The Ultimate Guide to SD-WAN Systems

Multi-site WAN systems are an integral piece of the operational puzzle for enterprises with multiple locations to manage. An enterprise seeking to connect its multiple locations and remote team members must consider a wide variety of factors that will affect overall costs as well as network performance. Building a multi-site WAN isn’t just about establishing a connection; it’s also about optimizing your network to drive business goals.

In this comprehensive guide to multi-site WANs, we describe the best way to go about a multi-site WAN deployment, the challenges enterprises encounter in the process, and best practices for solving them.

How to Design a Multi-Site WAN System

Designing a multi-site WAN that can support voice, video, data, and LAN traffic requires a careful inclusion of company goals. You’ll also need to consider emerging technologies as well as ever-changing security needs and network throughput.

The first step is to consider your enterprise and its goals, including:

  • Planned applications
  • Connectivity to outside entities (suppliers, customers, and stakeholders)
  • Local and remote access requirements
  • Competitive considerations

These goals will be largely influenced by whether you intend to build a new network from scratch, update an existing network, or integrate your network with other networks.

The next step is to conduct a WAN investigation. Assuming you have an existing network, you should continue the process by creating an inventory of the network with identification of the circuits and hardware, software supporting the network, and all network-related costs. Measure network performance in terms of throughput, dropped packets, and latency to determine your baseline.

If you’re creating a multi-site WAN from a combination of fixed private lines and virtual private networks (VPNs), you’ll need a WAN designed for traffic generated at each network node plus remote-user and inter-node channel traffic. Once these traffic patterns are identified, the design of the network can be initiated.

Next, you’ll need to engage in discovery, which identifies each of the components residing on the network, often through software that can locate and describe all devices on the network. Performance analysis will then help you examine how the network is working in areas such as bandwidth, throughput, and latency. This can be done using a network analyzer.

For most multi-site WAN deployments, the design may be best left to experts. Consider utilizing a managed services provider to design, install, and monitor network performance once the installation is complete.

It’s also critical to consider the impact of placing a new application on your network. With regard to your WAN resources, keep the following in mind:

  • Latency: It can take a long time for data to be transmitted across a WAN, so include protocols that require receivers to acknowledge delivery of data so you can get an accurate measurement of travel time.
  • Packet Loss: Even in a well-designed multi-site WAN, you may lose packets due to errors or the intentional removal of certain traffic to maintain performance levels.
  • Retransmission: Lost packets in a reliable network will be retransmitted, but this introduces delays from resending as well as a delay in waiting for the data to be received in the correct order.
  • Throughput: This refers to the amount of traffic a given network can carry and is usually expressed in terms such as megabits per second.

Additional factors can impact WAN performance, such as compression, encryption, and network signaling.

WAN capacity planning should be performed before network installation as well as on a relatively regular basis. The following steps offer a methodology for capacity planning:

  1. Gain a clear understanding of network activities, including voice communications, email, and remote access.
  2. Examine service and usage requirements.
  3. Assess network performance with data from endpoints, switches, and routers.
  4. Review performance audit reports.
  5. Evaluate bandwidth demand versus infrastructure support.
  6. Determine the type and number of devices the network will support in the future.
  7. Analyze present network configurations.
  8. Determine the total amount of bandwidth required, and evaluate the type of circuits needed to support traffic.
  9. Analyze network redundancy requirements and their impact on capacity.
  10. Test and validate multi-site WAN to measure how traffic generators perform with network design software.

Finally, to adequately support bandwidth requirements, it’s important to keep an eye on emerging opportunities. Consider the following factors:

  • Number of users, both current and potential, consuming network resources
  • Network activities, including email, audio and video, file transfers, and applications that support data transfers
  • Devices used on the network
  • Expectations for performance and speed
  • The frequency of data being downloaded and uploaded
  • Security concerns, including data encryption

Want this resource as a free PDF?

The Challenges of a Multi-Site WAN Deployment

Traditional multi-site WAN deployment is facing new challenges that make it difficult to ensure the performance and security necessary for today’s IT environment.

Applications demand real-time connectivity, high bandwidth, and the ability to exchange voluminous data transmissions with applications housed in the cloud.

The security perimeter has all but disappeared among remote users and mobile devices.

B2B partners exchange information freely but demand encryption and other security features for safe transmission.

Enterprises also struggle with the ability to connect various transport methods such as MPLS, internet, and LTE.

Weak encryption policies result in security vulnerability, and the enterprise racks up compliance penalties because of a lack of segmentation required by industry regulations.

In a multi-site WAN deployment, the benefits introduced to the network often do not extend to those operating outside the data center.

There may be a poor user experience when accessing a cloud application because the architecture of the network is too centralized.

Delays are also frequent when introducing new applications and services in a multi-site WAN deployment.

