White Paper

Finding the Best SD-WAN Solution for Your Enterprise:

Guide for Evaluating SD-WAN Products

Selecting the optimal SD-WAN solution for your enterprise is not

easy. While much has been written about the technology, its hard to
decide what features are most important and how to differentiate
between products. This paper describes some of the critical features
in more details and lays out some important factors to consider when
selecting an SD-WAN solution for your enterprise.

Using this Guide SD-WAN (Software Defined Wide Area Network) products have a very successful track record
improving application performance, lowering WAN costs, and strengthening business continuity.
Enterprises evaluating SD-WAN solutions But as you consider deploying SD-WAN, its important to understand the differences between
should understand the different levels of
solutions. Identifying which features matter to your enterprise is essential in making this
functionality available to solve different
selection.
problems, determine what level they
require, and look for products that offer
This paper describes key criteria for evaluating SD-WAN solutions. It discusses the most
those capabilities. In this paper, the various
important issues, and outlines levels of capability that separate just okay products from really
functionality groups considered are:
good ones. The paper does not compare specific products, but it does include examples of
1. Resiliency and Failover features from Citrix NetScaler SD-WAN, one of the leading solutions in this field.
2. Quality of Service
The Value of SD-WAN Solutions
3. Application Optimization
4. Routing Wide Area Networks are a critical component of todays enterprise computing infrastructure. But
5. Data and Application Security WANs suffer from many problems, including latency, congestion, jitter, packet loss, and outages.
6. Deployment and Scaling Erratic performance frustrates users, especially for real time applications like VoIP calling, video
7. Administration and Troubleshooting conferencing, video streaming, and virtualized applications and desktops. WAN capacity can be
8. Vendor Experience and Level of Support expensive and difficult to expand. And complex WANs are difficult to manage and troubleshoot.
At the end of a paper, a checklist organized
SD-WAN products address these problems. Typically, the solution consists of appliances or
by these categories is available to help
virtual appliances placed in small remote and branch offices, larger offices, corporate data
identify and highlight those features you care
about and compare what different vendors centers, and private and public cloud platforms. SD-WAN solutions can:
provide in each category. Reduce WAN traffic
Route traffic on the fastest available paths between any two points
Provide better quality of service (QoS) for high-priority applications
Improve network security
Consolidate disparate network functions into one appliance with centralized configuration
and policy definitions.
Simplify administration for remote and branch offices
Allow enterprises to leverage low-cost and flexible Internet and 4GE network connections in
place of MPLS links.
Provide visibility into WAN paths to help administrators troubleshoot performance issues

But different SD-WAN solutions have dramatically different ways of providing these features.
The following sections present options to help you identify what is important to your
enterprise.

[Link] 1
 Category 1: Resiliency and Failover

The failure of a network link can put users out of business. Losing access to mission-critical
applications can reduce productivity and affect customer service. Rerouting traffic to back-up
links can result in session disconnects and forces high-priority applications to contend with all
other traffic for limited bandwidth, creating even more user dissatisfaction. SD-WAN products
are essential tools for improving resiliency and providing fast failover when a network link
failure occurs.

Reliable Packet Delivery

SD-WAN solutions make packet delivery and application performance more reliable by routing
network traffic along the optimal paths between two points, based on factors like the require-
ments and priority of the application and the capacity and quality of the available paths.
While some SD-WAN products rely on administrators to pre-define paths for all applications, a
better option is to look for SD-WAN products that automatically assign paths based on factors
such as latency.

Problems can still arise, however, when only latency is used as the path selection criteria, when
it's measured only as a round trip value, or when predefined thresholds are used to determine
acceptable latency levels.

More sophisticated SD-WAN solutions select paths using algorithms based on multiple factors
such as packet loss, jitter, and congestion as well as one-way latency. These solutions use a
dynamic analysis of multiple criteria, rather than fixed thresholds, to determine which path
should be used or when traffic needs to be moved to a better path. These solutions do a
better job of matching high-priority applications with the highest quality paths, and of making
adjustments faster when path quality deteriorates.

Example: Fast Detection of a Link Outage Real-time Detection of Outages

When a network link goes down, lost connectivity can interfere with critical business processes
NetScaler SD-WAN appliances tag every and anger users. Even a short interruption can cause users to hang up on a VoIP call or
packet they send with a sequence number teleconference and to restart applications. It can also disrupt virtual desktop sessions, backups,
and information about the packets to follow.
large file transfers, and other key software activities.
This allows the appliance at the destination
to detect path outages after just two or three SD-WAN solutions can detect outages of network links and reroute traffic to alternate paths.
missing packets, so traffic can be rerouted But the amount of time to detect the outage can vary widely. The best products can identify
before users notice any disruption.
outages and take corrective actions in a second or less, making the outages imperceptible
to users (see the Sub-second Detection of Path Outages callout box.) If preventing session
disconnects and interrupted voice calls is important, look for a product that can detect the
outage in less than a second.

