Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon
Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21)
See all Unit 42 Threat Research
Table of contents
Network Security

Types of SD-WAN Deployment Models: A Complete Guide

5 min. read
Table of contents
What Are the Different Types of SD-WAN Deployment Models?

There are three primary options for deploying SD-WAN, including DIY, fully managed, and co-managed (hybrid). Additional SD-WAN deployment models include managed CPE and SD-WANaaS.

  • DIY SD-WAN: Managed and configured internally
  • Fully managed SD-WAN: Handled by a service provider
  • Co-managed (hybrid) SD-WAN: Blends internal control with external expertise
  • Managed CPE SD-WAN: Outsources on-site hardware management
  • SD-WANaaS: Cloud-based third-party management and delivery

Understanding modern SD-WAN capabilities and options

Since its inception, SD-WAN has remained a modern networking technology cornerstone. As SD-WAN technology has evolved, so have its capabilities and deployment methods.

Advancements in technology have led to the emergence of multiple types of SD-WAN options. However, the broad range of terms and options can get confusing.

A common way to categorize SD-WAN deployment models is by management model, network architecture, and deployment environments.

Typically the term “SD-WAN deployment models” refers to SD-WAN management models, which is what we’ll be focusing on for the purposes of this article. However, we’ll still touch on SD-WAN architectures and environments to be thorough.

What is SD-WAN?

Software-defined wide area network (SD-WAN) is a modern approach to managing and optimizing wide area networks (WANs).

It applies software-defined networking (SDN) principles to provide centralized control over network traffic and resources. Which makes it easier to manage and scale connectivity across multiple locations.

Here’s how SD-WAN works:

SD-WAN architecture diagram, featuring a central data center connected to four branch locations, represented as gray building icons. These connections are color-coded to indicate different types of internet connections: MPLS in red, cellular connections in green, and broadband in orange. Surrounding the central network diagram are logos of various internet and cloud services, such as AWS, Azure, Google, Dropbox, Salesforce, Workday, and YouTube, implying their integration or accessibility through this network architecture.

SD-WAN uses virtualized network services to connect branch offices, remote locations, and data centers. It combines various connection types, such as broadband, MPLS, and LTE, into a single, cohesive network.

By continuously monitoring the performance of these connections, SD-WAN ensures efficient traffic management and maintains high performance. This means users can access applications and resources seamlessly, no matter where they are.

Like this:

The diagram titled

Benefits of SD-WAN include:

  • Operational simplicity
  • Carrier-independent WAN connectivity and improved ROI
  • Improved security
  • Enhanced performance
  • Improved connectivity and direct cloud access
  • Foundation to SASE strategy

And SD-WAN can be applied across numerous use cases:

  • Branch connectivity
  • Enhanced security
  • Centralized management and visibility
  • IoT security, connectivity, and performance
  • Application control and quality of service
  • Cloud connectivity and strategy

Types of SD-WAN management models

Types of SD-WAN management models include:

  • DIY SD-WAN
  • Fully managed SD-WAN
  • co-managed (hybrid) SD-WAN
  • Managed CPE SD-WAN
  • SD-WANaaS
Types of managed SD-WAN deployments presenting six different types of SD-WAN deployment options, each represented by a blue square icon. On the left, the first row shows Fully managed SD-WAN with a network diagram icon, and below that is Co-managed SD-WAN depicted by a checklist and magnifying glass icon. The last option on the left is Managed CPE, represented by an icon of hardware devices connected by lines. On the right side, the first option is SDWANaaS shown with an icon of interconnected nodes, followed by SASE represented by a shield icon, and DIY SD-WAN depicted by a wrench and network cable icon. The title Types of managed SD-WAN deployments is written in bold on the left, with the icons and labels arranged in two columns next to it.

SD-WAN management models define how an organization oversees and operates its SD-WAN infrastructure. They outline the division of responsibilities between the organization and service providers, affecting everything from setup and maintenance to ongoing management and support.

Each SD-WAN management model impacts control, flexibility, and the level of involvement required from internal IT or network teams. And comes with different implications depending on company size, resources, and specific needs. There are distinct advantages and trade-offs.

