What Is SD-WAN?

SD-WAN Explained

A software-defined wide area network (SD-WAN) is a virtualized service that connects and extends enterprise networks over large geographical distances. WANs use links such as multiprotocol label switching (MPLS), wireless, broadband, virtual private networks (VPNs) and the internet to give users in remote offices access to corporate applications, services and resources, allowing them to work regardless of location. SD-WAN monitors the performance of WAN connections and manages traffic in an effort to maintain high speeds and optimize connectivity.

How Does SD-WAN Work?

Traditional WANs rely on physical routers to connect remote or branch users to applications hosted on data centers. Each router has a data plane, which holds the information, and a control plane, which tells the data where to go. Where data flows is typically determined by a network engineer or administrator who writes rules and policies, often manually, for each router on the network – a process that can be time-consuming and prone to errors.

SD-WAN separates the control and management processes from the underlying networking hardware, making them available as software that can be easily configured and deployed. A centralized control pane means network administrators can write new rules and policies, and then configure and deploy them across an entire network at once.

SD-WAN vs MPLS

SD-WAN makes it easier to manage and direct traffic across a network. With traditional networking approaches like MPLS, traffic created in the branch is returned, or “backhauled,” to a centralized internet security point in a headquarters data center. Backhauling traffic can lower application performance, which hinders productivity and the user experience. Because MPLS networks are private networks built for one given organization, they are considered reliable and secure, but they are expensive. Moreover, MPLS is not designed to handle the high volumes of WAN traffic that result from software-as-a-service (SaaS) applications and cloud adoption.

Compared to traditional WANs, SD-WANs can manage multiple types of connections, including MPLS, broadband, LTE and others, as well as support applications hosted in data centers, public and private clouds, and SaaS services. SD-WAN can route application traffic over the best path in real time. In the case of cloud, SD-WAN can forward internet- and cloud-bound traffic directly out to the branch without backhauling.

SD-WAN vs. VPN

VPNs are a great cost-effective solution for organizations that support remote working (i.e., work from home). VPNs secure remote workforces by providing a secure connection to the organization’s network. However, VPNs can’t match up to SD-WAN in cost, performance or reliability. When scaling a large remote workforce, the complexity and latency of a VPN outweighs the cost benefits. SD-WAN offers optimized performance features like quality of service (QoS) and application routing, embracing the cloud in a way that’s impossible with VPN. Whereas VPNs rely on the public internet for speed and bandwidth, SD-WANs offer enterprises the comfort of service-level agreements (SLAs) for performance.

Benefits of SD-WAN

SD-WAN offers many benefits to geographically distributed organizations, including:

• Simplicity: Because each device is centrally managed, with routing based on application policies, WAN managers can create and update security rules in real time as network requirements change. By combining SD-WAN with zero-touch provisioning – which helps automate deployment and configuration processes – organizations can further reduce the complexity, resources and opex required to turn up new sites.

• Improved performance: By allowing efficient access to cloud-based resources without the need to backhaul traffic to centralized locations, organizations can provide a better user experience.

• Reduced costs: Network administrators can supplement or substitute expensive MPLS with broadband connectivity options.

Automation Is the Future

As IT teams continue to struggle with rapid digital adoption and exponentially more data, SD-WAN solutions with integrated artificial intelligence for IT operations (AIOps) have emerged as the key to automating manual tasks. AIOps can help IT teams with anomaly detection, event correlation and root cause analysis, allowing administrators to easily pinpoint issues and speed up response times for problem remediation. SD-WAN solutions with integrated AIOps capabilities will help organizations continuously scale and simplify operations.

Next-Generation SD-WAN

Legacy SD-WAN solutions struggle with the shift to cloud adoption and high-performance bandwidth. There is a growing need for a next-generation SD-WAN solution that delivers essential branch services – such as networking, security and more – from the cloud.

A next-gen SD-WAN solution should be:

• App-defined
• Autonomous
• Cloud-delivered

SD-WAN and Branch

A next-generation SD-WAN solution enables all branch services, including networking, security and voice services, to be delivered from the cloud. A secure SD-WAN connection gives organizations peace of mind that branch locations are protected from threats, provides optimal performance for end users, and can deliver an ROI of up to 243%.

Learn more in our related article, “What Is Next-Generation SD-WAN?”

Further Reading

• Article: Why Machine Learning (ML) and Artificial Intelligence (AI) Are Key Technologies for SD-WAN
• White paper: Behind the Need for Next-Generation SD-WANs
• Study: Forrester Total Economic Impact™ Spotlight on Palo Alto Networks SD-WAN
• E-book: The 10 Tenets of an Effective SASE Solution
• Resource page: Palo Alto Networks Prisma SD-WAN
• Use case page: Branch & SD-WAN