clients to make changes to security and network policies. Masergy will also provide client IT teams with training on how to manage network and security policies via the portal.
Managed SASE: Offered in three different tiers: Unified Threat Protection (the most basic offering), Threat Monitoring and Response and fully managed SASE security services which is the most granular offering (includes cloud security). This allows clients to choose which level of managed security is appropriate for their business.
Reports from users suggest that Masergy delivers reliable connectivity and cloud support. However, there have been some complaints about bandwidth availability at peak times, as well as a perceived high cost for the capabilities offered.
Take Away Point:
Masergy SD WANaaS have a strong co-managed solution, making them a good choice for companies with a medium-sized IT team who are looking to offload some of the workload. Their Managed SD WAN Secure OTT service is a strong choice for companies looking to migrate to SD WAN without the need to completely overhaul the existing network. However, a higher price point than other competitors may need to be taken into account.
Verizon are an SD WAN and SASE service provider with strong partnerships across Cisco Meraki and Cisco Viptela. Their solution leverages their Tier-1 global backbone, and offers integrated 5G LTE. Clients are offered three different tiers of Masergy SD WANaaS, each of which is supported by 300 experts who provide client support. Verizon also have the capability to provide managed services for both mid-tier multinational enterprises as well as supporting smaller branch offices.
The Verizon SD WANaaS offering includes application optimization, secure connectivity, and a team of experts who will plan, manage, monitor and secure the network - all of which is backed by SLAs.
Monitor and Notify: The most basic managed services offering, it includes systematic network performance reports, circuit information, customer premises equipment (CPE), fault isolation, issue notifications and network monitoring.
Physical Management: Slightly more granular than the previous offering, this includes everything in the pervious tier, plus backup configuration services and CPE repair.
Full Management: Fully managed SD WAN services, which includes all features in the previous two tiers, plus added security features such as read access to all managed services and emergency patching, and managed WAN features such as logical configuration repair and on-demand end-to-end managed WAN changes.
Application Aware Routing: Prioritizes business-critical applications by ensuring that all data travels on the right path to it’s destination - saving IT teams time
Managed Edge Router Service: Clients are able to offload tasks such as complete outsourcing and monitoring to Masergy staff.
Co-Managed: Verizon allows clients to self-manage SD WAN security and application policies, whilst relying on managed services support for fault performance and configuration management.
Users report that Verizon’s connectivity and bandwidths are fast and reliable and that in the event of an issue, IT support is quick to respond. However, some users said that there was a lack of transparency in pricing.
Take Away Point:
Verizon are able to offer SD WANaaS for both mid-market multinational enterprises with many global locations, as well as companies with a lack of pre-existing IT resources and many remote workers. Their managed and co-managed SD WAN and SASE offerings are strong and SLA-backed, allowing clients the choice between three different service tiers.
Lumen is a Tier-1 global SD WAN provider offering SD WANaaS solutions based on Versa Networks, VMware, Cisco Meraki and Cisco Viptela. Managed services are offered based on each vendor, but every solution is designed to supplement in-house resources with highly skilled experts able to help design, configure, deploy and manage client’s networks.
Lumen SD WANaaS based on Versa Networks: Clients can choose SD WANaaS based on Versa Networks SD WAN. The offering includes identification which can be automatic, customer enabled and pre-defined, for over 3,100 applications. This allows for intelligent path selection, application QoS, packet duplication and policy-based control. The service wrapper features appliance and circuit monitoring and upgrades, appliance upgrades, support for design, configuration, deployment and activation change management, event management and constant support for the WAN. The solution supports hybrid WAN and offers WAN optimization which has the capability to integrate Ethernet, broadband, internet, MPLS and 4G/LTE. Further, co-managed clients have 24/7 access to the Customer Self Service Portal, and all solutions come with optional free of charge on-site installation and maintenance at each SD WAN site.
Lumen SD WANaaS based on VMware: Managed services solutions based on VMware offer clients a multitenant SD WAN orchestrator located in the cloud, as well as centralized management and visibility for streamlined operations.
