Using the internet to facilitate communication between LANs does not create a WAN. In a WAN, all of the links are private, even though they are laid over long distances.

Here is our list of the eleven best SD-WAN vendors:

  • VMWare SASE SD-WAN EDITOR’S CHOICE An SD-WAN option offered by VMWare in its SASE platform, you can also choose to have the full SASE service with a cloud-based firewall built-in. Combining this with the popular VMWare server hypervisors you can virtualize your entire infrastructure. This is a SaaS platform with on-site appliances.
  • Citrix SD-WAN Provided by a major virtualization systems producer, this service is more than just a SASE with the firewall turned off. Use it to improve traffic flows for interactive applications. Offered as a SaaS platform or as a service on AWS, GCP, and Azure.
  • FortiGate Secure SD-WAN This is a SASE by another name and is provided by a major firewall producer. Offered as a physical appliance, a virtual appliance or as a SaaS package.
  • Aruba EdgeConnect This SD-WAN system is provided by a division of Hewlett Packard. It can integrate with other products, including firewalls to create a SASE. Offered as a physical appliance or a ritual appliance.
  • Aryaka Networks This is a managed service so your newly integrated WAN will be run by a team of technicians that remove the need for you to employ your own network admin staff.
  • Lumen SD-WAN This was formerly CenturyLink SD-WAN and it is a managed network service available for a major US internet service provider. A co-managed option is available.
  • Versa Secure SD-WAN This SD-WAN system can be upgraded to a SASE by including an optional firewall system. Each site needs a physical appliance installed on it in order to participate. The system has a multi-tenancy architecture to suit MSPs.
  • Cato SASE Cloud A secure SD-WAN service from the owner of a high-speed backbone owner that can channel your traffic down its own infrastructure. Requires a proprietary gateway on each site.
  • Cisco Meraki SD-WAN An SD-WAN service implemented through Meraki gateway appliances and coordinated through a Cloud hub.
  • Oracle SD-WAN A Cloud-based hub that requires a physical or a virtual appliance operating on each included LAN. Firewall services can be added on.
  • Palo Alto Prisma Available as an SD-WAN or a higher SASE, which is called Prisma Access. This is a cloud service with local agents on each included which can be loaded onto an appliance.

Why use an SD-WAN?

Buying all of the cable to link two sites together and getting permission to lay that cable over public and private land is very expensive and complicated. One solution is to lease a line from a telecommunications company. However, this strategy is also costly.

This is known as an “overlay network” and it counts as a private line, even though the physical medium is not owned by the business operating the network. This is how SD-WAN got its name, it converts internet-connected LANs into a WAN through software methods.

SD-WANs require a device to connect to the internet. The system can be created by channeling all internet-bound traffic through a server that runs the WAN-creating software and then on to the network’s gateway. This is called a virtual solution. The other option is to buy a special appliance that is a gateway with the SD-WAN software embedded in it.

SD-WANs and UCaaS

Thanks to the cloud, businesses don’t need to buy and manage the software to create an SD-WAN solution, nor the hardware required to run communications software or a special appliance. A Cloud-based SD-WAN system is officially called “Unified Communications as a Service,” or UCaaS.

UCaaS is an edge service that takes care of all routing for your business. All traffic from all of your sites is channeled to the UCaaS server, which acts as a hub. The SD-WAN software on the cloud server routes company traffic through to the appropriate site and sends regular internet traffic destined to other organizations through a gateway.

The connections between sites are all secured with encryption. The IP packets that travel between sites and the cloud-based hub are hidden with encapsulation. This carries the original network packet inside an outer packet. All of the original packet, including its header is encrypted.

Network administrators get access to a console on the UCaaS server and can get traffic statistics from it, even watching live feedback on traffic flows.

More about SD-WAN Technology

The SD-WAN software, whether hosted on a computer, embedded in an appliance or based on the cloud provider’s server, enables the address space of all participating LANs to be unified. This is what makes the WAN.

The internet is a separate address space and its inclusion in the system breaks the requirements for the definition of a private WAN. However, the encapsulation procedures of the SD-WAN bridge that address-related problem, enabling the network software to ignore the underlying internet’s addressing requirements.

You can read more about the methodology in creating a software-defined WAN in the article “What is SD-WAN?”

The best SD-WAN vendors

Thanks to UCaaS, you have cloud services to consider when looking for an SD-WAN solution as well as on-site solutions in the form of appliances or software. We have put together a shortlist of the best SD-WAN vendors, which includes all of these options.

You can read more about these solutions in the following sections.