So how does an enterprise solve the challenges of a multi-site WAN deployment? SD-WAN is increasingly being adopted to address these challenges. Adding a virtual layer over the physical network removes many of the problems associated with traditional networking approaches:

Visibility and Control: Network operations teams can access troubleshooting, configuration, and segmentation tools, all from a centralized virtual overlay. This benefit is also evident when onboarding a new branch location. SD-WAN zero-touch provisioning can introduce a new location to the network in a matter of hours.

Network Segmentation: One of the greatest advantages of SD-WAN is the ability to set business policies that automatically route network traffic based on type, application, or user. Segmentation improves performance across the network, ensuring that bandwidth loads are adequately managed for areas such as voice and video communications as well as collaboration software requiring real-time communications.

Agility: New business partners requiring a vendor connection and new cloud solutions can be added to the network with ease. Enterprises find that decisions made are more quickly actionable because there is no bottleneck at the network level.

Reduce Networking Costs: Many enterprises find that, by optimizing data transmissions based on type, they can reduce their spending on more reliable but costlier MPLS pathways. SD-WAN also reduces networking costs through its categorization as an operating expense rather than a capital investment.

Want this resource as a free PDF?


Best Practices for Multi-Site WAN Deployment

Launching a multi-site network requires an in-depth understanding of how multi-site networks operate. Enterprises often find that outsourcing network deployment to an experienced team is the most beneficial approach. A good outsourced technology partner will provide dedicated field engineers to facilitate the successful deployment of a multi-site WAN.

To ensure a successful transition to the new network infrastructure, field engineers typically complete the following steps:

Site Survey:

A service provider begins by conducting a complete site survey to better understand the requirements for a multi-site network and the project’s scope. This information will help the provider create a comprehensive strategy for preventing any unexpected challenges during deployment as well as proactively address common pitfalls.

Customer Premises Equipment:

The field engineers will assess the mounts, cabinets, and racks to ensure suitability. Customer premises equipment (CPE) includes servers, routers, switches, voice gateways, and VoIP phones. Field engineers will take an inventory of CPE, order any missing items, and handle the setup and installation.


The activation of the WAN circuit will allow your computers to connect over geographical distances by linking each location’s LAN. While activation is generally a simple process, there can be issues such as a loss of signal strength. An on-site field engineer ensures that these issues are quickly resolved so that you don’t experience any lengthy work interruptions.

LAN Cutover:

Connecting multiple LANs from various sites can introduce some risk, specifically related to the functionality of applications and systems for each site. An experienced field engineer that specializes in multi-site network deployment can ensure uninterrupted business. This specialist in LAN cutover implementation will conduct comprehensive testing to verify successful deployment.


Once all testing is completed, the field engineer will turn the control of the multi-site network over to the enterprise. Your provider should continue to offer problem resolution as issues arise to avoid lengthy downtime.

How to Effectively Manage Multi-Site WANs

Supporting consistent service standards across all locations while consolidating operations can be challenging to an enterprise. Fortunately, there is advancing technology for successful multi-site WAN management:

Virtual Private Networks. One common approach to creating a centralized networking architecture is through VPNs, which offer a private connection between sites over a public internet line. This is a cost-effective way to securely transmit data faster than a typical WAN connection. VPNs also offer security in the form of virtual tunnels, which encrypt data traffic upon entry and then offer decryption at the other end.

Centralized Data Access. Enterprises adopting VPNs can also implement a data repository at a centralized location. This approach is ideal for data that is not critical but still needs to be stored and accessed remotely. There are several advantages to cloud data storage and, with some networking approaches, your network can be configured to allow data to be transmitted directly to a cloud server rather than backhauling to a central network and then out to the internet.

Software-Defined Networking. SDN allows for remote configuration of the network, so that network engineers stationed at headquarters can repair and troubleshoot network problems at the branch location. It separates data and control planes, enabling greater efficiency for management and allowing for policies to be established across the network.

SD-WAN. Multi-site WAN management is significantly improved with SD-WAN. It further optimizes networking, connecting locations over a wide geographical area and supporting high-bandwidth cloud applications. Here are several reasons why SD-WAN makes multi-site WAN management easier and more cost-effective:

Eliminates the need for multiple devices. SD-WAN uses network function virtualization (NFV) to run multiple services from a single device and offers a streamlined, more simple network configuration.

Reduced security risk. SD-WAN is an inherently more secure networking approach, simply because it offers better visibility and the ability to segment network traffic.

Deploying new branches. SD-WAN offers zero-touch provisioning. It also allows for centralized control, which means you can troubleshoot and configure new branch locations.

Reserving MPLS for mission-critical transmissions. MPLS can be reserved for applications that demand real-time connectivity, such as voice and video or collaborative tools, while email and recreational social media use can be transmitted over broadband.