Lumen SD WANaaS based on Cisco Viptela: The Lumen managed services offering based on Viptela is granular, with a wide range of features, including: VManage Network Configuration and Monitoring System, configuration management and monitoring of the solution using virtual appliances, the capability to run on VMware vShphere ESXi Hypervisor with 8GB of memory and two CPUs minimum, Overlay Management Protocol eliminates bottlenecks for efficient network changes, Trusted Platform Module (TPM) chip to ensure the authentication of routers joining the network, integrated firewall with IPsec, VPN, NAT and ACLs as standard, encrypted control and data traffic, scale out architecture and end-to-end network segmentation.
Lumen SD WANaaS based on Cisco Meraki: Cloud-based managed services with a PCI 3.2 certification, and constant support for the whole solution. The service wrapper includes: support for configuration, deployment, site activation, appliance/circuit monitoring, appliance and software updates and event management.
There are few available user reviews for Lumen, however those that do exist suggest a wide range of customer experiences. Some reviews laud the ease of installation and management services, especially for VMware and Cisco Meraki offerings. However some users suggested that deployment time was too long.
Take Away Point:
Lumen offer clients a choice between strong vendor partnerships offering feature rich SD WANaaS solutions. They are an appropriate choice for global enterprises headquartered in North and South America.
Amazon has a strong presence in cloud services and SD-WANaaS markets. Their solution when used in conjunction with other offerings from its extensive portfolio enables enterprises to develop a single, fully integrated cloud solution. Integrations are available with many popular SD WAN devices, and various Amazon services can be unified under a single central console to create a simple SD WANaaS solution that supports complex functionality. Currently the AWS Cloud network spans 81 availability zones across 25 geographic regions worldwide.
AWS Transit Gateway: Connects on-premises networks, AWS account and Amazon VPCs to a single gateway. Also allows users to integrate leading SD-WAN solutions, such as those from Cisco, or VMWare, by integrating them into the AWS cloud - AWS Transit Gateway acts as a cloud router and uses inter-Region peering to provision global applications and scalability for network growth.
AWS Global Private Network: The solution provides network security by directing traffic only through AWS’ global private network.
Network Manager and Multicast Support: Ensures that bandwidth requirements are lowered for high throughput applications and conducts issue identification and resolution. This also reduces the overall costs as there is no requirement for a on site third party multicast solution.
Amazon Dashboard: Customers can select the SD-WANaaS options, such as Aryaka, Cisco Systems or Silver Peak, from the Amazon dashboard, and have their integrated hardware respond to those configurations, delivering a completely integrated solution.
Amazon Web Services offer an extensive range of services and access to SD WAN solutions via their marketplace. Their solution provides deep integrations with vendor offerings to provide granular features and familiarity to existing service users. AWS integrations offer feature rich environments that are steps ahead in comparison with some other independent vendors. Amazon’s large user base, particularly in cloud services has shown high levels of customer retention and satisfaction.
Take Away Point:
Suitable for virtually all users, Amazon’s cloud-based solution delivers well-integrated and feature-rich SD-WANaaS options. This offering is ideal for enterprises with pre-existing Amazon resources that wish to integrate a SD WANaaS solution with granular features whilst also simplifying network management over large geographical distances.
7. Microsoft Azure SD-WAN
Microsoft Azure is one of the largest cloud service vendors with more security certifications than any other cloud provider. Similar to Amazon, Microsoft Azure offer a wide variety of cloud products and solutions. They offer either completely virtual SD WAN infrastructure or integration with premises based SD WAN solutions as an alternative.
Azure Virtual WAN (vWAN): Microsoft’s SD-WAN service is called Azure Virtual WAN (vWAN), and it consolidates multiple cloud connectivity and security services under a single entity.
Like most SD-WAN solutions, this includes branch connectivity, remote users, firewalls, as well as connectivity to cloud services. However, it is also designed to incorporate premises-based SD-WAN technologies from various vendors, permitting clients to create customized hybrid solutions. The Azure solution ensures efficiency and security by providing optimized traffic routing through Microsoft’s global network. Microsoft Azure provides access to a comprehensive marketplace that provides integration for a wide array of requirements and industries. Azure vWAN connects PoS locations, sites and branch offices through automated large scale branch connectivity whilst also provisioning unified policy and network management.