If you’re in the beginning stages of evaluating SD-WAN, or even looking to consider an alternative management model, understanding these details is a great place to start.

 

DIY SD-WAN

  • What it is: DIY SD-WAN, or Do-it-yourself SD-WAN, involves managing and configuring the SD-WAN infrastructure internally within an organization.

    Essentially, this approach allows businesses to take full control of their network, from design to deployment.

    With DIY SD-WAN, companies use in-house resources to implement and manage the network. As opposed to relying on external vendors.

  • How it works: In a DIY SD-WAN setup, organizations typically deploy SD-WAN appliances at each location. These appliances connect to the internet and, if needed, integrate with existing MPLS links.

    The network team is usually responsible for setting up, configuring, and maintaining SD-WAN appliances. They also handle traffic management, applying policies to optimize performance and ensure security.

    A DIY setup provides flexibility because the organization can customize configurations to fit its specific needs.

  • Suitable for: DIY SD-WAN tends to work well for larger enterprises with a skilled network team and the resources to manage a complex network environment.

    Organizations that already have network expertise and want to maintain complete control over their network might find DIY SD-WAN appealing. It definitely allows way more customization. And potentially reduces costs as a result of leaning on existing resources.

    At the same time, this approach does require a significant investment in time and expertise. It may not be the best fit for smaller businesses or those lacking a dedicated IT team.

    Overall, DIY SD-WAN offers flexibility and control, but it also demands strong in-house technical capabilities and ongoing management effort.

 

Fully managed SD-WAN

Architecture diagram illustrating managed SD-WAN architecture. The left section shows a Branch with a Controller and Orchestrator connected to an SD-WAN CPE, maintained and managed by an MSP. Connections from the branch lead to a central node labeled MPLS/Broadband 4G/5G. From there, arrows extend to HQ and SaaS services (Google, Microsoft, Salesforce) and another path to Best effort services (TikTok, YouTube, Instagram, Facebook). Additionally, an arrow from HQ connects to cloud providers AWS and Azure.

  • What it is: Fully managed SD-WAN is a service where an external provider takes responsibility for all aspects of your SD-WAN network.

    The fully managed SD-WAN model offers a comprehensive solution, including setup, configuration, monitoring, and ongoing management.

    Essentially, the provider handles the entire SD-WAN infrastructure. So your organization can focus on its core activities rather than network management.

  • How it works: With fully managed SD-WAN, you partner with a managed service provider (MSP) that oversees your SD-WAN network.

    The MSP takes care of deploying and configuring the necessary equipment and software at your locations.

    They handle all aspects of network operations, including monitoring performance, troubleshooting issues, and ensuring security.

    Managed SD-WAN typically includes service level agreements (SLAs) to guarantee performance standards and response times. The overall arrangement simplifies network management by offloading these responsibilities to the provider.

  • Suitable for: Fully managed SD-WAN is a great option for businesses that lack the internal resources or expertise to manage SD-WAN on their own.

    This approach is beneficial for companies seeking to streamline operations, enhance network performance, and ensure robust security—but without the need for extensive internal IT resources.

    Fully managed SD-WAN provides a hassle-free way to maintain an efficient network. It’s definitely a practical choice for businesses aiming to simplify network management by counting on expert support.

Further reading: What Is Managed SD-WAN?

 

Co-managed SD-WAN, aka Hybrid

Co-managed SD-WAN architecture diagram. At the top, a connection flows from the Provider edge to the Customer edge, representing a handoff between the provider and customer network, which leads to the public internet, indicated by an icon with interconnected nodes. Below this, the Managed section shows layers of the Customer network. From top to bottom, the layers are: Outside switch (in gray), Firewall (in red with a flame icon), Inside switch (in gray), Core switch (in gray), and Campus switching at the bottom with empty gray boxes. These layers represent different network components, with the firewall highlighted. The diagram shows how these components are segmented in the customer network under a co-managed SD-WAN model.

