Software Defined Wide Area Network (SD-WAN)

SD-WAN enables enterprises to securely support application growth, network agility, and simplified branch implementations while delivering high-performance, reliable branch access to cloud services, private data centers, and SaaS-based enterprise applications. The CDT SD-WAN is built on software-defined networking principles to address end-to-end automation, application continuity, branch transformation, and security from the data center and cloud to the edge.

Enables direct cloud access
Lower WAN operating and capital outlay expenses
Greater business agility and responsiveness
Robust edge to edge security and micro-segmentation
Cost-effective solution for ensuring high availability at branch sites
Rapid provisioning
Transport independence vendor-agnostic (i.e. MPLS, broadband, LTE, etc.)



Management simplicity and flexibility
Improves performance using dynamic multipath optimization protocol
Built-in encryption
Single edge device can support multiple virtual functions
Easy integration with an existing network via routing protocols
Facilitates redundancy and high availability at the edge

Transport Independent

Customer in coordination with CDT and CALNET can choose any combination of transport for each field office
Vendor redundancy
Increased availability
CDT direct peering to Cloud Service Providers (CSP) will provide the best network path and low latency

Single Orchestration for WAN Configuration in One Place

Cloud deployed and accessible
Resilient

Ease of Configuration

Customer able to configure some features on their devices
Profile-centric configuration
Optimize administration

Virtualization

- Virtual WAN between sites and Cloud communications
- Able to maintain logical network design and security
- Application-based policy and offload
- Dynamic multi-path optimization

Technology Can be Deployed Anywhere

- reachability to VeloCloud Orchestrator and VeloCloud Gateway is required

24/7 Service Desk

- Single point of contact for problem escalation and resolution

Proactive monitoring and auto-notification

Performance

- CDT has engineered an SDWAN service offering that leverages the benefits of the VeloCloud SDWAN product as well as the low-latency infrastructure of CDT’s Equinix presence to bring the highest level of network connectivity performance for any compute destination.
  
  Dynamic Path Selection – VMware SD-WAN “Dynamic Multipath Optimization” comprises deep application recognition, automatic link monitoring, auto-detection of provider, and auto-configuration of link characteristics; routing and Quality of Service (QoS) settings.
  
  Smart QoS – Granular classification of 2,500+ applications enables smart control. Out-of-the-box defaults set the QoS policies for common business objectives with IT required only to establish traffic priority. Knowledge of application profile enables automation of QoS configurations and bandwidth allocations.
  
  Link Steering and Remediation – On-demand, per-packet link steering is performed automatically based on the measured performance metric, intelligent application learning, the business priority of the application, and link cost. Delivers sub-second blackout and brownout protection to improve application availability. Remediates link degradation through forward error correction, activating jitter buffering and synthetic packet production.
  
  Application Performance Monitoring – VMware SD-WAN continuously computes a VMware SD-WAN Quality Score to assess the performance of critical voice, video, or data applications at any given time with the ability to alert IT staff. This analysis provides administrators a comprehensive before-and-after view into application behavior on individual links and the VMware SD-WAN enhancements.

Security Benefits

- IRS 1075 Compliant
- L2-L7 Stateful, context-aware (application, user, device)
- PCI certified
- Orchestrator hosted in FedRAMP authorized data center
- Segmentation - 64 segments

Built-in integration support for:
- Solarwinds
- Zscaler
- Splunk
- Symantec Web Security
- Fortinet
- Palo Alto
- Checkpoint

	Included Security Services	Cloud Partner-Based Security	On Premise Security as a Virtual Network Function
Security Functions	Application Based Firewall, End to End Network Segmentation	IPS, URL Filtering, Anti-bot, Anti-malware, CASB	IPS, URL Filtering, Anti-bot, Anti-malware, Anti-virus
Delivery Mode	Included	SaaS Partners Prisma, Zscaler, Symantec, CloudGuard Connect	VNF Partners PaloAlto, Check Point
Management Presentation	Single Pane of Glass for SD-WAN and Security (VeloCloud Orchestrator)	Individual Panes of Glass for SD-WAN and Security (Partner)	Individual Panes of Glass for SD-WAN and Security (Partner)

Applications Approved for Access Via the Internet Using the CDT SD-WAN Service

The applications listed below have been approved by the CDT Office of Information Security (OIS) to be accessed via the Internet using the CDT SD-WAN Service.

O365
OneDrive
YouTube
Zoom
GoToMeeting
SharePoint
MS Teams
Webex
BaseCamp
Salesforce
BlueJeans
Concur

SD-WAN Customers may submit requests to add applications to this list. Requests will be reviewed and responded to by CDT OIS.

