Critical Capabilities for WAN Edge

Infrastructure
Published: 30 September 2020 ID: G00465597

Analyst(s): Jonathan Forest, Andrew Lerner, Naresh Singh

Infrastructure and operations leaders responsible for networking are

increasingly evaluating WAN edge solutions to connect users to distributed
application workloads. There is differentiation between vendors, so this
research should be used to identify vendors that best fit their specific use
cases.

Key Findings
■ Despite some recent M&A activity, the global wide-area network (WAN) edge infrastructure
market remains crowded, as Gartner estimates that there are about 80 vendors providing viable
technology solutions driven primarily by software-defined WAN (SD-WAN).
■ SD-WAN product differentiation is primarily based on feature breadth and/or depth, specifically
on security, application performance optimization and cloud features.
■ Simplified and unified security is a main driver for customers as they determine the best
architectural approach for the integration of networking and security.
■ As a result of the COVID-19 pandemic, there is increased emphasis for remote user solutions
integrated into the broader SD-WAN fabric.
■ Support for cloud onramp, orchestration of cloud providers and enhancing SaaS applications
(such as Microsoft Office 365) are increasingly important for end users, as more and more
workloads are hosted in the cloud.

Recommendations
To build and sustain scalable and reliable cloud and edge infrastructure, I&O leaders should:

■ Differentiate solutions by comparing their feature depth vs. feature breadth in SD-WAN features,
native application performance optimization, operational features/simplicity, security/SASE
capabilities, and cloud onramp capabilities.
 ■ Select the appropriate security solution by comparing native functionality with third-party
orchestrated solutions and whether a thick branch or cloud-based security solution (SASE) is
preferred.
■ Ensure remote user support by including work from home (WFH) SD-WAN functionality as part
of the evaluation and selection process.
■ Investigate SD-WAN cloud onramp capabilities by validating orchestration and integration with
cloud providers (such as Microsoft Azure, Amazon Web Services [AWS] and Google), carrier
neutral facilities (such as Equinix), and virtual image compatibility with different cloud platforms.
■ Validate the vendor’s capabilities by running a production pilot with at least one critical
enterprise branch location to properly stress the solution.

Strategic Planning Assumptions

By 2024, over 60% of SD-WAN customers will have implemented a SASE architecture, compared
with about 35% in 2020.

By 2023, to deliver flexible cost-effective scalable bandwidth, 30% of enterprise locations will have
only internet WAN connectivity, compared with about 15% in 2020.

By 2024, to enhance agility and support for cloud applications, 60% of enterprises will have
implemented SD-WAN, compared with about 30% in 2020.

By 2024, 20% of SD-WAN centralized configuration and troubleshooting will be touchless via an AI
assistant, compared with none in 2020.

What You Need to Know

The WAN edge market has been evolving with the primary goal to address the shift from traditional
hub-and-spoke WAN architectures to connect with more distributed cloud workloads and internet-
based resources as well as other corporate locations. Increasingly, infrastructure is anywhere, so
networking needs to be everywhere. Infrastructure and operations (I&O) leaders responsible for
networking can use the critical capabilities assessed in this report to inform their search for
appropriate solutions that more closely meet their specific requirements.

In this Critical Capabilities for WAN edge infrastructure, we analyze five popular use cases:

■ A regional WAN that is typical in many midsize enterprises (MSEs) or larger enterprises with a
smaller number of WAN locations (fewer than 50 sites).
■ A global WAN requirement for larger multinational organizations with over 200 sites and that
spans at least two continents.

Page 2 of 31 Gartner, Inc. | G00465597

 ■ A large-scale retail WAN typified by small footprint locations (such as gas stations, convenience
stores and similar environments) that scales from hundreds to thousands of near-identical
locations, either domestically or across multiple countries and regions.
■ A security-sensitive WAN typical in some mid- to large-scale organizations from 25 sites and
higher that are focused on securing branch offices as the main priority where network and
security procurements are increasingly converging.
■ A cloud-first WAN with varying amounts of sites where customers have workloads mainly in the
cloud and, to a lesser extent, on-premises.

Gartner, Inc. | G00465597 Page 3 of 31

 Analysis
Critical Capabilities Use-Case Graphics
Figure 1. Vendors’ Product Scores for the Small/Midsize Enterprise/Regional WAN Use Case

Source: Gartner (September 2020)

Page 4 of 31 Gartner, Inc. | G00465597

 Figure 2. Vendors’ Product Scores for the Large Global W AN Use Case

Source: Gartner (September 2020)

Gartner, Inc. | G00465597 Page 5 of 31

 Figure 3. Vendors’ Product Scores for the Small Footprint Retail WAN Use Case

Source: Gartner (September 2020)

Page 6 of 31 Gartner, Inc. | G00465597

 Figure 4. Vendors’ Product Scores for the Security-Sensitive WAN Use Case

Source: Gartner (September 2020)

Gartner, Inc. | G00465597 Page 7 of 31

 Figure 5. Vendors’ Product Scores for the Cloud-First WAN Use Case

Source: Gartner (September 2020)

Page 8 of 31 Gartner, Inc. | G00465597

 Vendors

Barracuda
Barracuda is headquartered in California, U.S., with more than 20,000 WAN edge customers, many
of whom are NGFW customers. Its offering is the CloudGen WAN, which includes WAN edge
devices, Firewall Control Center, Firewall Insights and Secure Connector. The vendor solidly
supports all use cases in this research. In particular, Barracuda is strong with the security-sensitive
WAN use case, primarily due to its excellent ratings in security features and scalability, with overall
solid functionality across all the capabilities.

