Critical Capabilities for WAN Edge Infrastructure

Infrastructure and operations leaders responsible for networking are evaluating WAN edge solutions to address expanding business requirements in order to connect to on-premises and cloud-based workloads. They should use this research to identify vendors that best fit their specific use cases.


Key Findings

  • The global wide-area network (WAN) edge market is crowded, as Gartner estimates that there are more than 70 vendors providing viable technology solutions driven primarily by software-defined WAN (SD-WAN).
  • While SD-WAN is the dominant functionality, security and application performance/visibility features are increasingly being integrated into vendor solutions. Consequently, vendor alignment varies based on the specific use case.
  • Ease of use and agility are cornerstones of most SD-WAN solutions, making network setup and ongoing management easier, more scalable, less time-consuming, and more effective in hybrid WAN and hybrid IT environments.
  • Increasingly, vendors are offering different types of deployment models (on-premises and cloud-hosted) and form factors to focus on different buyers and use cases.


To build and sustain scalable and reliable cloud and edge infrastructure, I&O leaders should:
  • Update network infrastructure by leveraging current WAN edge solutions with a focus on SD-WAN functionality.
  • Focus on differentiating SD-WAN solutions by comparing their native application performance and security capabilities.
  • Maximize agility, performance and reliability while controlling costs by using SD-WAN solutions to leverage multiple circuits (such as MPLS, internet and LTE) and simplifying operations.
  • Maximize flexibility by determining the best deployment model with either all functions deployed at the branch or some at the branch and some in the cloud.

Strategic Planning Assumptions

By 2024, to increase agility and enhance support for cloud applications, 60% of enterprises will have implemented SD-WAN, compared with less than 20% in 2019.
By 2023, to deliver cost-effective scalable bandwidth, 30% of enterprise locations will only have internet WAN connectivity, compared with less than 10% in 2019.
Through 2021, over 80% of SD-WAN solutions will continue to be delivered on dedicated hardware versus uCPE due to performance, price and simplicity.

What You Need to Know

As organizations digitally transform, the WAN edge market has been evolving with the primary goal to address the shift from traditional hub-and-spoke WAN architectures (from the branch office to an on-premises data center) to connect with more distributed cloud services and internet-based resources as well as other corporate locations. Infrastructure and operations (I&O) leaders responsible for networking can use the critical capabilities assessed in this report to narrow down their search for appropriate solutions that more closely meet their specific requirements.
In this Critical Capabilities for WAN edge infrastructure, we analyze four popular use cases:
  • A regional WAN that is typical in many midsize enterprises (MSEs) or larger enterprises with a smaller number of WAN locations (fewer than 50 sites).
  • A global WAN requirement for larger multinational organizations with 200 to more than 1,000 sites and that spans at least two continents with increasing resources moving to the cloud.
  • A large-scale retail WAN typified by small footprint locations (such as gas stations, convenience stores, and similar environments) that scales from hundreds to thousands of near-identical locations, either domestically or across multiple countries and regions.
  • A security-sensitive WAN is typical in some mid- to large-scale organizations from 25 sites and higher that are focused on securing branch offices as the main priority where network and security procurements are increasingly converging.



Aryaka is a privately held company headquartered in San Mateo, California. Gartner estimates that Aryaka has more than 800 WAN edge customers deployed globally. Aryaka has a fully managed service (SmartCONNECT) for global WAN connectivity in a network as a service (NaaS) model. SmartCONNECT combines the Aryaka Network Access Point (ANAP) CPE with the Aryaka Global Core backbone, which the edge devices connect. The service includes SD-WAN, WAN optimization and visibility, as well as options for remote access, integrated perimeter security from third-party vendors, and the procurement and management of internet access. The Aryaka backbone allows controlled routing of traffic not only to applications in enterprise data centers, but also to cloud-hosted applications via both direct cloud gateways and internet gateways. The solution has limited native advanced security capabilities and is sold as a managed service, so it is not suitable for do-it-yourself (DIY) customers.
Aryaka ranks in the middle third for the small/midsize enterprise/regional WAN and large global WAN use cases and in the bottom third for the small retail footprint and security-sensitive WAN use cases. Aryaka should be considered by organizations with a global, geographically distributed footprint wanting a fully managed service experience.


Barracuda is a privately held company based out of Campbell, California. Gartner estimates that Barracuda has over 20,000 WAN edge customers. Barracuda positions its CloudGen Firewall as its primary WAN edge product. While the CloudGen Firewall has a built-in graphical user interface, it does not yet have cloud-based management capabilities. In keeping with the product’s firewall roots, there is also a deep range of advanced security features including IPS and IDS, in addition to a next-generation firewall. The solution also includes support for latency-sensitive traffic, such as voice, via packet duplication and other application performance capabilities. Despite Barracuda’s historic focus on the MSE market, CloudGen Firewall has many features found in products geared toward larger enterprises. Still, the solution lacks granular path selection capabilities in support of performance-based routing.
Barracuda ranks in the top third in the security-sensitive WAN use case, in the middle third in the large global WAN and small retail footprint WAN use cases, and in the bottom third for the small/midsize enterprise/regional WAN use case. Barracuda is suitable for security-conscious enterprises located in the Americas and Western Europe looking for a combined security and networking solution.

