Managed SD WAN

SD-WAN replaces traditional WAN design using overlays ensuring organisations can securely deploy new/augment existing networks without concern of WAN topology becoming obsolete.

The service ensures a modern network that constantly evolves with technological advances and change in communications technology by separating the physical WAN circuits from the WAN topology.


  • Reduce MPLS WAN costs
  • Remove prolonged deployment lead-times across the WAN
  • Simplify WAN administration with reduced complexity across the technology estate
  • Reduce WAN edge footprint with consolidated WAN CPE
  • Control over the cloud with views of IaaS, SaaS consumption
  • Cloud Intelligence with updates on best performing paths for SaaS
  • Subscription based SD-WAN
  • 24 x 7 x 365 UK based Service Desk
  • Flexible deployment models with virtual and physical CPE
  • React to organic organisational changes quickly and seamlessly


  • Real-time monitoring and historical reporting
  • Zero-Touch Provisioning with a plug-and-play deployment model
  • Single Screen Administration with quick and easy implementation of policies
  • Boost Application Performance as Needed
  • Ability to bond multiple WAN transport circuits into single circuits
  • Building block Service Models to meet organizational requirements
  • Take advantage of the Ampito Virtual Network Operator capability


£150.97 per device

Service documents

G-Cloud 10



Russell Bristow


Service scope

Service scope
Service constraints A minimum of two fixed line circuits are provided connected to separate appliances. Additional fixed line circuits can be added depending on the site bandwidth requirements. In the event of a single circuit failure the remaining circuit(s) will continue to carry traffic (as defined by policy). The aggregate bandwidth will be reduced.
System requirements
  • VMware ESX and ESXi
  • Microsoft Hyper-V
  • Corporate AV standards

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Ampito will respond within 1 hour to all fault requests.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our service tiers are designed to give customers the maximum amount of flexibility in how the services are delivered.

We have 2 distinct offerings of for SD-WAN - Managed and Self-Managed which can be tailored with the correct component building blocks for a more granular ‘right fit’ service.

We also know that one size does not fit all when it comes to Service Management Architecture and we understand that not all sites and locations will need a Fully Managed, HA+ capability.

We have therefore designed our service tiers to provide the greatest level of flexibility and scalability. Our options allow customers to choose which Services Tiers are appropriate to a granular level due to the criticality and business impact of the site being off-line and unavailable.

We utilize the ITIL methodology throughout our service, focusing on change, incident, escalation, and problem management. With these core principles and our Lifecycle model we can ensure timely resolution of incidents and the permanent eradication of problems identified within our services.

Dependent on the selected Service Tier customers have the option to utilize a Service Manager who has overall responsibility of the end to end delivery, encompassing aspects such as lifecycle technical and commercial.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training can be provided as part of the service either remotely or on customer site. A Customer Operation Guide will be provided to the customer at the start of the service.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Once the contract comes to an end, all data collated will be returned in a pre-agreed format.
End-of-contract process Service will cease at the end of the contract term. All customer data will be returned in a pre-agreed format.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available No
Independence of resources SD-WAN architecture is single tenanted and therefore the performance across the network is isolated to the direct consumer. As part of the Ampito Managed offering the lifecycle of the network can also be provided in a MSP model.
Usage notifications Yes
Usage reporting
  • Email
  • SMS
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Silverpeak

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Automatic Configuration backup
  • Policy backup
Backup controls Configuration backups can be automatically scheduled within the service. Configuration backups can also be manually initiated to supplement organisation change control.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Service levels are enclosed in the Service Definition Document.
Approach to resilience Resiliency is dependant on the scope of the service contract agreed.
Outage reporting Email Alerts

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Access is restricted via standard Role Based Access Control (RBAC). Where the Managed SD-WAN service is procured Read Only access will be provided to the end-user for visibility of the network estate.
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Ampito are in the process of obtaining ISO 27001. Whilst we go through this process all internal processes are the equivalent to ISO 27001.
Information security policies and processes Our information security governance manual is available upon request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes can be made by our accredited engineering team once a request has been made in writing and in accordance with our change control procedure. All changes will be agreed and discuss and any impact this may have on the system or network logged and managed accordingly. Configuration Management With Configuration Management, we will perform software configuration tasks on equipment from a remote management centre, thus removing a significant part of the everyday network maintenance burden from the customer.
Vulnerability management type Supplier-defined controls
Vulnerability management approach This is described within the Service Definition document.
Protective monitoring type Supplier-defined controls
Protective monitoring approach This is described within the Service Definition document
Incident management type Supplier-defined controls
Incident management approach This is described within the Service Definition document

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £150.97 per device
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