Dynamic Path Selection & Multi-Transport

SD-WANs use dynamic path selection to steer or route network traffic to one or multiple WAN links based on priority, network conditions or traffic patterns. Data packets are automatically steered to specific WAN links based on link availability, to balance network traffic or to save costs. The data packets are identified by the SD-WAN and then categorized by application, source, user and destination. This packet identification is used to route the data packets down the most optimal path which results in enhanced performance of applications. The dynamic path selection and data routing is configured to utilize your existing underlay connectivity such as Broadband, LTE, MPLS or WAN. The SD-WAN uses the underlay connectivity’s characteristics such as cost (flat, usage based etc.), bandwidth, latency and jitter to make decisions on application steering to the appropriate path(s).

Centralized Management

SD-WAN allows network administrators to centrally manage their entire network fabric by pushing out policies to all the branches with ease. This also allows for quicker integration of new branches. Administrators can also have a full view of the network, leading to the possibility of easily pinpointing any network issues and then take immediate action to resolve those issues. This insight can also be used to figure out where optimizations can be implemented to improve the overall usage of the network.

Network Security

SD-WAN, at its core, supplies an organization’s network with a secure fabric to trusted devices while leveraging insecure connectivity, such as the Internet. SD-WAN has in-built security features as well, such as stateful firewalls, IPS/IDS Intrusion Prevention System/Intrusion Detection System), DNS filtering, and much more. All these features are provided at the CPE level, without the need for traffic to be filtered through a corporate data center. More advanced security features like web filtering, anti-SPAM, anti-phishing, ATD, etc. are available through the use of third-party security appliances.

Enhanced Security

SD-WAN solutions offer built-in security features to enhance an organization’s network security to help combat typical cybersecurity concerns. These features arm a network with the tools necessary to minimize the security attack surface across the network, applications, devices, and users to ensure all aspects of the fabric are secure. One of the integral ways an SD-WAN solution achieves higher levels of security involves encryption of all packets traversing the fabric utilizing industry standard SSL/TLS techniques. Another key feature prevents unneeded data from reaching the network. This means that all packets use the shortest path available to destinations, without compromising security – SaaS traffic to well known and reputable sites can be sent directly to the destination without having to be sent through the data center, avoiding hairpinning of network traffic. At the same time, general internet traffic is inspected in real-time and automatically responded to if a threat is identified.

Direct Connectivity

SD-WAN empowers organizations with the freedom to connect branches directly to a corporate data center and directly to cloud services such as SaaS applications. Connecting to cloud services has the added benefit of not requiring the traffic to route through the corporate data center.

Policy Based Management

The SD-WAN steers data based on policies (Quality of Service) configured specifically for your applications, devices, users, groups, locations and more. These polices are configured with a priority setting in which the SDWAN utilizes to prioritize the data packets and how they are dynamically routed. The policies can be configured to meet the specific business and QoS requirements. The policies enable the SD-WAN the ability to steer traffic over specific networks, based on costs, as well as prioritization of traffic based on application, such as videoconferencing of business-critical SaaS applications.

Zero-Touch Provisioning

Enterprise SD-WANs supports a secure true zero-touch provisioning of edge controllers. In order to onboard a device in a remote location the only required steps are to unbox the edge controller, plug it in and connect it to the internet. The edge controllers are automatically provisioned and configured to operational status. The network administrator can setup rules and policies that will be automatically applied when a matching edge controller is onboarded.

Improved Network Performance

SD-WAN brings awareness of traffic types that traverse through your network. An IT manager can prioritize traffic from business-critical applications as well as other services such as VoIP and web-conferencing and help steer the traffic via the most efficient route, automatically. This prioritization and steering work together to allow the IT Manager to get the best out of the available network, even minimize when network links experience packet loss and latency.

Cost Reduction

SD-WAN reduces overall costs by allowing the use of low cost alternatives to expensive MPLS such as the public internet, broadband and LTE networks, allowing direct cloud access for the increasing use of SaaS applications, getting better results from available public networks by use of traffic shaping, prioritization of network traffic.

Cloud Adaptation

The use of SaaS applications and other cloud services are on the rise. SD-WAN facilitates cloud access throughout the network fabric, including branch offices and remote workers, which in turn removes the need to route cloud and remote traffic back through the corporate data center, thus reducing latency.

High Availability

High Availability (HA) ensures that the zWAN Edge Controllers provide continuous uptime by automatically failing over to backup connections or devices in the event of a failure. By implementing multiple layers of redundancy, such as active-active or active-passive configurations, HA prevents network downtime and guarantees that critical business applications remain accessible even during unexpected disruptions. This feature is crucial for enterprises that rely on uninterrupted access to cloud services, corporate data centers, or essential applications.

Path Affinity

Path Affinity ensures that traffic associated with a specific application or user flows through the same path consistently, optimizing performance and reliability. This feature is particularly useful in maintaining session persistence for applications that are sensitive to changes in network conditions, such as video conferencing, VoIP, or real-time communication tools. Path Affinity allows for seamless user experiences by reducing packet loss, latency, and jitter while improving overall application performance.

Load Balancing (Flow & Packet)

zWAN Edge Controllers support both Flow-Based and Packet-Based Load Balancing, allowing efficient distribution of network traffic across multiple WAN links. Flow-Based Load Balancing directs entire sessions to a specific link, ideal for applications requiring consistent paths. Packet-Based Load Balancing, on the other hand, splits individual data packets across multiple links, optimizing bandwidth usage and ensuring maximum throughput. These features work together to prevent link saturation, ensuring network performance remains high, even during peak usage times.

Wireless Support (LTE/5G)

zWAN Edge Controllers offer full support for LTE and 5G wireless networks, giving organizations the flexibility to use wireless connectivity as a primary or backup WAN option. This feature is especially useful in remote locations where wired connections may be unavailable or costly. With built-in LTE and 5G support, zWAN Edge Controllers can ensure business continuity by providing failover connectivity when primary WAN links experience outages or disruptions, ensuring constant uptime and network resilience.

Quality of Service (QoS)

Quality of Service (QoS) allows network administrators to prioritize critical business applications over less important traffic, ensuring that time-sensitive applications like VoIP, video conferencing, and cloud services always receive the necessary bandwidth and low latency. QoS policies can be tailored to the needs of the organization, improving user experiences and maintaining consistent performance for the most important applications, even during times of network congestion.

Deep Packet Inspection (DPI)

Deep Packet Inspection (DPI) analyzes the contents of each packet passing through the network to identify specific applications, users, and potential threats. By providing granular visibility into network traffic, DPI enhances security and allows for more precise policy enforcement. Administrators can use DPI to detect and block malicious content, manage bandwidth by application, and ensure compliance with organizational policies, all while improving overall network performance.