An important differentiator is how outages are detected. Products that use a variant of ICMP
Ping to detect an outage have to ramp up probe frequency to decrease the detection time,
creating a trade off between bandwidth overhead and failover time. Products that detect
outages based on actual application traffic are faster at detecting outages and don't incur high
levels of wasted bandwidth.

Lossless Failover
As important as it is to detect an outage quickly, the way in which traffic is moved is equally as
important. The most basic SD-WAN solutions can only start new sessions on the remaining path(s),
leaving any existing sessions to fail. In order to minimize the impact of an outage, it's important to
select an SD-WAN product that can move existing sessions to a new path. As some applications
are sensitive to either loss or jitter, ideally the existing traffic should be moved without loss or
with packet retransmission and reordering. This will prevent the application from disconnecting or
initiating flow control.

Dynamic Path Selection for Failover

If there are more than two paths available when an outage occurs then the SD-WAN solution
must select which path to move traffic to. Some SD-WAN products redirect traffic to a pre-de-
fined backup link. More sophisticated solutions intelligently reroute traffic from high-priority

[Link] | White Paper | SD-WAN Buying Criteria 2

 applications to the remaining paths with the best performance and the lowest packet loss and
jitter, and traffic from lower priority applications to the next-best path with available capacity. This
ensures that high-priority applications not only continue to function, but in most cases suffer no
performance degradation.

Category 2: Quality of Service

Not all applications need the same levels of service from the network. For example, users often
complain if quality is erratic for voice over IP (VoIP calling), audio and video streaming, or if
performance deteriorates for virtualized applications and desktops. In these situations, poor
quality can cause users to stop and restart the phone call, the download, or the virtualized
application, making network performance even worse. But what features in SD-WAN solutions
can guaranty excellent QoS for key applications?

Application Prioritization
SD-WAN products should allow administrators to assign applications to a category such as
high priority," "low priority, real-time or bulk.

More sophisticated solutions allow administrators to create new categories and to control
the parameters of each category. For example, controlling queue depths and drop timers
provides for more granular control over application performance and allows for optimization of
individual application performance.

Traffic Shaping and Bandwidth Reservation

Some SD-WAN products include features for traffic shaping and dynamic bandwidth
reservation. For example, a minimum bandwidth can be specified for a certain class of
application on a given path. This feature ensures that no matter how congested a path
becomes, no important application will ever be forced below a minimum bandwidth
allocation.

A refinement on this approach is to also specify a share for each class of application, so that
when capacity is limited bandwidth will be allocated between them based on their relative
shares.

Dual Ended QoS

Another traffic shaping technique available is detecting backpressure from a destination.
If the SD-WAN appliance at the destination indicates that there is no spare capacity, the
appliance at the source will hold back traffic to that location, and use the resulting free
bandwidth to send packets somewhere else. This promotes efficient use of overall bandwidth
while preventing the destination from being even more overloaded.

Packet Duplication
An advanced SD-WAN solution can ensure high application performance and zero packet loss
by sending duplicate packets from the source location to the destination via two independent
paths. The first packet to reach the destination is used and the second is discarded. This
approach uses some extra bandwidth, but it is a powerful tool for ensuring very high reliability
and quality for applications like VoIP calling, video conferencing, and virtualized desktops.

Link Aggregation
Some advanced SD-WAN products allow traffic from a single session to be divided over two or
more paths that are dynamically linked. This has two important benefits:
Large tasks such as backups and large file transfers can be completed more quickly.
High-priority applications can be given enough bandwidth to perform optimally, even if the
primary path for the application reaches its capacity.

Dynamic Point-to-Point Connections

Applications like VoIP calling, video conferencing and chat often require connections between

[Link] | White Paper | SD-WAN Buying Criteria 3

 two remote points. Sending that traffic through a corporate data center or a cloud platform,
or forcing it to make multiple hops results in excessive latency that can affect application
performance. An advanced SD-WAN solution can create an on-demand connection when one
of these applications starts a session, which utilizes the shortest possible path and dynamically
combines multiple links into a single virtual path. This results in better performance and more
efficient bandwidth usage and is an important feature to look for if your business utilizes VoIP
calling or video conferencing.

Category 3: Application Optimization

Application optimization is accomplished via a set of features that are were traditionally
included in WAN Optimization products. These features are important for WANs with high
latency or limited bandwidth, and are often now included in SD-WAN solutions. If your
organization wants to take advantage of WAN Optimization, look for an SD-WAN vendor that
includes it in an integrated solution.

Compression and Caching

Compression consists of removing unneeded and repetitive data and caching consists of
storing copies of frequently used files at the destination node so they dont have to be
retrieved multiple times across the WAN. These capabilities improve application performance
and decrease congestion on networks, which reduces networking costs.