Our methodology for selecting an SD-WAN solution 

We reviewed the best SD-WAN vendors and analyzed their tools based on the following criteria:

  • A cloud-based system
  • A browser-based console for management tasks
  • Automated address pool segmentation per site
  • Secure connections over the internet managed by VPNs
  • A system that allows underlying connection to change without needing to remap network addresses
  • A free trial or a demo system for a cost-free assessment opportunity
  • A faultless service that is easy to implement and is delivered at a fair price

With these selection criteria in mind, we examined the SD-WAN products of the leading network virtualization vendors in the business and came up with a collection of services that we are happy to recommend.

1. VMWare SASE SD-WAN EDITOR’S CHOICE

VMWare is the world’s largest server virtualization provider. The software-defined WAN is a very similar concept to virtualization because both remap physical resources through the way the software presents them to the human user. So, it makes sense for VMWare to get into this field.

Key Features

  • Cloud based
  • Upgrade to SASE available
  • Requires an appliance on each site
  • Can combine multiple sites with cloud platforms
  • Allows a choice of underlying transport technology

The VMWare SD-WAN system is available in a UCaaS format, as an appliance, or a combination of the two. The cloud service can overlay a WAN on internet connections and the appliance has multiprotocol label switching (MPLS) capabilities as well. The system is able to link together physical sites and also bring cloud resources into the WAN.

As a very successful virtualization provider, WMWare has the resources and the know-how to make its SD-WAN products robust, reliable, and efficient. The opportunity of integrating all network infrastructure through VMWare products, which include cloud resources, is a very tempting proposition. These qualities make VeloCloud our top pick for SD-WANs.

Pros:

  • Built by VMWare, a widely trusted enterprise virtualization company
  • Uses multiprotocol label switching to increase speeds and avoid resource-intensive lookups
  • Integrates well into the VMWare ecosystem
  • Clean user-friendly interface

Cons:

  • May have issues integrating with other platforms

2. Citrix SD-WAN

EDITOR’S CHOICE

VMWare SASE SD-WAN is our top pick for an SD-WAN solution because VMWare is the leading producer of hypervisors in the world and they know what they are doing with network virtualization thanks to their vast experience of implementing local virtual switches as part of their VM infrastructure. Extending the capabilities of VMWare across your entire WAN management system makes sense, particularly if you use VMWare products already on your servers or on cloud platforms. Choose to add on firewall services to get the full SASE package.

Download: Access FREE Evaluation

Official Site: https://sase.vmware.com/get-started

OS: Cloud-based or physical appliance

Citrix is the second-largest provider of virtualization software in the world. The commercial and technical logic of fitting SD-WANs into the product list of a VM producer is just as compelling with Citrix as it is for VMWare. (The Citrix line of cloud and networking services was named NetScaler until recently.)

  • Option of SaaS or a service on another cloud platform
  • Manages traffic flows
  • Traffic shaping for VoIP
  • Designed for MSPs

The service is delivered from the cloud platform and it manages all traffic from all of the client’s business sites and cloud resources. It can implement QoS prioritization by identifying the applications of passing traffic and accelerating time-critical interactive applications, such as VoIP.

Other benefits of the Citrix service include failover procedures that reroutes traffic automatically if a network fault is identified.

Citrix SD-WAN is also available as an appliance and as a cloud-resident virtual appliance for your own team to manage in-house. The system is also available as a multi-tenanted product aimed at managed service providers.

  • Powered by Citrix, one of the largest virtualization companies in the world

  • Supports QoS functionality for more granular control over traffic

  • Supports failover systems for multiple external connections, allowing for improved uptimes

  • Built for MSPs – allowing businesses to easily resell this service

  • Configuration menus could be made easier to use

3. FortiGate Secure SD-WAN

Fortinet made its name through the excellence of its network security software. It builds security features into its FortiGate Secure SD-WAN. This product is an adaptation of the company’s top-selling firewall appliance, FortiGate.

  • A SaaS or a virtual or physical appliance
  • Optionally run on AWS or Azure
  • Application-level traffic prioritization

The FortiGate Secure SD-WAN is available as an appliance, a cloud service, or as a virtual machine. This is the Fortinet firewall with added SD-WAN capabilities. The WAN management tools in this package can create WANs across the internet. Features include WAN optimization and application prioritization.

Fortinet produces a long list of FortiGate appliance models with the main difference between them being the data throughput capacity that each can handle. The software version can run on AWS and Azure servers either as a SaaS package or on a “bring your own license” basis.

A companion product provides WAN management and monitoring functions. This is called FortiManager and it is also available as an appliance, as a virtual machine, and as cloud-based services resident on AWS and Azure servers.

  • Brand has extensive knowledge in networking and security software, giving it more experience than some competitors

  • Integrates nicely with FortiGate firewalls are other brand hardware

  • Supports multi-cloud support for either AWS or Azure, making it a flexible cloud-based option

  • WAN management features are only available through the companion tool called FortiManager

4. Aruba EdgeConnect

Aruba EdgeConnect is part of a suite of network support hardware that creates, improves, and monitors SD-WANs. The system is available as an appliance or as a virtual machine.

