SD-WAN for Enterprises
VMware Special Edition
Enterprise wide-area network (WAN)
technologies have changed little, if at all,
in the last couple of decades. Traditional
WANs utilize rigid architectures, which
are optimized around private data center
applications. These architectures are
unable to seamlessly integrate cloud
computing, Software as a Service (SaaS),
virtualization, and other technological
advances. Branch offices with only private-
circuit connections rely on backhauling of
all cloud applications, SaaS, and Internet
traffic through the enterprise data center,
adding latency, degrading application
performance, and driving up network
bandwidth costs.
A software-defined wide area network
(SD-WAN) extends the benefits of the
software-defined networking (SDN)
architecture beyond the data center to
the enterprise WAN. SD-WAN abstracts
network hardware into a control plane
and multiple data planes that can be used
with cloud-based management and
automation to virtualize enterprise WAN
connections and simplify the delivery of
services between remote and branch
offices to data centers and the cloud.
Enterprise WAN Challenges:
Expensive, Complex, and
Inefficient
Traditional enterprise WAN architectures
are complex, inefficient, and expensive.
These WANs are typically built with private
multiprotocol label switching (MPLS)
connections that are highly reliable
but expensive. These connections are
often supplemented with unreliable,
but inexpensive Internet connections,
such as broadband or Long-Term
Evolution (LTE). Legacy WAN operations,
such as bringing up a branch office,
are slow and labor-intensive. Network
devices, such as routers and switches,
must be purchased, installed, provi-
sioned, and configured by skilled on-site
network engineers and WAN access lines
must be connected. Additionally, branch
traffic is often backhauled to a private
data center or headend, which introduces
inefficiency, complexity, cost, latency,
and application performance issues.
Research by VMware found
that packet loss in traditional
enterprise WANs varied up to
12.5 percent over 24 hours. The
performance impact of packet loss is
high: During a file transfer with 0.5
percent packet loss, Transmission
Control Protocol (TCP) throughput
drops from 10 megabits per second
(Mbps) to 1 Mbps. For real-time traffic,
the mean opinion score (MOS) drops
from 4.5 to 2.5. (MOS scores range
from 1 [unacceptable] to 5 [excellent].)
The Essential SD-WAN for
the Enterprise
An ideal SD-WAN platform should include
three components that provide enterprises
with an optimized platform to deliver
high-performance, reliable branch access
to cloud services, private data centers,
and SaaS-based enterprise applications.
The recommended components of an
SD-WAN solution include the following:
•O
 rchestration: A cloud-delivered,
multitenant portal providing
centralized management, configura-
tion, monitoring, and troubleshooting.
The orchestrator provides the ability
to deliver business-driven policy
abstraction, enabling rapid deploy-
ments and zero-touch operations.
Additionally, it exposes a rich set of
application programming interfaces
(APIs) that provide management,
troubleshooting, and operations
support system/business support
system (OSS/BSS) integration.
• SD-WAN gateways: Deployed by the
SD-WAN provider and its partners at
top-tier network points of presence
(PoPs) and cloud data centers around
the world, SD-WAN gateways provide a
scalable and distributed infrastructure
with the advantages of cloud-delivered,
multitenant network as a service
(NaaS) flexibility. They also provide
the ideal architecture for optimized
access to cloud applications and data
centers, as well as access to private
network backbones and traditional
enterprise sites.
SD-WAN gateways play two indepen-
dent roles (referred to as planes), each
providing separation of services: the
control plane and the data plane. The
control plane provides a number of
important functions, including discovery
of link bandwidth and IP addresses,
and route information distribution
and updates. When the gateway is
participating only as a control plane
element, its role is referred to as the
SD-WAN controller. When the SD-WAN
gateway’s data plane capability is
enabled, its role serves as a multitenant
SD-WAN endpoint for SaaS on-ramp
and service provider integration. SD-
WAN gateways are stateless elements,
designed to be highly scalable
and allowing for quick expansion and
recovery. Both the control plane and
the data plane provide a unified
platform to rapidly and efficiently
scale WAN services.