Example: Accelerating CIFS Advanced Deduplication and Protocol Acceleration

Some SD-WAN solutions provide advanced techniques for application optimization on top of
CIFS is a protocol designed for Windows file basic compression and caching.
sharing on LANs. A client requesting a large
file using CIFS over a WAN might have a read Advanced deduplication includes the ability to cache and reuse individual blocks and bytes,
limit as small as 4KB, forcing the user to wait in addition to entire file objects. A related feature is storing in memory small, frequently used
several minutes to retrieve the entire file.
data streams so they can be accessed extremely fast.
NetScaler SD-WAN understands the CIFS
protocol, so it can retrieve a file over the WAN Another feature to look for is protocol acceleration, where the details of specific protocols
in much larger chunks, dramatically reducing
is used to eliminate unnecessary actions that take up network capacity and slow down
the users wait time.
application performance. Examples include proxying client-server handshakes, reducing
protocol chattiness, and optimizing payloads (see the Accelerating CIFS callout box).

Example: Microsoft Apps and Application Fluency and Video Delivery Optimization
Virtualized Apps Application fluency refers to a technology that can parse application traffic and leverage
knowledge about features in specific applications, rather than treating all application traffic as
NetScaler SD-WAN accelerates Microsoft an undifferentiated stream. (See the Microsoft Apps and Virtualized Apps callout box.)
applications and protocols like Microsoft
365, Microsoft Exchange, Microsoft Video delivery can be optimized by identifying, classifying and caching video files based on video
SharePoint, and the CIFS and NFS protocols, format, as well as by object-level compression of video files. This can result in major bandwidth
as well as applications and desktops that savings and performance improvements when multiple people at the one location view the same
have been virtualized by Citrix XenApp
video.
and XenDesktop. It accomplishes this with
techniques that significantly reduce the Category 4: Routing
WAN traffic required to update screens,
move a mouse, drag and drop objects, copy While SD-WAN started as a pure overlay technology, it has rapidly evolved to be more directly
files and folders, print files, and perform involved in the routing topology. Whether it acts as a router or just participates in routing, it's
other common actions.
important to consider routing requirements in an SD-WAN selection process.

Route Learning and Advertising

Support for dynamic routing protocols helps with the insertion of an SD-WAN appliance into the
network. By listening for route changes and advertising its own routes, the SD-WAN solution can
easily adapt to changes to the network and eliminate the need for manual route changes. Some
solutions only support static routing or support a limited number of protocols, making network
insertion more difficult and creating a need for manual updates when subnets and routes change.

WAN Edge Mode

Many SD-WAN solutions can act as a router in the network, effectively replacing the existing

[Link] | White Paper | SD-WAN Buying Criteria 4

 WAN edge router with one that can provide traditional SD-WAN services and router services.
Some vendors require their appliance to act as the edge router, some don't allow it, and some
require all appliances in the network perform the same role. For enterprises with offices of
many different sizes or who want to gradually replace their existing routers with SD-WAN
appliances, it's important to look for a solution that can operated in a mixed mode.

Category 5: Data and Application Security

Data Protection
It's important to secure data as it leaves the corporate perimeter. Most SD-WAN solutions
use IP-SEC encryption to protect data on the WAN. Ideally the administrator has the ability to
select encryption levels and to control whether data is encrypted across public and private
links. Additional security features to look for are rotating encryption keys and data integrity
checksums.

Tunnel Inspection
A few SD-WAN products can also inspect SSL/TLS encrypted tunnels. This allows them to apply
traffic shaping to traffic from Facebook, YouTube, Twitter, Google Apps, Box, [Link],
GitHub, and the many other web applications that use SSL/TLS encryption.

Data Segmentation
An advanced security feature offered by some SD-WAN solution is data, or route, segmentation.
This allows traffic to be segmented across the WAN, with different routes and policies applied
to each segment. Data can be segmented by VLAN, application or source. Companies with guest
WIFI, partner or vendor access or who process payment and health data may want to consider a
solution with data segmentation.

Category 6: Deployment Options and Scaling

Physical and Virtual Appliances

An important consideration when selecting a solution is the available form factors. Hardware
solutions offer ease of installation and a single purchase point. Software solutions provide
more flexibility and often a lower price point but require additional hardware purchases.
Consider your requirements now and in the future, or choose a vendor with both form factors
in order to maximize choice in the future.