Cisco (IOS XE With Umbrella)

Cisco is headquartered in California, U.S., with more than 30,000 SD-WAN edge customers. Cisco
supports all use cases in this research, but for this portion we assess only Cisco’s IOS XE OS-based
offering, which has an estimated 2,000 SD-WAN customers. This offering includes ISR, ASR, and
ENCS hardware or software appliances running IOS XE, with accompanying vManage software for
orchestration and management and Umbrella (optional) for cloud security. Cisco’s IOS XE-based
offering supports the small/midsize enterprise/regional WAN, cloud-first WAN, large global WAN and
security-sensitive WAN use cases. The IOS XE is rated as having excellent functionality for the
security-sensitive WAN use case and solid functionality for each of the other use cases. This is
based on the excellent ratings in security features and deployment flexibility, with strong ratings in
application performance optimization and operational features capabilities. We evaluated this
product for all use cases except the small footprint retail use case based on what we see the vendor
leading with in the market.

Cisco (Meraki With Umbrella)

Cisco is headquartered in California, U.S., with more than 30,000 SD-WAN customers. Cisco
supports all use cases in this research, but for this portion we assess only Cisco’s Meraki-based
offering, which has an estimated 23,000 SD-WAN customers. This offering includes Meraki MX
appliances with accompanying cloud-based management and orchestration via the Meraki cloud-
management console and Umbrella (optional) for cloud security. Meraki supports all use cases in
this research. The vendor is excellent for the small footprint retail WAN use case and strongly
supports the small/midsize enterprise/regional WAN use case. This is driven by excellent ratings in
scalability and small platform flexibility, as well as strong ratings in security features and operational
features capabilities.

Cisco (Viptela OS With Umbrella)

Cisco is headquartered in California, U.S., with more than 30,000 SD-WAN customers. Cisco
supports all use cases in this research, but for this portion we assess only Cisco’s Viptela OS-based
offering, which has an estimated 5,000 SD-WAN customers. This offering includes 1100 ISR, vEdge,
and ENCS hardware or software appliances running Viptela OS with accompanying vManage
software for orchestration and management and Umbrella (optional) for cloud security. The Viptela

Gartner, Inc. | G00465597 Page 9 of 31

 OS is rated as having solid functionality for the small footprint retail use case, driven by excellent
ratings in scalability and operational features, with strong ratings for SD-WAN features and
deployment flexibility capabilities. We evaluated this product for the small footprint retail use case,
as that is what we see the vendor leading with in the market.

Citrix
Citrix is headquartered in Florida, U.S., with more than 1,000 WAN edge customers deployed
globally. Its offering is Citrix’s SD-WAN, which includes appliances (physical, virtual and cloud)
managed via the Citrix SD-WAN Orchestrator and also its Cloud Direct service. The vendor is rated
strong for all use cases in this research. In particular, Citrix is rated excellent with the large global
WAN and cloud-first WAN use cases and strong in the remaining use cases. This is due to its
excellent ratings with application performance optimization and deployment flexibility as well as
strong ratings for scalability, SD-WAN features and security features capabilities.

Cradlepoint
Cradlepoint is headquartered in Idaho, U.S., with about 8,000 WAN edge customers. Its offering is
the NetCloud service for Branch, which can be used with its E, CR and AER physical routers as well
as its Cloud Virtual Router (CVR) and also NetCloud Perimeter. The vendor supports all use cases in
this research with solid capabilities for the small footprint retail WAN use case. Cradlepoint’s target
market is primarily on wireless WAN use cases, which isn’t a focus of this research. Its scoring in
this research is driven by its excellent ratings for scalability and small platform flexibility capabilities.

FatPipe Networks
FatPipe Networks is headquartered in Utah, U.S. with over 2,000 WAN edge customers. Its offering
is its MPVPN platform, which includes fully functional WAN edge appliances and orchestration. The
vendor solidly supports all use cases in this research and its rankings are driven by strong scores in
security features and deployment flexibility capabilities. Additionally, FatPipe also scores solidly with
SD-WAN features, operational features and application performance optimization capabilities.

Fortinet
Fortinet is headquartered in California, U.S., with about 30,000 WAN edge and 8,000 SD-WAN
customers. Its offering is the Fortinet Secure SD-WAN, which includes FortiGate hardware and
virtual appliances with accompanying software managed by the orchestrator in FortiManager. The
vendor strongly supports all use cases in this research. In particular, Fortinet is rated excellent in the
security-sensitive WAN and small footprint retail WAN use cases and strong in the remaining use
cases. This is driven primarily due to its excellent capabilities in security features and scalability
complemented with its overall strong scores in SD-WAN features, deployment flexibility and small
platform flexibility.

HPE (Aruba)
HPE is headquartered in California, U.S. and has about 450 SD-WAN customers. Its offering is
Aruba SD-Branch, which includes the Aruba Central Cloud Platform, Aruba branch/headend

Page 10 of 31 Gartner, Inc. | G00465597

 gateways, Aruba Virtual Gateways, ClearPass Policy Manager and ClearPass Policy Insight. The
vendor supports all use cases in this research. In particular, Aruba is strong in the small/midsize
enterprise/regional WAN and small footprint retail WAN use cases due to its excellent scores in the
operational features, scalability and small platform flexibility capabilities.

Note: As of 13 July 2020, HPE announced its intent to acquire Silver Peak. Gartner will provide
additional insight and research to clients as more detail becomes available. Reflection of this
acquisition is excluded from this research as it occurred after the cut-off date for the analysis.

