Software Defined Wide Area Network (SD-WAN)

SD-WAN enables enterprises to securely support application growth, network agility, and simplified branch implementations while delivering high-performance, reliable branch access to cloud services, private data centers, and SaaS-based enterprise applications. The CDT SD-WAN is built on software-defined networking principles to address end-to-end automation, application continuity, branch transformation, and security from the data center and cloud to the edge.

  • Enables direct cloud access
  • Lower WAN operating and capital outlay expenses
  • Greater business agility and responsiveness
  • Robust edge to edge security and micro-segmentation
  • Cost-effective solution for ensuring high availability at branch sites
  • Rapid provisioning
  • Transport independence vendor-agnostic (i.e. MPLS, broadband, LTE, etc.)
  • Management simplicity and flexibility
  • Improves performance using dynamic multipath optimization protocol
  • Built-in encryption
  • Single edge device can support multiple virtual functions
  • Easy integration with an existing network via routing protocols
  • Facilitates redundancy and high availability at the edge

Transport independent

  • Customer in coordination with CDT and CALNET can choose any combination of transport for each field office
  • Vendor redundancy
  • Increased availability
  • CDT direct peering to Cloud Service Providers (CSP) will provide the best network path and low latency

Single orchestration for WAN configuration in one place

  • Cloud deployed and accessible
  • Resilient

Ease of configuration

  • Customer able to configure some features on their devices
  • Profile-centric configuration
  • Optimize administration


    • Virtual WAN between sites and Cloud communications
    • Able to maintain logical network design and security
    • Application-based policy and offload
    • Dynamic multi-path optimization

Technology can be deployed anywhere

    • reachability to VeloCloud Orchestrator and VeloCloud Gateway is required

24/7 Service Desk

    • Single point of contact for problem escalation and resolution

Proactive monitoring and auto-notification


    • CDT has engineered an SDWAN service offering that leverages the benefits of the VeloCloud SDWAN product as well as the low-latency infrastructure of CDT’s Equinix presence to bring the highest level of network connectivity performance for any compute destination.

      Dynamic Path Selection – VMware SD-WAN “Dynamic Multipath Optimization” comprises deep application recognition, automatic link monitoring, auto-detection of provider, and auto-configuration of link characteristics; routing and Quality of Service (QoS) settings.

      Smart QoS – Granular classification of 2,500+ applications enables smart control. Out-of-the-box defaults set the QoS policies for common business objectives with IT required only to establish traffic priority. Knowledge of application profile enables automation of QoS configurations and bandwidth allocations.

      Link Steering and Remediation – On-demand, per-packet link steering is performed automatically based on the measured performance metric, intelligent application learning, the business priority of the application, and link cost. Delivers sub-second blackout and brownout protection to improve application availability. Remediates link degradation through forward error correction, activating jitter buffering and synthetic packet production.

      Application Performance Monitoring – VMware SD-WAN continuously computes a VMware SD-WAN Quality Score to assess the performance of critical voice, video, or data applications at any given time with the ability to alert IT staff. This analysis provides administrators a comprehensive before-and-after view into application behavior on individual links and the VMware SD-WAN enhancements.

Security Benefits

- IRS 1075 Compliant
- L2-L7 Stateful, context-aware (application, user, device)
- PCI certified
- Orchestrator hosted in FedRAMP authorized data center
- Segmentation - 64 segments
Built-in integration support for:
- Solarwinds
- Zscaler
- Splunk
- Symantec Web Security
- Fortinet
- Palo Alto
- Checkpoint

 Included Security ServicesCloud Partner-Based SecurityOn Premise Security as a Virtual Network Function
Security FunctionsApplication Based Firewall,
End to End Network Segmentation
IPS, URL Filtering, Anti-bot,
Anti-malware, CASB
IPS, URL Filtering, Anti-bot,
Anti-malware, Anti-virus
Delivery ModeIncluded SaaS Partners
Prisma, Zscaler, Symantec, CloudGuard Connect
VNF Partners
PaloAlto, Check Point
Management PresentationSingle Pane of Glass for SD-WAN and Security
(VeloCloud Orchestrator)
Individual Panes of Glass for SD-WAN and Security
Individual Panes of Glass for SD-WAN and Security

Applications Approved for Access Via the Internet Using the CDT SD-WAN Service

The applications listed below have been approved by the CDT Office of Information Security (OIS) to be accessed via the Internet using the CDT SD-WAN Service.

  • O365
  • OneDrive
  • YouTube
  • Zoom
  • GoToMeeting
  • SharePoint
  • MS Teams
  • Webex
  • BaseCamp
  • Salesforce
  • BlueJeans
  • Concur

SD-WAN Customers may submit requests to add applications to this list. Requests will be reviewed and responded to by CDT OIS.

CDT SD-WAN provides a transport-independent secure overlay, enabling the use of broadband Internet with or without traditional MPLS, a cloud network for access to both enterprise and cloud applications, and a business-driven orchestration layer for automation and virtual services insertion.

CDT SD-WAN Architecture (PDF)

The SD-WAN Portfolio (PDF) depicts the major components of the CDT SD-WAN topology. The VeloCloud Edge devices are located at branch offices, Headquarters, and Data Centers. The VeloCloud Gateways are typically located close to compute resources. The VeloCloud Orchestrator is a SaaS implementation. SD-WAN provides access to Cloud Service Providers and is transport agnostic.

