BLOG

How does SD-WAN fit into the SASE model?

Share on facebook
Share on twitter
Share on linkedin
Share on google

SASE or secure access service edge is the new buzzword in the networking industry nowadays. It has taken the networking world by storm and everyone from vendors, ISPs and customers have jumped on the bandwagon. Every vendor has taken the SASE framework and each one has come up with their own SASE solution by either modifying pre-existing solutions or by stitching together separate solutions to form one integrated solution.

The traditional router centric WAN architecture was becoming unsuitable to support the needs of the modern workforce. The old WAN model could not cope with the sudden explosion of cloud-destined WAN traffic, which then gave rise to SD-WAN or software-defined wide area networking. This did solve many of the problems plaguing traditional WAN networks, but was not built to support what came our way last year- the pandemic.

The pandemic has changed the nature of the modern workforce and made the network perimeter more dynamic. For the last one year, people have been working from everywhere, which means that your network has expanded like never before. This requires securely connecting your users in and out of corporate resources in the most secure and scalable way possible. 

Despite having similar goals, SASE and SD-WAN do not have many architectural similarities. Some higher-level similarities include how they are both wide-area networks and their virtualized infrastructure. SASE and SD-WAN both cover a large geographical area. What is different is the infrastructure. SASE’s infrastructure has private data centers and third party facilities acting as cloud endpoints. These are where networking, optimizations and security functions are run.

In an SD-WAN box, these functions run in boxes at a branch or an HQ. Both SD-WAN and SASE can be controlled from anywhere through a cloud hosted portal. 


Both SD-WAN and SASE are designed to cover a large geographic area. What is different is in the infrastructure. SASE’s infrastructure has private data centers, colocation facilities, or a cloud acting as endpoints. These are where the networking, optimization, and security functions run. In an SD-WAN these functions run in boxes at a branch and headquarters. Both SASE and SD-WAN can be controlled from anywhere. In SD-WAN’s case, a DIY approach will usually put control in the organization’s headquarters, a managed solution will be controlled remotely by the service provider, and a co-managed solution is similar to a managed solution but with an organization having some control through a portal. SASE is still in its infancy and is slowly emerging. Many SD-WAN vendors are beginning to offer a SASE solution in addition to their SD-WAN solution, or at least claiming that they have SASE. A true SASE solution is still a couple of months away, but that is not going to stop enterprises from adopting this technology.

Leave a Reply