2024’s SD-WAN solutions offer key features like multi-cloud connectivity, advanced security, dynamic path selection and scalability. IT decision makers should note that vendors differ in their focus on performance, manageability and deployment models. |
Table of Contents
Understanding Vendor Differences in SD-WAN Solutions
Whilst SD-WAN offers vast improvements over traditional WAN systems, not all SD-WAN solutions are made equal and so it is important for IT decision makers to consider and understand the vendor differences between SD-WAN solutions. By doing so, IT decision makers understand where vendors may offer more critical features that better align with their organisational requirements.
Key Features of SD-WAN
These features affect the connectivity, flexibility, performance, security and management of the network, which means that there are plenty of areas where vendors may differ. These differences may have knock-on effects that impact the network. For example, the ability to utilise more network links can lead to improved performance, and the ability to remotely configure newly deployed devices allows for quicker network scaling.
Multi-Cloud Connectivity
As businesses begin to prepare for the future, more and more are integrating cloud solutions as part of their network infrastructure through SD-WAN. However, by integrating multi-cloud connectivity, businesses are ensuring that they can leverage the ability of several cloud solutions, their individual perks and the continuous uptime that comes with them.
By utilising multiple cloud services, this prevents businesses from “vendor lock-in” where there is dependence on a single provider. This dependence can be an issue should there be potential outages. Through multi-cloud, redundancy eliminates this issue. Should a single cloud service go offline, another service can pick up the slack. This means that crucial applications never experience any downtime and the overall user experience benefits.
Different cloud providers offer different perks with their services. For example, Google Cloud Platform (GCP) offers “Live Migration”, the ability to seamlessly move virtual machines across Google’s network infrastructure; however, Amazon Web Services (AWS) provides more raw computational power than GCP. By leveraging services from multiple providers, businesses can enjoy the benefits of each cloud system for improved network capabilities.
SD-WAN Vendor Multi-Cloud Connectivity Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Features | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:08 PM | hyelland | 29/10/2024 12:08 PM | VMware | Flexible Multi-Cloud Connectivity | VMware enables the utilisation of multi-cloud connectivity in order to spread traffic across various cloud services. By using a distributed network of gateways, VMware is capable of improving cloud performance, gives businesses a greater flexibility and e |
| 2 | hyelland | 29/10/2024 12:08 PM | hyelland | 29/10/2024 12:08 PM | Juniper Networks | Artificial Intelligence Multi-Cloud Connectivity | Juniper Networks uses Artificial Intelligence to drive its multi-cloud connectivity through ‘Session Smart Routing’. |
| 3 | hyelland | 29/10/2024 12:08 PM | hyelland | 29/10/2024 12:08 PM | Cato Networks | High Performance Multi-Cloud Connectivity | Cato Networks provides integrated security with high-performance connectivity to multi-cloud environments through its own global private backbone and datacenter integrations. |
| 4 | hyelland | 29/10/2024 12:08 PM | hyelland | 29/10/2024 12:08 PM | Huawei | Reliable Multi-Cloud Connectivity | Huawei offer comprehensive multi-cloud connectivity, using intelligent traffic steering and multi-path duplication to ensure the most reliable connections to the cloud. |
| 5 | hyelland | 29/10/2024 12:08 PM | hyelland | 29/10/2024 12:08 PM | Fortinet | Secure Multi-Cloud Connectivity | Fortinet ensures the security of connections, supporting both hybrid and multi-cloud environments. |
| Vendor | Features | Description |
Advanced Security Features
By leveraging multiple cloud services, organisations need to secure every connection point, which can cause complexity. To reduce the complexity of setting up lots of security appliances, SD-WAN provides advanced security features pre-packaged. These can often include features such as next-generation firewalls (NGFW) and intrusion prevention systems (IPS). These security features are just some of many that ensure the protection of the network, ensuring that no breach of the system occurs. Other advanced security features include the use of Artificial Intelligence (AI) and Machine Learning (ML) for anomaly detection. These indicate potential threats to the network and, by allowing for proactive mitigation, SD-WAN enables administrators to rapidly respond to network threats.
It should be noted that different SD-WAN vendors offer different advanced security features.
Fortinet offers advanced security features such as:
- Next-Generation Firewall (NGFW)
- AI-powered Secure Web Gateway
- Zero-Trust Network Access (ZTNA)
- Cloud Access Security Broker (CASB)
- Firewall-as-a-Service (FaaS)
Whereas Cisco Umbrella offers:
- Secure Web Gateway
- Cloud Access Security Broker (CASB)
- DNS-layer security features
Whilst each offer Secure Web Gateway and CASB, Fortinet offers features such as Zero Trust Network Access and Cisco offers DNS-layer security.
