SD-WAN stands for Software Defined Wide Area Networking. It’s a combination of Software Defined Networking (SDN), which was created for use in cloud datacenters, and Wide Area Networking (WAN) which is the network outside of your office (e.g. the Internet, or site-to-site networks like MPLS and Metro Ethernet).

There are multiple categories of offerings that come with an SD-WAN label.

Cloud Managed Routers and Firewalls

To make router and firewall technology look appealing add a cloud-based web management interface and market it as SD-WAN! That’s essentially what you’re getting with this category. You buy a network appliance to connect your ISP circuits into, and instead of logging into an interface on the actual device to configure it, you now log into the vendor’s shiny new cloud-hosted management dashboard.

VPN Services and Devices

Most “real” SD-WAN offerings fall in to this category. They are meant as a lower cost tool to displace MPLS for site-to-site connections. At their core, these devices and services provide site-to-site VPNs, just like standard firewalls or routers.

So the question becomes: what’s the difference between these SD-WAN solutions and standard network edge devices like firewalls? Well, there’s nothing significant at first glance. They boast of cloud-based management (as noted above), plus other existing networking hardware features like application or user based security and routing policies, or WAN-optimization features like compression or TCP optimization.

But there is a major differentiator, and that is awareness of and adaptation to quality issues on the network paths between sites. Traditional firewalls and routers don’t monitor for or adapt to issues like 3% packet loss or 70ms jitter. These performance issues that affect real-time applications can now be identified and resolved through SD-WAN. Buyer beware: how this detection and adaptation works differs greatly by vendor, with varying results.

Internet and Cloud Optimization

Public-cloud and other Internet-based applications are the most difficult to optimize connectivity for, because traditionally there is so little visibility and control to the public cloud. Unlike site-to-site VPNs, which are relatively simple to set up and monitor, connections to cloud services like VoIP and SaaS involve a lot more complexity.

To optimize Internet-based applications like Cloud, you first need visibility. The solution needs to monitor each Internet connection from your office to the core of the Internet, across the exact same paths that all of your data travels.