SD-WAN is built on the principles of SDN (Software-Defined Networking).  The goal of Software-Defined Networking is to enable cloud, network engineers and administrators to respond quickly to changing business requirements via a centralised control console. SDN encompasses multiple kinds of network technologies designed to make the network more flexible and agile to support. Specific software-defined WAN products and services vary. In general terms, SD-WAN/SDN technology consists of two main components: the control plane and the data plane. The control plane refers to the controller, normally a software component that runs on a cloud-based or locally based machine. The controller manages all device profiles and configurations, and offers a single-pane-of-glass view of the WAN and its devices. The data plane consists of all the WAN edge devices deployed to the sites that handle traffic.

Some of the Benefits of SDN are shown in the table below:

Benefit Description
Directly Programmable Network directly programmable as the control functions are decoupled from forwarding functions, which enable the network to be programmatically configured by proprietary or open source automation tools
Centralised Management Network intelligence is logically centralised in SDN controller software that maintains a global view of the network, which appears to applications and policy engines as a single, logical switch.
Reduce CAPEX Potentially limits the need to purchase purpose-built, ASIC-based networking hardware, and instead supports pay-as-your-grow models
Reduce OPEX Enables algorithmic control of the network of network elements (such as hardware or software switches / routers that are increasingly programmable, making it easier to design, deploy, manage, and scale networks). The ability to automate provisioning and orchestration optimises service availability and reliability by reducing overall management time and the change for human error. 
Deliver Agility and Flexibility Helps organisations rapidly deploy new applications, services, and infrastructure to quickly meet changing business goals and objectives. 
Enable Innovation Enables organisations to create new types of applications, services, and business models that can offer new revenue streams and more value from the network


SD-WAN is not just one thing, but is a collective name for a suite of protocols utilised to deliver an intelligent overlay network solution, based on a Hybrid WAN. Software-defined WAN (SD-WAN) features are designed to allow the network to dynamically adjust to changing WAN conditions without the need for manual intervention by the network administrator. By providing granular control over how certain traffic types respond to changes in WAN availability and performance, SD-WAN can ensure optimal performance for critical applications and help to avoid disruptions of highly performance-sensitive traffic, such as VoIP. To provide the full benefit of an SD-WAN deployment there would be at least two WAN connections from each branch office, comprises of two or more different access technologies (MPLS, broadband Internet, 3G/4G, VSAT, etc.).

The main driver of deploying an SD-WAN network is to deliver a secure business-class and simple cloud-enabled WAN connection to provide premium business services such as WAN optimisation for optimum usage of available bandwidth, granular applications control for predictable application deliver and agility to adapt to changing network requirements.

The Hughes SD-Service can be adapted to meet your specific business needs with solutions from Hughes based on the 60 series Fortinet firewall, Viprinet and Cisco Meraki.  The five core areas of our service are shown in the table below:

Transport Independent Traffic distribution over multiple pathways (DSL, 3G/4G, Satellite) with load balancing and automatic failover capabilities for optimum use of available bandwidth and increased reliability
Application Optimisation Centralised Layer 7 visibility and control of applications running across the network with QoS and bandwidth management. By providing granular control over how certain traffic types respond to changes in WAN availability and performance, Hughes SD-WAN can ensure optimal performance for critical applications and hlep to avoid disruptions of highly performance-sensitive traffic, such as VoIP.
Intelligent Path Control Dynamic Path Selection for QoS control and predictable application performance, with traffic path chosen per application based on loss, latency and jitter and assigned based on source, destination or application. 
Secure Connectivity Secure connectivity at the edge with inbuilt Firewall, AES encryption and IPSec to ensure secure links and data privacy, protecting the customer and the brand.
Agile Networking Centralised templates allow configurations to be done from a single point and pushed to selected devices with a simple click of a button. Allows new Apps and services to be quickly deployed with real-time control over available bandwidth capacity. 



To meet the challenges in today’s network Hughes has developed patented state-of-the-art WAN optimisation features combined with configuration automation, for reduced management complexity, real-time QoS becomes practical over best-effort broadband connections transforming them into highly reliable enterprise-grade WANs. This allows enterprises to deploy real-time and business-critical apps over broadband connections with high reliability and performance, while still allowing cloud apps and Guest Wi-Fi services to be delivered over the same connection.  The core features in this suite are Hughes ActiveQoS™, ActiveClassifier™, ActiveCompression™ and ActivePath™.


Increased virtual capacity to branch sites

Hughes ActiveCompression™ technology dramatically increases the “virtual” or effective bandwidth available at branch locations by improving throughput and application performance without incurring the expense of increasing the access link speed. 


Dynamic end-to-end QoS control over broadband

Hughes ActiveQoS™ intelligently monitors and manages the end-to-end network capacity over the WAN, while Hughes ActiveClassifier™ dynamically classifies traffic flows into eight different traffic classes in real time.  Real-time traffic is optimally routed over the WAN without queuing delays while all other traffic is appropriately balanced among strict priority queues with starvation protection.  This intelligent balancing of different traffic types over the broadband connection effectively mitigates congestion.


Automatic flow and website classification

Hughes ActiveClassifier™ is an IP flow-based packet classifier that works both in the upstream and downstream directions independently and eliminates the administrative overhead of defining rules or ACLs in any type of network. It intelligently classifies traffic according to its QoS needs, ensuring that real-time and interactive applications receive the appropriate prioritisation automatically, while new applications being added to the network are effortlessly blended in. ActiveClassifier™ classifies IP flows into four top-level classes: real-time; light-interactive; heavy-interactive; and, bulk, each defined by specific characteristics of the different classes.  Heavy-interactive and bulk are further broken down into three separate classes for more granular control and a total of eight traffic classes are available.


Intelligent use of multiple WAN connections (SD-WAN)

Hughes ActivePath™ uses Intelligent Multipath Replication (IMR) technology to automatically replicate mission critical application traffic across the available WAN paths.  This allows ActivePath™ to eliminate the impact that brownout and blackout conditions have on sensitive applications, such as VoIP.


As well as developing ActiveTechnologies™ to provide performance optimisation of the WAN network Hughes has built the platform on the Fortinet Enterprise Firewall Solution to deliver end-to-end network security with unified policy management via a single pane of glass to provide the best protection against the most advanced security threats and targeted attacks. Combined they provide the security at the branch required today to protect the customer and the brand as well as provide the enquired levels of network performance that businesses, staff and customers expect from today’s connectivity.  The Fortinet 60 series appliances that the Hughes HR4700 is built on deliver up to 3.5 Gbps of firewall throughput, plus multiple, integrated 1 GE ports. This combination of performance, port density, and consolidated security features offers an ideal platform for distributed enterprises.