What Is SD-WAN? Software-Defined WAN

Software-defined wide area network (SD-WAN) is virtualization-enabled connectivity that gives enterprises and branch offices convenient, efficient access to public cloud apps and services.

SD-WAN Key Takeaways

  • SD-WAN uses broadband access and wireless networks, in addition to telco-enabled private networks, to provide access to online collaboration and cloud apps/services to branch offices.

  • With SD-WAN, businesses can more easily manage their private networks, provide and manage common policies across the network, help eliminate data center bottlenecks, and reduce the cost and management required for network infrastructure.

  • The next evolution of SD-WAN, Secure Access Service Edge (SASE), integrates cloud-hosted security technologies to help increase protection from digital threats.

author-image

By

As a software-defined networking (SDN) technology, SD-WAN provides flexible networking services and cloud access to businesses and edge locations. SD-WAN is cost efficient and scalable, offers better user experiences, and is simpler to deploy compared to traditional WAN.

How Does an SD-WAN Work?

SD-WAN is a software-enabled networking capability that works in conjunction with simplified hardware configurations to provide cloud and network access to multiple locations in a wide area network. Although widely adopted by most enterprises, SD-WAN is evolving with enhanced software-defined services and security features. To better understand SD-WAN, it helps to compare the technology to legacy private networks that depend on private circuits and hub-and-spoke models for public cloud access.

The Drawbacks of Private Circuit-Enabled Networks

In legacy private networks, all employees in the hub data center and spoke branch offices would access services and SaaS applications through the centralized data center firewall. This connectivity was made possible with multiprotocol label switching (MPLS), a standard routing protocol provided by telcos at high cost. Businesses relied on MPLS circuits instead of standard internet services because MPLS connections could ensure service level agreements (SLAs) and security requirements.

Figure 1. Legacy MPLS-based private networks struggled with complexity and data center bottlenecks as the number of branch offices increased.

As the number of branch offices in a network increased, so too would the cost and complexity of the network. Because SaaS applications are accessed through the hub data center, the hub became a primary bottleneck to accessing services fast. Enterprises would also need to cover the cost of expensive service calls, known as truck rolls, to branch locations to set up equipment and troubleshoot connectivity issues or hire someone with the required technical knowledge.

SD-WAN Simplifies Connectivity with Virtualization

SD-WAN abstracts private line connectivity like MPLS into a software-controlled overlay network that is supported over physical broadband access and wireless and MPLS networks. WAN functionality, such as switching and routing, is implemented with virtualized network functions (VNFs) that run on simplified infrastructure, typically a single rack server per branch office. SD-WAN provides direct access to public cloud applications and the internet from branch offices while enabling an SD-WAN controller, which can be supported from the hub data center or cloud, to push centrally managed policies and services to the network. Branch offices no longer need to access SaaS services through the hub data center, eliminating the data flow bottleneck.

Figure 2. SD-WAN abstracts private network connectivity into a software layer, giving branch offices direct access to the cloud.

The Components of SD-WAN

SD-WAN consists of three primary components: the appliance or customer premise equipment (CPE), an aggregator, and an SD-WAN controller. CPE is on-premises hardware that includes servers, routers, and firewalls at each branch location. The aggregator is a software-level function that brings together disparate WAN connections into a unified layer that the control element can then manage. The SD-WAN controller is what enterprise IT departments will use to monitor the network, push new policies, and update services across all branch offices.

Benefits of SD-WAN

Legacy MPLS-based private networks were very structured, rigid, and resistant to flexibility or change. SD-WAN offers massive improvements in manageability and cost with networks that can scale efficiently as businesses expand and add new branch office locations. Other key benefits include:

  • Better user experiences: Employees at branch offices no longer need to access SaaS services through the bottleneck of the hub data center. They have direct access to SaaS apps, data, and services in the public cloud.
  • Simple configurations: Legacy MPLS-based private networks can require multiple devices per branch office, each of which require manual provisioning. Because SD-WAN is a VNF, it can run with other network functions on a single white box server and can scale up processing power based on the edge performance needs at each branch location.
  • Flexibility in choice: Businesses used to be dependent on telcos for high-cost, MPLS-based WAN connections in markets with minimal competition and innovation. With SD-WAN, businesses can use broadband access and wireless networks in addition to MPLS circuits and choose from a broad range of hardware/software vendors, OEMs, and solution providers to deploy their own SD-WANs.
  • Redundancy built in: SD-WANs are not dependent on MPLS circuits and can establish virtual private network (VPN) connections over standard broadband access, Wi-Fi, and LTE or 5G. With several options, employees have multiple ways to stay connected to their apps and data in the public cloud.
  • Centralized management: Hub data centers and enterprise IT departments can use control plane software to push new policies and services and set up new connections across all branches on the SD-WAN.