CDT SD-WAN provides a transport-independent secure overlay, enabling the use of broadband Internet with or without traditional MPLS, a cloud network for access to both enterprise and cloud applications, and a business-driven orchestration layer for automation and virtual services insertion.

CDT SD-WAN Architecture (PDF)

The SD-WAN Portfolio (PDF) depicts the major components of the CDT SD-WAN topology. The VeloCloud Edge devices are located at branch offices, Headquarters, and Data Centers. The VeloCloud Gateways are typically located close to compute resources. The VeloCloud Orchestrator is a SaaS implementation. SD-WAN provides access to Cloud Service Providers and is transport agnostic.

Stage	CDT	Customer	QOS
Planning	Schedule design meetings to determine customer requirements and appropriate solutions, include QOS if needed. Assist with intake document completion. Provide high-Level design. Provide cost estimates.	Provide requirements and as much information as possible on the intake document. Participate in design meetings and provide the level of support needed by CDT.	Participate in the design meetings and provide input regarding design requirements based on best practices. Answer any questions related to edge devices.
Provisioning	Participate in the design meetings and provide input regarding design requirements based on best practices. Answer any questions related to edge devices.	Be available for building access, test, and turn-up. Make any necessary LAN changes required for successful installation and assist with troubleshooting.	Review configuration if needed, be available during test and turn-up, and assist with troubleshooting.
Support	24 x 7 x 365 CDT Service Desk support for network connectivity. Collaborate with customer and vendor partners for circuit/hardware troubleshooting and resolution.	Plan and augment network changes as needed with CDT.	Monitor Edge devices. Collaborate with CDT for troubleshooting and resolution.

The rate schedule represents standard CDT services.

Service Description	Service Identifier	Product Name	Unit of Measurement	Rate	Service Code	Notes
Broadband Connection	SDWAN	Network Services	Connection	Pass-through Cost + 1.51%	U198	* - Service requires internet access through Broadband Connection (U198) or Dedicated Internet Service (U798).
SD WAN Device	SDWAN	Network Services	Device	Pass-through Cost + 4.58%	U498
SD WAN Gateway and Connectivity to CGEN Infrastructure	SDWAN	Network Services	Per Mbps	$12.35	U502
Business Wifi Access	SDWAN	Network Services	Connection	Variable	U504
Business Wifi Equipment	SDWAN	Network Services	Connection	Variable	U505
Business Wifi Adjustment	SDWAN	Network Services	Connection	Variable	U506
Business Wifi One-Time Vendor Fee	SDWAN	Network Services	One-Time	Variable	U512
Professional Services	SDWAN	Network Services	Hourly	Pass-through Cost + 1.51%	U520
Dedicated Internet Service	SDWAN	Network Services	Connection	Pass-through Cost + 1.46%	U798	* - Service requires internet access through Broadband Connection (U198) or Dedicated Internet Service (U798).

Subscriptions to this service are available.

Customer onboarding to SD-WAN is a two-step process that begins with the Customer submitting a Case/Request for a Design and Cost Estimate for WAN Connection/SDWAN.

Service Request Name	Link
SD-WAN Service Onboarding Step 1 - Request a New Network Design and Cost Estimate for SD-WAN The Customer contacts their Account Lead if needed. The Customer submits a Case/Request for a New Network Design and Cost Estimate for SD-WAN and completes the SD-WAN intake document to the best of their knowledge. A requirements gathering/design meeting will be scheduled and coordinated by CDT. Additional meetings may be scheduled until all information has been gathered and validated. Based on the requirements meeting(s), CDT attaches a Cost Estimate, a completed SD-WAN Intake Form, and HLD to the Case/Request. The Case/Request will then be closed.	Order New Network Design and Cost Estimate
SD-WAN Service Onboarding Step 2 - Request to implement SD-WAN The Customer contacts their Account Lead if needed. The Customer submits a Case/Request for SDWAN implementation and must attach the following provided to them in Step 1: Cost Estimate, SD-WAN Intake Form and HLD. A follow-up design meeting may be coordinated by CDT, depending on the complexity of the design or for clarification. When all documents are completed and validated, the CDT fulfillment teams will coordinate with the Customer and QOS to schedule and implement the design, test connectivity, and turn-up the remote site. The Case/Request will then be closed.	Order SD-WAN Implementation

Service Request Name

Link

SD-WAN Service Onboarding
Step 1 - Request a New Network Design and Cost Estimate for SD-WAN

The Customer contacts their Account Lead if needed.
The Customer submits a Case/Request for a New Network Design and Cost Estimate for SD-WAN and completes the SD-WAN intake document to the best of their knowledge.
A requirements gathering/design meeting will be scheduled and coordinated by CDT.
Additional meetings may be scheduled until all information has been gathered and validated.
Based on the requirements meeting(s), CDT attaches a Cost Estimate, a completed SD-WAN Intake Form, and HLD to the Case/Request.
The Case/Request will then be closed.