Huawei
Huawei is headquartered in Shenzhen, China, with about 60,000 WAN edge and 7,000 SD-WAN
customers, most of them based in China. Its offering includes the NetEngine series routers, iMaster
NCE orchestrator and HiSecEngine USG series gateways. It supports all use cases in this research.
In particular, Huawei scores excellent in the small footprint retail WAN use case and strong with the
small/midsize enterprise/regional WAN, large global WAN, and security-sensitive WAN use cases. It
has excellent ratings in SD-WAN features and scalability, with strong ratings in small platform
flexibility and security features capabilities, which drives its use-case rankings.

Juniper Networks
Juniper Networks is headquartered in California, U.S., with about 18,000 WAN edge and 3,000 SD-
WAN customers. Its offering is the Juniper SD-WAN, which includes its SRX appliances with
Contrail Service Orchestration, with an increasing focus on the Mist Marvis AI/ML engine to simplify
Day 2 operations. The vendor supports all use cases in this research. In particular, it is rated
excellent in the security-sensitive WAN use case and strong in the large global WAN and small
footprint retail WAN uses cases. Its use-case scores are driven by excellent ratings in the security
features, deployment flexibility and scalability as well as strong scores for SD-WAN features and
operational features capabilities.

Nuage Networks
Nuage Networks is headquartered in California, U.S., and is a division of publicly traded Nokia
Networks, based in Espoo, Finland. Gartner estimates that Nuage has approximately 2,000 WAN
edge enterprise customers. Its offering is Nuage’s Virtualized Network Services (VNS), which
includes X series and E series gateways managed by the Nuage Networks Virtualized Services
Platform (VSP) controller. The vendor solidly supports all use cases in this research. In particular,
Nuage’s rankings are driven by excellent scores in deployment flexibility and operational features
capabilities.

Palo Alto Networks (CloudGenix With Prisma)

Palo Alto is headquartered in California, U.S., with more than 1,000 SD-WAN customers. Its offering
is the CloudGenix SD-WAN with ION appliances (physical and virtual form factors), CloudGenix
AppFabric, and CloudBlades with optional Prisma Access for integrated security. The vendor solidly
supports all use cases in this research. In particular, Palo Alto Networks is excellent in the security-

Gartner, Inc. | G00465597 Page 11 of 31

 sensitive WAN use case and is also strong in the cloud-first WAN and large global WAN uses cases.
Its rankings are driven by excellent scoring in the security features, operational features and
scalability as well as strong scores in cloud features capabilities.

Peplink
Peplink is headquartered in Hong Kong, with more than 10,000 WAN edge customers of its wireless
solutions, and it is primarily focused on the midmarket and SMBs. Its offering includes Balance and
Max ruggedized CPEs, along with the InControl 2 management system. While Peplink participates
in all the use cases, it mainly concentrates on wireless-led SD-WAN use cases, which aren’t a focus
of this research. Its ruggedized products along with VPN bonding SpeedFusion technology are
good for this purpose, enabling it to do well in specific industry niche segments.

Riverbed (SteelConnect EX With Versa VOS)

Riverbed is headquartered in California, U.S., with over 3,000 SD-WAN customers. While Riverbed
has two offerings, we evaluated the SteelConnect EX since this is what we see Riverbed leading
with for the use cases in this research. Its offering includes the EX edge appliance hardware with
Versa VOS and SteelHead software and the SteelConnect EX orchestrator. The vendor solidly
supports all use cases in this research. Riverbed’s drivers in the rankings are from its excellent
application performance optimization and strong SD-WAN features, security features and
deployment flexibility capability scores.

Silver Peak
Silver Peak is headquartered in California, U.S., with about 2,000 SD-WAN customers. Its offering
includes the Unity EdgeConnect SD-WAN Edge Platform, which is composed of the Unity
Orchestrator, EdgeConnect appliances and an optional Unity Boost feature that enables WAN
optimization. The vendor supports all use cases in this research. Silver Peak has strong ratings for
the large global WAN and cloud-first WAN use cases and scores solidly with the small/midsize
enterprise/regional WAN and security-sensitive WAN use cases. Its rankings are driven by excellent
application performance optimization, deployment flexibility and SD-WAN features as well as strong
operational features capabilities.

Note: As of 13 July 2020, HPE announced its intent to acquire Silver Peak. Gartner will provide
additional insight and research to clients as more detail becomes available. Reflection of this
acquisition is excluded from this research as it occurred after the cut-off date for the analysis.

Teldat
Teldat is headquartered in Madrid, Spain and Nuremberg, Germany, with more than 2,000 WAN
edge customers. Its primary SD-WAN product is the Teldat M8-Smart along with Cloud Net
Manager, CNM Provisioner, CNM Controller and CNM Visualizer. The vendor supports all the use
cases in this research, with a focus on the small/midsize enterprise/regional WAN and small
footprint retail WAN use cases. In particular, Teldat’s rankings are driven by excellent scores with the
scalability and deployment flexibility capabilities.

Page 12 of 31 Gartner, Inc. | G00465597

 Versa (Titan)
Versa is headquartered in California, U.S., with over 5,000 total SD-WAN customers. In this case,
we reviewed the Titan product, which offers a cloud-based solution that is simpler when compared
with the full-featured VOS, with a subset of the features offered by Versa VOS for customers with
more basic requirements. We estimate that Versa has over 1,000 customers with Titan. This product
is rated solid for the small/midsize enterprise/regional WAN and small footprint retail WAN use
cases. We evaluated Versa Titan for these use cases since we assess that is what the vendor
typically leads with. It is not designed for the more complex use cases, such as the large global
WAN. Versa Titan use-case rankings are driven by its excellent scoring in the security features and
small platform flexibility capabilities.

