CloudWAN’s white box SD-WAN platform is custom built by NTT to power the managed SD-WAN service offerings of a diverse global service provider distribution network. Designed from the ground up to provide the world-class SD-WAN features and operational infrastructure needed to solve the most common networking use cases that our service provider partners face every day. CloudWAN is among the most comprehensive and customizable SD-WAN white-box solutions for service providers on the market today.

SD-WAN features that enterprise, mid-market, and SMB networks demand

CloudWAN Easy VPN icon

Easy VPN

CloudWAN Security icon


CloudWAN Internet Breakouticon

Internet Breakout

CloudWAN API extinsibility icon

API Extensible

CloudWAN Quality of Service (QOS) icon


CloudWAN Hybrid WAN icon

Hybrid WAN

CloudWAN Zero Touch Provisioning (ZTP) icon


CloudWAN Single View Dashboard icon

Single View Dashboard

CloudWAN Easy VPN icon
Easy VPN
CloudWAN Security icon
CloudWAN Internet Breakout icon
Internet Breakout
CloudWAN API Extensibility icon
API Extensible
CloudWAN Quality of Service (QOS) icon
CloudWAN Hybrid WAN icon
CloudWAN Touch Provisioning (ZTP) icon
Zero Touch Provisioning (ZTP)
CloudWAN Single View Dashboard icon
Single View Dashboard

Easy VPN for any topology

Automatically create VPN tunnels (DTLS) between edge devices. CloudWAN supports full mesh and hub & spoke network topologies.

Enterprise-level security is built-in. CloudWAN natively employs two-way authentication using x509 certificates and standard-based cipher suite(AES256-SHA) to enable highly scalable and secure VPNs.

Hub and Spoke Topology

Route all site traffic to a central office.

CloudWAN supports hub-and-spoke SD-WAN topology diagram

Full Mesh Topology

Automatically establish VPN tunnels between edge devices in the same network.

CloudWAN supports full mesh SD-WAN topology diagram

Internet Breakout

Reduce bandwidth costs and boost application performance with CloudWAN Internet Breakout.

Offload selected application traffic to the internet versus backhauling all traffic over a customer’s private WAN. Provide direct internet access for selected traffic from the edge device without encrypting and encapsulating it into a VPN tunnel.

Set the policy in the CloudWAN Controller to breakout locally or remotely via a hub site. Saved templates make it easy to deploy and update the routing policy across your existing network and new sites as they come online.

CloudWAN Internet Breakout feature diagram

Hybrid WAN

Hybrid WAN enables the use of multiple WAN uplinks as an active-active model to enable the incremental rollout of overlay-based VPNs alongside existing MPLS circuits.

Create application-specific policies to steer packets to multiple paths based on the application data they carry. For example, using an MPLS path for low latency voice traffic and an internet path for data traffic.

CloudWAN Hybrid WAN feature diagram

Native Firewall & VPN Microsegmentation

For the Internet-bound traffic, the Native Firewall (IP Filter) provides an effective firewall mechanism. VPN Micro-Segmentation provides IP filtering for VPN-bound traffic.

These two features allow traffic to permit/deny based on a conditional match of the packet content and the network/interface.

CloudWAN Microsegmentation feature diagram

Quality of Service (QoS)

Prioritize bandwidth for select applications and bypass lesser classifications of traffic to conserve bandwidth and avoid throughput bottlenecks for business-critical traffic.

CloudWAN provides for the categorization of traffic (such as applications and protocols) priority and desired performance criteria for a particular application.

CloudWAN Quality of Service (QOS) feature diagram

Enterprise-grade failover handling

CloudWAN supports multiple methods for edge device LAN-side redundancy.


PAIR WAN redundancy makes CloudWAN resilient to edge device and uplink failure. You may use two uplinks across two edge devices, just as they would be used with a single device.

