Digital transformation and cloud computing have prompted software-defined wide-area networking (SD-WAN) to replace the traditional WAN for remote and branch office deployments. While SD-WAN provides many benefits, the ability to effectively orchestrate the multitude of efficient data flows that SD-WAN delivers is becoming critical.

At the heart of every modern SD-WAN solution is a centralised management system called a service orchestrator that “orchestrates” traffic and optimises the available bandwidth. A service orchestrator also manages the SD-WAN service lifecycle, including fulfilment, analytics, performance monitoring, security, and policy management. 

We’ve selected 7 market-leading SD-WAN providers and present an overview of the main features of their orchestrator offerings.

What Is SD-WAN?

In simple terms, SD-WAN is a software-driven WAN solution that enhances WAN connectivity between sites. As stated earlier, SD-WAN employs a cost-effective mix of direct-to-the-internet broadband, LTE, 4G, and 5G WAN connectivity to connect data centres and local branch sites. 

These connections are encrypted, and administrators can prioritise specific traffic/application types across numerous lines and at every site. SD-WAN allows enterprises to expand their network across any distance and deliver essential services at a reduced cost.

A centralised management system orchestrates the traffic flows and ensures optimised use of available bandwidth. SD-WAN can also monitor each WAN circuit for load times and delays and direct traffic accordingly.

What Is SD-WAN Orchestrator?

What Is SD-WAN Orchestrator?

Perhaps the most significant advantage of modern WAN services is that the orchestration and delivery of these services can be aided by software. Thus, SD-WAN connectivity is delivered as a service using software orchestration.

SD-WAN can deliver enterprise services such as Virtual Private Networks (VPNs), WAN acceleration, and bandwidth optimisation. By using Commodity Off-The-Shelf (COTS) hardware in branch offices, SD-WAN as a service using orchestration can be delivered with virtual customer premises (vCPE) or light CPE equipment.

In order to deliver a robust SD-WAN solution, service providers, including Securus, uses an orchestration platform to manage the service in the most granular way possible. A combination of Software Defined Networking (SDN) controller and network virtualisation software enables automation for the provisioning and operation of a highly developed WAN infrastructure for head office, branched, hubs sites, and remote workers.

The SDN controller is the brain of the platform that oversees the network. When combined with the other virtualised network components, the SDN controller works as a Virtualised Infrastructure Manager (VIM) and manages network resources. 

The orchestrator also manages service chaining, which involves several services or applications working together. They are linked from a data centre to supply the customer with the specific combination of services they need. Service chaining connects virtual network functions (VNFs) like a VIM to perform Network Function Virtualisation (NFV).

Another goal of SD-WAN orchestration is to enable customer provisioning. With it, a customer accesses a web portal and orders services, which are then automatically configured and delivered with the SD-WAN platform. All associated tasks are automated and require no human action. Instead, it requires only the aid of interoperable SD-WAN tools and protocols, including Application Programming Interfaces (APIs) and automated configuration standards.

SD-WAN Orchestrator – 7 Market-Leaders

Coming up are 7 of the market-leading SD-WAN providers and the main features of their SD-WAN orchestrator offering.

1. VMWare SD-WAN Orchestrator Overview

VMWare SD-WAN Orchestrator Overview
Image Credit: VMWare

VMWare Orchestrator orchestrates data flow through the SD-WAN environment and provides customers with centralised installation, configuration, and real-time monitoring. The intuitive user interface is web-based and enables your team to configure and manage partners, customers, users, gateways, and authentication modes. (source: VMWare SD-WAN Product Documentation)

Main features of VMWare Orchestrator:

  • Cloud-Hosted or On-Premises. Although the service provider can place the SD-WAN Orchestrator on-premises per the customer’s preference. However, the most common option is cloud-delivered.
  • Centralised Management – SD-WAN Orchestrator provides centralised visibility and monitoring as well as control of the cloud from one location. 
  • Zero-touch deployment across distributed locations while enabling automatic policy and firmware updates.
  • Business Policy Automation – SD-WAN Orchestrator enables your admin team to implement network-wide business-based policies, making application delivery more efficient and simplifying application traffic management.
  • Virtual Service Insertion – SD-WAN Orchestrator features one-click provisioning of virtual services within a branch, the cloud, or your enterprise datacentre.
  • Real-Time Monitoring – SD-WAN Orchestrator constantly monitors link and path quality. It does the same for application performance analytics.

