• United States
Senior Editor

IDC: Cisco, Fortinet, HPE-Aruba, VMware lead hot SD-WAN market

News Analysis
Nov 18, 20218 mins

IDC's “MarketScape: Worldwide SD-WAN Infrastructure 2021 Vendor Assessment” looks at the capabilities and evaluates the core features offered by 12 SD-WAN infrastructure vendors.

SD-WAN Predictions
Credit: istock

Cisco, Fortinet, HPE-Aruba, and VMware lead the evolving and highly-competitive software-defined wide-area networking (SD-WAN) market according to a new report from IDC. 

MarketScape: Worldwide SD-WAN Infrastructure 2021 Vendor Assessment” looks at the capabilities of 12 SD-WAN infrastructure vendors evaluating then on a core set of SD-WAN features such as WAN routing, WAN link management, application-based policy controls, and application steering and prioritization.

Beyond these features, most current SD-WAN  packages include others such as optimized connections to public clouds (IaaS and SaaS), WAN-link visibility and analytics, end-user experience monitoring, zero-touch provisioning, and forward error correction, according to the author of the report, Brandon Butler, IDC research manager, Enterprise Networks.

And the SD-WAN market continues to boom: In 2020, the SD-WAN infrastructure market grew 18.5%. Through 2025, IDC estimates that the market will grow at a compound annual growth rate of 18.9%.

“As enterprises look toward the future state of their networks, they’re increasingly looking for technology that helps optimize connectivity to cloud-based applications, while also exploring ways to integrate security functionality directly into their networks,”  Butler stated. “Today’s SD-WAN products increasingly achieve these goals while also providing detailed visibility and analytics into WAN health, application, and user performance. These advancements will continue to make SD-WAN a key technology for enterprises as they look to build out their digital transformation journeys in 2022 and beyond.”

Some key findings:

  • SD-WAN enables myriad benefits for organizations including, but not limited to, improving reliability by augmenting existing WAN connectivity with redundant failover across dual links; setting application traffic-steering via automated software management tools, which ensures that sensitive traffic is prioritized over noncritical traffic; and the ability to provide more direct connections between users and devices and the distributed applications they’re accessing.
  • IDC’s Digital Infrastructure research has identified the critical role of cloud-centric, consumption-based, and highly automated cloud and data-center digital infrastructure architectures as enablers of digital business transformation and agility. IDC expects enterprise adoption of as-a-service and subscriptions for cloud and dedicated compute, storage, network and edge systems and software—including SD-WAN offerings—will increase faster than traditional capex-centric infrastructure in the years to come.
  • IDC refers to the comanagement of network and security functions as the software-defined branch (SD-Branch). (When vendors offer cloud-managed networking and security capabilities, it is also referred to as the secure access service edge (SASE)). Common security features in SD-WAN products include intrusion detection and prevention (IDS/IPS), next-generation firewall (NGFW), and content/web/URL filtering. Similarly, almost all SD-WAN vendors have integrations with third-party security tools, most commonly with cloud access security brokers (CASBs) or secure web gateway (SWG) providers such as Zscaler and Check Point.
  • Customers have a choice between the SD-WAN management platform being hosted on-premises or from the cloud. Most SD-WAN vendors offer a cloud-hosted management plane, but some offer on premises management, too. Enterprises may also consider existing relationships they have with SD-WAN vendors across other product areas and what sorts of licensing discounts they may be able to receive as part of a longer-term subscription package.
  • The need for intelligent, adaptable, and always-on connectivity has become a mandatory requirement for businesses to operate and for people, processes, and things to connect with one another. IDC’s recent Future of Connectedness research shows the strategic importance of a wireless-led and cloud-enabled connectivity strategy that removes network and IT silos, automates critical business processes, empowers employees to become more productive, and ensures a continuous digital experience for employees, customers, and partners.

In its connectedness survey, IDC says that by 2023 mid-sized to large enterprises will transition 50% of IT staff driving connectedness from tactical legacy network support operations towards strategic business outcomes, technology innovation, and service delivery. IDC also says that by 2024, 20% of organizations will use a joint telco/cloud-provider “sovereign cloud” running on local infrastructure to ensure compliance and limit extraterritorial connectivity, access, and data movement.