The PAIR interface of an edge device mirrors the uplink attributes of the paired edge device at the site. The PAIR interface (e.g., WAN 2 on Edge Device1) acts as a proxy for the “remote” uplink on the on a Site (WAN 2 on Edge Device2). The first edge device in the pair recognizes the directly attached uplink and the PAIR interface as WAN interfaces and establish tunnels through them.

CloudWAN CloudWAN Policy-Aware Intelligent Redundancy (PAIR) feature diagram


VRRP establishes redundant default gateways over two edge devices. Hosts on the LAN establish a virtual IP address to the primary edge device acting as a gateway. The second edge device automatically activates upon the failure of the primary edge devices. This allows hosts on the LAN to keep reaching hosts on the WAN through a working edge device, even after an edge device VRRP switch-over.

CloudWAN CloudWAN Virtual Router Redundancy Protocol (VRRP) feature diagram


For use cases requiring BGP routing, CloudWAN supports BGP sessions. The user sets up their own router that speaks BGP, and then two edge devices can connect to the router. The edge devices and router peer and advertise routing tables to each other.

CloudWAN Border Gateway Protocol (BGP) feature diagram


CloudWAN can establish an OSPF routing protocol with the router. An edge device uses OSPF to receive the router’s routing information and distributes it to all the other edge devices. The routing information from other edge devices is redistributed to OSPF and propagated to the LAN of the edge devices.

CloudWAN Open Shortest Path First (OSPF) feature diagram

Vendor Agnostic NFV support

Easily deploy network function virtualization (NFV) to edge devices, and manage NFVs from the CloudWAN Controller.

CloudWAN Vendor Agnostic NFV support feature diagram

Cloud Connector

Cloud Connector is a virtual appliance that enables customers to access resources on public clouds via secure tunnels. Cloud Connector is provisioned with Zero Touch Provisioning.

CloudWAN Cloud Connector feature diagram

Edge Application Distribution and Orchestration

Easily create application containers and deploy applications and microservices to edge devices.

  • Create new applications with quick container file creation.
  • Distribute containerized applications to edge devices from the CloudWAN Controller.
  • Update applications easily with stored containers.
  • Delete applications by edge device and site.
CLOUDWAN Edge Application Distribution and Orchestration feature diagram

CloudWAN Service Management Access

CloudWAN provides multiple cloud-based interfaces and robust API that service providers use to establish and scale managed SD-WAN operations.

View of CloudWAN SaaS dashboards

CloudWAN Admin Portal

Establish new customer accounts and onboard sites.

  • Create and manage customer accounts (projects).
  • Distribute edge device OS for Zero Touch Provisioning.
CloudWAN Admin Portal dashboard image

CloudWAN Controller Dashboard

Manage each customer’s network, sites, and edge devices. Monitor network and edge device performance, including:

  • CPU & memory usage
  • Network utilization
  • Tunnel conditions

Create and distribute network policy templates for:

  • Firewall
  • Hybrid WAN and QoS policies
  • VNF services
CloudWAN Controller Dashboard image

CloudWAN API Explorer

CloudWAN is fully manageable via Rest API. Easily integrate CloudWAN SD-WAN into the service provider’s customer-facing interface and customize managed service offerings. CloudWAN API Explorer goes beyond API documentation by providing an environment for discovering, testing, and utilizing API calls on staging and live networks.

CloudWAN API Explorer dashboard image

Multi-tenant at Scale

CloudWAN service providers can provide isolated views and operations for each customer. Network traffic is securely isolated. CloudWAN service providers can accommodate multiple customers in one CloudWAN system.

Zero Touch Provisioning

Eliminate the complexity and cost of sending network engineers and technicians to onboard new sites. CloudWAN’s streamlined Zero Touch Provisioning system makes standing-up new sites easy and fast. The service provider arranges the delivery of a CloudWAN approved edge device and uses the CloudWAN Admin Portal to drop ship a service provider-branded instruction manual and USB drive to the customer. Once the edge device and installation guide arrive, the customer plugs in the edge device and USB drive. The device boots and automatically joins the customer’s network in about ten minutes.