  • What it is: Co-managed (or hybrid) SD-WAN offers a balanced approach to network management, combining elements of both DIY and fully managed models.

    With co-managed SD-WAN, your organization works in tandem with a managed service provider. This setup allows your internal network team to retain some control and visibility over network operations while also relying on the provider’s expertise for complex tasks and routine maintenance.

    Note“Hybrid SD-WAN” can be a confusing term because it’s used in different contexts. A hybrid SD-WAN management model is distinct from both a hybrid SD-WAN deployment environment—which combines on-premises and cloud-based elements—and hybrid SD-WAN as a method for combining the distinct capabilities of MPLS and SD-WAN technologies.

  • How it works: In a co-managed SD-WAN model, you and the provider share responsibilities for managing the network.

    The provider typically handles the more technical aspects like setup, configuration, proactive monitoring, and troubleshooting. Meanwhile, your internal IT or network team still has control over day-to-day network operations and policy decisions.

    This setup allows you to be involved in strategic decisions and adjustments without being bogged down by routine management tasks.

  • Suitable for: Co-managed SD-WAN is a good fit for organizations that have a capable IT and/or network team but want to avoid the burden of handling every aspect of network management.

    It’s suitable for businesses that seek a middle ground between complete in-house control and full outsourcing. This model is particularly beneficial for companies that want to stay involved in network operations but need expert support to manage more complex issues.

    In essence, co-managed SD-WAN provides a flexible solution that enables businesses to balance control with the benefits of professional expertise. It’s a practical choice for organizations that need both oversight and support to effectively manage their network.

Managed CPE SD-WAN

Architecture diagram titled Managed CPE SD-WAN depicts a network setup where branch locations connect to the cloud via managed infrastructure. On the left, two branch icons connect to their respective CPE router devices. Both CPE routers are linked to an MSP (Managed Service Provider) device in the center, which manages the network traffic. From the MSP, a VPN tunnel extends to a VFW (Virtual Firewall) in the cloud on the right. The VFW connects to a VPC (Virtual Private Cloud), which contains cloud applications stacked vertically, labeled Cloud apps. The image highlights the managed infrastructure components such as the CPE routers, MSP, VPN, VFW, and VPCs used in a Managed CPE SD-WAN deployment.

  • What it is: Managed CPE, or customer premises equipment, is a deployment model where the service provider handles the management of SD-WAN hardware located at your site.

    This approach involves outsourcing the care of physical network devices while maintaining some level of control over network operations.

  • How it works: In a managed CPE SD-WAN setup, the service provider is responsible for the installation, configuration, and ongoing management of the SD-WAN equipment at your premises. This includes tasks like monitoring performance, applying updates, and troubleshooting issues.

    The provider ensures that the hardware integrates seamlessly with your network and operates efficiently.

  • Suitable for: This model is well-suited for businesses that need physical SD-WAN hardware for reasons like security or compliance but prefer to have the day-to-day management handled by experts.

    It’s also a good choice for organizations that want to keep some control over their network infrastructure while offloading the more technical aspects of managing the equipment.

    Ultimately, a managed CPE SD-WAN model offers a balance between expert management and localized control.

SD-WAN as a Service (SD-WANaaS)

SD-WAN as a service architecture diagram illustrating the architecture of an SD-WANaaS solution. At the top left, there is a Customer web portal that connects to the Business support system. This system includes a Service orchestrator and an SD-WAN controller, which manage the network. Below, the diagram shows two SD-WAN edge components connected to the internet and to a CE/MPLS network. These edges facilitate connections to various cloud service providers (CSP) backbones, including AWS, Google Cloud, and Azure, depicted on the right side. Additionally, the edges connect to an SD-WAN gateway, which interfaces with an External network shown at the bottom right. Tunnel virtual connections link the SD-WAN edges and gateway, indicating secure communication paths. The entire architecture emphasizes the integration of cloud services, centralized management, and secure connectivity within an SD-WANaaS framework.

  • What it is: SD-WAN as a Service (SD-WANaaS) is a cloud-based model where a third-party provider manages and typically delivers SD-WAN functionalities over the public internet.