Versa (VOS)
Versa is headquartered in California, U.S. with over 5,000 total SD-WAN customers. In this case, we
reviewed the full featured VOS (formerly FlexVNF) product that can be delivered on the Versa branch
Cloud Services Gateways (CSG) or on third-party hardware. It also includes Versa Director and
Versa Analytics. The VOS SD-WAN offering has over 4,000 SD-WAN customers. This product is
rated excellent for the use cases it was evaluated for, namely, the large global WAN, security-
sensitive WAN and cloud-first WAN use cases. This is primarily due to its excellent SD-WAN
features, security features, deployment flexibility and scalability capabilities. We only evaluate Versa
VOS for these three use cases since that is where we see the vendor leading with this solution in the
market.

VMware
VMware is headquartered in California, U.S., with over 9,000 SD-WAN customers. Its product is
branded as VMware SD-WAN by VeloCloud, which primarily includes SD-WAN Edge (VCE), SD-
WAN gateways (VCG) and an SD-WAN orchestrator (VCO). Management and orchestration are
delivered by VCO, with optional analytics, visibility and troubleshooting capabilities delivered by
VRNI and Nyansa. The vendor supports all use cases in this research. In particular, it is rated
excellent in the small/midsize enterprise/regional WAN, large global WAN, small footprint retail WAN
and cloud-first WAN use cases. VMware’s rankings are driven by its excellent scores in scalability,
cloud features, SD-WAN features, operational features, small platform flexibility and deployment
flexibility capabilities.

Context
WAN edge products are being relied upon to deliver the required features for a modern WAN. The
WAN edge infrastructure market is a combination of existing capabilities, such as routing, WAN
optimization and edge security, but now it is primarily driven by mainstream SD-WAN products.

WAN edge solutions can be combined with cloud-resident functionality for overarching policy and
operational control, as well as cloud gateways and cloud security in a SASE architecture (see The
Future of Network Security Is in the Cloud). The result is a simpler, more streamlined remote office

Gartner, Inc. | G00465597 Page 13 of 31

 footprint (especially for lean IT organizations) that enables organizations to better deal with more
dynamic and distributed traffic flows resulting from greater use of cloud and internet resources.

Product/Service Class Definition

WAN edge solutions cover a broad spectrum of deployment and procurement options. The branch
office footprint can be delivered as a fully integrated appliance from a single vendor, an open VNF-
ready hardware and software solution with software from multiple vendors, or as virtualized software
on a dedicated third-party hardware device. In some cases, solutions are deployed as hardware or
software in all enterprise locations, with possible deployments in cloud service provider locations
(often available in the cloud marketplace). Meanwhile, other solutions also offer cloud resident
gateways, which are deployed in selective locations to enhance the delivery of internet/cloud-
destined traffic. A variety of capabilities run between these cloud PoPs — from basic VPN tunneling
and route determination to more complete WAN optimization, security and cloud optimization
features. Business models also cover a range of options, including traditional capex-heavy, opex-
capex hybrid models and full opex-based subscription service offerings. Both DIY and managed
options can be delivered in each model.

Critical Capabilities Definition

SD-WAN Features
SD-WAN features include application-based policy configuration, automated application
recognition, path selection between multiple links and the ability to support various routing
protocols/architectures.

SD-WAN represents a simplified way of deploying and managing the WAN edge. SD-WAN provides
a replacement for WAN routers with an ability to terminate multiple diverse carrier transport options.
This includes autorecognition of applications, dynamic path selection across diverse WAN
connections with application performance awareness and various cloud-enabled functions. It also
considers routing options and architectures supported.

Security Features
Security includes a broad feature set related to ensuring secure networking across the WAN. It can
be delivered directly from the network edge equipment, in the cloud or a service-chained function
with partners.

Security has been a stand-alone functionality as part of the overarching WAN edge infrastructure.
Specifically, this consists of, but isn’t limited to, IDS/IPS, application layer firewall, antivirus/
malware, segmentation, URL/content filtering, DLP, SWG, CASB, and sandboxing. These advanced
security capabilities are increasingly being integrated in broader WAN edge solutions either at the
network edge or in the cloud. In this category, we assess the vendor’s feature breadth as far as
having certain native capabilities and ability to service chain with third parties.

Page 14 of 31 Gartner, Inc. | G00465597

 App Performance Optimization
Application performance is driven by broad WAN optimization features, but also includes SaaS
optimization, QoS techniques and optimization for real-time traffic to improve the quality of
experience (QoE) across the WAN.

While a mature stand-alone technology, WAN optimization includes TCP protocol optimizations,
HTTP and SSL optimizations, in-line compression and deduplication, and caching and latency
mitigation. SaaS optimization involves methods to optimize various network metrics (such as packet
loss, latency and jitter) for applications hosted in the cloud. QoS includes techniques from
prioritization to end-to-end enforcement of CoS. Real-time voice optimization includes techniques
such as FEC and packet duplication.

Operational Features
New WAN edge solutions should enable significantly simplified operational environments compared
to traditional branch office routing solutions. GUIs are used for business policy configuration
management from a centralized management system and offer network and application analytics/
visibility.

Integrated WAN edge solutions should dramatically simplify the complexity associated with the
management (moving away from CLI), configuration and orchestration of WANs. Networkwide
configuration must be supported for all required configurations via a central controller that can
automatically push/pull out all individual device configuration data. The central controller acts as a
repository for all configuration data, as well as all device, application visibility and network reporting.
The solution must also support zero-touch configuration for new branches, which entails on-site
branch personnel having to make physical (that is, cabling) changes only and administrators not
having to make configuration changes to bring new branches online.

We also evaluate analytics, workflow and ease of use in network set up as well as ongoing
management. Solutions should also have API integrations with external systems, the ability to
orchestrate third-party solutions, and the ability to support automation tools such as Ansible.