On the vendor evaluation side, IDC  pointed to four “Leaders” in the SD-WAN arena: Cisco, Fortinet, HPE-Aruba and VMware. Another eight vendors are profiled and ranked in either the major players or contenders, including: Aryaka, Citrix, Huawei, Juniper Networks, Nokia, Palo Alto Networks, Oracle and Versa.

Of the leaders IDC states in part:


Cisco has two primary products in its SD-WAN portfolio: Cisco SD-WAN powered by Viptela and Cisco SD-WAN powered by Meraki. The Cisco SD-WAN powered by Viptela platform stems from the company’s 2017 acquisition of Viptela, one of the initial start-ups that helped develop the SD-WAN market. The company has a variety of strengths including the fact that Cisco has been able to leverage its strong heritage in enterprise routing to build its SD-WAN market share, particularly the ISR customer base. Cisco has a strong go-to-market channel with a large network of resellers, managed-service providers, and value-added resellers, along with partnerships with many prominent communications service providers. 

On the challenges side, Cisco’s dual products—Viptela and Meraki—can cause some confusion about which platform is best for which use cases. Cisco has strong natively integrated security capabilities, primarily through Umbrella and Duo, but the company’s integrations are not as strong with third-party security tools.


IDC says the company is known for having a strongly integrated network and security offering. Fortinet’s Secure SD-WAN consolidates SD-WAN, NGFW, advanced routing, and [Zero Trust network acccess] proxy functions in its popular FortiGate appliance.   Fortinet also offers LAN and WLAN products, giving customers an opportunity to work with an existing vendor across LAN and WAN. The company has successfully built up a channel partner strategy that includes strong relationships with communications service providers, as well as managed SPs and VARs. 

On the challenges side,  Fortinet is primarily a security vendor and may need to work harder with some customers that are looking to work with a vendor with a stronger heritage in routing and networking, IDC stated. While Fortinet offers integration with third-party security tools, its primary security solutions are offered by Fortinet itself; this may be a limitation to customers that want to use Fortinet for SD-WAN but integrate it with third-party security tools.


The SD-WAN portfolio from Aruba, an HPE company, is part of the company’s Edge Services Platform (Aruba ESP), the company’s edge-to-cloud vision for unified infrastructure, security, and AIOps across wired, wireless, and SD-WAN. Aruba has two SD-WAN offerings: Aruba EdgeConnect and Aruba SD-Branch.

IDC says Aruba is continuing to build integrations across Aruba EdgeConnect and its broader ESP  platform. Customers can launch and do basic management across Aruba Central and EdgeConnect Orchestrator, and the company has developed a road map to increase integrations across the management platforms. The Aruba SD-Branch platform provides integrations across campus (LAN and WLAN) and branch along with remote worker tools managed by Aruba Central.

For challenges, IDC says that unlike some other SD-WAN vendors, Aruba EdgeConnect has not built out a series of points of presence for cloud connectivity or software-defined interconnect. However, the company does offer integrations with popular IaaS, SaaS, and colocation providers. In addition, Aruba has well-established network access control and identity-based security tools such as Aruba ClearPass, but the company does not have cloud-based security systems of its own, which is why the company offers integrations with third-party security tools, IDC stated.


VMware’s SD-WAN is built on technologies acquired in December 2017 from VeloCloud, one of the original start-ups in the SD-WAN market. VMware’s SD-WAN portfolio sits within the company’s Service Provider and Edge Business Unit, which packages SD-WAN and SASE cloud-based security products with a range of offerings for telecommunications SPs, including edge compute, telco core and telco RAN solutions.

IDC says VMware is building a portfolio of cloud-based security tools that it will deliver from its SD-WAN gateways, giving customers optimized connections into IaaS and SaaS, and a platform for hosting distributed security services including a CASB, URL filtering, and DLP.  VMware has successfully leveraged communications service providers as an effective go-to-market channel. VMware’s broader efforts to build management offers for communications SPs beyond SD-WAN, including security and integrated core and RAN services, will make VMware’s SD-WAN even more appealing for communications SPs in the future, IDC stated.

As for negatives, VMware has some integrations with campus LAN technologies, particularly around visibility, analytics, and management, but does not offer its own WLAN or LAN solutions, which could be a challenge for organizations that prefer a single vendor across the WAN and LAN. VMware does not have a strong heritage in the routing, WAN optimization, or security market compared with other SD-WAN vendors, although it’s been able to build up capabilities across all of these areas, IDC stated.