Zero Trust Network Access (ZTNA) within SASE
Depending on the requirements of the system, IT decision makers should consider the features offered by different SD-WAN vendors in order to determine the offering most suitable for their system.
SD-WAN Vendor Security Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Features | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:12 PM | hyelland | 29/10/2024 12:12 PM | VMware | Integrated SASE | VMware offers integrated SASE within their SD-WAN solutions. This forms a secure virtual network, providing greater flexibility and the option to use multi-site cloud. |
| 2 | hyelland | 29/10/2024 12:12 PM | hyelland | 29/10/2024 12:12 PM | Netskope | Integrated SASE | Netskope offers integrated SASE via the form of intelligent traffic management and security management all within a single platform. |
| 3 | hyelland | 29/10/2024 12:12 PM | hyelland | 29/10/2024 12:12 PM | Cato Networks | Cloud-Native and Integrated Security | Cato Networks merge the management of the network with its security features (such as Intrusion Prevention Systems, Anti-Malware) which makes Cato a good system for distributed networks. |
| 4 | hyelland | 29/10/2024 12:12 PM | hyelland | 29/10/2024 12:12 PM | Open Systems | Integrated Security and SASE | Open Systems offers SASE alongside advanced security features such as Network Detection & Response and Cloud Access Security Broker. |
| 5 | hyelland | 29/10/2024 12:12 PM | hyelland | 29/10/2024 12:12 PM | Palo Alto Networks | SASE-enabled | Palo Alto Networks SD-WAN can integrate with SASE, allowing for optimisation of the network, and the ability to manage the network security. This makes Palo Alto Networks SD-WAN best for enterprise solutions. |
| 6 | hyelland | 29/10/2024 12:12 PM | hyelland | 29/10/2024 12:12 PM | Aruba Networks | integrated SASE | Aruba Networks embed SASE into their SD-WAN, providing in-built Next-Generation-Firewall and Zero Trust principles which are best for protecting branch networks. |
| Vendor | Features | Description |
Automated Path Selection
Unlike traditional WAN, SD-WAN offers automated path selection for network traffic. In traditional WAN systems, MPLS is used to define static routing paths. These are configured manually and therefore it can be difficult to change routing protocols, which can be problematic during peak-use as this can cause latency.
SD-WAN, however, uses dynamically selected routing. By analysing real-time data, historical data and the currently available network links, SD-WAN is able to automatically route traffic over the optimal path, whilst also prioritising crucial data flows, reducing network latency. This provides a much better user experience than traditional WAN system as it increases the reliability of the network.
How vendors like VMware and Silver Peak Systems implement automated path selection to enhance application performance.
Both VMware and Silver Peak Systems implement automated path selection to enhance application performance. Silver Peak’s SD-WAN uses ‘Host-Base redirection’ routes all devices to a local Silver Peak appliances and the appliances then performs dynamic path selection in order to determine the next hop. With VMware SD-WAN, edges can identify and prioritise different application types to use the optimal path based on real-time traffic data.
SD-WAN Vendor Path Selection Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Features | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:09 PM | hyelland | 29/10/2024 12:09 PM | VMware | Dynamic Path Selection with Cloud | VMware offers dynamic path selection with the Cloud. This is best for networks with changing network conditions. |
| 2 | hyelland | 29/10/2024 12:09 PM | hyelland | 29/10/2024 12:09 PM | Cisco Meraki | Dynamic Path Selection for High Performance | Cisco Meraki offers advanced path selection for ensuring high performance of the network. This means that critical applications are prioritised and maximises uptime. |
| 3 | hyelland | 29/10/2024 12:09 PM | hyelland | 29/10/2024 12:09 PM | Fortinet | Granular Application Steering and Prioritisation | Fortinet offers granular-level application steering, with detailed prioritisation. This is best for networks required greater control over application traffic. |
| 4 | hyelland | 29/10/2024 12:09 PM | hyelland | 29/10/2024 12:09 PM | Versa Networks | Dynamic Path Selection for Avoiding Latency & Jitter | Versa Networks uses real-time data in order to dynamically select paths to avoid latency and jitter. This aids the reliability of the system. |
| 5 | hyelland | 29/10/2024 12:09 PM | hyelland | 29/10/2024 12:09 PM | Juniper Networks | Dynamic Path Selection using Artificial Intelligence | Juniper Networks uses Artificial Intelligence to provide dynamic path selection using real-time data. This is best for cloud-centric businesses. |
| Vendor | Features | Description |
Zero-Touch Provisioning
For many businesses, scalability is an important factor. Zero-Touch Provisioning (ZTP) can be used for rapid expansion of network architecture. Via Zero Touch Provisioning, SD-WAN enables a simplified deployment model. SD-WAN is able to be deployed, controlled and configured remotely to provide the best configurations at any given moment, based on real-time network traffic.
