Skip to content Skip to navigation Skip to footer

What Is SD-WAN Architecture?

software-defined wide-area network (SD-WAN) is a virtual approach to connecting users to applications via various network transport services. An SD-WAN architecture simplifies organizations’ control and management of IT infrastructures, automates network management, and provides increased resources to help meet current business initiatives.

An SD-WAN architecture can improve application performance and user experience by delivering Quality of Service (QoS) and intelligent traffic direction. As a result, businesses can increase agility and productivity levels and reduce costs.

Why Do Enterprises Need an SD-WAN Architecture?

Enterprises deploy vast amounts of time and resources configuring and managing their networks. An SD-WAN architecture simplifies control of the WAN through an automated, policy-driven, virtual infrastructure. 

It frees up organizations to deploy emerging applications and services such as edge computing, the Internet of Things (IoT), Voice over Internet Protocol (VoIP), and unified communications. It also provides more reliable and secure internet access for cloud and Software-as-a-Service (SaaS) applications and centralizes the WAN to simplify deployment and management.

Components of an SD-WAN Architecture

An SD-WAN architecture consists of a control plane, which enables IT teams to manage resources centrally and remotely, and a forwarding plane, which manages traffic flow and configures network resources according to control plane policies. The essentials of an SD-WAN architecture include:

Edge

The edge encompasses any network equipment that is deployed in an organization’s cloud environments, local-area networks (LANs), on-premises data centers, and branch offices.

Controller

The controller enables the architecture to be managed centrally. It also allows system operators to monitor and visualize their networks and create policies. 

Orchestrator

The orchestrator is a virtualized administration component that monitors traffic and enforces the policies and protocols set by the controller.

Types of SD-WAN Architecture

There are multiple SD-WAN architecture types available to enterprises. The main three are:

On-premises

This architecture type only connects to an organization’s on-premises websites, either through a plug-and-play router or an SD-WAN box. The SD-WAN box does not connect to the organization’s cloud gateways but tracks real-time traffic across their sites. 

The on-premises approach is ideal for enterprises that maintain applications and operations in-house rather than through the cloud. It uses a multiprotocol label switching (MPLS) network to manage voice, video, and virtual desktops, and the public internet, which is controlled by SD-WAN, for everything else.

Benefits of the on-premises only approach include improved performance of enterprises’ WAN applications, multi-circuit and internet service provider (ISP) load balancing, and enhanced disaster recovery opportunities.

Cloud-enabled

The cloud-enabled architecture approach uses an SD-WAN box that connects to the cloud or a virtual gateway. It offers the real-time shaping and load-balancing benefits of the on-premises approach in addition to cloud benefits, such as reliability and improved performance. 

Connection to a cloud gateway gives enterprises access to popular cloud providers and services. This ensures their sessions remain active and enables secondary internet lines to keep their SD-WAN online. As a result, the cloud-enabled approach is ideal for enterprises that operate multiple cloud-based applications and services. 

The key benefits of an SD-WAN cloud-based architecture include enhanced cloud application performance and reliability, as well as multi-circuit and ISP load balancing.

Cloud-enabled Plus Backbone

Adding backbone to the cloud-enabled approach offers extra support to cloud-based infrastructure. It involves an SD-WAN box connecting an enterprise’s website to their SD-WAN provider’s point of presence (POP). Their traffic will then be switched to the SD-WAN provider’s private fiber-optic backbone network that connects to popular cloud providers. 

The cloud-enabled plus backbone approach offers reduced latency, jitter, and packet loss. It also increases network traffic performance and boosts the performance and reliability of cloud applications. This makes it ideal for enterprises that want to remove their MPLS network and run multiple real-time network applications.

Additional benefits of the cloud-based plus backbone approach include improving the performance of mission-critical applications and multi-circuit and ISP load balancing. It also enables organizations to run critical and real-time applications over their private networks, which avoids the latency and security issues they might encounter on the public internet. 

How To Secure Your SD-WAN Architecture

An SD-WAN architecture offers enterprises a new approach to tackling common challenges within enterprise networking security. Gartner outlines four SD-WAN infrastructure security options: 

  1. Embedded firewall
  2. Firewall with embedded SD-WAN
  3. SD-WAN with secure web gateway (SWG)
  4. SD-WAN with third-party firewall

These four SD-WAN options offer different security levels as well as varying relative costs and branch office profiles. Next-generation security architectures often embed security within SD-WAN products to safeguard enterprises’ internet access, as well as support the network with next-generation firewalls (NGFWs) and SWGs.

SD-WAN architecture security needs to align with the same flexibility, performance, scalability, and speed criteria as the architecture itself. This is critical for enterprises that operate hybrid environments containing legacy infrastructure and modern networking components.

SD-WAN Architecture Implementation

Correct implementation of an SD-WAN architecture will depend on an organization’s unique needs and network setup. It may vary depending on the range of connectivity options they use, such as 4G and 5G networks, plus broadband, internet, and MPLS. It can also combine on-premises and cloud-based solutions and include various mitigating factors, such as:

  1. Remote sites: SD-WAN needs will depend on the number of remote sites that an organization operates. The more they have, the more complex their architecture will likely need to be, and the more agile, flexible, and redundant the network will need to offer.
  2. Bandwidth needs: Enterprises need to understand how many applications and end-users they need to support. This will affect the design of their SD-WAN architecture, as a site with multiple on-premises applications will have vastly different bandwidth needs to one that relies on cloud applications.
  3. Current network architecture: An enterprise can use their existing infrastructure as they migrate to their SD-WAN architecture. However, an SD-WAN will only optimize their existing architecture rather than transform a poor network design into a good one. It is therefore crucial to fully understand the current network architecture to find the most efficient way to deploy SD-WAN.

How Fortinet Can Help

Fortinet helps organizations secure their networks with fast, flexible, and scalable secure SD-WAN solutionsFortinet next-generation firewall solutions consolidate SD-WAN with NGFWs and advanced routing. This ensures superior quality of experience at scale, simplified WAN architecture, the convergence of network and security, and enhanced efficiency through deep analytics, automation, and self-healing.

The Fortinet Secure SD-WAN approach offers built-in security and high-speed networking capabilities. This ensures enterprises obtain the required cloud application access and performance, plus advanced security that does not hamper speed.