    Unlike traditional SD-WAN deployments—which may require extensive on-premises hardware and in-house management—SD-WANaaS abstracts much of the complexity. And that allows businesses to manage their networks through a centralized cloud portal.

  • How it works: In an SD-WANaaS setup, the service provider handles the core infrastructure: network management, performance optimization, and security.

    Customers interact with their network through a cloud-based management interface, where they can monitor performance, configure settings, and make adjustments as needed.

    The provider takes care of hardware updates, network optimization, and security measures. Similar to managed SD-WAN, this allows businesses to focus on their core operations rather than the intricacies of network management.

  • Suitable for: SD-WANaaS is a useful choice for businesses that want to simplify network management while avoiding the complexities of maintaining physical hardware.

    Organizations with multiple locations or those undergoing rapid growth can benefit from SD-WANaaS thanks to the scalability and flexibility. Companies with limited IT or network resources or those adopting a cloud-first strategy may also find SD-WANaaS appealing.

    Using the SD-WANaaS model, businesses can improve network performance, security, and operational efficiency without having to deal with managing the underlying infrastructure themselves.

Further reading: What Is SD-WANaaS? | What It Is, How It Works, Pros & Cons

Teal CTA banner showing an icon with a dollar sign and SD-WAN text, accompanied by the message, 'Find out the potential ROI your organization could achieve with SD-WAN.' Below is a button labeled 'Try the ROI calculator.'

 

Types of SD-WAN deployment architectures

Types of SD-WAN deployment architectures include:

  • Hub-and-spoke
  • Mesh
  • Hybrid mesh

Deployment architectures define how network traffic is routed between various locations, influencing performance, scalability, and reliability. An SD-WAN deployment architecture determines the structural layout and connectivity of the network.

Each architecture offers unique benefits and challenges. The SD-WAN architecture determines how data flows through the network and how sites communicate with one another.

 

Hub-and-spoke

Hub-and-spoke topology architecture diagram showing a network design where multiple branches connect to two central data centers or hubs. On the left side, two icons labeled Data center/Hub each depict a server stack inside a circle. From these hubs, lines extend outward to the right, connecting to multiple branch locations, each represented by a small building icon inside a circle labeled Branch. The branches are arranged in a radial pattern around the data centers, visually representing the hub-and-spoke structure, where each branch communicates through the central hubs rather than directly with other branches.

The hub-and-spoke model connects multiple spokes to a central hub.

In a hub-and-spoke setup, the hub, typically a large data center or central node, manages traffic between branch offices and edge sites. All communication flows through this central hub.

The model has two variations:

  • Spoke-to-hub only: Each spoke communicates only with the hub, not with other spokes. This simplifies network management and meets security or regulatory needs for isolation.

  • Spoke-to-spoke via hub: Spokes can communicate with each other, but traffic must pass through the hub first. This keeps management centralized but can introduce latency.

The hub-and-spoke model is easy to deploy and manage, making it suitable for organizations new to SD-WAN.

However, centralizing traffic can create bottlenecks and potential points of failure. If the hub fails, all spokes might lose network connectivity. Hubs can also become targets for cyber threats.

Mesh

The mesh SD-WAN deployment form differs from traditional centralized models by allowing direct communication between branch offices, campuses, and edge sites without routing traffic through a central hub.

  • In a full mesh deployment, every site connects directly through overlay tunnels, enabling any-to-any communication.

    Like so:

Full mesh topology architecture diagram illustrating a network structure where every branch and data center is interconnected. On the left, two icons labeled Data center/Hub, each represented by a server stack inside a circle, are connected to multiple branch locations on the right. Each branch, shown as a building icon inside a circle and labeled Branch, is connected not only to the data centers but also to all other branches. A web of lines between the branches and data centers demonstrates the full mesh setup, where all nodes (branches and data centers) have direct communication paths with one another. This structure allows for multiple, redundant connections across the network.

This setup speeds up data transfers and supports edge computing by placing applications and services closer to data sources. It also reduces the risk of outages since there are no single points of failure.

