BSS/OSS Academy
Domain Examples/Enterprise SD-WAN

Enterprise SD-WAN

End-to-end flow for deploying managed SD-WAN across 30 enterprise branch offices, from site survey through uCPE zero-touch provisioning, overlay tunnel activation, application-aware traffic steering, phased site rollout, staggered billing, and ongoing SLA-driven assurance with automated path failover.

Architecture Overview

SD-WAN creates a software-defined overlay across multiple underlay transports (MPLS, broadband, 4G/5G). A centralised controller manages policy, routing, and security for all sites. Branch CPE devices form encrypted tunnels and steer application traffic across the best-performing path in real time.

Branch / HQ SitesCustomer-ownedEdge CPEOperator-suppliedUnderlay TransportsMulti-carrierSD-WAN PlatformOperator-ownedCloud & DC BreakoutHybridHQ / Data CentreCore apps, security stackBranch Offices (×30)End users, LAN, Wi-FiRemote / Micro-Sites4G/5G only, vCPEuCPE ApplianceSD-WAN + Firewall + ZTPOperator CPEBranch uCPEWhitebox / entry-levelvCPE (Virtual)Cloud-hosted edgeMPLS UnderlayExisting / retainedBroadband / DIAPrimary or backup4G / 5G WirelessFailover / remote-onlyIPsec Overlay TunnelsSD-WAN ControllerCentralised orchestrationVersa / Fortinet / VeloCloudPolicy Engine / DPIApp-aware traffic steeringAnalytics & AssuranceReal-time path monitoringSaaS BreakoutM365 / Salesforce / UCaaSEnterprise DCERP / internal appsInternet GatewayCentral security stack

Branch / HQ Sites

End-user devices, LAN switches, and local applications at each of the 30 enterprise sites connecting to the SD-WAN fabric.

uCPE / vCPE

Operator-supplied edge appliance at each site. Runs SD-WAN software, builds IPsec overlay tunnels, applies DPI-based traffic steering, and ZTP self-configures on power-up.

Underlay Transports

Multiple WAN paths per site — MPLS, broadband, 4G/5G. SD-WAN treats these as a transport pool, steering traffic based on real-time path quality.

SD-WAN Controller

Centralised orchestration platform (Versa/Fortinet/VeloCloud). Manages overlay topology, pushes policy to all CPEs, and provides single-pane visibility.

Cloud & DC Breakout

Direct internet breakout for SaaS (M365, Salesforce) from branches. Backhaul to data centre for internal apps. Hub sites provide central security stack.

Provisioning Workflow

Step-by-step orchestration flow — click any step to view systems, inputs/outputs, and eTOM mapping.

Interactive Flow Steps

BSSOSSPartnerBSS+OSS

Tap any step to view details, systems, and eTOM mapping.

Step-to-eTOM Mapping

eTOM L2 CapabilitySteps
CRM & Retention Management
Selling
Order Handling
Resource Provisioning
Service Configuration & Activation
SM&O Support & Readiness
Billing & Collections Management
Service Problem Management