SD-WAN explained: modernising your business network
The limits of traditional WAN
For decades, wide area networking followed a familiar pattern: branch offices connected to a central data centre via dedicated MPLS circuits. Traffic flowed to the data centre, hit the security stack, and was routed to its destination - whether that was an internal server or the internet.
This model worked when most applications were hosted on-premise. But the shift to cloud has exposed its weaknesses:
- Backhauling is inefficient. When a branch user accesses Microsoft 365, their traffic travels to the data centre, through the firewall, out to the internet, and back. This adds latency, reduces performance, and wastes expensive MPLS bandwidth.
- MPLS is costly. Dedicated circuits offer reliability but at a premium price. Scaling bandwidth or adding new sites is slow and expensive.
- Visibility is limited. Traditional WANs offer basic link monitoring but little insight into application performance or user experience.
- Agility is poor. Provisioning a new site takes weeks or months. Adapting to changing traffic patterns requires manual reconfiguration.
What SD-WAN is
Software-defined WAN (SD-WAN) decouples the network control plane from the physical transport layer. Instead of relying on a single circuit type, SD-WAN creates an intelligent overlay network across multiple transport links - fibre, LTE, MPLS, broadband, satellite - and uses software to route traffic dynamically based on application requirements and real-time link conditions.
At each site, an SD-WAN edge device replaces or augments the traditional router. A central controller provides a single management interface for the entire network, enabling policy-based routing, security, and monitoring across all sites.
How SD-WAN differs from traditional WAN
| Aspect | Traditional WAN | SD-WAN |
|---|---|---|
| Transport | Single link type (typically MPLS) | Multiple link types (fibre, LTE, broadband, MPLS) |
| Routing | Static, hardware-defined | Dynamic, software-defined, application-aware |
| Cloud access | Backhauled through data centre | Direct internet breakout at the branch |
| Provisioning | Weeks to months | Hours to days (zero-touch deployment) |
| Visibility | Basic link monitoring | Application-level analytics and user experience metrics |
| Cost model | High fixed cost (MPLS) | Blended cost using commodity links |
| Security | Centralised security stack | Distributed security with integrated firewall, encryption |
Benefits of SD-WAN
Cost reduction
By blending lower-cost transport links (fibre, LTE, broadband) with selective MPLS where needed, businesses can significantly reduce WAN spend. Many organisations see 30–50% cost savings compared to pure MPLS networks.
Application performance
SD-WAN steers traffic based on application requirements. Latency-sensitive applications like voice and video are routed over the best-performing link. Bulk data transfers use available bandwidth on secondary links. If a link degrades, traffic is automatically rerouted - often before users notice.
Cloud-first architecture
Direct internet breakout at the branch means cloud applications perform as intended. Users access Microsoft 365, Salesforce, and other SaaS platforms without the latency of backhauling through a distant data centre. This is critical for organisations pursuing a cloud-first strategy.
Simplified management
A centralised controller provides a single pane of glass for configuration, monitoring, and troubleshooting across all sites. Policies are defined once and pushed to every edge device, ensuring consistency. Zero-touch provisioning means a new site can be brought online by shipping a device and plugging it in.
Built-in security
Modern SD-WAN platforms include integrated firewall, intrusion detection, encryption, and URL filtering. This extends the security perimeter to every branch - particularly important when traffic breaks out to the internet directly rather than passing through a centralised security stack.
Business agility
Adding a new office, pop-up location, or temporary site takes hours instead of weeks. Bandwidth can be scaled up or down based on demand. Mergers and acquisitions that once required months of network integration can be accelerated dramatically.
Use cases
Multi-site organisations
Retail chains, professional services firms, logistics companies, and healthcare networks with multiple locations are the primary SD-WAN audience. Each site gets optimised connectivity, consistent policy, and centralised management.
Cloud-first businesses
Organisations that have moved most workloads to public cloud or SaaS need a WAN architecture that supports direct cloud access. SD-WAN provides intelligent routing to cloud providers and can prioritise cloud application traffic.
Remote and hybrid workforce
SD-WAN extends to remote workers through lightweight client software or secure access service edge (SASE) integration. This brings the same application-aware routing, security, and visibility to home offices and mobile users.
Disaster recovery
SD-WAN’s multi-link architecture inherently provides failover. If the primary fibre link fails, traffic shifts to LTE or a secondary broadband link. This resilience is valuable for organisations that need to maintain operations through connectivity disruptions - a common scenario in South Africa.
The South African connectivity context
SD-WAN is particularly compelling in the South African market because of the diversity of available transport:
- Fibre - increasingly available in metropolitan areas, offering high bandwidth at competitive prices. Multiple fibre network operators (FNOs) provide options.
- LTE/5G - mobile connectivity serves as both a primary link for remote locations and a failover path for fibre-connected sites. Coverage varies by area and operator.
- MPLS - still relevant for businesses that require guaranteed SLAs and private connectivity, but increasingly used selectively rather than as the sole transport.
- Microwave and satellite - options for rural sites or locations where fibre and LTE are unavailable.
SD-WAN turns this diversity from a management headache into a strategic advantage. Instead of managing four different link types manually, the overlay network handles path selection, failover, and load balancing automatically.
Loadshedding adds another dimension. Sites equipped with UPS and backup power can maintain connectivity, but link quality may fluctuate as infrastructure upstream is affected. SD-WAN’s real-time link monitoring and dynamic rerouting help maintain application performance through these disruptions.
Deployment considerations
Assess your current WAN
Before deploying SD-WAN, audit your existing network. Understand current link types, costs, utilisation, and contract terms. Identify which MPLS circuits can be replaced with cheaper alternatives and which need to be retained for compliance or SLA reasons.
Define application policies
SD-WAN is only as effective as its policies. Classify your applications by priority and requirements:
- Critical real-time - voice, video conferencing → lowest latency, highest priority
- Critical transactional - ERP, CRM, financial systems → low latency, high reliability
- Standard business - email, web browsing → best-effort across available links
- Non-essential - software updates, backups → scheduled for off-peak or lowest-priority links
Plan security architecture
Decide where security inspection occurs: at the edge (SD-WAN integrated firewall), in the cloud (SASE), or at the data centre (traditional model). Many organisations adopt a hybrid approach, with local security for direct internet breakout and centralised inspection for sensitive traffic.
Consider managed SD-WAN
SD-WAN reduces operational complexity but doesn’t eliminate it. Ongoing management - monitoring link health, adjusting policies, troubleshooting issues, and managing vendor relationships - requires dedicated attention. Many South African businesses benefit from a managed approach where the technology partner handles day-to-day operations.
Start with a pilot
Deploy at two or three sites first. Validate performance, test failover scenarios, and refine policies before rolling out to the broader network. This reduces risk and builds confidence in the platform.
Getting started
SD-WAN is a practical, cost-effective way to modernise your network for the realities of cloud computing, distributed workforces, and South African infrastructure challenges. The technology is mature, the business case is clear, and the deployment model is proven.
ITHQ designs, deploys, and manages SD-WAN solutions for South African businesses. Our network engineering and connectivity team selects the right platform for your requirements and integrates it with your cloud architecture and security infrastructure.
Contact us to explore how SD-WAN can transform your business network.