Aruba provides Zero-Touch provisioning via the form of plug and play deployment of branch controllers. With Aruba branch controllers, administrators can activate them via a cloud service for provisioning and the controller authorises with the cloud in order to activate.
The steps of Zero Touch Provisioning (ZTP)
Juniper Networks have enabled Zero-Touch provisioning on their switches and routers. These enable remote deployment by downloading and installing the required software and configuration files from the network.
SD-WAN Vendors Zero Touch Provisioning Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:15 PM | hyelland | 29/10/2024 12:15 PM | Palo Alto Networks | Firewall onboarding | Palo Alto Networks SD-WAN can simplify the process of deploying firewalls via Zero Touch Provisioning. ZTP automates the onboarding of firewalls, allowing administrators to deploy firewalls to a branch location and configure them remotely. |
| 2 | hyelland | 29/10/2024 12:15 PM | hyelland | 29/10/2024 12:15 PM | Digi | IoT configuration | Digi offers a Remote Manager within the cloud, which can be used to configure Internet of Things (IoT) devices, including the initial provisioning, firmware upgrades and the ability to set unique policies for individual devices. |
| 3 | hyelland | 29/10/2024 12:15 PM | hyelland | 29/10/2024 12:15 PM | Juniper Networks | Provisioning and Reinstallation | Juniper Networks allows for automatic provisioning, updating and reinitialising to previous software images all via ZTP. |
| Vendor | Feature | Description |
Optimised Cloud Access
SD-WAN optimises cloud access by changing the way cloud data is routed. Within traditional WAN architectures, traffic was backhauled via a central data centre before accessing the cloud, however with SD-WAN, this is no longer necessary as SD-WAN can provide a direct connection to different public cloud services. This dedicated path means that direct connections between the network and cloud have higher bandwidth, with the network experiencing higher speeds and less latency.
Traditional WAN vs SD-WAN
Aryaka optimises cloud access by providing its own global private network. This network has its own Points-of-Presence (PoPs) scattered across the globe, which reduces geographical distance and therefore increases the cloud access speeds. Aryaka also supports hybrid WAN systems, allowing the use of the Aryaka global network as a backbone whilst allowing access locally from site-to-site. Aryaka primarily uses AWS and Azure for these cloud services, selecting the best provider based on real-time data to reduce latency and jitter.
Prisma, however, relies on the internet and an advanced software WAN. This means that Prisma analyses Layer 7 metrics such as server response time, application response time and application transaction failures in order to determine the best routing. This allows for optimal performance of cloud-based applications, enhancing the user experience with these critical applications.
SD-WAN Vendor Cloud Connectivity Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:06 PM | hyelland | 29/10/2024 12:06 PM | VMware | Efficient Cloud Access | VMware offers efficient cloud access. VMware’s distributed network of service gateways allows for efficient access to the Cloud and greater flexibility, as this reduces the complexity for multi-cloud utilisation. |
| 2 | hyelland | 29/10/2024 12:06 PM | hyelland | 29/10/2024 12:06 PM | Fortinet | Safe Cloud Access | Fortinet offers links tailored for cloud applications, integrated with advanced security to enable safe access to the cloud. |
| 3 | hyelland | 29/10/2024 12:06 PM | hyelland | 29/10/2024 12:06 PM | Palo Alto Networks | Prioritised Cloud Access | Palo Alto Networks uses prioritised cloud access to ensure that critical applications always have access, with added security to securely connect branch networks to the cloud. |
| 4 | hyelland | 29/10/2024 12:06 PM | hyelland | 29/10/2024 12:06 PM | Cato Networks | Native Cloud Access | Cato Networks provides a Cloud-Native SD-WAN solution. This optimises cloud access, as it ensures that quality metrics (jitter, latency, packet loss) are met and is the best solution for distributed networks. |
| Vendor | Feature | Description |
Traffic Shaping and Prioritisation
SD-WAN provides traffic shaping and prioritisation in order to optimise the network performance. To perform traffic shaping, SD-WAN allows network administrators to define bandwidth limits (minimum and maximum), priority levels of different traffic classes and set prioritised traffic paths from within the network policies. This ensures that critical applications always get the required bandwidth and latency is minimised.