However, full mesh networks can be complex to implement because they require each site to manage its own networking and security solutions. Which does increase the potential for configuration errors and management challenges.

  • A partial mesh deployment allows some direct site-to-site communication while still relying on central hubs for certain traffic.

    Here’s what it looks like:

Full mesh topology architecture diagram illustrating a network structure where every branch and data center is interconnected. On the left, two icons labeled Data center/Hub, each represented by a server stack inside a circle, are connected to multiple branch locations on the right. Each branch, shown as a building icon inside a circle and labeled Branch, is connected not only to the data centers but also to all other branches. A web of lines between the branches and data centers demonstrates the full mesh setup, where all nodes (branches and data centers) have direct communication paths with one another. This structure allows for multiple, redundant connections across the network.

This model balances performance and efficiency by decentralizing some services.

On the other hand, it doesn’t totally eliminate the bottlenecks or security risks associated with centralized hubs.

Hybrid mesh

Hybrid mesh topology architecture diagram illustrating a network architecture where some components form a mesh, while others connect in a hub-and-spoke manner. On the left, three icons labeled Hub, represented by server stacks inside circles, are interconnected by lines, forming a mesh between them. On the right, branch locations, depicted as building icons inside circles and labeled Branch, are connected to individual hubs in a radial or spoke-like pattern. Each branch connects directly to a hub, but branches do not connect to each other. The diagram illustrates a hybrid approach combining mesh connectivity between hubs and hub-and-spoke connections to branch offices.

The hybrid mesh SD-WAN deployment model blends hub-and-spoke and full mesh architectures. It routes some traffic through central hubs while allowing other traffic to travel directly between sites. This setup balances centralized control with decentralized communication flexibility.

In a hybrid mesh, multiple hubs are used rather than a single central hub. Spoke sites connect to these hubs but don’t communicate directly with each other.

Traffic between spoke sites passes through the hubs, preventing any single hub from becoming a single point of failure. This distribution improves performance and reduces bottlenecks.

The hybrid mesh model offers redundancy and load balancing, which enhances network reliability and simplifies management compared to a full mesh.

However, it still depends on centralized hubs, which can be targets for cyber threats and may cause performance issues if they become unavailable.

 

Types of SD-WAN deployment environments

 

Types of SD-WAN deployment environments include:

  • On-premises SD-WAN
  • Cloud-based SD-WAN
  • Hybrid SD-WAN

An SD-WAN deployment environment refers to where and how an organization implements and operates SD-WAN infrastructure. This concept focuses on the physical or virtual location of the network components and how they’re integrated into an organization's existing infrastructure.

Deployment environments influence decision making factors like control, flexibility, scalability, and SD-WAN costs. Each offers different advantages and limitations that influence how organizations manage network resources and scale operations.

On-premises SD-WAN

On-premises SD-WAN architecture diagram depicting a network architecture where SD-WAN infrastructure is hosted on-site. On the left, a box labeled On-premise SD-WAN contains icons representing different types of devices: a computer monitor, a laptop, a printer, and a server, all connected to a central SD-WAN device in blue. From this central SD-WAN device, a line extends to the right, connecting to an icon labeled Internet, represented by a globe with interconnected nodes. This illustrates how on-premises SD-WAN infrastructure facilitates connections between local devices and the internet.

On-premises SD-WAN involves installing SD-WAN hardware and software at a company’s own facilities, such as data centers or branch offices. This model offers direct control over the SD-WAN infrastructure, and there’s plenty of room allowing for customization around specific needs.

The main advantage of on-premises SD-WAN is enhanced security since the hardware and data stay within the organization's facilities. It also provides more predictable performance because it’s not dependent on external service providers.

However, on-premises SD-WAN can be expensive. And complex to manage. Organizations may face significant upfront costs for hardware, licenses, and maintenance. Plus, you’ll need a dedicated network team to handle configurations and technical issues.

