Fully featered SD-WAN for Service Providers

CLOUDWAN’s white box SD-WAN platform is custom built by NTT to power the managed SD-WAN service offerings of a diverse global service provider distribution network. Designed from the ground up to provide the world-class SD-WAN features and operational infrastructure needed to solve the most common networking use cases that our service provider partners face every day. CLOUDWAN is the most comprehensive and customizable SD-WAN white box solution for service providers on the market today.

SD-WAN features that enterprise, mid-market, and SMB networks demand

Easy VPN


Internet Breakout

API Extensible

Quality of Service (QOS)

Hybrid WAN

Zero Touch Provisioning (ZTP)

Single View Dashboard

Easy VPN
Internet Breakout
API Extensible
Zero Touch Provisioning (ZTP)
Single View Dashboard

Easy VPN for any topology

Automatically create VPN tunnels (DTLS) between edge devices. CLOUDWAN supports full mesh and hub & spoke network topologies.

Enterprise-level security is built-in. CLOUDWAN natively employs two-way authentication using x509 certificates and standard-based cipher suite(AES256-SHA) to enable highly scalable and secure VPNs.

Hub and Spoke Topology

Route all site traffic to a central office.

CloudWAN supports hub-and-spoke SD-WAN topology

Full Mesh Topology

Automatically establish VPN tunnels between edge devices in the same network.

CloudWAN supports full mesh SD-WAN topology

Internet Breakout

Reduce bandwidth costs and boost application performance with CLOUDWAN Internet Breakout.

Offload selected application traffic to the internet versus backhauling all traffic over a customer’s private WAN. Provide direct internet access for selected traffic from the edge device, without encrypting and encapsulating it into a VPN tunnel.

Set the policy in the CLOUDWAN Controller to breakout locally, or remotely via a hub site. Saved templates make it easy to deploy and update the routing policy across your existing network and new sites as they come online.

Hybrid WAN

Hybrid WAN enables the use of multiple WAN uplinks in as an active-active model to enable the incremental rollout of overlay-based VPNs, alongside existing MPLS circuits. Create application-specific policies to steer packets to multiple paths (e.g MPLS or internet) based on the application data they carry. For example using a MPLS path for low latency voice traffic, and an internet path for data traffic.

Native Firewall & VPN Microsegmentation

For the Internet-bound traffic, Native Firewalll (IP Filter) provides an effective firewall mechanism. VPN Micro-Segmentation provides IP filtering for VPN-bound traffic.

These two features allow traffic to permit/deny based on a conditional match of the packet content and the network/interface.

Quality of Service (QoS)

Prioritize bandwidth for select applications and bypass lesser classifications of traffic to conserve bandwidth and avoid throughput bottlenecks for business-critical traffic.

CLOUDWAN provides for the categorization of traffic (such as applications and protocols) priority and desired performance criteria for a particular application.

Enterprise-grade failover handling

CLOUDWAN supports multiple methods for edge device LAN-side redundancy.


PAIR WAN redundancy makes CLOUDWAN resilient to edge device and uplink failure. You may use two uplinks across two edge devices, just as they would be used with a single device.

The PAIR interface of an edge device mirrors the uplink attributes the paired edge device at the site. The PAIR interface (e.g. WAN 2 on Edge Device1) acts as a proxy for the “remote” uplink on the on a Site (WAN 2 on Edge Device2). The first edge device in the pair recognizes the directly attached uplink and the PAIR interface as WAN interfaces and establish tunnels through them.

Policy-Aware Intelligent Redundancy (PAIR)


VRRP establishes redundant default gateways over two edge devices. Hosts on the LAN establish a virtual IP address to the primary edge device acting as a gateway. The second edge device automatically activates upon the failure of the primary edge devices. This allows hosts on the LAN to keep reaching hosts on the WAN through a working edge device, even after an edge device VRRP switch-over.

Virtual Router Redundancy Protocol (VRRP)


For use cases requiring BGP routing, CLOUDWAN supports BGP sessions. The user sets up their own router that speaks BGP, then two edge devices can connect to the router. The edge devices and router peer and advertise routing tables to each other.

Border Gateway Protocol (BGP)


CLOUDWAN can establish an OSPF routing protocol with the router. An edge device uses OSPF to receive the router’s routing information and distributes it to all the other edge devices. The routing information from other edge devices is redistributed to OSPF and propagated to the LAN of the edge devices.

Open Shortest Path First (OSPF)

Vendor Agnostic NFV support

Easily deploy network function virtualization (NFV) to edge devices, and manage NFVs from the CLOUDWAN Controller.

Cloud Connector

Cloud Connector is a virtual appliance that enables customers to access resources onPublic Clouds via secure tunnels. Cloud Connector is provisioned with Zero Touch Provisioning.

Edge Application Distribution and Orchestration

Easily create application containers and deploy applications and microservices to edge devices.

  • Create new applications with quick container file creation.
  • Distribute containerized applications to edge devices from the CLOUDWAN Controller.
  • Update applications easily with stored containers.
  • Delete applications by edge device and site.

CLOUDWAN Service Mangement Access

CLOUDWAN provides multiple cloud-based interfaces and robust API that service providers use to establish and scale managed SD-WAN operations.

CloudWAN Admin Portal

Establish new customer accounts and onboard sites.

  • Create and manage customer accounts (projects).
  • Distribute edge device OS for Zero Touch Provisioning.

CLOUDWAN Controller Dashboard

Manage each customer’s network, sites, and edge devices. Monitor network and edge device performance including:

  • CPU & memory usage
  • Network utilization
  • Tunnel conditions

Create and distribute network policy templates for:

  • Firewall
  • Hybrid WAN and QoS policies
  • VNF services


CLOUDWAN is fully manageable via Rest API. Easily integrate CLOUDWAN SD-WAN into the service provider’s customer-facing interface and customize managed service offering. CLOUDWAN API Explorer goes beyond API documentation by providing an environment for discovering, testing, and utilizing API calls on staging and live networks.

Multi-tenant at Scale

CLOUDWAN service providers can provide isolated views and operations for each customer. Network traffic is securely isolated. CLOUDWAN service providers can accommodate multiple customers in one CLOUDWAN system.

Zero Touch Povisioning

Eliminate the complexity and cost of sending network engineer and technicians to onboard new sites. CLOUDWAN’s streamlined Zero Touch Provisioning system makes standing-up new sites easy and fast. The service provider arranges delivery of a CLOUDWAN approved edge device and uses the CLOUDWAN Admin Portal to drop ship a service provider-branded instruction manual and USB drive to the customer. Once the edge device and installation guide arrive, the customer plugs in the edge device and USB drive. In about ten minutes the device boots and automatically joins the customer’s network.