  • Virtual or physical appliance
  • Firewall
  • WAN optimizer

This system is an edge service and it can conduct more tasks than just creating an SD-WAN. Other features of this appliance include a firewall and a WAN optimizer. It is able to create several WAN overlays, creating separate streams for important, time-critical traffic, such as VoIP and interactive video applications.

As well as traffic shaping measures, the Aruba EdgeConnect monitors for connection stability and quality. Multiple simultaneous connections also provide redundancy to protect against link failure over the internet. The system compensates for jitter and out-of-sequence packets by correcting transmission errors and irregularities.

The system comes with an attractive console, which shows live traffic statistics, both as data and as visualizations.

5. Aryaka Networks

  • Has one of the best interfaces among SD-WAN tools

  • Can runs as appliance or virtual machine, giving users more flexibility during installation

  • Features traffic shaping tools as well as detailed reports of traffic flow

  • Can correct jitter over different interfaces, great for struggling VOIP connections

  • Lacks some advanced security features around the UTM

Aryaka is a managed service provider of network services, including an SD-WAN system. As this is a remote-based system, you don’t need to install any network management software on your site or buy appliances. Your sites connect to the Aryaka server via VPNs and then all switching between sites or to the internet is taken care of there.

  • A managed service
  • Technicians included
  • Traffic shaping

You don’t need to keep on-site technicians to manage your WAN because the services of the Aryaka Network operators are included in the subscription price of the SD-WAN.

Aryaka excludes MPLS options and channels all traffic through its servers over the internet. As network data passes through the Aryaka servers, they apply traffic shaping measures including application prioritization and QoS procedures.

Although all of the network management is included in the price, Aryaka Networks customers get access to a system console that gives them live views on traffic flows and analytical tools.

  • Provides SD-WAN as a service, no complicated setup or installations

  • Done-for-you product helps reduce complexity

  • Web-based dashboard allows customers to view traffic stats from anywhere

  • You pay more to have SD-WAN as a service

  • You give up some granular control over the SD-WAN deployment

6. Lumen SD-WAN

Lumen offers a fully managed or co-managed SD-WAN service. Until recently, Lumen was known as CenturyLink and it is one of the largest ISPs in the United States. The SD-WAN is part of the company’s business services division that works on top of its Internet infrastructure.

  • Fully managed or co-managed options
  • LAN management included
  • Application-based traffic prioritization

What that means is that the service includes technicians to set up the WAN and monitor the dashboard of the system while the WAN is in operation. That managed service means that the subscriber not only doesn’t need to install software or run suitable hardware but doesn’t even need onsite technicians.

The managed SD-WAN service is certainly a good option for small businesses. Larger businesses can also benefit if their IT strategy is working towards doing away with an internal network altogether and relying on cloud services. In this plan, the SD-WAN system will end up substituting for the internal network as well as the connections between sites.

Whether you take the managed service option or not, the Lumen SD-WAN system will create priorities for speed-sensitive applications and will monitor all connections to look out for failure, which the Lumen service can workaround. Lumen is also able to offer add-on security measures to the SD-WAN service.

If you want to manage the SD-WAN system yourself and pass on the managed service option, the Lumen package has a useful dashboard, which is accessed through any browser. The dashboard shows live traffic flows and also has analytical tools that work on historical data to let you plan your future capacity needs.

  • Offers full managed and co-managed options, give you more control than a typical MSP deployment

  • Does not require on-site technicians or hardware investments

  • Supports QoS, ideal for missions critical applications and stringent SLAs

  • Better option for smaller businesses

  • Additional security comes as an add-on, and not standard

7. Versa Secure SD-WAN

Versa Secure SD-WAN is part of the Versa SASE service. It can be seen as a lower tier package to the higher SASE plan. Although this system is labeled secure, it doesn’t include FWaaS for traffic to destinations outside the WAN, which is included in the SASE edition. As well as being a good tool for IT Operations departments, this package is good for MSPs because it has a multi-tenancy architecture built into it.

  • Multi-tenant architecture for MSPs
  • Needs an appliance on each site
  • Managed service

Each LAN that is going to be managed by the SD-WAN needs a proprietary physical appliance from Versa Networks. Cloud resources can be included by activating an integration on your account for AWS, GCP, Azure, or cloud-based SaaS systems.

You can set up a range of underlying infrastructure elements to support the overlay network and that can include MPLS, regular internet service, and LTE. Switching carriers later makes no impact on applications because the SD-WAN software instantly connects its permanent surface topology through to whatever physical layer you specify.