Cloud-based SD-WAN

Cloud-based SD-WAN architecture diagram illustrating a network setup where SD-WAN infrastructure is hosted in the cloud. On the left, an icon labeled On-premise shows a building connected by a line to the right side of the image. In the center, a blue SD-WAN device is depicted, representing the cloud-based SD-WAN. To the right of the SD-WAN device, there is a box labeled Virtual cloud gateway, symbolized by a cloud icon. A line extends downward from the SD-WAN device to an icon labeled Internet, represented by a globe with interconnected nodes. This setup demonstrates how an on-premise location connects through the cloud-based SD-WAN infrastructure to the virtual cloud gateway and the internet.

Cloud-based SD-WAN is a deployment model where the SD-WAN infrastructure is hosted and managed in the cloud. This means that instead of installing hardware and software on-site, companies rely on providers to deliver and manage the SD-WAN services.

The SD-WAN functionalities are accessed over the internet, connecting branch offices, data centers, and cloud-based applications through virtual SD-WAN gateways in the cloud.

One of the main advantages of cloud-based SD-WAN is flexibility. Since the infrastructure is managed by a cloud provider, organizations can scale their network quickly to accommodate changing business needs.

For example: Adding new sites or increasing bandwidth can be done with minimal physical setup and configuration.

The cloud-based SD-WAN model also supports a pay-as-you-go pricing structure. So companies only pay for the resources they use. And that can be more cost-effective than maintaining on-premises equipment (though not always).

However, cloud-based SD-WAN does come with some considerations.

Reliance on the internet means that network performance is contingent on the quality of the internet connection. If there are issues with network connectivity or if the provider experiences downtime, it can impact the performance and availability of the SD-WAN. Plus, while cloud-based SD-WAN can reduce the need for physical infrastructure, it still requires careful management to ensure security and compliance—especially with sensitive data.

Hybrid SD-WAN

Hybrid SD-WAN

A hybrid SD-WAN deployment environment combines on-premises and cloud-based elements to blend local control with cloud flexibility. This setup uses on-site hardware for critical network components and cloud services for broader network connectivity and scalability.

The advantages of a hybrid SD-WAN deployment environment include maintaining control over sensitive parts of the network while benefiting from cloud resources' scalability and cost-effectiveness. Companies can customize their setup to meet specific needs, using on-premises equipment where necessary and cloud services to expand capabilities.

However, hybrid SD-WAN can be complex. It definitely requires careful coordination between on-premises and cloud components. And managing and integrating different infrastructures may increase operational overhead.

Further reading:

 

Teal CTA banner featuring an icon of a hand holding a square labeled 'SD-WAN' on the left. The text reads 'Get a personalized Prisma SD-WAN demo.' Below this text is a button labeled 'Request demo.''

 

How to choose the right SD-WAN deployment option for your business

Graphic titled How to choose the right SD-WAN deployment option for your business and presents an eight-step process in a vertical flowchart format. On the left side, a gray box contains the title. To the right, the steps are listed in sequential order, each labeled with STEP followed by a number and connected by a vertical line with icons beside each step. Step 1: Assess your internal capabilities has a magnifying glass icon. Step 2: Evaluate your long-term goals is represented by a calendar icon. Step 3: Consider your network complexity features a network node icon. Step 4: Review your resource allocation has a pie chart icon. Step 5: Examine your cloud and SaaS dependencies shows a cloud icon. Step 6: Assess security and compliance needs is depicted with a shield and checkmark icon. Step 7: Analyze your implementation timeline has a clock icon. Step 8: Identify key stakeholders is represented by a group of people icon.

As noted, for the purposes of this article, we’ll focus on SD-WAN management models.

Selecting the right SD-WAN deployment option for your business involves evaluating several key factors.

Here’s a step-by-step guide to help you determine which option aligns best with your needs:

Step 1: Assess your internal capabilities

First, consider the expertise and resources available within your organization.

Do you have a skilled IT team capable of managing and maintaining a complex network infrastructure?

If your team lacks the necessary skills or time, a fully managed or co-managed SD-WAN might be more suitable. On the other hand, if you have a robust IT and/or network department and can allocate resources to network administration and management, a DIY model could be a viable option.

