Software-Defined WAN (SD-WAN), a new way to manage and optimize a wide area network, is designed to address the changing use of enterprise networks due to the growth of cloud computing and mobile devices. It is a more flexible solution than MPLS, better supporting a distributed and mobile workforce, and is more reliable and scalable than VPN-based WAN.
SD-WAN is implemented as a network of SD-WAN appliances connected by encrypted tunnels. Each SD-WAN appliance is connected to a set of network services (typically MPLS and some Internet services) and monitors the current availability and performance of each of these services. Traffic reaching an SD-WAN appliance is classified based upon application and prioritized using a set of centrally-managed priorities before being sent out over the best available network link.
SD-WAN makes it possible to replace MPLS, which is expensive and time-consuming to connect to new locations. It also allows security functionality to be distributed to the network edge, making it unnecessary to send all traffic through the enterprise datacenter for scanning before forwarding it to cloud services, a practice that degrades latency and performance.
By converging networking and security functionality, an SD-WAN can eliminate the need to deploy expensive point security products at branch locations. An SD-WAN with a large network of globally-distributed points-of-presence (PoPs) can provide high-performance, secure networking with centralized management and visibility.