Deployment Flexibility
New WAN edge solutions need to deliver a variety of form factors (both virtual and physical), WAN
interfaces and deployment options. Hardware, software, cloud options and service chaining are
important for many architectures.

The fundamental purpose is to enable connectivity between enterprise users, applications and
services that reside in distributed locations, including headquarters, branches, corporate data
centers, colocation/hosting facilities and cloud providers. This means that WAN edge infrastructure
must be able to support a diverse set of deployment options, including hardware appliances,
software (VNF) or as a cloud-based service. Virtual form factors should be available on several
hypervisors as well as enable connectivity to hybrid cloud services. All form factors must scale from
low throughput scenarios to very high throughput, as well as small networks to very large networks.
It must be possible to create redundant solutions for high availability in an integrated turnkey

Gartner, Inc. | G00465597 Page 15 of 31

 manner. Appliances should offer multiple choices for WAN connectivity, such as Ethernet,
broadband and 4G/LTE.

Small Platform Flexibility

Solutions have the ability to scale downward to meet a specific use case that meets the necessary
form factor and features capabilities. Also, the offering in this capability needs to be able to offer
solutions in a highly automated and easy, scalable way.

Scalability
Demonstrating the ability to deploy and manage at scale up to hundreds and even over 1,000
customer locations with SD-WAN solutions. This also includes the scale of the orchestrator by site
count, speed of deployment and scale/ease of managing from a single administrative console.

Cloud Features
Demonstrates the ability to offer broad and flexible architectures to access cloud workloads (SaaS
and IaaS). This includes demonstrated capabilities to automate and orchestrate access workloads
in cloud providers such as Azure and AWS.

It also may include native cloud gateways that offer enhanced steering, service insertion, improved
application performance and/or direct connectivity to various cloud service providers. Lastly, it also
includes partnerships with vendors where technical integrations have occurred that enable
simplified cloud connectivity.

Use Cases

Small/Midsize Enterprise/Regional WAN

A small, most likely regional, WAN that fits MSEs and similar environments with fewer than 50 sites
that ensures reliable WAN connectivity.

Many midsize and other enterprises need to interconnect fewer than 50 sites within a small
geographical area, such as a country or several countries within a specific geographic region. Most
offices support less than 50 people. A growing percentage show interest in migrating to internet-
only services as their primary WAN transport. Increasingly, they use internet-only access for small
branch offices either single-threaded or in an active/active configuration. MPLS with internet is used
in an active/active configuration for more mission-critical sites, with a growing reliance on internet
connectivity. These enterprises rely on a variety of business applications, with an increasing reliance
on SaaS applications and a smaller branch footprint. They need visibility and application control but
not the full suite of application performance, as well as some level of security, which is trending to
more cloud-served. Additionally, ease of use and automation are major drivers due to generally
smaller IT staffs. MNS is typically more prevalent in this use case over DIY.

Page 16 of 31 Gartner, Inc. | G00465597

 Large Global WAN
Requirements include the ability to scale to hundreds or thousands of sites, typically across multiple
geographic regions. The minimum site count for this use case is 300.

Remote offices will have different uses, scale and feature requirements. Overall, enterprises in this
use case are comfortable with cloud applications and moving new capabilities off-premises.

Many global enterprises with large WANs span more than 300 sites across several countries in
several regions. Additionally, with geographically dispersed sites, the need for some level of WAN
optimization or SaaS optimization to improve performance is desired. Many solutions will require
some type of overlay or intelligent routing to avoid congestion, latency and packet loss in order to
provide a higher-quality experience than what the internet can offer natively.

These enterprises need flexible and robust security as well as ways to optimize access to various
types of XaaS. The solution needs to be simple yet robust enough to overcome the effects of
latency and packet loss due to the unpredictability of the internet. Architecturally, most sites will
have an MPLS circuit and some type of internet access circuit and some less critical sites may only
have redundant active/active internet circuits. Much of the traffic is still destined for workloads
hosted in the on-premises data center, with increasing needs to access workloads hosted in the
cloud. Network teams are generally more technical and hands-on, looking for specific features/
functionality and complex architectures.

Small Footprint Retail WAN

This environment requires security and simple branch networking solutions and to replicate
environments across many sites. We assume the minimum number of sites is 200.

This use case is representative of small site/mass deployment needs that are common in such retail
markets as convenience stores, quick service restaurants, gas stations, specialty retail, bank ATMs
and independent insurance agents. WAN connectivity is typically required for a very large number of
small footprint sites (often ranging from hundreds to thousands of locations) with a very common
set of solution needs.

Typical support required is for a small and very specific group of applications, such as point of sale,
inventory, loyalty programs and guest internet access. There’s a strong expense focus for this use
case — that is, minimum capital and WAN expenditures — with a heavy reliance on internet where
possible, often using xDSL, Ethernet, cable, LTE or VSAT for either primary or backup connections,
with rapid failover between connections. This use case often requires advanced handling of LTE
connections to ensure service continuity as well as support for integrated Wi-Fi in a single
orchestration platform.

Security-Sensitive WAN
The number of locations can vary. The focus of the enterprise is to provide a comprehensive
advanced security solution combined with the networking solution for simplicity.

Gartner, Inc. | G00465597 Page 17 of 31

 Enterprises in this use case are looking for some type of unified threat management (UTM) or next-
generation firewall (NGFW) solution with SD-WAN. This can be delivered as a third-party cloud
security service chained with SD-WAN, from an SD-WAN appliance with integrated native security
or with the ability to host a third-party security solution on the branch device. Examples of
advanced security required in this use case include, but is not limited to, Layer 7 firewall, IPS, A/V,
URL/content filtering, segmentation, SWG, sandboxing and DLP. Preferably, the solution
incorporates SD-WAN and UTM/NGFW in the same solution or service chained without the need for
a separate appliance/solution.

