A Comparison of the VeloCloud and Fortinet SD-WAN
We live in an ever-changing era of information technology, where emerging technologies are increasingly dictating the way we do business and run operations. Technologies come and go, but SD-WAN, a comparatively new entrant in the network infrastructure, has shown surprising traction. Among the popular SD-WAN solutions, VeloCloud and Fortinet have been market leaders. This article explains the differences in conception, components and performance between VMware’s VeloCloud and Fortinet.
VeloCloud is used to tackle software-defined wide-area networks, in order to streamline how organisations configure their branches within the WAN. In addition to this, it enhances cloud application quality and improves cost-effectiveness. VeloCloud is built as a transport-independent product that can be easily implemented, allowing various infrastructure transport connections ranging from MPLS or cable to cellular LTE. Briefly defined, VeloCloud is a cloud-native platform that provides cloud-based services which separate the orchestration plane, control plane, and data plane. This creates a flexible infrastructure that meets the diverse demands of today’s organisations.
Components of the VeloCloud SD-WAN:
- Secure network overlay: The VeloCloud SD-WAN solution separates the control plane and data plane layers. This improves network speeds by moving intelligence from the data plane into a programmable control plane which is hosted in the cloud.
- Scalable, secure cloud network: To form a secure cloud network, the VeloCloud SD-WAN adopts standard-based encryption to provide secure connectivity over any underlying transport. The VeloCloud SD-WAN devices are verified by the management plane, which controls the business policies, with secure and optimised access granted to cloud applications.
- Default application policies: All applications are categorised by default and have a number of policies applied to provide optimised performance for both on-premises and cloud applications.
- Orchestration and analytics: This layer facilitates the management plane and gives network administrators full visibility of the network, independent of the underlying transport links. With zero touch provisioning, it is easy to set up and deploy a new site without any IT personnel intervention.
Functions of VeloCloud:
Although VeloCloud is a fairly new platform, it has become the market leader in a short period of time. The main reason behind the success of VeloCloud is its high reliability, performance, and ease of use. It is fast, simple, and can be deployed within minutes. Furthermore, it is well known for facilitating optimal visibility and control of applications. For instance, retail, healthcare, construction are among the industries that have quickly switched to VeloCloud for their SD-WAN. From a security perspective, VeloCloud comprises of built-in stateful firewalls that provide the necessary protection. But for more advanced protection, VeloCloud can work with next-generation firewalls from leading security vendors like Fortinet.
The main reason behind the success of VeloCloud is its high reliability, performance, and ease of use.
The Fortinet SD-WAN’s main aim is to provide higher security by integrating the network and routing appliances into the FortiGate next-generation firewall (NGFW). Fortinet optimises the on-premises security of the network and protects organisations from external attacks by combining its FortiGate NGFW with the SD-WAN. This secures the whole network, from the internal LAN to the data centre and into the cloud environment. FortiGates devices are the critical components of the Fortinet Security Fabric, which intelligently defend against new and prevailing threats throughout the entire network.
Components of the Fortinet SD-WAN:
- Application identification and awareness: Fortinet frequently updates its database with over 5,000 applications, which the Fortinet Secure SD-WAN uses to identify and categorise applications from the first packet that reach the next-generation firewall (NGFW). It also detects and groups the applications which are encrypted from the cloud through its SD-WAN encryption inspection capability. Once the applications are identified and the FortiGate NGFWs are also aware of them, the firewall enforces the business network administrators’ policies on how the network resources should be utilised.
- Automated Path Intelligence: Application awareness informs the path intelligence in the SD-WAN software of how to route the traffic. This awareness also helps in specific application prioritisation. The Fortinet SD-WAN also claims to have one of the fastest application steering in the industry. It does so by re-routing traffic on the best connection, depending on availability.
- Path Remediation and Automatic failover: Path remediation is similar to automatic failover as it automatically avoids a certain connection. It helps to avoid poor quality and overused links rather than the completely re-routing. Path remediation is achieved through the forward error connection (FEC) function that adds the error-corrected data to outbound traffic. This helps to recover from packet loss and other transmission errors at the expense of consuming more bandwidth. On further degradation of connections from poor quality, it automatically reroutes to one of the other multiple paths connecting the WAN enterprise locations. The failover function is built into all its next-generation firewall appliances.
- Fortinet SD-WAN Management via Single Pane of Glass: Single pane of glass dashboards usually simplify the enterprise’s management with a large-scale SD-WAN deployment. The Fortinet management software, which is called FortiManager, is a single network administrator that easily shows the network health at various levels. At a high level, new business policies for the WAN can be delivered by the network admin to all network locations. At the granular level, the FortiGate has visibility of all SD-WAN enabled NGFWs in the network. The granularity thus allows the individual reconfiguration of NGFW devices using FortiManager.
Function of Fortinet:
Though Fortinet is quite similar to VeloCloud in providing wide-area networking functionality, Fortinet is best known as a provider of advanced security solutions using artificial intelligence. The threat detection capabilities incorporated into the SD-WAN make Fortinet unique, especially if you are looking for an on-premises SD-WAN platform from a single vendor.
Both VeloCloud and Fortinet serve their respective purposes very well. However, VeloCloud is a much easier platform to use and set up, with its zero touch provisioning and cloud first approach. It leverages its cloud gateways for on-ramping traffic to SaaS and security services, together with optimising traffic via its Dynamic Multipath Optimisation techniques. In contrast, the Fortinet SD-WAN leverages its NGFW functionality to combine security and routing into a single on-premises appliance, with a single management platform.
If you still require more information about all of the different SD-WAN solutions which are available on the market, have a read of our SD-WAN vendors comparison report.
If you would like to learn more about VMware SD-WAN then take a test drive of the VeloCloud Orchestrator. Get hands-on access to the market leading SD-WAN platform and experience for yourself the visibility and simplicity of managing your WAN with SD-WAN – Click here to get access