Understanding the SD-WAN Architecture

SD-WAN, which stands for software-defined wide-area networking, provides an organization with the ability to create a secure corporate WAN using existing infrastructure. SD-WAN defines a logical overlay on top of physical infrastructure, allowing traffic to be securely and optimally routed between SD-WAN points of presence (PoPs).

SD-WAN Buyer’s Guide Learn More

The Evolution, the Importance, and the Need for SD-WAN

Corporate networks and networking requirements have grown and changed. Companies have expanded and added branch locations and cloud infrastructure and applications. Remote sites and workers need high-performance secure access to corporate and cloud applications.

Historically businesses have  used multi-protocol label switching (MPLS) to connect remote sites, but these links are expensive and have limited scalability. SD-WAN provides companies with the ability to securely link their distributed architecture with high-performance and reliable network connectivity.

What is SD-WAN Architecture?

SD-WAN architecture is a logical overlay on top of physical networks. By using software-defined networking (SDN), SD-WAN solutions can create a secure, virtual WAN on top of physical networks.

For example, most on-premises SD-WAN architectures rely on broadband Internet, MPLS links, mobile networks, and other publicly available transport media to carry their traffic. When network traffic enters the corporate WAN via an SD-WAN PoP, it is securely and efficiently routed to the PoP nearest its destination. By leveraging an SD-WAN architecture, an organization can achieve greater network performance and reliability than is otherwise possible due to SD-WAN’s monitoring of link health and understanding of the needs of various types of application traffic.

What Do Organizations Need in an SD-WAN Architecture?

Some of the core features of an SD-WAN architecture include:

  • Coverage: Branch offices, cloud computing, and remote work are all making corporate networks more distributed. An SD-WAN architecture must ensure that all corporate systems have efficient access to the corporate WAN.
  • Universal Support: The growth of corporate networks also has contributed to a greater diversity of connected devices. SD-WAN architecture must offer secure, high-performance connectivity to all corporate devices.
  • Network Performance: SD-WAN is designed to provide high-performance connectivity to corporate devices and resources. An SD-WAN architecture should be designed to meet the needs of latency-sensitive applications.
  • Network Security: SD-WAN on its own provides network optimization but does not inspect or secure the traffic it carries. An SD-WAN architecture should also incorporate SD-WAN security functionality to protect corporate data and applications.

Types of SD-WAN PoPs

SD-WAN architectures are designed as a network of SD-WAN PoPs that are connected over one or more network media (broadband Internet, MPLS, mobile networks, etc.). Companies can deploy SD-WAN PoPs in a few different form factors, including:

  • Physical Appliance: In on-prem deployments, branch offices, and corporate data centers, an organization may choose to deploy SD-WAN PoPs using dedicated physical hardware.
  • Virtual Appliance: SD-WAN functionality can also be deployed as a virtual machine on universal customer premises equipment (uCPE) or corporate servers.
  • Cloud-Native: Some SD-WAN offerings implement SD-WAN functionality in software, allowing them to be deployed natively in the cloud and take advantage of its benefits.

Types of SD-WAN Architecture Deployments

An organization can implement an SD-WAN architecture in a few different ways. The three main types of SD-WAN deployments are:

  • DIY/On-Prem: Organizations can implement SD-WAN themselves by deploying SD-WAN appliances at their on-prem and cloud-based network locations. These SD-WAN PoPs are often connected over the public Internet but compete with MPLS links by optimizing network routing based on monitoring the health of available network links.
  • Managed SD-WAN: Managed SD-WAN or SD-WAN as a Service offers SD-WAN functionality as a cloud-native solution under a consumption-based model. The SD-WAN as a Service provider offers customers access to their optimized and dedicated network backend, providing higher performance and reliability guarantees than an Internet-based on-prem SD-WAN deployment.
  • Managed Service Provider (MSP): SD-WAN functionality is a common service provided by MSPs. The MSP is responsible for deploying and managing the SD-WAN architecture used by the organization, and the SD-WAN architecture is backed by service level agreements (SLAs) that guarantee network performance and reliability.

SD-WAN with Check Point

SD-WAN provides organizations with the ability to securely link their distributed architecture. However, an SD-WAN architecture does not provide the enterprise-grade network security that companies need. Network optimization means that traffic does not always pass through data center network security infrastructure, making integrated SD-WAN security essential for enterprise SD-WAN architectures.

To learn more about what you should be looking for in an SD-WAN architecture and how best to secure it, make sure to review this buyer’s guide. Furthermore, learn how to optimize your corporate WAN without compromising on security by signing up for more information about Check Point Quantum SD-WAN through the Early Availability Program.


This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.