Managed Service Providers (MSPs): Microsoft has many Managed Service Providers (MSPs),that have pre-set integration parameters that allow your whole hybrid network to be configured centrally from Asure’s single control panel.
Azure users are able to manage and monitor sites and connected Azure virtual networks via a unified portal. SD WAN integrations are supported by partners such as: Fortinet, Check Point, Riverbed, Versa and more. The solution is ‘pay-as-you-use’ with no upfront fees, allowing for high levels of scalability and cost management. The extensive SD WANaaS options available make it very attractive, especially for those already leveraging other cloud-based services from the company.
Take Away Point:
Like Amazon, Microsoft’s Azure SD-WANaaS solution has some of the most comprehensive and feature-rich options available on the market. Microsoft Azure is able to provide solutions for almost any type and size of enterprise, with flexible pricing and wide variety of SD WAN partners.
8. Expereo SD WAN as-a-service
Expereo is a company that delivers edge services, connect services, and cloud services. Each service category can be mixed and matched to deliver solutions to perform WAN optimization, and network business continuity, ensuring uninterrupted connectivity with little or no network degradation, even in the midst of network failures. As of July 2021, Expereo acquired global managed internet service provider Brodynt, broadening their service portfolio and providing a more rounded solution. Expereo operate in over 190 countries and are able to provide services as a single provider for all network demands.
SD WAN and SASE Offerings: Expereo’s edge services include both an SD-WAN as well as SASE solutions ensuring a robust, highly available, but also highly secure connectivity service for businesses. The company also offers direct physical WAN connectivity such as fixed Internet as well as mobile Internet, that can be leveraged by the edge services it provides.
SD WANaaS: Expereo’s managed SD WAN improves network control and ensures the security of data traffic. The service also matches routing requirements, application performance and policy setting to business needs.
SASE Managed Services: The Expereo SASE solution provides built in security to all edges through a unified as-a-service cloud platform. This removes complexity and infrastructure costs as their single SASE solution is cloud native, with no hardware requirements.
Managed Cloud: The cloud acceleration and Layer 2 cloud connect services it also offers complete the portfolio of an all-embracing set of services in a single package delivered by a single vendor. Their Cloud services offer scalable bandwidth and cloud acceleration ensures that SaaS applications run at optimal performance.
experio.one: All managed service options are consolidated onto a single platform called experio.one, from which everything can be optimized, managed, and monitored. User Experience Virtually all users have reported favorable aspects of the provider, citing fast delivery, excellent technical support, and exceptional performance of the technology itself. Reviewers have been hard pressed to find some negative aspects of the service, with a few users citing high costs, and low flexibility in pricing.
Take Away Point:
Expereo is a well-rounded provider, delivering multiple complementary services consolidated into a single management platform, making setup, support, and operation simple and streamlined. Their SD WANaaS solution is ideal for enterprises requiring a single provider managed solution that can meet global business network demands.
GTT is a company that delivers a wide range of connectivity services, including physical infrastructure (wireless, fiber optics, colocation), wide area networks (MPLS, VPLS, and Ethernet) as well as Internet connectivity. Among their wide area network options, you can find SD-WAN services. Unlike other vendors whose primary focus is SD-WAN, GTT delivers it as one of a much wider array of products and solutions.
The focus of the SD-WAN product delivered by GTT is to deliver a highly robust and redundant WAN connectivity via multiple more traditional connectivity methods, using load balancing, automatic failover, and dynamic and real-time routing of traffic. The GTT SD WAN solution is centrally controlled by an orchestrator that can be enterprise managed or managed by GTT themselves. Some of the key features of GTT’s offering are:
Access Options: Anywhere network access by leveraging GTT’s wide range of physically diverse access options.
Tier-1 Internet Backbone: Access to GTT’s secure Tier-1 internet backbone keeps data traffic secure.
SD WAN Options: Leverage a wide variety of top rated SD WAN technology options such as: Silver Peak, Fortinet and VMware.