2. Cisco vBond SD-WAN Orchestrator Overview

Cisco vBond SD-WAN Orchestrator Overview
Image Credit: Cisco

The Cisco vBond Orchestrator is an additional software module that authenticates both Cisco vSmart Controllers and edge routers in the SD-WAN overlay and orchestrates connectivity.

To control the flow of data traffic throughout the network, Cisco vBond Orchestrator works alongside Cisco vSmart Controller to authenticate and orchestrate edge devices joining the SD-WAN network. (Source: Cisco SD-WAN Configuration Guide)

The main functionality of Cisco vBond Orchestrator:

  • Automatically orchestrates connectivity between the SD-WAN edge routers and multiple Cisco vSmart Controllers.
  • It serves as an initial NAT-traversal orchestrator should edge routers, or Cisco vSmart Controllers are behind a NAT service.
  • The Cisco vBond Orchestrator orchestrates initial control connectivity between Cisco vSmart Controllers and SD-WAN edge routers.
  • With a multi Cisco vSmart Controller design, Cisco vBond Orchestrator performs load balancing of edge routers across all Cisco vSmart Controllers.

3. Versa Concerto SD-WAN Orchestrator Overview

Versa Concerto SD-WAN Orchestrator Overview
Image Credit: Versa

Versa Concerto is Versa’s orchestration platform that uses a single pane of glass to streamline the creation, automation, and delivery of SD-WAN services using the Versa Operating System (VOSTM).

Providing a complete set of end-to-end orchestration functions, Versa Concerto includes the simplification of SD-WAN deployment processes such as configuration, implementation and zero-touch-provisioning. (Source: Versa Concerto Datasheet)

Additional features of Versa Concerto SD-WAN orchestrator:

  • It provides granular policy definitions and group policy objects for simplified and rapid provisioning of edge routers.
  • For single and multitenant networks, devices can be deployed over one or more instances of underlying Versa Director.
  • Pre-defined and custom roles at Provider and Tenant levels
  • Orchestrates a simplified 5-step deployment process and provides deployment-specific alarms visibility.
  • Versa Concerto provides various views, including; dashboard views, map views, site views, and granular edge router views.
  • A single pane of glass, even for multiple instances of Versa Analytics, to assist multitenant solutions.

4. Fortinet SD-WAN Orchestrator Overview

Fortinet SD-WAN Orchestrator Overview
Image Credit: Fortinet

The Fortinet Secure SD-WAN Orchestrator provides the ability to simplify centralised deployment using automation to save time and respond quickly to business demands. Fortinet SD-WAN Orchestrator runs on FortiManager as a management extension. 

This centralised orchestrator provides intuitive workflow and strategises application distribution between branch offices. Automated VPN overlay provides interlaced connectivity across branch offices and regional hubs. 

Furthermore, Fortinet Secure SD-WAN Orchestrator provides enhanced analytics for WAN link availability and analytics for performance Service Level Agreements (SLAs), application traffic in runtime, and other historical statistics. Armed with this data, infrastructure teams can troubleshoot and resolve network issues. (Source: Fortinet SD-WAN Orchestrator Guide)

Additional benefits of Fortinet’s SD-WAN Orchestrator include the following:

  • Performance SLA-based business policies
  • Optimised application and network performance
  • Simplified and more intuitive workflows
  • Complete overlay automation
  • Dynamic-link health monitoring

5. Silver Peak (HPE) SD-WAN Orchestrator Overview

Silver Peak (HPE) SD-WAN Orchestrator Overview
Image Credit: Silver Peak (HPE)

Silver Peak Orchestrator is a cloud-based, secure, multitenant management Software-as-a-Service (SaaS), allowing service providers to manage and monitor global SD-WAN services centrally.

What makes this possible is an intuitive Graphical User Interface (GUI), which provides detailed visibility levels, control, and management for all users. At the same time, administrators can centrally configure and manage secure, customised SD-WAN deployments with zero-touch provisioning. (Source: Silver Peak Service Provider Unity Orchestrator Guide)

Key features of Silver Peak OrchestratorSP include:

  • Provides a single-screen administration that automates overlay policies for each network application and eliminates manual device configuration at branch locations.
  • Scalable multitenant administration supports SD-WAN deployments up to thousands of individual enterprise customers.
  • Live view monitors real-time throughput, latency, loss, and jitter over SD-WAN overlays and underlying transport services to identify potential performance impacts.
  • Presents real-time customer monitoring and historical reporting that deliver granular visibility for location, application, and network statistics.