Faster access to new cloud applications. New solutions can be added quickly and without disruption to the network. Higher bandwidth accessibility results in predictable performance for new applications as they are added to the network.

Cost reduction. Implementing SD-WAN can prevent your networking costs from spiraling out of control as bandwidth demands increase. Replacing some of your MPLS pathways with public internet helps absorb some of the increased bandwidth and keeps you from having to choose between performance and affordability when it comes to networking.

Enterprises can address some of the challenges of multi-site WAN management by taking a networking approach with a virtual overlay.

SD-WAN Versus MPLS for Multi-Site WANs

Determining how to best support the various solutions that require real-time connectivity and a high level of reliability can be complicated. Weighing SD-WAN versus MPLS is a common discussion happening in enterprises across the globe.

While MPLS has traditionally been a reliable pathway for data transmissions, the increased adoption of bandwidth-heavy solutions — and the need for agility in networking — has led to many organizations adopting SD-WAN. Here are the considerations to keep in mind when weighing SD-WAN versus MPLS:



SD-WAN helps organizations reduce costs, intelligently manage network performance, and scale network features and functions.

You can save on costs by replacing MPLS lines and by avoiding any upfront investment in hardware.

SD-WAN lets admins dial-in performance levels. It also offers configuration benefits with the ability to fine-tune the solution to offer the QoS level your applications require.

SD-WAN also offers scalability, simplicity, and flexibility. Onboarding a new branch location is quick and easy compared to the process with MPLS, and adding new applications is also simple.


The benefits of SD-WAN require total cloud commitment so, for a company without enough investment in cloud solutions, it may not be worth it to implement SD-WAN.

Switching to SD-WAN could present implementation difficulties if there’s a legacy application that the enterprise depends on that is incompatible with SD-WAN.



MPLS is reliable, keyed to minimum performance guarantees, and offloads some management requirements.

MPLS has built-in QoS, preferentially treating network traffic in its design, so dropped packets are nonexistent with MPLS.

An MPLS solution will come with an SLA that specifies minimum performance requirements.

With MPLS, providers do the heavy lifting. MPLS also generally allows the enterprise to require fewer IT professionals for WAN engineering, providing cost savings on IT labor.


The cons of MPLS when weighing SD-WAN versus MPLS generally come down to cost. Using MPLS can run enterprise costs that are several times that of broadband.

With MPLS, you’re relying on the carrier overseeing it. If they’re having difficulty with infrastructure, your service will be disrupted.

MPLS is not optimized for cloud use. It was around long before cloud solutions were being implemented, and it’s simply not ideal for the high-volume traffic flows that come with the cloud.

MPLS on its own may not be agile enough to support enterprises prioritizing cloud migration.

How Multi-Site WANs Benefit from SD-WAN

Determining how multi-site WANs benefit from SD-WAN requires an understanding of the pain points associated with managing a multi-site WAN. From congestion to complexity, there are a number of issues that SD-WAN solves. SD-WAN places a virtual layer over the physical network, separating the control plane from the underlying operations. This networking approach introduces a variety of important benefits for growing enterprises pursuing cloud migration:

With virtualized network management, administrators access configuration, troubleshooting, and management tools from a centralized dashboard. This means they can take advantage of zero-touch provisioning and assist a branch location with network troubleshooting or bring them online from headquarters.

The SD-WAN router is able to automatically determine what type of pathway is best for any given data transmission based on business policy. If a link is congested or at risk for jitter or another element that compromises performance, it will redirect the transmission to the next best pathway. It can also prioritize traffic that requires real-time connectivity over traffic that can lag slightly.

SD-WAN extends the network beyond any physical boundary, equipping remote employees with the ability to access network resources no matter where they are working.

Traditionally, VPNs have run on MPLS pathways, which are secure and reliable but also costly. SD-WAN allows enterprises to eliminate MPLS or reserve it for high-priority transmissions and run other traffic across less costly links. In addition, when you implement SD-WAN for your network infrastructure, there’s no initial investment in hardware, and you’ll pay for your networking through a monthly subscription.

When you use SD-WAN for a multi-site WAN, you’ll have automatic failover. When there’s an interruption in the MPLS line, the SD-WAN device will, for instance, automatically route traffic to public internet links.

With SD-WAN, you can scale up or down in minutes. This is a particularly attractive benefit for enterprises in retail or other industries where seasonality is a factor, or where kiosks and pop-up locations need to tap into the network for short periods of time.

Depending on the way you access SD-WAN, managing the network can become far more simplified. You’ll be able to drill down to granular levels of network functioning in the centralized dashboard and generate reports that help you evaluate performance and pinpoint where adjustments are necessary.

Through extensive traffic segmentation and prioritization capabilities, network administrators can evaluate QoS for applications and align network settings to support the needs of each application.