PlanningSchedule design meetings to determine customer requirements and appropriate solutions, include QOS if needed.
Assist with intake document completion.
Provide high-Level design.
Provide cost estimates.
Provide requirements and as much information as possible on the intake document.
Participate in design meetings and provide the level of support needed by CDT.
Participate in the design meetings and provide input regarding design requirements based on best practices.
Answer any questions related to edge devices.
ProvisioningParticipate in the design meetings and provide input regarding design requirements based on best practices.
Answer any questions related to edge devices.
Be available for building access, test, and turn-up.
Make any necessary LAN changes required for successful installation and assist with troubleshooting.
Review configuration if needed, be available during test and turn-up, and assist with troubleshooting.
Support24 x 7 x 365 CDT Service Desk support for network connectivity.
Collaborate with customer and vendor partners for circuit/hardware troubleshooting and resolution.
Plan and augment network changes as needed with CDT.Monitor Edge devices.
Collaborate with CDT for troubleshooting and resolution.

The rate schedule represents standard CDT services.

Service DescriptionService IdentifierProduct NameUnit of MeasurementRateService CodeNotes
Broadband ConnectionSDWANNetwork ServicesConnectionPass-through Cost + 1.46%U198* - Service requires internet access through Broadband Connection (U198) or Dedicated Internet Service (U798).
SD WAN Gateway and Connectivity to CGEN InfrastructureSDWANNetwork ServicesPer Mbps$12.35U502
SD WAN SupportSDWANNetwork ServicesConnection$142.00U501
SD WAN DeviceSDWANNetwork ServicesDevicePass-through Cost + 4.58%U498
Professional ServicesSDWANNetwork ServicesHourlyPass-through Cost + 1.46%U520
Dedicated Internet ServiceSDWANNetwork ServicesConnectionPass-through Cost + 1.46%U798* - Service requires internet access through Broadband Connection (U198) or Dedicated Internet Service (U798).

Subscriptions to this service are available. 

Customer onboarding to SD-WAN is a two-step process that begins with the Customer submitting a Case/Request for a Design/Cost Estimate for WAN Connection/SDWAN.

  • CDT will contact the Customer regarding the Case/Request and initiate a requirements gathering meeting, if needed, and provide a high-level design (HLD), complete SD-WAN Intake Form, and Cost Estimate.
  • Once the cost estimate is provided, the Customer submits a second Case/Request for a WAN/SD-WAN Implementation, attaching the provided intake document and cost estimate.

Please contact your Account Lead should you require assistance with the case/request process.

SD-WAN Service Onboarding

Step 1 – Request a New Network Design and Cost Estimate for SD-WAN

  1. The Customer contacts their Account Lead if needed.
  2. The Customer submits a Case/Request for a New Network Design and Cost Estimate for SD-WAN and completes the SD-WAN intake document to the best of their knowledge.
  3. A requirements gathering/design meeting will be scheduled and coordinated by CDT. Additional meetings may be scheduled until all information has been gathered and validated.
  4. Based on the requirements meeting(s), CDT attaches a Cost Estimate, a completed SD-WAN Intake Form, and HLD to the Case/Request.
  5. The Case/Request will then be closed.

Step 2 – Request to implement SD-WAN

  1. The Customer contacts their Account Lead if needed.
  2. The Customer submits a Case/Request for SDWAN implementation and must attach the following provided to them in Step 1:
    • Cost estimate
    • SD-WAN Intake Form
    • HLD
  3.  A follow-up design meeting may be coordinated by CDT, depending on the complexity of the design or for clarification.
  4. When all documents are completed and validated, the CDT fulfillment teams will coordinate with the Customer and QOS to schedule and implement the design, test connectivity, and turn-up the remote site.
  5. The Case/Request will then be closed.

To request a Design and Cost Estimate for SD-WAN: Request Design/Cost Estimate

To request an SD-WAN Implementation: Request Implementation

If you have questions or need further clarification, please contact your CDT Account Lead by using the Account Lead Directory, or call Customer Engagement at (916) 431-5390.

Can we establish a connection to a data center over the Broadband link?

  • Yes, you can utilize the broadband internet connection to access data center resources.

Can we use a Broadband circuit as a backup link for an MPLS connection to connect to the data center?

  • Yes, a Broadband circuit can be used as a backup link for an MPLS connection using the SD-WAN overlay.

Can we deploy VeloCloud in High Availability (HA) mode?

  • Yes, VeloCloud Edge supports High Availability (HA) mode.

Can we manage our own devices?

  • Yes, many elements of the SD-WAN edge device may be managed by the customer.

Can we migrate completely from MPLS to SD-WAN Broadband?

  • Yes, data traffic can be migrated to Broadband. The current CALNET contract requires voice traffic to be transported on MPLS circuits only, to meet contractual SLAs.

Can we use Broadband as a backup path for voice traffic if the MPLS connection fails?

  • Yes, voice traffic can be routed to a Broadband link, but only if the primary MPLS connection fails. When the MPLS connection is restored, voice traffic must be routed back to the MPLS connection.