6. Citrix SD-WAN Orchestrator Overview

Citrix SD-WAN Orchestrator Overview
Image Credit: Citrix

Citrix SD-WAN Orchestrator service is a cloud-hosted, multitenant management service designed for enterprises that prefer in-house control. In addition, Citrix partners use Citrix SD-WAN Orchestrator to manage customers with a “single pane of glass” management platform. (Source: Citrix SD-WAN Orchestrator Guide)

The following are some additional capabilities of Citrix SD-WAN Orchestrator:

  • Multi-tenancy and Role-Based Access Control (RBAC) enables Citrix partners to onboard and manage multiple SD-WAN customers using that “single pane of glass.”
  • The centralised configuration of SD-WAN networks provides guided workflows, profiles, and visual aids.
  • Zero-touch provisioning brings up networks and connections.
  • Application-centric policies include application-based traffic steering, firewall policies, and Quality of Service (QoS) that can be configured globally.
  • Centrally monitors network health, usage, quality, and performance. It also drills down to individual sites and their associated connections.
  • Troubleshooting features include device and audit logs and diagnostic utilities, including Traceroute, Ping, and Packet Capture.
  • It includes the prerequisites needed to use the Citrix SD-WAN Orchestrator service.

7. Oracle SD-WAN Orchestrator Overview

Oracle SD-WAN Orchestrator Overview
Image Credit: Oracle

Oracle SD-WAN Orchestrator contains a cloud-based platform that executes lifecycle management and monitoring for an Oracle SD-WAN deployment. It delivers a centralised, efficient, and easy-to-deploy suite of provisioning and monitoring SD-WAN tools designed to run an Oracle Cloud Infrastructure (OCI).

Oracle SD-WAN Orchestrator is a secure multitenant OCI SaaS application, and it manages the devices running the Oracle SD-WAN Edge software. Once a customer accesses the Oracle SD-WAN Orchestration Cloud, they can leverage the service to provision and monitor their SD-WAN devices no matter where those devices are physically deployed. (Source: Oracle SD-WAN Orchestration Cloud)

Key features of Oracle SD-WAN Orchestrator related to lifecycle management include the ability to do the following:

  • Access the service from any location
  • Initialise the SD-WAN configuration
  • Perform continual WAN administration
  • Define and enforce application policies
  • Configure, implement and enforce firewall and security requirements
  • Perform on-premises SD-WAN Edge software upgrades if requested

Who Do We Recommend?

As with most network requirements, one size does not fit all, and each vendor offers a different set of features on their SD-WAN underlay, overlay, and orchestrator. In general, we recommend either Fortinet or Silver-Peak (HPE) for small to medium-sized SD-WAN deployments. Cisco, Versa and VMWare are more suitable for large-scale SD-WAN deployments. Oracle and Citrix are recommended for highly scalable cloud-hosted SD-WAN orchestrator solutions.

Securus Communications can work with you to identify the most suitable vendor for your precise SD-WAN and orchestrator needs. Whether you are simply considering SD-WAN or about to engage in an RFP/ITT, if you require an experienced and impartial technology partner, please get in touch.


In summary, the orchestrator is a vital piece of the SD-WAN and SD-Branch puzzle that enables enterprises to realise the best application experience and network performance across all their networks, including branch offices and remote locations. 

An orchestrator provides intuitive, simplified workflows, overlay automation, zero-touch provisioning, performance and SLA-based business policies, dynamic link health monitoring, essential analytics for troubleshooting, and more.

If you currently have an MPLS based WAN and are yet to fully embrace SD-WAN, you may want to read our article Will SD-WAN Completely Replace MPLS.

From anti-malware, anti-phishing, SEO poisoning, and 2FA to SASE and cloud-based air-gap immutable backup storage, Securus has a security solution to suit your requirement and budget. If you would like to discuss your network security requirements in more detail with one of our cyber security professionals, please don’t hesitate to get in touch.

Further Technology Articles