Software-Defined Wide Area Network (SD-WAN) deployments use the power of virtualisation and software-defined networking to increase bandwidth efficiency and boost application performance. This same software-centric approach has evolved into SD-Branch, where branch LAN services are also incorporated.

SD-Branch is a platform that integrates the features of SD-WAN, security, routing, LAN, and WiFi functionality into a single centrally managed entity. Most businesses rarely have their own IT staff onsite; SD-Branch is the solution that allows remote branches to be maintained using a single management solution.

With mini-branch sites for micro offices and remote workers becoming increasingly popular, SD-Branch is the glue to bind everything together seamlessly. At Securus, we firmly believe that SD-Branch offers the ideal solution for managing modern branch infrastructures. It reduces the cost, time, effort and resources needed to manage a branch site.

What Is SD-Branch?

SD-Branch is a comprehensive software-centric platform that is the next step in the evolution from SD-WAN. By incorporating the task of maintaining the entire infrastructure at branch sites, SD-Branch collapses everything, including LAN services, onto a single management platform.

Organisations often deploy SD-branch as an upgrade or replacement for large branch offices, regional offices, small stores, banks, and even kiosks. The SD-branch service consolidates both LAN and WAN functionality onto a single centrally managed platform. 

The Securus Communications SD-Branch implementation utilises a resilient virtualised platform, which provides cloud-like elasticity, programmability, service chaining, and Virtual Network Functions (VNFs). Our centralised management framework provides your administrators with integrated management, control, analytics, and workflow of branch services across your entire estate.

Why Do We Need It?

Of all SD-Branch’s characteristics, perhaps the most essential is its operational agility. You can quickly deploy and provision a network branch-in-a-box solution for a new location which is especially useful for pop-up stores and temporary office spaces. From the centralised management console, administrators can control all branch network and security functions. 

Centralised control of provisioning can eliminate the need for IT personnel to travel to remote branches, keeping staffing and contractor costs down.

Because it is software-centric, it also reduces hardware costs because fewer physical appliances and fewer vendors are needed. Less hardware also means a smaller hardware footprint, which lowers energy costs and increases the available square footage in smaller branch locations.

Another vital benefit is performance scalability. As your network’s requirements change, your IT team can redefine network functions as needed, whether to scale up or down. Overall, SD-Branch is easy to deploy, maintain, monitor, and scale your branch estate as required. Next, we discuss the 6 main components of SD-Branch network architecture.

6 Main Components of SD-Branch

6 Main Components of SD-Branch

1. Switches & Wireless Access Points

Fully-managed high-speed switches and wireless access points (WAP) play an integral part in any SD-Branch deployment. Businesses can control access to the branch network using role-based policies configured and pushed from the centralised management portal. The SD-Branch architecture allows any device to connect via wired or wireless connection and then authenticate to the network.

2. Next-Generation Firewalls (NGFW)

The visibility and control that comes with SD-Branch streamline the management of Next-Generation Firewalls (NGFW). It also performs regular vulnerability scans and connects to Security Incident and Event Management (SIEM) services. SD-branch makes this efficiency possible by way of central management through a cloud-based admin portal.

3. Branch Gateway

The branch gateway is a software function that acts as an endpoint within the SD-WAN overlay fabric. The branch gateway is also a policy enforcement point for several policies, including security, routing, wireless, wired, and WAN. Additional gateway functions are web content classification, firewall, Internet Protocol Security (IPsec), Virtual Private Network (VPN), hybrid WAN connectivity, Quality of Service (QoS), and WAN path selection and monitoring. 

4. Headend Gateway

The headend gateway is a software function that serves as a VPN concentrator that runs at the headend of hub-and-spoke and multi hub-and-spoke topologies. It terminates IPsec VPN tunnels and participates in datacentre and campus routing. The headend gateway is also part of the SD-WAN fabric overlay topology. 

5. Centralised Network Access Control (NAC) for Management

NAC provides visibility into the branch infrastructure by identifying, profiling, and classifying any device that seeks access to the branch LAN, such as the Internet of Things (IoT) and Bring Your Own Device (BYOD) devices. Through dynamic micro-segmentation, it provides device security and constant monitoring of the network.

6. Virtual Network Functions

Network Function Virtualization (NFV) is a concept that deploys what used to be separate hardware functions as Virtual Network Functions (VNFs). As a result, NFV consolidates physical resources and improves IT agility. A branch rollout can be achieved quickly and later scaled just as easily because the same software build runs at every branch.