Order New Network Design and Cost Estimate

SD-WAN Service Onboarding
Step 2 - Request to implement SD-WAN

The Customer contacts their Account Lead if needed.
The Customer submits a Case/Request for SDWAN implementation and must attach the following provided to them in Step 1: Cost Estimate, SD-WAN Intake Form and HLD.
A follow-up design meeting may be coordinated by CDT, depending on the complexity of the design or for clarification.
When all documents are completed and validated, the CDT fulfillment teams will coordinate with the Customer and QOS to schedule and implement the design, test connectivity, and turn-up the remote site.
The Case/Request will then be closed.

Order SD-WAN Implementation

If you have questions or need further clarification, please contact your CDT Account Lead by using the Account Lead Directory, or call Customer Engagement at (916) 431-5390.

Can we establish a connection to a data center over the Broadband link?

Yes, you can utilize the broadband internet connection to access data center resources.

Can we use a Broadband circuit as a backup link for an MPLS connection to connect to the data center?

Yes, a Broadband circuit can be used as a backup link for an MPLS connection using the SD-WAN overlay.

Can we deploy VeloCloud in High Availability (HA) mode?

Yes, VeloCloud Edge supports High Availability (HA) mode.

Can we manage our own devices?

Yes, many elements of the SD-WAN edge device may be managed by the customer.

Can we migrate completely from MPLS to SD-WAN Broadband?

Yes, data traffic can be migrated to Broadband. The current CALNET contract requires voice traffic to be transported on MPLS circuits only, to meet contractual SLAs.

Can we use Broadband as a backup path for voice traffic if the MPLS connection fails?

Yes, voice traffic can be routed to a Broadband link, but only if the primary MPLS connection fails. When the MPLS connection is restored, voice traffic must be routed back to the MPLS connection.

