Skip to main content

Permissions

Add user
Done

Start your AI search

AI search
Outbound call compliance Gamification for customer service Outsourcing services

How to write an RFP for SD-WAN

Requirements, questions, and evaluation criteria specific to SD-WAN procurement

7 min read

RFPs are critical for SD-WAN procurement due to the complex interplay of networking, security, and cloud connectivity. A well-structured RFP ensures alignment with business needs, technical requirements, and long-term strategic goals in this rapidly evolving technology landscape.

What makes SD-WAN RFPs different

SD-WAN RFPs are unique due to the need to address both networking and security aspects within a software-defined architecture. Organizations must consider factors such as application performance optimization, diverse transport support (MPLS, broadband, LTE), and seamless integration with existing security infrastructure (firewalls, ZTNA).

Furthermore, the shift towards SASE necessitates a careful evaluation of integrated security features and cloud-native capabilities.nnUnlike simpler software deployments, SD-WAN involves a distributed infrastructure spanning multiple locations and cloud environments. This requires detailed planning around deployment models (cloud, on-premise, hybrid), zero-touch provisioning, and ongoing management.

Compliance requirements (PCI-DSS, HIPAA) also add complexity, demanding specific security controls and segmentation capabilities.nnSuccessful SD-WAN RFPs must go beyond basic feature comparisons and delve into the vendor's architecture, roadmap, and support model. The procurement team needs to assess the vendor's stability, innovation in areas like AIOps and SASE, and their ability to provide comprehensive managed services, especially for organizations lacking deep internal networking expertise.

  • Defining clear performance requirements for critical applications
  • Evaluating the vendor's SASE integration and security capabilities
  • Assessing deployment model options and management complexity
  • Understanding the total cost of ownership, including hardware, services, and support

RFP vs RFI vs RFQ

Here's when to use each document type when procuring SD-WAN software.

RFI

Request for Information

Use early in your search to understand what vendors offer and narrow your list. Gather general capabilities, company background, and high-level pricing ranges.

RFP

Request for Proposal

Use when you know your requirements and want detailed vendor solutions and pricing. This is your main evaluation document for shortlisted vendors.

RFQ

Request for Quote

Use when requirements are fixed and you just need final pricing. Often used after RFP when you're ready to negotiate with finalists.

For SD-WAN, an RFI is useful for initial market research and understanding vendor capabilities. An RFP is essential for detailed technical and commercial evaluation, ensuring the chosen solution meets specific network and security requirements.

Technical requirements checklist

Use this checklist when defining your RFP scope.

Core SD-WAN Functionality

  • Application-aware routing and traffic steering
  • Link bonding and load balancing across multiple WAN links
  • Centralized management and orchestration
  • Zero-touch provisioning for remote site deployments

Security Requirements

  • Integrated firewall and intrusion prevention capabilities
  • Secure VPN connectivity and encryption
  • Zero Trust Network Access (ZTNA) integration
  • Threat intelligence and malware protection

Cloud Connectivity

  • Direct access to public cloud providers (AWS, Azure, Google Cloud)
  • Optimized routing for SaaS applications
  • Cloud-based security and policy enforcement
  • Integration with cloud on-ramp services (e.g., AWS Direct Connect)

Management and Monitoring

  • Real-time network visibility and performance monitoring
  • Automated incident detection and remediation
  • AIOps capabilities for predictive analytics
  • Reporting and analytics for network optimization

Resiliency and Availability

  • Automated failover and redundancy
  • Support for diverse transport options (MPLS, Broadband, LTE)
  • Service Level Agreement (SLA) guarantees
  • Downtime impact analysis

Questions to include in your RFP

Architecture & Deployment

  • Describe your SD-WAN architecture, including the roles of the controller, edge devices, and management plane.
    Understanding the architecture is crucial for assessing scalability and resilience.
  • What deployment options are available (cloud-managed, on-premises, hybrid) and what are the pros and cons of each?
    Different deployment models suit different organizational needs and compliance requirements.
  • How does your solution support zero-touch provisioning (ZTP) for remote branch deployments?
    ZTP simplifies deployment and reduces the need for on-site technical expertise.
  • How does your solution integrate with existing network infrastructure (routers, switches, firewalls)?
    Seamless integration minimizes disruption and maximizes existing investments.

Security Capabilities

  • Describe your integrated security features, including firewall, intrusion prevention, and threat intelligence.
    Integrated security reduces complexity and improves threat protection.
  • How does your solution support Zero Trust Network Access (ZTNA) for remote users and branch offices?
    ZTNA enhances security by verifying identity at every access attempt.
  • How does your solution handle encryption and data privacy?
    Strong encryption is essential for protecting sensitive data in transit.
  • What compliance certifications does your solution hold (e.g., PCI-DSS, HIPAA, SOC 2)?
    Compliance certifications demonstrate adherence to industry standards and regulations.