You can start with the base SD-WAN service and then add on other features, such as the next-generation firewall to build up a SASE.

  • Provides a static overlay network that will adapt to changes in your carrier contracts

  • Has a multi-tenancy architecture for MSPs

  • Will include wireless and cloud assets in the WAN

  • Requires the purchase of a Versa Networks physical appliance for each site

8. Cato SASE Cloud

Cato Networks operates a high-speed internet backbone service and also runs a range of cloud services for network and communications businesses. Among those network services, the company provides an SD-WAN system.

  • Gives access to a high-speed internet backbone
  • Needs a physical appliance
  • Traffic shaping

The SD-WAN is implemented through an appliance. This is called the Cato Socket and it routes all business traffic over a local connection to the nearest access point of the Cato backbone. The software embedded in the socket applies a range of services, including QoS procedures, traffic shaping, application prioritization, and packet duplication to overcome packet loss.

Not all traffic is sent over the private backbone. Where that line is too distant to be a viable carrier, the Socket chooses MLPS and internet transport options to reach nearby WAN sites.

The Socket coordinates with cloud-based processes run on the Cato servers to provide better routing and traffic management services and also to add a security layer to transmissions.

9. Cisco Meraki SD-WAN

  • Offers a suite of services around SD-WAN, such as high-speed internet backbone, and cloud communication services

  • SD-WAN implementation is made easy through a preconfigured application socket

  • Supports traffic shaping, WOoS, and packet duplication making it a feature-rich option

  • Lacks a done-for-you option, leaving it up to you to interpret logs and act on events

  • Lacks in-depth product training

Cisco’s Meraki division provides cloud services to businesses, including an SD-WAN system. Cisco is a major supplier of network equipment and also supplies many of the routers on the internet.

  • Strong connection security
  • Highly respected brand
  • Masks sporting infrastructure

What users like most about this service is that the console is easy to access from anywhere through a browser and the system is easy to learn.

The interface makes setting policies and implementing them very easy. Each branch link to the cloud SD-WAN manager via a Meraki MX appliance, which has VPN client software loaded onto it in order to ensure transmission security. All of the work of selectively switching traffic between sites or out to the internet is taken care of by the Meraki SD-WAN service.

10. Oracle SD-WAN

  • Can be installed on a Meraki MX appliance

  • Feature-rich platform supports multiple VPN configurations well

  • Connectivity is easy to establish

  • Customized configurations can be difficult to implement

  • Configuration doesn’t scale well with a large number of multiple sites

  • Could use more controls

Oracle stresses its SD-WAN service’s ability to link up the cloud services used by its clients to their LANs. At the same time, the service will connect different sites together. The Oracle’s SD-WAN is cloud-based and communicates with all client sites and resources over the internet, so it doesn’t have any MPLS capabilities.

  • Failover for strong reliability
  • SaaS or virtual or physical appliance
  • Can integrate with other edge services

Oracle paid close attention to failover procedures and stresses its reliability goals. The SD-WAN system can be expanded into a full “edge” service. This includes a cloud-based firewall and traffic optimization measures. Edge services can also be deployed as a virtual machine or as an appliance.

Another SD-WAN related service offered by Oracle is its WAN monitoring system, called SD-WAN Aware. This service is also delivered from the Cloud.

11. Palo Alto Prisma

  • Great network visualizations

  • Connectivity is easy to establish

  • Robust failovers for site redundancy

  • Can operate as an edge service

  • Reporting can be complicated and cookie cutter

  • Setting up custom dashboards and live metrics is overly complicated

Palo Alto Prisma is an edge service that is available in two formats. The Prisma SD-WAN welds LANs together into a unified WAN. There is also a SASE package available, called Prisma Access. The system needs Prisma-active routers to be installed on sites or get the Prisma client software loaded onto your existing gateways.

  • SASE upgrade available
  • Connection privacy
  • Also covers wireless systems

Almost all of the work of implementing the SD-WAN is performed on the Palo Alto cloud server. The seat of the Prisma service is home to a range of edge services, such as load balancing, traffic shaping, and data loss prevention.

The Prisma system can include wireless networks and cloud resources. You can get a test drive of both the Prisma Access and Prisma SD-WAN services.

  • A centralized cloud-resident console

  • Performs SSL offloading

  • Protects inter-site traffic

  • Palo Alto doesn’t publish a price list

Set an SD-WAN strategy

Your starting point on your SD-WAN buyer’s journey is to decide whether you want to host the SD-WAN software, buy a specialized appliance to implement the WAN connections, or opt for a cloud-based SD-WAN service. As you can see from our list, we have looked into all three deployment methods and found solutions for each.

Once your strategy is sorted out, your search becomes a lot easier. Our shortlist of the best SD-WAN vendors should help to speed up that process.