1

4
 Internet
Best
Users Applications Effort

WAN
Branch/Campus

Data Center
 Applications
Public
MPLS/
Internet
Branch/Campus Private
Data Center

Internet extends Applications

to branch edge moving to cloud
 Devices & Things
DC/Private Cloud

Campus & Branch Users WAN

SaaS

Mobile Users

IaaS
 IaaS SaaS
DC1 DC2 (DR)

•
DCI
•
•
•
• MPLS Backup

Branch1 Branch2 Branch3

MEF 3.0 SD-WAN
2018 Analyst Definition*
Branch router/CPE functionality
Operate autonomously during loss
of connection to controller Summary of Basic
Support Hub & Spoke, Partial/Full Mesh
SD-WAN Capabilities
Centralized management:
Inventory, visibility, reporting, Management, • Circuit Load Balancing
config changes, SW upgrades via GUI
Zero-touch configuration
• Direct Internet Access
VPN (AES 256-bit encryption) • Centralized Management &
Direct Internet Access Orchestration
Dynamic traffic steering based • Lower Circuit Costs
on business or application policy
Support for traffic shaping and QoS
• Security
>100 well-known application profiles
included + custom template capabilities
Self-serve granular configuration changes
Predictable app experience Right security, right place Enterprise grade, simplified

Support for evolving Secure segmentation across Proven deployments to

business application strategy entire network stack over 10,000+ sites
Cloud OnRamp for IaaS, Full edge security stack from
SaaS and Colocation branch to cloud and colocations
 38% 58% 94%

Lower five-year cost of Faster to implement policy/ Less unplanned

WAN operations configuration changes downtime
 Traditional Optimization Security

Threat: SD-WAN Bolt on Threat: Disruption Threat: UTM Security

 viptela

Brand: Cisco Viptela and Cisco Meraki Technology: SD-WAN/Routing Category: Solution

Series positioning: Solutions Selling: • Secure Fabric

vEdge, ISR1K , ISR4K and ASR1K, ENCS,Cisco Meraki • Network as a Services • Upgrade Existing WAN ISR4K Router

• Cloud on Ramp (IaAS SaAS) • Multi Domain (ACI, SDWAN, SDA)

Strength: Challenge:
• Best in class hardware • Propertary OMP to control traffic between vsmart and vedge
• Cisco’s SD-WAN, powered by Viptela on the IOS XE platform, has stability and scaling issues
• Transport Independent (LTE, MPLS, Broadband). Reduce WAN cost , by • Cisco Licensing Structure complex
migrating MPLS to hybrid wanCloud security – multi-layer, • Cisco has many products to manage for SD-WAN using
comprehensive protection • ISR, vEdge, Viptela, DNA Licensed. Cisco prefered the C-Edge over V-Edge. Changing licensed
(Essential, Advantage and Premiere) to DNA licensed
• Superior Security architecture cloud based or on prem (TPM,
• Cant support 3rd party VNF for NFGW (Palo, Forti etc), must used service chaining method . adding more
DTLS/TLS, OMP, IPSEC). Using Thalos Cloud security and Embeded
complexity in proposed solution. Or used ENCS5100/5400 box
Security (IPS, AMP,Url Filter)Centralized management – open and
programmable
• Application QoE ( App aware policy), customizable SLA-based policies
per application
• Cloud on Ramp (extend WAN to AWS and Azure , SaAS (Office 365,
Salesfore and Dropbox) and Local internet breakout)
• Active-Active Dual router branch topologies
• Full Stack service routing Capabilities (OSPF, BGP , VRRP)
• Enterprise scale – intent-based multi-domain
Brand: VM Ware VeloCloud Technology: SD-WAN/Routing Category: Solution

Series positioning: Solutions Selling: • A branch platform velocloud edge

VeloCloud Edge 5X0, VeloCloud Edge 540, VeloCloud Edge 840 • Distirbuted Velocloud gateways • Cloud driven SD-WAN

VeloCloud Edge 1000 • Cloud based Velocloud Orchestrator

Strength: Challenge:
• Transport Independent (LTE, MPLS, Broadband). Reduce WAN cost , by • Limited topology or network environment deployment scenario
migrating MPLS to hybrid wanCloud security – multi-layer, • Limited Hardware scale and L3 Feature. (Ipsec tunnel + basic routing option for ospf bgp and static).
comprehensive protection Supports upto 8k sites and in-cloud gateway supports merely 100
• The VMware product lacks native advanced security functionality; instead, it relies on partner
• Simplified WAN Management, zero touch branch deployments to firewalls instantiated on its platform or cloud security services
ongoing configuration • Uses proprietary protocol, DMPO, to optimize and steer traffic
• Troubleshooting tools are limited to whatever is offered in the UI with basic capabilities. Cannot used CLI
• Assure the performance of critical applications, over any transport,
including Interne. Using DMPO dynamic multipath optimazation protocol.
optimal performance for demanding applications, such as voice and
video
• Leverages packet forwarding FEC and packet duplication
• Hub-less, eliminate service provider edge deployment
• Good Partnership with ISP. Invest many Velocloud gateway in many
MSP, provide an optimized direct path to public and private
enterprise clouds
Brand: Fortinet - Fortigate Technology: SD-WAN/Firewall Category: Solution

Series positioning: Solutions Selling: with SD-WAN capabilities

FortiGate/FortiWiFi 30E, FortiGate/FortiWiFi 40F, FortiGate/FortiWiFi 50E, • Exsiting Firewall appliance install based • Fortinet enables management of the
FortiGate platform via FortiManager or via
FortiGate 60F, FortiGate/FortiWiFi 60E, FortiGate 80E, FortiGate 100E • Large amount of statefull inspection now FortiGate Cloud

Strength: Challenge:
• Best Pricing in SD-WAN Appliance • Limited VPN segmentation deployment scenario
• Limited App Aware routing policy
• Simplified WAN Management, zero touch branch deployments to • Limited Cloud security support
ongoing configuration
• Fortinet’s direction of delivering a highly integrated solution consisting of
SD-WAN, routing, advanced security and application performance gives
them broad market and use case appeal, regardless of organizational
size.