Application Performance

  • How does your solution identify and prioritize critical applications?
    Prioritization ensures optimal performance for business-critical applications.
  • Describe your application-aware routing capabilities and how they improve application performance.
    Application-aware routing optimizes traffic flow based on application requirements.
  • How does your solution monitor and optimize performance for SaaS applications?
    Optimized SaaS performance improves user experience and productivity.
  • What mechanisms are in place to mitigate jitter and brownouts for real-time applications?
    Mitigating jitter ensures stable performance for voice and video applications.

Management & AIOps

  • Describe your centralized management console and its key features.
    Centralized management simplifies configuration, monitoring, and troubleshooting.
  • What AIOps capabilities are included in your solution (e.g., predictive analytics, automated remediation)?
    AIOps automates network management and reduces operational burden.
  • How does your solution provide real-time visibility into network performance and application usage?
    Real-time visibility enables proactive problem detection and resolution.
  • Can your solution automatically resolve network issues without human intervention, and can you provide a case study?
    Automation reduces downtime and improves network resilience.

Pricing & Licensing

  • Provide a detailed breakdown of your pricing model, including licensing fees, hardware costs, and support fees.
    Transparent pricing is essential for accurate budget planning.
  • Are there any usage-based fees or overage charges?
    Understanding usage-based fees prevents unexpected costs.
  • What are the payment terms and contract duration options?
    Flexible contract terms align with organizational needs.
  • Describe any professional services required for implementation and ongoing support.
    Professional services costs can significantly impact the total cost of ownership.

Vendor Stability & Roadmap

  • Describe your company's financial stability and market position.
    Vendor stability ensures long-term support and investment in the product.
  • What is your product roadmap for the next 12-24 months?
    A clear roadmap demonstrates ongoing innovation and commitment to the technology.
  • How do you handle mergers and acquisitions (M&A) and their potential impact on customers?
    M&A activity can affect product roadmaps and support levels.
  • What is your investment in AIOps and SASE integration?
    Investment in these areas indicates long-term viability and innovation.

Compliance and security requirements

Depending on your industry, you may need to require proof of these certifications and standards.

PCI-DSS

Required if handling payment card data at branch locations. If applicable, request current PCI-DSS compliance certificate and attestation of compliance (AOC).

HIPAA

Required if transmitting or processing electronic protected health information (ephi). If applicable, request a Business Associate Agreement (BAA) and documentation of HIPAA security controls.

SOC 2 Type II

Required if the sd-wan provider manages sensitive customer data in their cloud environment. If applicable, request the latest SOC 2 Type II report to assess the provider's security and operational controls.

GDPR

Required if processing personal data of eu citizens. If applicable, inquire about GDPR compliance measures, including data residency, data subject rights, and data breach notification procedures.

NIST Cybersecurity Framework

Required organizations adhering to nist standards. If applicable, request documentation outlining how the SD-WAN solution aligns with the NIST Cybersecurity Framework.

Evaluation criteria

Here is the suggested weighting for SD-WAN RFPs.

Functionality Fit How well the solution meets the stated technical and functional requirements.
25%
Security Capabilities The strength and integration of security features, including firewall, intrusion prevention, and ZTNA.
20%
Management & AIOps Ease of management, automation capabilities, and AIOps features.
15%
Cloud Connectivity The ability to seamlessly connect to public cloud providers and optimize SaaS application performance.
10%
Vendor Stability & Roadmap The vendor's financial stability, market position, and product roadmap.
10%
Total Cost of Ownership The total cost of the solution, including licensing, hardware, implementation, and ongoing support.
10%
Service and Support The quality and responsiveness of the vendor's service and support organization.
10%

Some weights were adjusted based on your priorities.

  • Increase if replacing a highly customized legacy WAN.
  • Increase for organizations with high security requirements or compliance mandates.
  • Increase for organizations with limited IT staff or complex network environments.
  • Increase for cloud-first organizations or those heavily reliant on SaaS applications.
  • Increase for long-term strategic partnerships.

Red flags to watch

  • "Book-end Only" Optimization

    The solution cannot optimize traffic to SaaS applications without a device at the application endpoint, indicating outdated technology.

  • Fragmented Management Consoles

    Separate consoles for security and routing indicate a lack of true integration and increase operational complexity.

  • Lack of Static IP Support

    Inability to provide static IPs limits the ability to mask underlay carriers, impacting resiliency.

  • Proprietary Tunnel Lock-in

    A proprietary encapsulation method creates a walled garden that is difficult to exit.

  • Inadequate Support SLAs

    Insufficient support for global sites or a lack of clear processes for resolving ISP outages indicates poor service.

  • Vague or Complex Pricing

    Lack of pricing transparency or overly complex pricing structures often hide additional costs.

Key metrics to request

Ask vendors to provide benchmarks from similar customers.

Reduction in unplanned downtime

Demonstrates the solution's ability to improve network availability.

Improvement in WAN management efficiency

Quantifies the reduction in time spent on manual configuration and troubleshooting.

Reduction in lost productivity per user

Measures the impact on user experience and productivity.

Cost savings compared to traditional MPLS

Validates the cost-effectiveness of the SD-WAN solution.

Faster time to onboard new services

Indicates the agility and responsiveness of the network.

Reduction in help desk tickets related to network issues

Shows the impact on operational efficiency and support burden.