With the usual IT acronyms being thrown around there is an element of confusion around software defined systems.  We’ll attempt to dispel some of the confusion in this document.

Software-defined Wide Area Network (SD-WAN) deployments combine advanced networking hardware with virtualisation to improve WAN bandwidth efficiency, application performance, and resilience. This software-centric approach is now being applied outwards to branch offices to solve the unique challenges they bring.

SD-Branch takes SD-WAN technology one step further by merging the routing elements with integrated LAN and WiFi functionality. Both the LAN and WAN of your entire branch estate can now be seamlessly managed and centrally maintained.

To better explain the differences between SD-WAN and SD-Branch, we will begin with a brief review of each concept and how to use each technology to create an efficient, stable, and secure network platform.

SD-WAN Overview

SD-WAN is a virtual technology that allows an organisation to leverage a combination of transport services such as high-speed internet and private MPLS lines. Administrators can use granular traffic policies to efficiently direct specific traffic types across the most suitable WAN path. 

As SD-WAN can use multiple low-cost, high-speed internet or MPLS lines, it can efficiently balance traffic. The central SD-WAN controller monitors the current bandwidth load, and latency of every sites WAN lines in real-time.

Time-sensitive traffic such as voice and video can utilise the path with the lowest latency. In contrast, internet traffic or bulk downloads can take the path with the highest remaining bandwidth capacity.

This selective approach results in better application performance and an enhanced user experience. In turn, businesses experience an increase in overall productivity, agility, and reduced IT costs.

SD-WAN securely connects users to applications, whether those services are hosted in a private data centre or public cloud. In essence, SD-WAN virtualises much of the physical attributes of a traditional WAN network that administrators can easily manage, provision and control centrally.

Virtualising some of the WAN element allows more granular visibility of traffic, right down to individual applications. With this, enterprises can control the specific path that applications and associated data will take across the WAN. Virtualising network functions is a game-changer for both businesses and service providers like Securus, as the limitation of legacy hardware-centric network architecture is eliminated.

SD-Branch Overview

Despite SD-WAN’s huge reach and ease-of-use, there are some blind-spots relating to branch site infrastructure. We have now introduced Securus SD-Branch to our portfolio of solutions. This technology complements SD-WAN by extending the intelligence and virtualisation of SD-WAN out towards the branch LAN. 

SD-Branch builds on your existing branch infrastructure, whether it’s SD-WAN at the branch edge or a legacy router LAN to WAN model. SD-Branch integrates all branch LAN functionality so that administrators can monitor, configure, and provision any LAN service on the entire branch estate from a single management location.

By evolving LAN management, SD-Branch provides network administrators with an estate-wide view of branch LAN services. They can monitor local traffic, set policies, remote manage, and use automation tools for routine tasks.

Even if some branch sites employ different VLANs, for example, SD-Branch can help network administrators seamlessly configure specific templates for each site ‘type’. This makes the provisioning of new branch sites fast, efficient and straightforward.

SD-WAN vs SD-Branch: 5 Key Areas

1. Zero-Touch Provisioning

The zero-touch provisioning feature of SD-WAN has become a revelation for installing new routers or replacing/upgrading existing ones. This feature dramatically reduces the time, cost and complexity of installing WAN devices. No longer do experienced engineers need to go to a site to complete an install.

SD-Branch has inherited the same zero-touch provisioning feature and applied it to the entire branch infrastructure. You can now quickly deploy and provision a branch-in-a-box for a new location which is especially useful for new sites, pop-up stores and temporary office spaces.

From our centralised SD-Branch management console, administrators can provision an entire branch that includes switches, wireless AP’s, routers, servers, and even IoT devices in a matter of minutes.

2. Intelligent Traffic Flow

Efficient traffic flow is our SD-WAN’s killer feature, and it uses intelligent contextual awareness to achieve this. The Securus SD-WAN central controller routes traffic away from WAN lines on your estate that are currently experiencing poor performance or total outages, all in real-time. Doing so optimises the path data takes down to a per-application level using dynamic QoS policies.

SD-Branch builds upon these valuable features by extending the reach of SD-WAN all the way to the local branch LAN. Traffic flowing between local VLANs or branch-to-WAN is monitored in real-time and intelligently re-routed if required. End-to-End QoS can now be applied from the branch to the final egress-point of the network.

3. Administration & Orchestration

SD-WAN reduces the complexity of traditional WAN administration by simplifying the management view. It also automates various operational tasks and provides centralised management software that gives administrators better control over the network. A powerful orchestration feature is used by both our SD-WAN and SD-Branch offerings to automate the IPsec tunnel overlay used for the WAN.