SD-Branch Security

SD-Branch Security

IoT devices are becoming more common everywhere, especially at branch locations. This increased IoT usage often introduces a vulnerability as IoT devices inherently lacking in the latest security features.

SD-Branch security introduces Next-Generation Firewalls (NGFWs) at the branch’s gateways deployed as a service or a dedicated hardware appliance. The branch gateway serves as a control point that intelligently filters data entering or exiting the branch network or filters through whatever connection type the data travels through when it leaves the branch. 

Also, the SD-WAN security model becomes part of the overall SD-Branch solution. It incorporates IPsec tunnels that securely connect branches to either cloud-based or physical headquarters and their respective VPN terminating firewalls/concentrators. Data located at the branch site can be vulnerable because of limited onsite cybersecurity. 

SD-WAN and SD-Branch Integration

You can think of SD-branch as an extension of SD-WAN technology that integrates LAN functionality. SD-Branch does to the LAN what SD-WAN did to traditional WANs, allowing the branch LAN to be fully integrated into a centralised network platform.

SD-branch simplifies device management within the LAN of each branch site. Even if some branches have multiple VLANs for data separation, administrators can use SD-branch to centrally set access policies based on the device type, user, or application for that particular site or a group of similar sites. Check out our article – SD-WAN Vs SD-Branch: What You Need To Know

Benefits of SD-Branch

SD-Branch augments SD-WAN’s benefits by combining centrally managed software-defined networking and virtualisation with more efficient routing, integrated security, and enhanced LAN and WiFi performance.

The operational agility of SD-Branch is the main benefit as it enables organisations to rapidly deploy or provision a new branch site in a matter of minutes. Using a centralised management console, SD-Branch often eliminates the cost of sending your most experienced IT personnel to the site.

Other SD-Branch benefits include the following:

  • The consolidation of branch network management, WAN, and security functions into a single central platform.
  • Improved bandwidth efficiency on branch LAN and WAN due to enhanced QoS and load-balancing features.
  • Agile provisioning of new branch sites ensures ultra-fast branch builds and deployment.
  • Reduced hardware costs and a smaller hardware footprint as less physical equipment is required.
  • Lower power consumption due to the consolidation of multiple hardware devices.
  • Decreased maintenance costs due to fewer staff and vendors involved in maintaining the branch network.
  • Ability to right-size hardware requirements for the branch due to software virtualisation.
  • Greater overall branch network performance and scalability for both LAN and WAN services.

SD-Branch Planning & Best Usage

We have found that SD-Branch deployments make the most sense for businesses that require the rapid provision of new branch sites or refreshing existing branches that currently have end-of-support or end-of-life equipment.

Migration to SD-Branch requires careful planning as changes to your existing branch network estate can be a complex undertaking. Securus Communications can work alongside your IT Team to ensure your migration to an SD-Branch model is a smooth transition.


Digital transformation is driving change at the enterprise branch. As more users migrate to remote and micro-offices, such evolution creates more network edges, even at the branch. SD-Branch improves branch performance, enhances security, eases provisioning, and boosts user experience.

SD-Branch extends the functionality of SD-WAN by simplifying the enterprise branch into a single, software-centric platform. It offers enhanced management, increased network visibility, and security for the branch network, IoT, end-user devices. Considering the overall cost savings of implementing SD-Branch, what you spend now, saves on the time, effort and resources needed to manage your branch estate.

Please get in touch to discuss your networking requirements in more detail. We offer a completely free consultation with one of our technology experts to fully go over your precise needs.

Technology Insights Newsletter

Includes our FREE 10-page SASE Report!

The Securus Technology Insights monthly newsletter is for IT decision-makers who need to stay well-informed. We update you on key business areas relating to the ever-changing technology landscape, best practices and insightful tech news so you don’t get left behind.

You will also have our insightful Complete Guide To SASE article sent to you for FREE. This is a 10-page deep-dive into the SASE technology, exploring how it can help your business.

By subscribing to our hugely popular monthly Technology Insights newsletter you will receive the 10-page Securus Communications Complete Guide To SASE article direct to your email inbox, right now!

You can unsubscribe at any time, and we never share your information, here is our Privacy Policy.

Further Technology Articles