CPE for Locations with Variable Computing Needs

SD-WAN appliances or CPE can scale up in processor performance based on the needs of each branch location. For example, a convenience store or small retail location may only have need for a simple appliance for encrypting data flows into VPN tunnels and connecting to the cloud. This is an example of a thin edge application, and a small-footprint server enabled by an Intel Atom® processor may fulfill these needs handily.

On the other hand, medium and thick edge applications can integrate functions like AI at the edge to analyze video streams or high-performance edge compute or support large-scale deployments for hundreds of employees at hospitals and factories. For these applications, a more robust processor such as the Intel® Xeon® D processor or Intel® Xeon® Scalable processor can offer more cores or use case–specific enhancements such as hardware-enabled AI and crypto acceleration.

The Next Evolution of SD-WAN

One of the challenges with SD-WAN is that giving direct cloud access to branch locations will also increase the total attack surface of the network. Attack surface refers to potential points of entry or vulnerability that hackers can exploit to access sensitive data or to compromise network functions. To help address this problem, Secure Access Service Edge (SASE) is an advanced security architecture that hosts security services in the cloud and integrates with SD-WAN.

SASE can support functions including web gateways with zero-trust network access, remote browser isolation, encryption/decryption, and Firewall as a Service (FWaaS). The primary benefits are that SASE helps enable zero-trust access to cloud-based services and applications, with a consistent user experience, while still enabling centralized management through control plane software.

SD-WAN and SASE Deliver Flexibility and Choice

As applications moved from the data center to the cloud, businesses needed a new way for their branch offices to access services and software. SD-WAN is a huge leap toward more-flexible access, and SASE is the next evolution of SD-WAN. Businesses today have many more choices for online collaboration and cloud access, and Intel can help with resources, guidance, and key hardware solutions.

Related Resources

SD-WAN and SASE are just the beginning. Continue your journey with these Intel-provided network resources.

Secure Access Service Edge (SASE)

SASE embraces SD-WAN deployments with cloud-hosted security capabilities that further empower enterprises to take advantage of cloud apps and services across more-distributed branch offices and workforces.

Learn about SASE

Intel Enables Network Transformation

Optimize your network to meet growing customer expectations, drive fast innovation, and boost revenue potential.

Explore Intel® solutions

SD-WAN-Enabled Revenue Streams

As fewer enterprises rely on MPLS-based connectivity, CoSPs can capitalize on the opportunity of SD-WAN-enabled services.

Get started

Breakdown: Everything as a Service

Explore the differences of Infrastructure, Platform, and Software as a Service solutions made possible by the cloud.

Read the article

Cloud Management Tools and Solutions

Get an overview of various cloud management tools and considerations for enterprises.

Read the article

Build High-Performance Edge Platforms

Intel® Smart Edge includes a portfolio of software to help accelerate deployment of familiar edge solutions.

Get started

Become an Intel® Network Builder

Access webinars, community, and enablement for Intel-based networking solutions.

Explore the community

Show more Show less

Frequently Asked Questions

Software-defined wide area network (SD-WAN) is a networking technology that allows enterprise branch offices to access public cloud services and applications with improved convenience and efficiency, compared to legacy private line connections.

SD-WAN abstracts private line connectivity into a software layer that’s overlaid onto simplified infrastructure, typically a single rack server per branch office. SD-WAN provides direct access to public cloud applications and the internet to branch offices while enabling the hub data center to push centrally managed policies and services to the network.

SASE embraces SD-WAN by bringing a unified security framework and running it end to end on SD-WAN infrastructure. Decision-makers will not choose one or the other; rather they will deploy a fully integrated solution that uses SD-WAN as a foundation for connectivity, with flexible security capabilities enabled by SASE.