Single Bill & Single GTT login: Provides the ability to establish and manage multiple access types at every location.
SD WAN Gateways: GTT’s offering utilizes secure, integrated SD WAN gateways that are network based.
GTT Management Experience: Capitalize on GTT’s many years of SD WAN management experience and free up IT teams for other business related functions.
In GTT’s solution, primary as well as multiple backup links are constantly and automatically monitored for availability, latency, jitter, and packet loss. Based on this real-time information, packets are dynamically routed to the best available circuit. Outages may still occur, but users will experience minimal service downtime as the rerouting is automatic and instantaneous.
Users have reported that the service performs excellently, delivering SD WANaaS to a high degree of quality and reliability in both features and capabilities. The primary drawback reported was with technical support and account management. This includes reports of delays in responding to technical issues and outstanding trouble tickets having to be followed up.
Take Away Point:
As part of an extensive portfolio of connectivity services, GTT offers SD-WAN service to consolidate multiple connections into a single virtual connection delivering reliability, stability, and continuity of connectivity even in the event of a network failure. GTT partnerships with VMWare, Fortinet and Silver Peak provide a strong portfolio of SD WAN vendor choices which can be supported by GTT’s global tier-1 internet backbone, with more local access options than any other major carrier.
Open Systems advertises itself as a provider of world-class cybersecurity and connectivity from the cloud. The company offers both network and security managed services, with the full range of options featured in the tables below:
Open Systems SASE+
Mobile Entry Point
Secure Web Gateway
SD WAN Connect
Secure E-mail Gateway
Line Operations Service
Advanced Threat Protection
Open Systems XDR+ (Combines NDR, EDR & MDR services and adds cross-domain intelligence, delivered as a service through Open Systems Cloud Platform)
Network Detection & Response (NDR)
Endpoint Detection & Response (EDR)
Managed Detection & Response (MDR)
SD WAN Connect: Open Systems managed SD WAN service is SD WAN Connect, a single provider solution to manage and optimize enterprise networks through end to end ownership. This service can be added to the Open Systems SD WAN solution or SASE service plan to provide a single point of contract across regions through a single vendor for a complete managed service. SD WAN Connect provides clients with guaranteed SLAs and negates management overheads, whilst at the same time provisioning all-in-one support, design, testing, configuration & analysis of network connections.
Customer Portal: Open Systems managed services include a single platform to orchestrate the complete set of services used, and a customer portal from which services can be managed, scaled up, or scaled down.
NOC: Each element of Open Systems SD WANaaS is supported by a 24x7 level 3 network operations center ensuring continuous operations under any circumstances.
‘Bolt On’ Features: Open Systems offers various service plans for its SD WAN and SASE solutions with the option to ‘bolt on’ features such as managed SASE (SASE+) and Managed Detection and Response (MDR+).
Open Systems SD-WAN services have been rated among the highest providers on the market. On one particular trustworthy review site[A1] , 90% of reviewers rated the service with five stars, while 97% of respondents would recommend the service to others. This is a stellar performance especially coming from companies of all sizes, and from reviewers spanning the past five years. The only negative feedback comes from some lack of specific features that particular users would like to have seen, such as specialized routing services.
Take Away Point:
Primarily focused on SASE security services, the Open Systems solution can be entirely managed themselves a single provider. Ideal for enterprises with a need for a highly secure SD WAN and SASE solution. The management options available makes Open Systems’ managed solution one of the most robust and comprehensive offerings available as-a-service. However some user features are not available as of yet and should be checked against business requirements.
Cloud-based SD-WAN services are still in their development stages. Even though they are mature today, there is still a lot of innovation and progress that can be made, and is expected over the coming years. As business needs and requirements continue to grow, so too will the options and features delivered by SD-WANaaS vendors.
(SD WAN Vendors & Service Providers featured in this article are presented in no particular order.)
What is SD-WANaaS?
SD WAN that is typically available via the provider’s own private network.
Often a monthly subscription dependent on customer opted features and capabilities.
WAN connectivity requires contract with service provider.
SD WAN management and monitoring is administrated by the Enterprise.