Cloud shaped outline with software terms displayed inside

The Top 7 terms you should know when looking into SD-WAN

Zabrina Doerck
Apr. 16 2021

While you might know the basics of SD-WAN – or software-defined wide area networking – it’s an evolving and complex technology. In recent years, this evolution has been accelerated both by cloudification and by workers moving into the ‘Extended Edge’. If you’re interested in making your systems run more smoothly and securely, SD-WAN could be part of the solution.

But it’s hard to assess the landscape if new terms have emerged that you’re unfamiliar with. Do you know your overlay from your underlay or cloud mesh from the multi-cloud, how web-secure gateways work, what orchestration is, or the ins and outs of firewalls, SDI, NFV and SASE?

Aware of the barrier that this terminological confusion can create when discussing SD-WAN, we recently put together this pithy and concise A-Z guide of SD-WAN and cloud edge networking terms and trends, which is free to download.

Setting you on the right path, it:

  • Highlights the new – and more established – terms you should know
  • Provides digestible but authoritative definitions for each of these 30+ terms
  • Arranges the entries within themed clusters for a better understanding of how things fit together
  • Offers an alphabetized list for quick reference

As a taster of the guide, we present here what we consider the top seven terms you should get to grips with…

Cloud delivery terms

1. Multi-Cloud

An environment in which cloud services from multiple vendors co-exist

A multi-cloud environment is a network infrastructure that combines multiple cloud services from more than one cloud vendor, whether public or private. Multi-cloud environments present WAN management challenges in terms of guaranteeing application performance and security. New SD-WAN technologies like cloud mesh can address these challenges by enabling secure, direct access to cloud environments via software-defined interconnect (SDI).

As distinct simply from multiple clouds, multi-clouds are interconnected between each other and back to the enterprise WAN. There’s a clear usage, growth and procurement strategy for the selected set of public cloud vendors. And management, maintenance and security policies encompass all vendors in a similar fashion, with the multi-cloud becoming a full-time part of an enterprise’s ecosystem.

2. Cloud Mesh

A way to deliver mesh connectivity in the cloud

Cloud-based mesh is a network architecture that leverages software-defined interconnect (SDI) to deliver full mesh connectivity. Full mesh is a network architecture that allows any site on the corporate network to connect directly to any other site on the network. Physical full mesh architectures typically have negative impacts on application performance, since traffic may have to traverse several “jumps” to reach geographically distant sites, resulting in latency and packet loss.

Conversely, cloud-delivered full mesh takes advantage of the geographically closest Point of Presence (PoP) for the applications, resulting in superior quality of experience (QoE) for SaaS workloads compared to standard full mesh. Cloud mesh enables businesses to take advantage of SaaS and IaaS without compromising on security or performance.

Infrastructure and architecture terms

3. Orchestration and Orchestrators

The “brains” that deliver WAN control and management

SD-WAN orchestration is a centralized administrative service model that provides secure, (ideally) cloud-delivered WAN control and management. It automates network admin functions to streamline and simplify the management of distributed network operations.

SD-WAN delivered “as a service” enables managed service providers and enterprises to access an orchestrator from a protected web service portal, in order to centrally manage and monitor SD-WAN branch (edge) deployments based on business policies.


Secure Access Service Edge, which combines a suite of cloud-based WAN technologies

Secure Access Service Edge (SASE) is an acronym coined by Gartner in 2019 and describes a new paradigm in wide area networking. Pronounced ‘sassy’, SASE combines a suite of WAN technologies with cloud-native security functions such as secure web gateways, cloud access security broker, zero trust network access, and firewall-as-a-service as core abilities, with the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels. Since SASE, in many cases, utilizes SD-WAN, it is important to make the distinction between the two clear.

SD-WAN’s primary responsibility is to connect geographically distant offices, headquarters, data centers and clouds to each other. Security tools are usually located at offices in customer on-premises equipment. SASE, on the other hand focuses on connecting individual endpoints efficiently and securely — with an emphasis on the cloud. Currently there is no industry standard for SASE.

(Edited definition courtesy of sdxcentral.)

5. Extended Edge

A label used to describe the phenomenon of enterprises adopting technologies, and placing and using network resources from outside the traditional physical boundaries of the corporate perimeter

‘Extended Edge’ is a term that Infovista coined to capture the idea of the evolving network edge.

Historically, the corporate network was a physical entity, interconnecting various types of physical sites on the WAN such as headquarters, remote offices, and the data center. However, in recent years, as businesses have increasingly decentralized operations and shifted their critical applications out of the data center and into cloud environments, the network edge has now expanded outside the physical corporate perimeter.

In addition, as the global workforce is increasingly shifting to “work from home” scenarios, the Extended Edge refers to how employees and customers alike are now accessing applications from remote networks outside the direct control of corporate IT.

Security terms

6. FWaaS

Firewall as a Service, a firewall set-up that sits in the cloud

Firewall as a Service (FWaaS) takes the functionality of firewalls into the cloud, away from the traditional network perimeter. As a cloud-delivered capability, it provides a number of benefits:

  • Businesses will always have the most up-to-date version;
  • Cloud delivery does not impact network performance the way on-prem solutions do;
  • And by leveraging security as a cloud service, businesses can better control costs and CapEx.

The guide also covers firewalls more generally, next generation firewalls (NGFW), web-secure gateways (WSG) and zone-based firewalls (ZBF), which is our last term in this blog post.

7. ZBF

Zone-Based Firewall, a firewall that operates at a more granular level

A Zone-Based Firewall is one that centralizes and automates security. Specifically, it applies security policies at a highly granular and regimented level, is application-aware, and can integrate with your WSG. A good ZBF can do all this at the session level, letting you apply permissions based on topology and application-driven zones and offering the unique capability to backhaul traffic over the data center if the network team determines some traffic requires filtering using the main internet edge firewalls.

Another advantage of ZBF is it delivers policy-based topology isolation without the burden of network segmentation. This happens when an enterprise wants to separate the network between different parts of the business. For instance, if you don’t want traffic from marketing to cross paths with accounting.

Download our A-Z guide

Of course, we shouldn’t forget to define SD-WAN itself, a technology that facilitates the management of networks and network functions through a centralized software-based capability.

As we put it in our guide, Software Defined Networking (SDN) or Software Defined Wide Area Networking (SD-WAN) centralizes and simplifies network management by separating the control plane from the data plane.

Administrators and architects can use such software for network function configuration and management using centralized orchestration portals. This approach enables the business to augment MPLS networks with hybrid forms of connectivity, creating networks that are agile, dynamic and scalable, and providing visibility and control over cloud traffic and application quality of experience (QoE).

For access to all of these terms and more, including links to further reading on many of these subjects, download our A-Z guide of SD-WAN and cloud edge networking terms and trends.

Written By

Download the full A-Z guide to learn more

Get guide