Citrix offers Quality of Service (QoS) functionality within its traffic management system. This identifies specific applications that may be crucial to businesses (such as VoIP) and ensures the ability to automatically and seamlessly switch to a reliable backup system should the primary path drop out or latency increase.
Cisco Meraki introduces 3 levels of traffic prioritisation and the ability to limit bandwidth usage across a traffic group. This means that administrators can force the distribution of bandwidth to specific applications and prevent less-crucial applications from using excessive bandwidth, producing latency across the network.
SD-WAN Vendor Traffic Shaping Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:13 PM | hyelland | 29/10/2024 12:13 PM | Fortinet | Granular traffic prioritisation | Fortinet allows up to 30 traffic groups to be configured, with custom priority levels in order to give greater control over traffic. Administrators can set guaranteed and maximum bandwidth limits. Fortinet uses static queues (which can be inefficient duri |
| 2 | hyelland | 29/10/2024 12:13 PM | hyelland | 29/10/2024 12:13 PM | Cisco Meraki | Some traffic prioritisation with QoS support | Cisco Meraki offers 3 levels of prioritisation, giving some level of control over network traffic. There is the ability to limit bandwidth usage but no function to guarantee bandwidth to a set traffic group. Cisco Meraki uses dynamic queues for different |
| 3 | hyelland | 29/10/2024 12:13 PM | hyelland | 29/10/2024 12:13 PM | InfoVista | QoS built-in | InfoVista offers dynamic classification and optimises application performance therefore has no ability to manage bandwidth. However, InfoVista offers dynamic application-aware queues, which provides an application overlay SLA for Quality of Service. |
| Vendor | Feature | Description |
AI and Machine Learning Integrations
AI Integrations in SD-WAN
As Artificial Intelligence and Machine Learning integrations within SD-WAN become more prevalent, it is important to understand the different use cases for each across different SD-WAN vendors.
Artificial Intelligence (AI) and Machine Learning (ML) have been integrated to produce tools that assist with the predictive maintenance and anomaly detection of SD-WAN networks. These technologies monitor network traffic, finding patterns within said traffic. These are then able to match these patterns up against expected behaviours (from users) or potential threats to the network and thus enables a proactive approach to dealing with these potential threats.
Additionally, AI and ML are being used to automate networks through the process of managing traffic routing and security policy updates. This reduces the workload on network administrators and simplifies the management of the network.
VMware have developed VersaAI as part of their unified SASE platform. VersaAI is capable of detecting malicious behaviour in real-time, enhance network performance through traffic routing and secure operations. VersaAI can be considered a reliable AI tool due to VMware training VersaAI on their large customer-base’s analytic data in order to refine advanced functionality.
Juniper Networks use AI to optimise the network performance. Through analytics (and via Juniper Apstra), Juniper’s AI can perform predictive maintenance and anomaly detection to ensure the security of the network.
SD-WAN Vendor AI Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:05 PM | hyelland | 29/10/2024 12:05 PM | Cisco | Pinpoints Network Issues | Uses machine learning to forecast equipment failure. Utilises Artificial Intelligence to optimise routing. AI monitors network traffic for potential threats. Uses machine learning to analyse and pinpoint source of network issues. |
| 2 | hyelland | 29/10/2024 12:05 PM | hyelland | 29/10/2024 12:05 PM | Palo Alto Networks | Troubleshooting Recommendations | Utilises Artificial Intelligence to optimise routing. AI monitors network traffic for potential threats. AI automates troubleshooting, providing intelligent recommendations to resolve issues. |
| 3 | hyelland | 29/10/2024 12:05 PM | hyelland | 29/10/2024 12:05 PM | VMware | Automated Troubleshooting | Utilises Artificial Intelligence to optimise routing. AI monitors network traffic for potential threats. AI automates troubleshooting, with the ability to try to rectify issues without human intervention. |
| Vendor | Feature | Description |
Bandwidth Aggregation
SD-WAN improves the network performance by dynamically routing traffic via the best path based on real-time traffic analysis. This is further extended by the ability of SD-WAN to leverage multiple ISPs (broadband, 4G, 5G, LTE, internet leased lines and satellite services) and combine them to provide greater bandwidth for the network – Bandwidth Aggregation. This decreases the latency of the network and ensures reliability to crucial applications across the network.
SD-WAN Underlay Connectivity Types
Peplink has the ability to combine DSL, LTE and satellite, to provide a greater bandwidth and failover for the network. Peplink also has the capability to aggregate up to 4 LTE links. Whereas, Riverbed has the ability to aggregate multiple WAN links including broadband, 4G, 5G, LTE and MPLS to provide increased bandwidth and redundancy.