Example verticals of this use case are financial services and some retail, healthcare, regulated
industries and government. Security teams are active participants with network teams and
sometimes are the driving force in the procurement of solutions in this use case to ensure the
security parameters are met regardless of the technology/architecture used. Different
implementations may be desired by different types of customers depending on whether they want
security at the edge versus in the cloud or a combined networking/security solution from the same
vendor or service chained between two different vendors. There are several architectural
approaches in this use case, such as secure access service edge (SASE), which is increasingly an
option.

Cloud-First WAN
The number of locations can vary. The focus of the enterprise is to provide comprehensive support
for easy, automated and flexible cloud access.

This is because there is increasing use of cloud as the primary method of delivering workloads.
WAN transport in this use case is typically internet only.

What drives the use case is no or limited workloads in on-premises data centers and more reliance
on cloud workloads. This can be SaaS or IaaS in a centralized or distributed way with few or many
cloud providers involved. Flexibility in network architectures and network set up is key to this use
case, as is delivering application performance to the workloads. Consequently, cloud onramp
capabilities and SaaS optimization are very important for this use case. This solution may leverage
cloud security rather than security at the edge, although it isn’t a requirement. Orchestration is also
key to this use case, with at times multiple vendors involved in delivering the solution.

Vendors Added or Dropped

Added
Palo Alto Networks was added due to its acquisition of CloudGenix.

Dropped
Oracle was dropped because it failed to meet inclusion criteria based on our assessments and data
provided by the vendors.

Page 18 of 31 Gartner, Inc. | G00465597

 Aryaka was dropped because it failed to meet inclusion criteria based on our assessments and data
provided by the vendor.

CloudGenix was dropped because it was acquired by Palo Alto Networks.

Inclusion Criteria
The inclusion criteria represent the specific attributes that analysts believe are necessary for
inclusion in this research. The main criteria are the same as the Magic Quadrant. To qualify for
inclusion, vendors must:

■ Provide hardware and software addressing the emerging enterprise WAN edge requirements
outlined in the Market Definition and Market Description sections of the Magic Quadrant for
WAN Edge Infrastructure. Alternatively, they may address this need by using in-house
developed hardware/software to deliver as a managed service.
■ Producing and releasing enterprise WAN edge networking products for general availability as of
15 June 2020. All components must be publicly available, be shipping and be included on the
vendors’ published price list as of this date. Products shipping after this date and any publicly
available marketing information may only have an influence on the Completeness of Vision axis.
■ Provide commercial support and maintenance for their enterprise WAN edge products (24/7) to
support deployments on multiple continents. This includes hardware/software support, access
to software upgrades, and troubleshooting and technical assistance.
■ Demonstrate baseline scalability by servicing at least five customers with active support
contracts that have at least 100 sites each.
■ Show relevance to Gartner’s enterprise clients on a global basis with at least one of the two
below criteria with a product or products that fulfill the product inclusion criteria:
■ At least 50 WAN edge infrastructure customers with 10 or more production sites each,
headquartered in two or more geographic regions (North America, South America, EMEA or
APAC) under active support contracts. This means 50 customers with headquarters in one
region and another 50 customers with headquarters in a different region.
■ At least 20 WAN edge infrastructure customers with at least 10 or more production sites
each, headquartered in three or more geographic regions (North America, South America,
EMEA or APAC) under active support contracts. This means 20 customers each with
headquarters in three different regions, for a total of at least 60 customers.
■ Meet at least one of the four criteria below with WAN edge infrastructure products that fulfill the
product inclusion criteria:
■ Total WAN edge infrastructure revenue of at least $30 million in the 12 months ending 31
March 2020*

Gartner, Inc. | G00465597 Page 19 of 31

 ■ Total WAN edge infrastructure revenue of $20 million in the 12 months ending 31 March
2020, with at least a 100% growth rate during the previous 12 months
■ At least 30,000 WAN edge infrastructure sites deployed and under active support contracts
■ At least 500 WAN edge infrastructure customers under active support contracts with 10 or
more sites deployed each

* Gartner leverages our published market estimates.

Basic Product Capabilities

Vendors must have generally available products as of 15 June 2020 that support all of the following
capabilities. These capabilities must be supported natively on branch CPE:

■ The ability to function as/replace the branch office router/CPE (including BGP, OSPF, support
hub and spoke, mesh, and partial mesh topologies for a minimum of a 250-site network) with
traffic shaping and/or QoS
■ Centralized management for devices (with GUI), including reporting and configuration changes,
and software upgrades
■ Zero-touch configuration for branch devices
■ VPN (Advanced Encryption Standard [AES] 256-bit encryption) and NGFW or Layer 4 firewall
with the ability to redirect and orchestrate with an SWG
■ Dynamic traffic steering based on business or application policy (not limited to only DiffServ
Code Point [DSCP]/ports, IPs/circuits or 5tuple) that responds to network conditions (changes
in packet loss, latency, jitter, etc.) in an active/active configuration
■ At least 200 well-known application profiles included (autodiscovered)
■ Application visibility identifying specific traffic that traverses the WAN
■ Software (ability to operate as a VNF at the branch or in the network and to be hosted in at least
one cloud provider, such as AWS) and hardware form factors

Page 20 of 31 Gartner, Inc. | G00465597

 Table 1. Weighting for Critical Capabilities in Use Cases

Small/Midsize Enterprise/ Small Footprint Retail

Critical Capabilities Regional WAN Large Global WAN WAN Security-Sensitive WAN Cloud-First WAN