Step 2: Evaluate your long-term goals

Next, think about your long-term objectives.

Are flexibility and control critical to your business strategy?

If so, a DIY or co-managed SD-WAN model might better serve your needs. Both offer more customization and control over your network. Conversely, if you prefer focusing on core business activities rather than managing network infrastructure, a fully managed SD-WAN might be a better fit.

Step 3: Consider your network complexity

Consider the complexity of your network.

Does your network involve multiple global locations or critical applications that require sophisticated management?

If your network needs are complex, a fully managed SD-WAN or co-managed approach could provide the necessary support and expertise. DIY models might be suitable for less complex networks where in-house network administration and management is feasible, or for organizations who have plenty of dedicated SD-WAN expertise.

Step 4: Review your resource allocation

Assess how much time and resources you can dedicate to network administration and management.

A DIY approach requires substantial investment in terms of time, expertise, and ongoing management.

If your business prefers to avoid the overhead associated with these tasks, a fully managed or co-managed model might be more appropriate. These models outsource most of the network management.

Step 5: Examine your cloud and SaaS dependencies

Determine how reliant your infrastructure is on cloud services or SaaS applications.

If your business heavily relies on these services, a deployment model that integrates well with cloud environments, like SD-WAN-as-a-Service (SD-WANaaS), may be beneficial.

SD-WANaaS provides flexibility and scalability, which can enhance performance and integration with cloud-based resources.

Step 6: Assess security and compliance needs

Consider your security and compliance requirements.

Do you have strict policies that mandate in-house management for security reasons?

If so, a DIY or co-managed model might be. Managed models can offer robust security features but might not meet specific compliance needs as effectively as in-house management.

Step 7: Analyze your implementation timeline

Think about your timeline for SD-WAN implementation.

Some models, like SD-WANaaS, offer quicker deployment due to their cloud-based nature. If you’re targeting a swift SD-WAN implementation, this model might be advantageous. If you’ve budgeted plenty of time for deployment and want greater control, DIY or co-managed options might be more suitable.

Step 8: Identify key stakeholders

Finally, identify the key stakeholders who need to be involved in the decision-making process.

Ensure their preferences and requirements align with the chosen deployment model.

For instance, if IT leadership prefers a hands-on approach, a DIY or co-managed model might be preferred. If the focus is on minimizing internal management, a fully managed or SD-WANaaS model might be more appropriate.

Teal, rectangular CTA button. On the left side, there is a white icon featuring a stylized paper airplane within a dotted circle. The text to the right reads, Test drive Prisma SD-WAN to find out if it's right for you. Below this text is a white button with rounded edges containing the words, Start your free trial.

SD-WAN deployment models FAQs

The three basic types of SD-WAN deployment environments are on-premises SD-WAN (hardware and software installed at company facilities for direct control and security), cloud-based SD-WAN (hosted and managed in the cloud, offering flexibility and scalability), and hybrid SD-WAN (combines on-premises and cloud elements for a blend of control and scalability).
The three basic types of SD-WAN deployment models often seen in the market are DIY SD-WAN (managed and configured internally), fully managed SD-WAN (handled by a service provider), and co-managed SD-WAN, aka hybrid (blend internal control with external expertise), managed CPE SD-WAN (outsources on-site hardware management), and SD-WANaaS (cloud-based third-party management and delivery).
The three types of SD-WAN architecture are on-premises SD-WAN, cloud-enabled SD0WAN, and cloud-enabled with backbone SD-WAN.

SD-WAN can be deployed through physical appliances installed at branch offices, virtual appliances in cloud environments, or a combination of both, depending on the organization's needs and infrastructure.

The three basic types of SD-WAN deployments on the market are: DIY (organizations set up and manage the SD-WAN solution themselves), fully managed (a service provider manages the SD-WAN solution on behalf of the organization), and co-managed (a collaborative approach where both the organization and the service provider share management responsibilities).

EXPLORE MORE

Get the latest news, invites to events, and threat alerts