SD-Branch improves upon SD-WAN’s visibility by delivering information on localised traffic flow on a per-branch basis. Local traffic statistics such as application type, device type, username, and timestamp are centrally available to network administrators. 

Any device connected to the local branch LAN falls under administrators’ watchful eye. Switches, wireless AP’s, routers, servers, and even IoT devices all become part of the single-pane-of-glass management dashboard. 

4. Areas of Performance Gain

With SD-WAN, the central controller can intelligently and automatically re-route traffic based on load, latency, overall line health, and traffic type. The optimised path can avoid performance degraded areas of the WAN estate for latency-sensitive traffic, while bulk downloads can take a longer route that may have higher bandwidth availability.

SD-Branch makes it easier to ascertain what is happening locally at the branch by extending intelligence to the LAN. Centralised management ensures existing branch sites and newly provisioned ones comply with pre-defined configuration policies of switches, wireless AP’s, IoT devices, routers, and even local servers.

5. Zero-Trust Security

From a Wide Area Network perspective, SD-WAN is a secure design model. It incorporates encrypted IPsec tunnels between gateways, building its SD-WAN overlay securely. These tunnels connect branches and head office sites to ensure secure communications over any providers transport underlay, including the public internet.

The Achilles heel of SD-WAN is that your branch estate can be vulnerable because of limited on-site cybersecurity systems. Also, IoT devices are becoming more common everywhere, especially at branch locations. This often introduces vulnerability as IoT devices are not necessarily designed with security as a priority.

SD-Branch incorporates a Zero-Trust security policy using role-based access at the branch’s gateways to offset this vulnerability. Zero-Trust security is an alternate security model where no source or destination is deemed trustworthy until a deeper inspection is completed.

The branch gateway serves as a control point that intelligently inspects data entering or exiting the branch network and enforcing security policies based on device type, application, and user, all at a granular level.

SD-WAN and SD-Branch Integration

The operational agility associated with integrating either SD-WAN or SD-Branch is one of the most significant advantages of either solution. SD-WAN can revolutionise your WAN estate by shifting data over the most efficient path possible that is most suitable for specific data types, all in real-time. Centralised management and Zero-Touch provisioning build still further on the efficiency of SD-WAN.

With SD-Branch, your IT team can quickly identify and resolve technical issues affecting any part of your branch estate using a fully integrated single-pane-of-glass management system. The “branch-in-a-box” feature on SD-Branch allows the rapid deployment and integration of a new branch office with just a few clicks. Upgrading existing infrastructure is also seamless and straight forward. If you would like to read a deeper dive into SD-Branch, check out our article – What Is SD-Branch: A Complete Guide.


The benefits your business will gain from integrating an SD-WAN or SD-branch solution are incredible. Securus SD-WAN will revolutionise your Wide Area Network operations by boosting performance, increasing resilience, simplifying management, and easing provisioning. All while reducing your OPEX.

Our SD-Branch offering essentially extends SD-WAN’s already formidable network visibility, control and awareness, and network optimisation all the way to the branch LAN. It also fortifies local security by providing a Zero-Trust security gateway at each branch and allows organisations to use expensive office space more efficiently.

If you have yet to integrate either SD-WAN or SD-Branch technologies on your network estate, we highly recommend considering the Securus SD-WAN solution as your initial investment. The benefits from efficient use of WAN bandwidth and hardware will increase performance and reduce expenditure on WAN services. The advantage of this approach is that SD-Branch functionality can be seamlessly added to our SD-WAN solution as a second phase.

Should you already have an existing SD-WAN solution that you are happy with, that’s no problem. The Securus SD-Branch solution can be integrated into most vendors SD-WAN platforms so you can benefit from SD-Branch quickly and easily. 

Please get in touch to discuss your SD-WAN or SD-Branch requirements in more detail. We offer a completely free consultation with one of our technology experts to fully go over your precise needs.

Technology Insights Newsletter

Includes our FREE 10-page SASE Report

The Securus Technology Insights monthly newsletter for IT decision-makers who need to stay well-informed. We update you on key business areas relating to the technology landscape, best practices and insightful news. Don’t get left behind.

You will also have our insightful Complete Guide To SASE article sent to you for FREE. This is a 10-page deep-dive into the SASE technology, exploring how it can help your business.

By subscribing to our hugely popular monthly Technology Insights newsletter you will receive the 10-page Securus Communications Complete Guide To SASE article direct to your email inbox, right now!

You can unsubscribe at any time, and we never share your information, here is our Privacy Policy.

Further Technology Articles