How VPNs Impact Multi-Site WAN Systems

Employees of a multi-location business must be able to access the same systems and data that are available at headquarters — without exposing the network to outside threats. You can equip your employees with uninterrupted, secure connectivity by implementing VPNs in a multi-site WAN.

The VPN creates a secure tunnel between two locations using the internet. The data is encapsulated in the tunnel, securing it from any threat in transmission. There are two main choices when deciding how to configure VPNs in multi-site WAN:


In a hub-and-spoke topology, the infrastructure calls to mind a wagon wheel with a centralized main office and a spoke coming out to each of the branch locations. A secure and separate tunnel extends out to each site. Any inter-site traffic must travel through the central hub before passing out to the destination. It does not work as well for business settings where there are many transmissions between branch locations because everything must pass through the hub. It is also not ideal for a company that utilizes numerous cloud solutions because all data volume is backhauling to the hub before going to the cloud solution and can cause congestion in the network.


VPN mesh topology enables each VPN router to communicate directly with the other VPN routers. Several secured tunnels extend to all of the other sites, and data can travel between those sites without moving first through the main office. In a setting where branch locations extensively communicate with one another, this topology prevents a bottleneck at the main office. It also ensures that all other branch locations can continue functioning if one of the locations is down. If the amount of branch locations exceeds a certain number, however, it becomes prohibitive to use this model, based on the number of tunnels that a device can support at any given location.

Before implementing your VPN configuration, it’s important to also consider the following aspects of how your network infrastructure will best function:


Your WAN setup is how your VPNs connect to the network that is outside of your physical office. You need to first consider the type of IP addresses you received for the location.

If you have a static IP address in at least one location, a VPN tunnel is simple to establish.

A situation in which neither site has a static IP address but, instead, dynamic IP addresses, it’s a bit more complicated. You’ll need to create an anchor by setting up a fully qualified domain name (FQDN) and register at least one of the sites with a dynamic domain name server (DDNS) service. This will ensure that your router can be reached even if your IP address changes.


Your LAN setup involves the network that your router connects to inside your physical office. You should not need to make changes to your LAN unless the two sites you’re connecting have the same IP address and you need to ensure that the two ends are not on the same subnet.

When choosing how you’ll implement VPNs in multi-site WAN, it’s important to consider how your sites communicate with one another and how frequently they collaborate. You will also want to consider whether your enterprise plans to invest in cloud solutions and digital transformation initiatives, which can significantly increase traffic volume and may also create congestion in a hub-and-spoke topology. A mesh topology makes cloud data transmissions more efficient.

Solving the Multi-Site WAN Application Delivery Challenge

A multi-location enterprise can spend months planning the rollout of a cloud solution, but when it’s deployed across the entire organization, performance issues often emerge. These performance issues may immediately be designated as network problems even if the infrastructure is supporting other applications for superior delivery.

There are several requirements for an effective multi-site WAN strategy that ensures reliable connectivity and effective application delivery:

Outbound Load Balancing:

An optimized multi-site WAN solution offers outbound load balancing for bandwidth as well as failover.

Inbound Load Balancing:

The WAN micro-appliance acts as the domain name server (DNS). The appliance captures all available WAN links and advertises them to the DNS caching servers to resolve the domain names with a round-robin approach. This allows all initiated sessions to benefit from load balancing by including all available links.


The delivery of multi-site WAN optimization offers built-in failover that’s crucial for any size enterprise relying on cloud solutions for business processes.


Not all multi-site WAN solutions offer security features that are native to their designs. Look for built-in firewalls and additional security features that not only add protection, but also reduce the cost of support and minimize the complexity of maintenance and management.

The performance of the multi-site WAN directly impacts application response time, including not only transaction time, but also the performance level users experience at a remote branch location. While performance is essential for any networking solution, it becomes more critical for a WAN infrastructure. As the central point of aggregation, it must support high levels of network traffic. To support this performance, multi-site WAN must be able to intelligently prioritize network traffic — particularly during times of heavy congestion.

SD-WAN is an advanced approach to multi-site WAN, bonding multiple links into one high-bandwidth channel to ensure maximum performance for all applications. If one pathway experiences an interruption or a performance issue, SD-WAN automatically routes the traffic to the next-best link. Many SD-WAN solutions offer not only an intelligent load balancing and failover solution, but also include built-in firewalls and other security features. In addition, because the solutions rely on traffic segmentation for load balancing, they are also able to isolate and protect any network area that is threatened.

Building multi-site WAN systems is an intricate process that goes beyond simply establishing connections. No matter how many locations are involved, optimization of the network to drive business goals is the priority. Intelligent design and effective management are key to creating multi-site WAN systems that are cost-effective, scalable, and secure. At TailWind, we have the expertise to help you build a multi-site WAN that simplifies the way your enterprise operates. Get in touch with us today to learn more.