SD-WAN: Zero-Touch Provisioning & Auto-VPN

Software-Defined Wide Area Networking (SD-WAN) is an innovative new approach to the deployment, management and operation of WANs. In this 5-part series, the key benefits of this exciting new technology are explored.

In this final post of the series, we’ll look at how SD-WAN streamlines deployment, while enabling branches to effortlessly connect together via advanced VPN technology.

Zero-Touch Provisioning

In part 1, the advantages of centralized orchestration were discussed, including the ability to distribute configuration to thousands of sites via a single-pane-of-glass Network Management Systems (NMS). Centralized orchestration is great, but what if new branches and remote workers need adding to the WAN when the network administrator is unavailable? That’s where zero-touch provisioning comes in

Zero-touch provisioning enables the network administrator to set up pre-configured device profiles, including: device configuration, network policy, software update instructions, and additional options such as rebooting the device once provisioning is complete. These profiles can be automatically pushed to a network device as soon as it makes contact with the NMS, requiring zero interaction from the administrator. Zero-touch provisioning enables remote sites and teleworkers to get up-and-running within minutes, without the need for on-site configuration or remote assistance. This substantially aids WAN scalability while reducing the cost of deployment.


Virtual Private Networks (VPNs) are a fantastic innovation in the world of networking. VPNs extend private networks across public networks (such as the internet), enabling the sharing of resources and data as if those devices and users were on the same local network. This capability is accomplished using ‘tunnels’, which securely connect one site to another, while encrypting all data that traverses that tunnel.

That being said, one of the common pitfalls of VPNs is configuration complexity and user intuitiveness. SD-WAN addresses this with auto-VPN technology.

In conjunction with a cloud-based NMS, auto-VPN dynamically establishes IPSec tunnels between remote sites with an SD-WAN router and a VPN gateway (usually situated at HQ), without any administrative or user intervention. To provide a truly hands-off deployment, auto-VPN can be encompassed within a zero-touch provisioning policy.

Having an SD-WAN router facilitate the VPN holds other benefits too. One such advantage is in-line operation. As opposed to client-based configuration (usually via a software agent), the VPN can operate transparently, removing the dependency on the user to initiate the connection. With in-line operation, any user that connects to the network can have their traffic dynamically routed across the VPN (or not if it’s destined for the local network or internet) using sophisticated split-tunneling rules.

Ultimately, auto-VPN reduces the burden on IT with dynamic tunnel management, removes the complexity for the user while improving security for the network with in-line operation and optimizes performance via intelligent split-tunnel forwarding. 


Through this blog series the numerous benefits of SD-WAN have been explored: simplified management of thousands of remote locations through centralized orchestration and policy unification. Optimal WAN performance and improved business continuity where services are responsive and available with constant uptime, no slowdown and no interruption. Enhanced security, ensuring users only have access to the services that are permitted. Effortless, zero-touch provisioning, allowing the WAN to expand without administrative overhead. And lastly, Auto-VPN, empowering remote offices and teleworkers to work more efficiently, with secure and seamless access to HQ.

If you missed any of the previous posts in the series, you can catch up below:

SD-WAN Series – Part 1: Centralized Orchestration

SD-WAN Series – Part 2: Policy Unification

SD-WAN Series – Part 3: Link-State Monitoring & Dynamic Path Selection

SD-WAN Series – Part 4: Application & Identity-Driven Policies

SD-WAN Series – Part 5: Zero-Touch Provisioning & Auto-VPN



Nathaniel Moore (CWNE #222) is a Product Marketing Manager for Aerohive Networks with experience as a Systems Engineer in computer networking and wireless systems across multi-vendor solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *