Network Orchestration

The Hidden Challenges of SD-WAN & How to Overcome Them

Rich Martin

Director of Technical Marketing ‐ Itential

The Hidden Challenges of SD-WAN & How to Overcome Them
Share this:
Posted on March 27, 2025

SD-WAN is no longer a new technology — today, it’s a critical priority for enterprise network teams everywhere. But as more and more enterprises shift to SD-WAN deployments, they are beginning to realize that the promises of SD-WAN are harder to fulfill than anticipated.

The unfortunate reality is that the shortfalls of SD-WAN initiatives typically overshadow the opportunities. It’s common for teams to struggle with deployments, day-to-day operations, and security. It’s a common conversation we have with our customers; so common, in fact, we’ve begun to refer to them as the “Hidden Challenges of SD-WAN.”

If your organization hasn’t already run into some of these hidden challenges yet, it’s likely you will as you continue to expand your SD-WAN footprint.

To help you overcome hidden challenges and avoid crucial issues, I want to share some insight and lessons learned to help understand why SD-WAN is so important, where the disconnects are, and how automation done right can ensure success.


The Promise of SD-WAN

To the network team, the WAN has traditionally been like walking a tightrope without a net. Remote WAN sites use a variety of high-cost, low-speed, dedicated connectivity options from legacy fractional T1s, frame-relay, and ATM to modern MPLS deployments.

However, not every WAN site has the same options for connectivity, which results in vastly different network devices at each site with an array of configurations. Adding to the confusion, there’s usually no one technical at the other end of the WAN link that can help troubleshoot when there’s a problem.

I won’t even mention the burden of working with the WAN provider to troubleshoot issues, because that may send some over the edge of sanity…

So, given the problems of managing WANs, it’s easy to identify and understand why SD-WAN has become so prominent. For enterprises looking at the bottom line, there is already a recognition that private line WAN services cost a fortune, and SD-WAN promises reduced costs with higher capacity by utilizing less expensive internet connectivity and industry standard encryption. It certainly delivers on that, allowing organizations to reduce or eliminate spend on those expensive WAN links.

For the remote user, SD-WAN promises increased network performance and a better overall experience, whether they are accessing corporate resources in the data center or directly accessing the Internet. This means fewer trouble tickets sent to the network team because “my computer/the internet/your server is slow.”

Finally, for the networking team, the promise of centralized management of WAN devices, increased network visibility, and easy automation is not only appealing — it’s a way to totally get off the tightrope and hopefully never, ever get back on. Ever.


Where SD-WAN Falls Short & The Challenges It Brings

Of course, there is always a gap between goal and implementation — when teams start facing those hidden challenges. Just like with all new technologies, there’s a learning curve and a realization that some of what was initially promised wasn’t fully delivered.

It makes sense to deploy SD-WAN initially at one or two sites to test the process. For many teams, particularly teams who rely on manual or traditional network management methods, the first SD-WAN deployments can be difficult — it’s a fundamentally different technology than MPLS and introduces complexities like cloud networking, VPN and overlay, and embracing network controllers.

There’s also a shift from hardcore CLI keyboarding on network devices to ClickOps-heavy SD-WAN dashboards. The amount of swivel chairing required to deploy SD-WAN services at scale slows down your ability to deploy sites, resulting in missed deadlines and “upsetting the management layer.”

Adding to the challenges, a shiny GUI gets in the way and can cause troubleshooting and network changes to take longer than before. This is because SD-WAN solutions have effectively removed the ability to use CLI as they require users to do without it. An SD-WAN controller for a particular vendor is locked into that solution and will never manage or control anything outside of it. That may sound obvious, but consider how many other network solutions operate this way or are heading in that direction — data center controllers, wireless controllers, and every single cloud provider has a unique dashboard/controller. This means network teams are forced to swivel-chair between these unique network applications in order to make changes or troubleshoot problems, increasing ClickOps activities and reducing efficiency.

Finally, as more and more SD-WAN devices are deployed on the public Internet, it’s important to determine how configuration compliance is accomplished within each of these solutions. Every single SD-WAN vendor is unique and has a differing set of features and functionality. However, many of them completely overlook the ability to ensure consistent configuration compliance for all the remote network devices. They make it very easy for anyone to make changes with ClickOps but cannot determine if those changes adhere to a standard, comply with a best practice, or create a security risk.


Reap the Benefits of SD-WAN by Leveraging Automation

Fortunately, the world of network engineering isn’t entirely focused on dwelling on the challenges – instead it’s about finding solutions, putting them into practice, and overcoming those obstacles.

In order to overcome these hidden challenges, network teams and vendors alike have recognized the importance of automation. Nearly every major SD-WAN vendor has API methods available to be used with their controllers. Many of these methods allow for more flexibility in configuring devices, troubleshooting them, and result in a faster response over what is available through clicky dashboards.

The key for network teams is overcoming the skills gap to build automations that can utilize those SD-WAN APIs, which is why Itential’s orchestration platform was engineered to help network teams quickly build workflows in a low-code canvas that can automate changes within the SD-WAN environment, across legacy data centers, or even across multiple cloud platforms. In addition, by using the same API integration technology used to communicate with your network controllers, teams can also integrate regularly used IT systems to become part of the orchestrated workflow.

The outcome is an orchestrated service that follows every step of your organization’s change management process — it can gather network information from a source of truth, open and update a change request ticket, make network changes, update the network monitoring system, and notify your team within your messaging system.

If you’re already experiencing some of these hidden challenges or anticipate encountering them in the future, Itential’s Automation Marketplace offers a range of pre-built SD-WAN solutions. If you want to see it for yourself, watch this demo video to see Itential can help teams overcome the challenges of SD-WAN deployments and management.

Rich Martin

Director of Technical Marketing ‐ Itential

Rich Martin is the Director of Technical Marketing at Itential. Previously, Rich has worked at several networking vendors as a both a Pre-Sales Systems Engineer and Systems Engineering Manager but started his career with a background in software development and Linux. He has a passion for automation in the networking domain, and at Itential he helps networking teams to get started quickly and move forward successfully on their network automation journey.

More from Rich Martin