Service Option	Fulfillment Timeframe SLO	Notes/Dependencies
Network Cost Estimate for FRS, FRS-E, DC-to-DC, CPI, & SD-WAN	95% within 30 calendar days	Network Cost Estimate fulfillment timeframe is for the delivery of initial cost estimate and/or high-level network design for a single Telco vendor at one service/site location Based on complexity of customer department’s network design requirements Dependencies: Telco vendor response time – applies to SD-WAN and FRS-E only No quote/services are needed from local exchange carrier Customer availability to attend design meetings with the appropriate technical staff Customer submission of accurate information/documentation Process includes: Customer Initiates Request - Customer submits request, completes questionnaire (Avg – 3 days) CDT Network Review – Network Support review/approve, gather additional information, and conduct internal meetings with Network Engineering as needed (Avg – 5 days) Customer and CDT Network Meeting – Network design and technical requirements meeting with customer and preparation of high-level network design/topology (Avg – 10 days) Vendor Quote Submission – CDT submit and receive telco quotes from selected vendor (applies to SD-WAN and FRS-E only) (Avg – 10 days) CDT Delivery and Customer Accepts – Network provide cost estimate and/or high-level network design to customer and customer accepts (Avg – 2 days)
ADD SD-WAN	95% within 135 calendar days	Dependencies/Assumptions (applies to all add, change, move, and upgrade SD-WAN requests) Availability and delivery of telco and SD-WAN equipment No work/services needed from local exchange carrier No Individual Price Reduction (IPR) approval needed Site readiness Access/Signed lease to building Viable infrastructure/cabling (copper and/or fiber) ready to accept service No special permits/inspection and/or other vendor pricing needed Customer submission of accurate information and documentation (Cost Estimate and High-Level Network Design attached to the case) Installation timeframe is for only one service/site location Process includes: Customer Initiates Request – 1 Day Customer submits request with attached approved network design/cost estimate and completed customer sections of the SD-WAN Intake Form CDT Network Review & Submission to Telco and SD-WAN Vendor - 10 Days Network Provisioning Submits Form 20 to Telco Vendor– Network Provisioning reviews, requests additional information, and conducts internal meetings with Network Engineering (as needed); once finalized, Network Provisioning will submit Form 20 to vendor to order service Network Provisioning Issues Work Authorization (WA) to SD-WAN Vendor – WA authorizes vendor to order the equipment and schedule installation of SD-WAN equipment Telco and SD-WAN Vendor (Circuit and Equipment Installation/Configuration) – 94 Days Telco Vendor Receives and reviews request Schedules site survey to determine site readiness/viable infrastructure to deliver requested circuit Schedules circuit delivery (installation & configuration) Schedules secondary site survey to test completion of circuit installation (if needed) Vendor notifies CDT and customer of successful circuit installation SD-WAN Vendor SD-WAN vendor receives, and reviews work authorization SD-WAN vendor delivers equipment to customer site/location CDT Network confirms customer receipt of SD-WAN equipment SD-WAN vendor coordinates installation with CDT & customer at site/location (includes rack & stack, WAN connectivity verification) LAN Activation – 15 Days CDT Network Provisioning coordinates and schedules LAN turn up on the CDT router calendar with all parties (may include customer, telcos, CDT network, and SD-WAN equipment vendor) CDT Network Engineering performs LAN activation and tests to confirm connectivity, circuit stability, speed, and CDT monitoring tools can reach the network equipment CDT Create NSDM Record & Network Billing Profile – 10 Days Customer’s network connection/record is documented in NSDM network database to initiate billing Note: Circuit billing is initiated upon successful WAN activation and SD-WAN equipment billing is initiated upon successful LAN activation CDT Delivery and Customer Accepts – 5 Days Network informs customer of completion and customer accepts ServiceNow resolution Note: Date of LAN activation and customer acceptance is the billing start date
MOVE, CHANGE, UPGRADE SD-WAN	95% within 90 calendar days	Process includes: Customer Initiates Request – 1 Day Customer submits request with attached approved network design/cost estimate and completed customer sections of the SD-WAN Intake Form CDT Network Review & Submission to Telco and SD-WAN Vendor - 10 Days Network Provisioning Submits Form 20 to Telco Vendor– Network Provisioning reviews, requests additional information, and conducts internal meetings with Network Engineering (as needed); once finalized, Network Provisioning will submit Form 20 to vendor to modify service Network Provisioning Issues Work Authorization (WA) to Equipment Vendor – WA authorizes vendor to order the equipment and schedule installation (if needed) Telco and SD-WAN Vendor (Circuit and Equipment Installation/Configuration) – 49 Days Telco Vendor Receives and reviews request Schedules circuit change (installation & configuration) Schedules secondary site survey to test completion of circuit change (if needed) Vendor notifies CDT and customer of successful circuit change SD-WAN Vendor SD-WAN vendor receives, and reviews work authorization SD-WAN vendor delivers new equipment to customer site/location (if needed) CDT Network confirms customer receipt of new SD-WAN equipment (if needed) SD-WAN vendor coordinates installation with CDT & customer at site/location (if needed) LAN Activation/Change – 15 Days CDT Network Provisioning coordinates and schedules LAN activation/change on the CDT router calendar with all parties (may include customer, telcos, CDT network, and SD-WAN equipment vendor) CDT Network Engineering performs LAN activation/change and tests to confirm connectivity, circuit stability, speed, and CDT monitoring tools can reach the network equipment CDT Create NSDM Record & Network Billing Profile – 10 Days Customer’s network connection is updated in NSDM network database to initiate billing Note: Circuit billing is initiated upon successful WAN activation/change and SD-WAN equipment billing is initiated upon successful LAN activation/change CDT Delivery and Customer Accepts – 5 Days Network informs customer of completion and customer accepts ServiceNow resolution Note: Date of LAN activation/change and customer acceptance is the billing start date
DELETE SD-WAN	95% within 31 calendar days (Remove from monthly billing invoice) 95% within 120 calendar days (Network equipment pickup/removal from customer site)	Process includes: Customer Initiates Request – 1 Day Customer submits decommission request CDT Network Review & Submission to Telco and SD-WAN Vendor - 5 Days Network Provisioning submits Form 20 to telco vendor to disconnect circuit and contacts SD-WAN vendor to coordinate cancellation and return of SD-WAN equipment Telco and SD-WAN Vendor (Circuit and Equipment Decommission) – 84 Days Telco Vendor receives, reviews, and processes circuit decommission request SD-WAN equipment vendor sends information to customer for return of SD-WAN equipment LAN & Circuit Decommission – 15 Days CDT Network Provisioning coordinates and schedules circuit decommission on router calendar CDT Network Engineering removes circuit and router details from CDT monitoring tools CDT Update NSDM Record & Billing – 10 Days Customer’s network connection is updated in NSDM network database to stop billing Note: SD-WAN service billing is discontinued 5 days after the Form 20 submission CDT /Vendor confirmation and Customer Accepts – 5 Days Network informs customer of completion and customer accepts ServiceNow resolution Note: Not counted in total fulfillment timeframe as customer billing is already stopped when NSDM record is removed

Our department

Community of practice

State campaigns

Website Accessibility Certification