Cisco (Meraki)

Cisco is a publicly traded company based in San Jose, California. Gartner estimates that Cisco has more than 100,000 WAN edge customers with approximately 13,000 on its cloud managed Meraki MX platform, principally deployed as remote office firewalls. The Meraki cloud management platform also integrates Meraki wireless access points, wired switching platforms and phones. Meraki solutions are largely positioned to midsize organizations or for remote offices of larger enterprises. Consumption models are streamlined and the cloud-based management lessens the operational burden of deploying and managing remote offices. The Cisco SD-WAN powered by the Meraki solution is based on Meraki’s MX security appliances with SD-WAN capabilities added to the platform over the past three years. Currently, the platform has limited application recognition, application analytics and performance capabilities compared to the competition.
Cisco’s Meraki WAN edge solution ranks in the top third in the small footprint retail WAN and security-sensitive WAN use cases and in the middle third for the small/midsize enterprise/regional WAN as well as the large global WAN use cases. The Meraki solution should be considered by lean IT organizations looking for a simple, cloud-managed WAN edge solution, especially for those looking for a fully manageable remote branch combining networking and security.

Cisco (Viptela on IOS XE)

Cisco is a publicly traded company based in San Jose, California. Gartner estimates that Cisco has more than 100,000 WAN edge customers (primarily Integrated Services Routers [ISR] customers), including more than 800 of its Cisco SD-WAN powered by Viptela offering, but only about 100 of these are delivered on the ISR platform. Its flagship WAN edge networking offering is Cisco SD-WAN powered by Viptela software running on ISR 1000 and 4000 series with IOS XE managed by vManage. It also sells Viptela on the Aggregation Services Routers (ASR) 1000 series, Enterprise Network Compute System (ENCS) 5000 series, the vEdge platform (Viptela solution offered before the Cisco acquisition) and virtual form factors in major cloud platforms such as AWS, Azure and Google Cloud. The Cisco offering supports complex architectures and sophisticated routing with application performance functionality and recent advanced security capabilities. However, there continues to be performance and stability issues of the IOS-XE Viptela product delivered on the ISR platform, as reported by many clients, MNS providers and channel partners. Given this, enterprises may be offered Viptela on the vEdge and ENCS platforms as alternatives, which results in market confusion regarding which product to choose based on feature disparity and product stability/performance.
For the purpose of this research, Gartner primarily analyzed Viptela on the IOS XE code. Gartner didn’t evaluate the vEdge product, as that is not the Viptela product Gartner clients see Cisco leading with in the market. Having said that, Cisco’s Viptela-based SD-WAN solution ranks in the middle third for the security-sensitive WAN, the small/midsize enterprise/regional WAN and large global WAN use cases. Further, the vendor ranks in the bottom third in the small footprint retail WAN use case. Cisco Viptela should be considered for all enterprise SD-WAN use cases, but organizations should be mindful of scaling and stability issues with the product delivered on the ISR platform (with the IOS XE code) especially for larger deployments.


Citrix is a publicly traded company based in Fort Lauderdale, Florida. Gartner estimates that Citrix has more than 1,200 WAN edge customers deployed globally. Citrix’s flagship WAN edge products are its Citrix SD-WAN appliances (physical, virtual and cloud), which are managed via the Citrix SD-WAN Center. Citrix has a comprehensive SD-WAN solution with application performance capabilities, including WAN optimization and some voice optimization. In addition, the vendor has some native advanced security capabilities (such as an application layer firewall) but lacks full advanced security capabilities when compared with other vendors in this research. The Citrix SD-WAN product scales from small sites to large headquarters and has deployments in both small and large networks over 1,000 sites. The vendor also recently announced a cloud gateway solution to offer cloud onramp capabilities for easier access to cloud workloads.
Citrix ranks in the top third for the small/midsize enterprise/regional WAN, large global WAN and security-sensitive WAN use cases. Further, the vendor ranks in the middle third in the small footprint retail WAN use case. Citrix SD-WAN should be considered for all organizations (especially existing Citrix software customers) of any size across any vertical that are looking to upgrade their WAN architecture to SD-WAN.

To read full download the whitepaper:
Critical Capabilities for WAN Edge Infrastructure


Previous articleFinancial Services Organizations at High Risk for Certificate Outages
Next articleSD-WAN: the right connection for remote healthcare facilities