SD-WAN Vendor Link Aggregation Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:07 PM | hyelland | 29/10/2024 12:07 PM | Cisco | WAN aggregation | Ability to aggregate multiple WAN links |
| 2 | hyelland | 29/10/2024 12:07 PM | hyelland | 29/10/2024 12:07 PM | Fortinet | Tunnel WAN aggregation | Offers tunnel bandwidth WAN aggregation, with per-packet load balancing to ensure bandwidth availability for all applications. |
| 3 | hyelland | 29/10/2024 12:07 PM | hyelland | 29/10/2024 12:07 PM | Peplink | LTE aggregation | Ability to aggregate up to 4 LTE links. |
| Vendor | Feature | Description |
Real-Time Analytics and Reporting
SD-WAN Reporting Capabilities
SD-WAN provides the ability for administrators to review analytics and reports in real-time. This includes the ability to view current traffic against historical traffic across different links, whilst also being able to generate on-demand reports for later review. This is important as it allows network administrators to determine where there may be potential weaknesses or issues within the network.
Cato Networks offer a “single pane of glass” in order to manage the network and its security. Within this pane, administrators can manage analytics, policy configuration, incident review and troubleshooting all within real-time.
VeloCloud provides real time analytics on user traffic, such as the top bandwidth consuming applications, individual user flows and the routing of the flow so that traffic can be viewed at the next hop. VeloCloud also enables administrators to output this data into a CSV format, allowing for further analysis.
SD-WAN Vendor Reporting Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:10 PM | hyelland | 29/10/2024 12:10 PM | Cisco | On-demand reports | Provides real-time visibility to performance, bandwidth-usage, site availability, on-demand reporting and the ability to generate reports in Excel format. |
| 2 | hyelland | 29/10/2024 12:10 PM | hyelland | 29/10/2024 12:10 PM | Lumen | Custom reports | Provides analytics dashboards for traffic monitoring, mean-opinion-scores (MOS) and the ability to produce custom reports in PDF, XLS and JSON format. |
| 3 | hyelland | 29/10/2024 12:10 PM | hyelland | 29/10/2024 12:10 PM | Palo Alto Networks | Firewall monitoring | Generates reports for application or links with potential degradation issues and for firewall activity. |
| Vendor | Feature | Description |
Scalability and Flexibility
As SD-WAN aligns with the SASE framework it enables IT decision makers to incorporate a more holistic, cloud-centric approach to network security by applying the same policies regardless of device or location. When integrated as a component of SASE, SD-WAN provides the scalable and flexible network architecture for delivery of cloud-based services. This is especially true within Internet of Things (IoT) environments, where large numbers of devices require streamlined policy enforcement.
The benefits of using SD-WAN for Internet of Things (IoT)
As SD-WAN can function entirely within the cloud (cloud-native), the security services that SD-WAN contributes within the SASE model simplifies an organisation’s network and security architecture, enhances it’s security posture, scalability, and agility.
SD-WAN solutions such as Viptela scale by introducing more vEdge (software or hardware router responsible for the data plane within SD-WAN). This means that scaling is very quick and easy, making the process more flexible for businesses. Viptela vEdges also have the ability to integrate with the rest of Cisco products, making the onboarding process for each vEdge less complex.
SD-WAN Vendor Scalability Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Feature | Description |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 29/10/2024 12:11 PM | hyelland | 29/10/2024 12:11 PM | Palo Alto Networks | Supports thousands of distributed locations | Prisma can scale to support thousands of distributed locations, offering a variety of hardware to accommodate different branch sizes. |
| 2 | hyelland | 29/10/2024 12:11 PM | hyelland | 29/10/2024 12:11 PM | VMware | Overlays existing network infrastructure. | VMware can act as an overlay to existing network infrastructure, enabling rapid scaling of SD-WAN without impacting infrastructure. Also supports ZTP. |
| 3 | hyelland | 29/10/2024 12:11 PM | hyelland | 29/10/2024 12:11 PM | Cisco | Multi-region SD-WAN fabric | Offers multi-region SD-WAN fabric and support for advanced routing protocols. |
| Vendor | Feature | Description |
Conclusion
When evaluating SD-WAN solutions, it’s important to consider the key differences in offerings provided by vendors. Whilst all SD-WAN vendors aim to improve upon traditional WAN systems, the importance placed on features such as performance, security, manageability and deployment models varies from solution to solution.
By carefully evaluating network requirements, IT decision makers can consider the right SD-WAN vendor offering for their requirements to not only improve their network for the short term but also improving the network infrastructure for the future.