Example: Cloud Deployment Cloud Appliances

As more applications and data move to the cloud, it's important to extend SD-WAN
NetScaler SD-WAN can be deployed functionality to the edge of the cloud. While a virtual version can be deployed manually to
as a virtual appliance on the cloud in the cloud, some vendors offer SD-WAN appliances in large private and public cloud vendors,
environments such as Amazon Web Services
including Amazon Web Services, Azure, Google Cloud and Equinix.
(AWS). That allows NetScaler SD-WAN to
provide latency-aware path selection, QoS, Zero-touch Deployment
traffic shaping and other advanced features
A hallmark of SD-WAN solutions is the ability to centrally define configurations and policies,
to traffic flowing to and from cloud-based
removing the need configure individual appliances. Zero-touch deployment takes that a
applications.
step farther and adds the ability for appliances to be easily added to a network without any
Through its relationship with Equinix, technical staff involvement. The most common approach is for an appliance to contact the
NetScaler SD-WAN can also sit on the edge network controller upon turnup and automatically pull down its configuration information. This
of the cloud and provide reliable and quality is a critical feature for large enterprises or those without IT support staff in remote locations.
access to a hybrid cloud environment.
Category 7: Administration and Troubleshooting

Some SD-WAN products need more effort to configure and manage. Administrators should be
concerned about solutions that use command-line type commands for some activities, depend
on manual selection of paths, or require configuration tasks on each individual appliance.

More advanced solutions provide an easy-to-use GUI interface, use algorithms to select
paths automatically, and include tools to push out configuration changes quickly to multiple
appliances. A few also implement a true software defined networking approach that

[Link] | White Paper | SD-WAN Buying Criteria 5

 allows all appliances and virtual appliances to be configured centrally based on application
needs rather than underlying hardware.

Example: Analytics Administrators should also evaluate the analysis and troubleshooting tools that work with
the SD-WAN solution. Desirable features include:
NetScaler Insight Center collects data from
NetScaler SD-WAN appliances and provides A dashboard with useful charts, maps and diagrams.
visibility into the behavior of over 200 Visibility into the status, utilization and performance of individual network segments.
enterprise applications. It can use industry-
standard AppFlow data reporting formats to Visibility into the end-to-end performance of a wide range of applications.
feed data to third party analytics tools from Integration with third party analytics and troubleshooting tools.
organizations like Splunk and Solarwinds. The
HDX Insight module within Insight Center The ability to replay traffic flows over time and observe the effect of changes in application
can provide extremely detailed reporting and usage and network conditions.
analysis of XenApp and XenDesktop activity,
including application launches, bandwidth Category 8: Vendor Experience and Level of Support
usage, response times and errors by
application, by user group, and by individual SD-WAN technology is improving rapidly, and the vendor landscape is changing. To maximize
user. their return on investment now and in the future, enterprises should look for vendors who
have long-standing track records for industry leadership and customer satisfaction, as well as
world-class support, sales, and channel organizations.

Conclusions

SD-WAN products have been proven to increase application performance and reliability and to
dramatically reduce the costs of expanding and managing wide area networks. But SD-WAN
solutions are not the same. Evaluators should weigh alternatives based on the features and
levels of capabilities outlined in this paper in the areas of:
Resiliency and failover
Prioritization and Quality of Service
Application optimization
Routing
Data and application security
Deployment options and scaling
Administration and troubleshooting
Vendor experience and level of support

You can use the checklist on the next page to compare several products using these criteria.
Of course, potential buyers should also validate the capabilities most important to them by
looking at each vendors customer base and performing hands-on trials where appropriate.

Citrix invites you to explore how an advanced SD-WAN solution can address the business and
technical requirements of your enterprise. For more information, visit [Link]/sdwan.

[Link] | White Paper | SD-WAN Buying Criteria 6

SD-WAN Major Features Checklist
Category Feature Citrix NetScaler SD-WAN Vendor 2 Vendor 3
Resiliency and Failover Reliable packet delivery
Real-time detection of outages
Lossless failover
Dynamic path selection for failover
Quality of Service Application prioritization
Traffic shaping and bandwidth reservation
Dual ended QoS
Packet duplication
Link aggregation
Dynamic point-to-point connections
Routing Route learning and advertising
WAN edge mode
Application Optimization Compression and caching
Advanced deduplication
Application fluency
Video delivery optimization
Security Data security
Data segmentation
Tunnel inspection
Deployment and Scaling Physical and virtual appliance
Cloud appliance
Zero-touch deployment
Administration and Graphical dashboard
Troubleshooting
Application visibility
Integration with third party tools
Vendor Experience and Track record for industry leadership and customer
Level of Support satisfaction
Worldwide support, sales, and channel organizations
Overall Assessment:

About Citrix
Citrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management,
networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power
business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and
communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in
use at more than 330,000 organizations and by over 100 million users globally. Learn more at [Link].

Copyright 2016 Citrix Systems, Inc. All rights reserved. Citrix, XenDesktop, XenApp and NetScalere are trademarks of Citrix
Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company
names mentioned herein may be trademarks of their respective companies.

[Link] | White Paper | SD-WAN Buying Criteria 7