SD-WAN Features 20% 25% 15% 15% 20%

Security Features 10% 10% 10% 50% 10%

App Performance Optimization 0% 10% 5% 5% 10%

Operational Features 25% 20% 10% 10% 10%

Deployment Flexibility 0% 10% 0% 5% 5%

Small Platform Flexibility 30% 0% 40% 5% 5%

Scalability 0% 15% 15% 0% 0%

Cloud Features 15% 10% 5% 10% 40%

Total 100% 100% 100% 100% 100%

As of September 2020

Source: Gartner (September 2020)

Gartner, Inc. | G00465597 Page 21 of 31

 This methodology requires analysts to identify the critical capabilities for a class of products/
services. Each capability is then weighted in terms of its relative importance for specific product/
service use cases.

Critical Capabilities Rating

Each of the products/services has been evaluated on the critical capabilities on a scale of 1 to 5; a
score of 1 = Poor (most or all defined requirements are not achieved), while 5 = Outstanding
(significantly exceeds requirements).

Page 22 of 31 Gartner, Inc. | G00465597

 Table 2. Product/Service Rating on Critical Capabilities

Palo Alto Networks (CloudGenix With Prisma)

Riverbed (SteelConnect EX With Versa VOS)

Cisco (Viptela OS With Umbrella)
Cisco (IOS XE With Umbrella)

Cisco (Meraki With Umbrella)

FatPipe Networks

Juniper Networks

Nuage Networks

Versa (Titan)
HPE (Aruba)

Versa (VOS)
Cradlepoint

Silver Peak
Barracuda

VMware
Fortinet

Huawei

Peplink

Teldat
Citrix
Critical Capabilities

SD-WAN Features 3.5 3.5 3.0 4.0 4.1 3.6 3.8 4.3 3.6 4.3 4.2 3.7 3.5 3.2 4.0 4.5 3.6 3.7 4.7 4.2

Security Features 4.5 4.4 4.2 3.9 4.1 3.5 4.0 4.6 3.8 4.2 4.6 3.9 4.8 3.4 4.1 3.6 3.0 4.3 4.4 3.3

App Performance Optimization 3.5 4.1 1.9 3.3 4.5 1.3 3.8 3.8 2.3 3.8 2.9 2.3 2.3 2.1 4.5 4.5 1.3 2.0 3.8 3.8

Operational Features 3.2 4.0 4.1 4.3 3.8 3.5 3.8 3.8 4.3 3.8 4.2 4.4 4.4 3.1 3.9 4.2 3.7 3.5 3.5 4.2

Deployment Flexibility 3.3 4.4 3.2 4.2 4.5 3.1 4.4 4.3 3.3 3.8 4.4 4.2 3.8 3.5 4.1 4.4 4.3 3.7 4.4 4.5

Small Platform Flexibility 3.3 3.9 4.5 3.6 3.8 4.2 3.6 4.1 4.2 4.1 3.6 3.7 2.9 3.5 3.9 2.4 3.6 4.3 3.8 4.1

Scalability 4.3 3.0 4.9 4.5 4.1 4.8 3.1 4.4 4.2 4.7 4.4 3.8 4.4 4.2 3.2 3.5 4.4 3.1 4.7 4.8

Cloud Features 3.3 3.1 2.9 2.9 3.7 1.6 1.8 3.2 2.8 2.6 1.6 2.7 3.9 2.3 3.1 3.5 2.4 2.7 3.6 4.1

Gartner, Inc. | G00465597 Page 23 of 31

Page 24 of 31
As of September 2020
Critical Capabilities

Source: Gartner (September 2020)

Barracuda

Cisco (IOS XE With Umbrella)

Cisco (Meraki With Umbrella)

Cisco (Viptela OS With Umbrella)

Citrix

Cradlepoint

FatPipe Networks

Fortinet

HPE (Aruba)

Huawei

Juniper Networks

Nuage Networks

Palo Alto Networks (CloudGenix With Prisma)

Peplink

Riverbed (SteelConnect EX With Versa VOS)

Silver Peak

Teldat

Versa (Titan)

Versa (VOS)

VMware
Gartner, Inc. | G00465597
 Table 3 shows the product/service scores for each use case. The scores, which are generated by
multiplying the use-case weightings by the product/service ratings, summarize how well the critical
capabilities are met for each use case.

Gartner, Inc. | G00465597 Page 25 of 31

 Table 3. Product Score in Use Cases

Palo Alto Networks (CloudGenix With Prisma)

Riverbed (SteelConnect EX With Versa VOS)

Cisco (Viptela OS With Umbrella)
Cisco (IOS XE With Umbrella)

Cisco (Meraki With Umbrella)

FatPipe Networks

Juniper Networks

Nuage Networks

Versa (Titan)
HPE (Aruba)

Versa (VOS)
Cradlepoint

Silver Peak
Barracuda

VMware
Fortinet

Huawei

Peplink

Teldat
Citrix

Use Cases

Small/
Midsize En-
terprise/
Regional
WAN 3.44 3.78 3.83 N/A 3.88 3.45 3.46 3.98 3.86 3.85 3.67 3.75 3.74 3.15 3.82 3.56 3.39 3.74 N/A 4.07

Large Glob-
al WAN 3.62 3.73 3.53 N/A 4.08 3.27 3.58 4.09 3.61 3.98 3.90 3.69 3.90 3.18 3.84 4.09 3.40 N/A 4.20 4.18