•S
 D-WAN edge: SD-WAN edges are
available as easy-to-install appliances
for remote branches and data centers
with a range of throughput, interfaces,
integrated wireless, and LTE connec-
tivity options. Edges support dynamic
underlay and overlay routing. They
can be inserted in-path or off-path in
an existing network. High-availability
deployments are also supported. The
SD-WAN edge receives all policies
and configurations from the SD-WAN
orchestrator, classifies traffic using a
deep-packet application recognition
(DAR) engine and applies policies
based on real-time link quality. Traffic
steering decisions are made locally
on the SD-WAN edge. SD-WAN edges
may be deployed with infrastructure
as a service (IaaS) environments such
as Amazon Web Services (AWS) or
Microsoft Azure. SD-WAN edges are
typically available in two form factors:
hardware appliance and virtual
appliance. Both form factors support
a broad range of throughput,
interface, and connectivity options.
Key Capabilities and Main
Features of SD-WAN
Key capabilities of SD-WAN for
enterprises include the following:
•F
 lexible overlay topologies,
options, and deployment models:
SD-WAN orchestrators and SD-WAN
gateways are deployed as software-
only entities. SD-WAN edges can be
deployed as virtual (software) or as
hardware appliances. The hosted
SD-WAN orchestrator and SD-WAN
gateways are usually deployed in a
virtual form in either public clouds,
such as AWS or Microsoft Azure, or
through large Internet service provider
(ISP) data centers for optimal access
for the users.
•A
 ssured application performance:
SD-WAN boosts the service level and
capacity of hybrid networks or
standard broadband Internet links
by implementing optimization tech-
nologies that include continuous
monitoring, dynamic application
steering, on-demand remediation,
and Quality of Experience (QoE).
•E
 nterprise-wide business policies:
SD-WAN makes setting policy as
simple as a single click. Enterprises or
their managed service providers can
define business-level policies that
apply enterprise-wide across many
edges, all through a centralized, cloud-
based orchestrator. Link steering, link
remediation and Quality of Service
(QoS) are all applied automatically
based on set business policies;
however, specific configuration
overrides may also be applied. A
centralized SD-WAN orchestrator also
provides an enterprise-wide view and
configurability of routing in an overlay
flow control table, eliminating complex
node-by-node route configurations.
•U
 nified, robust security: SD-WAN
provides unified, secure communica-
tions for traffic steered across any
underlying transport. Standard
Internet Protocol Security (IPsec)
encryption is provided end to end
from branches to data centers and
for dynamic branch-to-branch
communications. A cloud-delivered
architecture also provides an auto-
matic virtual private network (VPN)
 from branches-to-cloud gateway Check out the following
aggregation points for interoperable resources from VMware to
access to infrastructure as a service learn more about SD-WAN:
(IaaS), eliminating manual, two-sided •V
 Mware SD-WAN by VeloCloud website
tunnel setup from 1xN branches to
• SD-WAN Overview For Dummies iPaper
1xN cloud data centers. The solution
•S
 D-WAN Deployment For Dummies iPaper
should provide the scalability and
•S
 D-WAN Future For Dummies iPaper
robust security of a public key infra-
• SD-WAN For Dummies e-book
structure (PKI) with the consolidated
management of an integrated
certificate server, secure onboarding
of devices, and revocation manage-
ment. Risk is minimized by pinning
certificates to specific devices and
using unique pair-wise encryption keys.

•Q
 uick deployment in minutes:
Using the zero touch deployment
capability, an SD-WAN edge can be
quickly installed. The SD-WAN edge is
shipped to the branch office where a
nontechnical person simply plugs in
power and a network cable. Activation,
configuration, and ongoing manage-
ment are all handled from the cloud.

For Dummies is a trademark of John WiIey & Sons, Inc. ISBN: 978-1-119-68773-3