SD-WAN has been one of the most aggressively marketed networking products of the last decade. Vendors have positioned it as the solution to every multi-location networking problem, and many businesses have bought it before they fully understood what it does. This guide tries to be direct about what SD-WAN actually solves, when it is worth the investment, and when the honest answer is that it is not the right tool for your situation.
What SD-WAN actually is
SD-WAN (Software-Defined Wide Area Network) is a technology that sits on top of your existing internet connections and manages how traffic flows between your locations and cloud services. The “software-defined” part means that routing decisions are made in software, centrally, rather than being configured manually on each router at each location.
In practice, this means: you can have multiple internet connections at each site (from different providers, on different technologies) and SD-WAN intelligently routes traffic across them based on real-time performance. A video call stays on the low-latency path; a backup job shifts to the cheaper link; if one circuit drops, traffic automatically shifts to the other. You manage all of this from a central dashboard rather than logging into each router individually.
What SD-WAN is not: it is not an internet connection itself, it is not a security product (though many platforms include basic security features), and it is not a solution to poor underlying connectivity. It is an overlay that makes your existing or new internet circuits smarter and easier to manage.
When SD-WAN makes sense — and when it does not
Good candidates for SD-WAN
SD-WAN earns its place when you are managing multiple locations with separate internet circuits and spending meaningful time dealing with the complexity — inconsistent application performance, manual configuration of individual routers, no central visibility into what is happening across your network. It also makes sense when you have moved significant workloads to cloud and your current WAN architecture was designed for a different world (one where applications lived in a central data centre rather than Azure or AWS).
Businesses replacing expensive MPLS circuits with SD-WAN over broadband often see meaningful cost savings while maintaining acceptable performance for most workloads. If you are paying for private MPLS at multiple sites and your applications would tolerate internet-based connectivity with intelligent routing, that comparison is worth running.
Cases where SD-WAN may not be the right answer
If your current WAN is working well and your team is not experiencing meaningful application performance problems across sites, the value proposition for SD-WAN weakens considerably. Adding complexity and a monthly management cost to a network that does not have a clear problem is not a good trade.
SD-WAN also does not fix consistently poor underlying connectivity. If a location has limited or unreliable internet options, better circuits or a fixed-wireless backup address the root cause. SD-WAN over two bad connections is still two bad connections, intelligently managed.
Managed vs. unmanaged SD-WAN
Managed SD-WAN means a provider handles the configuration, monitoring, updates, and troubleshooting of your SD-WAN environment. You get a central dashboard for visibility and policy management, and a NOC (network operations centre) that watches the network and responds when something degrades or fails. The monthly per-site fee is higher, but it is all-inclusive.
Unmanaged SD-WAN (sometimes called “DIY SD-WAN”) means your IT team handles everything: initial configuration, policy management, firmware updates, and troubleshooting. The recurring cost is lower, but the internal requirement is real. For businesses without a networking-capable IT team, unmanaged SD-WAN saves money on the monthly invoice and creates it in incident response.
The right choice depends on your internal capability, not on which model has a lower sticker price. Be honest about your team's networking depth before you choose the unmanaged path.
Hardware vs. virtual CPE
Traditional SD-WAN deployments use a physical appliance (CPE — Customer Premises Equipment) at each location. Virtual CPE runs the same SD-WAN software on a generic server or in a cloud instance rather than on proprietary hardware. For most multi-location businesses, physical appliances are the more straightforward choice: simpler to support, clear replacement process, and well-understood by managed SD-WAN providers. Virtual CPE makes more sense for large or technically sophisticated deployments where hardware flexibility and scale economics matter.
What to ask vendors
- 01What is the deployment timeline for our specific locations, including circuit provisioning?
- 02What does the management portal actually show? Ask for a demo of day-to-day operations, not just the sales deck.
- 03What is included in the managed service — configuration changes, troubleshooting, firmware updates, 24/7 NOC coverage?
- 04What are the SLAs for the managed service, and what are the remedies if they are not met?
- 05Can SD-WAN run on our existing internet circuits, or do new circuits need to be provisioned?
- 06How is traffic prioritized for latency-sensitive applications like VoIP and video conferencing?
- 07What does failover look like — is it automatic, and how fast is the switchover?
- 08What is the hardware lifecycle? Who is responsible for replacing appliances at end of life?
- 09What are the early termination provisions on both the SD-WAN contract and the underlying circuits?
- 10Do you have reference customers with a similar number of locations and traffic profile to ours?
Common mistakes
Deploying SD-WAN without a problem to solve
SD-WAN is a solution to specific networking problems. If your current WAN is working well, your applications perform reliably across sites, and your team is not spending time on network management, adding SD-WAN introduces complexity and cost without a corresponding benefit. Evaluate it against your actual pain, not against the technology trend.
Underestimating the connectivity dependency
SD-WAN is an overlay — it runs on top of internet circuits, not instead of them. A well-configured SD-WAN cannot compensate for consistently poor underlying connectivity at a site. If a location has genuinely bad internet options, SD-WAN won't fix that; better circuits will.
Choosing unmanaged when you lack internal capability
Unmanaged SD-WAN requires someone who can configure routing policies, monitor performance across sites, and respond when something breaks at a remote location. If you don't have that capability in-house and are choosing unmanaged primarily to save on the monthly fee, the savings will likely be offset by the cost of incidents you are not equipped to handle.
Not aligning the SD-WAN contract with your circuit contracts
SD-WAN appliances deployed over internet circuits create a dependency chain. If your circuits have different term lengths and renewal dates than your SD-WAN contract, you may find yourself locked into one while out of term on the other. Align renewal dates where possible, or understand the exit provisions on each component.
Treating SD-WAN as a security solution
Many SD-WAN platforms include security features — basic firewall, intrusion detection, content filtering. These are useful additions, but SD-WAN is a networking solution, not a security solution. Don't let bundled security features substitute for a proper security assessment. Use them to extend your security posture, not replace it.
When to bring in a procurement desk
SD-WAN procurement is inherently cross-vendor: you are evaluating the SD-WAN platform, the underlying connectivity at each site, and the managed services layer — often from different providers. Aligning those pieces, comparing them across suppliers, and making sure the contract terms on each component do not create problems for each other is the kind of work our desk does regularly.
We assess your locations, benchmark available connectivity, and structure an SD-WAN comparison that looks at total cost of ownership — not just the per-site management fee. If that would be useful, the form below is the place to start.
Reviewed by the SwitchU procurement desk — last reviewed June 2026.