Small Foot-
print Retail
WAN 3.60 N/A 4.06 3.85 3.95 3.79 3.54 4.14 3.92 4.11 3.84 3.69 3.58 3.38 3.82 3.34 3.50 3.76 N/A 4.14

Security-
Sensitive
WAN 3.93 4.06 3.73 N/A 4.06 3.23 3.72 4.26 3.64 3.97 4.06 3.73 4.21 3.18 3.98 3.81 3.11 N/A 4.22 3.73

Page 26 of 31 Gartner, Inc. | G00465597

 WAN
Cloud-First
Use Cases

Gartner, Inc. | G00465597

Barracuda

3.47

As of September 2020
Cisco (IOS XE With Umbrella)

3.61

Source: Gartner (September 2020)

Cisco (Meraki With Umbrella)

3.17
Cisco (Viptela OS With Umbrella)

N/A
Citrix

3.96
Cradlepoint

2.56
3.04 FatPipe Networks

Fortinet
3.78

HPE (Aruba)
3.26

Huawei
3.48

Juniper Networks
3.05

Nuage Networks
3.28

Palo Alto Networks (CloudGenix With Prisma)

3.75

Peplink
2.77

Riverbed (SteelConnect EX With Versa VOS)

3.69

Silver Peak
3.87

Teldat
2.88

Versa (Titan)
N/A

Versa (VOS)
3.96

VMware
4.04

Page 27 of 31
 To determine an overall score for each product/service in the use cases, multiply the ratings in Table
2 by the weightings shown in Table 1.

Editor: please add the following boilerplate text below the table, “To determine an overall score for
each product/service in the use cases, multiply the ratings in Table 2 by the weightings shown in
Table 1.”

Acronym Key and Glossary Terms

BGP Border Gateway Protocol

CPE Customer premises equipment

FEC Forward error correction

GUI Graphical user interface

IPS Intrusion prevention system

LAN Local-area network

LTE Long Term Evolution

MPLS Multiprotocol Label Switching

NGFW Next-generation firewall

OSPF Open shortest path first

POP Point of presence

TCPuCPE Transmission Control Protocol

Universal customer premises equipment

vCPE Virtualized customer premises equipment

VNF Virtual network function

VPN Virtual private network

VSAT Very small aperture terminal

WAN Wide-area network

WLAN Wireless local-area network

WOC WAN optimization controller

Page 28 of 31 Gartner, Inc. | G00465597

 Gartner Recommended Reading
Some documents may not be available as part of your current Gartner subscription.

How Products and Services Are Evaluated in Gartner Critical Capabilities

Magic Quadrant for WAN Edge Infrastructure

Technology Insight for SD-WAN

5 Options to Secure SD-WAN-Based Internet Access

4 Keys to Building WANs in the Digital Era

6 Critical Questions to Ask on SD-WAN

Toolkit: RFP Template for Managed and DIY SD-WAN Products and Services

The Future of Network Security Is in the Cloud

Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Service
Edge

Market Guide for Managed SD-WAN Services

Evidence
Gartner analysts conducted more than 3,000 Gartner client inquiries on the topic of wide-area
networking between 1 July 2019 and 30 June 2020.

Gartner analysts conducted more than 1,000 client inquiries on the topic of SD-WAN between 1
July 2019 and 30 June 2020.

All vendors in this research responded to an extensive questionnaire regarding their current/future
data center networking solutions.

Gartner analysts reviewed Gartner Peer Insights data for this market as well as publicly available
information online.

Critical Capabilities Methodology

This methodology requires analysts to identify the critical capabilities for a class of
products or services. Each capability is then weighted in terms of its relative importance
for specific product or service use cases. Next, products/services are rated in terms of
how well they achieve each of the critical capabilities. A score that summarizes how
well they meet the critical capabilities for each use case is then calculated for each
product/service.

Gartner, Inc. | G00465597 Page 29 of 31

 "Critical capabilities" are attributes that differentiate products/services in a class in
terms of their quality and performance. Gartner recommends that users consider the
set of critical capabilities as some of the most important criteria for acquisition
decisions.

In defining the product/service category for evaluation, the analyst first identifies the
leading uses for the products/services in this market. What needs are end-users looking
to fulfill, when considering products/services in this market? Use cases should match
common client deployment scenarios. These distinct client scenarios define the Use
Cases.

The analyst then identifies the critical capabilities. These capabilities are generalized
groups of features commonly required by this class of products/services. Each
capability is assigned a level of importance in fulfilling that particular need; some sets of
features are more important than others, depending on the use case being evaluated.

Each vendor’s product or service is evaluated in terms of how well it delivers each
capability, on a five-point scale. These ratings are displayed side-by-side for all
vendors, allowing easy comparisons between the different sets of features.

Ratings and summary scores range from 1.0 to 5.0:

1 = Poor or Absent: most or all defined requirements for a capability are not achieved

2 = Fair: some requirements are not achieved

3 = Good: meets requirements

4 = Excellent: meets or exceeds some requirements

5 = Outstanding: significantly exceeds requirements

To determine an overall score for each product in the use cases, the product ratings are
multiplied by the weightings to come up with the product score in use cases.

The critical capabilities Gartner has selected do not represent all capabilities for any
product; therefore, may not represent those most important for a specific use situation
or business objective. Clients should use a critical capabilities analysis as one of
several sources of input about a product before making a product/service decision.

Page 30 of 31 Gartner, Inc. | G00465597

 GARTNER HEADQUARTERS

Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096

Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM

For a complete list of worldwide locations,

visit http://www.gartner.com/technology/about.jsp

© 2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This
publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of
Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication
has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of
such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice
and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy.
Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research
organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and
Objectivity."

Gartner, Inc. | G00465597 Page 31 of 31