Now that many enterprises are using SD-WAN to connect their branch offices, the next step is to figure out how to connect the SD-WAN to a cloud service provider. Typically, an IT organization will need to choose between a cloud service provider’s point of presence (POPs) network or an SD-WAN vendor.

Companies like Amazon Web Services (AWS) let IT organizations either deploy a third-party SD-WAN software on each virtual private cloud (VPC) or deploy SD-WAN software on a VPC as a shared gateway service.

At Microsoft’s recent Ignite 2018 conference, the company announced the general availability of Azure Firewall and Virtual WAN services. The Azure Virtual WAN service makes it possible to connect SD-WANs to Microsoft cloud networking services.

Both VMware and Riverbed have announced support for Azure Virtual WAN. And just about every other provider of SD-WAN software and appliances supports Azure, so it’s probable most of them will extend that support to include Azure Virtual WAN to make it simpler for customers to connect to the Azure cloud service. Microsoft also revealed it is supporting OpenVPN client software to enable organizations to set up secure tunnels to Azure Virtual WAN.

Three additional related services are now available in preview mode by Microsoft. They include ExpressRoute Global Reach, which organizations can employ to connect their data centers across Microsoft’s global network as an alternative to relying on a carrier network; ExpressRoute Direct, which provides a private network connection at speeds up to 100 Gb/s speeds; and Front Door Service, a global anycast based network of POPs based on HTTP load balancing and path-based routing rules.

There’s a debate about how much IT organizations should rely on POPs provided by cloud service providers instead of SD-WAN vendors. VMware contends that one of the things that differentiates VMware NSX SD-WAN by VeloCloud is that it provides access to a POP network via cloud gateways that organizations can use to access multiple cloud providers.

Rival providers of SD-WAN provide access to appliances and software in the cloud but have not built a POP network, said Rachna Srivastava, senior product marketing manager for VeloCloud at VMware. That approach enables VMware to ensure that traffic coming from any branch office is optimally routed to the data center that is closest to where the application being accessed is hosted, Srivastava said. “We refer to this as last-mile optimization.”

That capability is critical because end users are increasingly requiring cloud service providers to meet service level agreements (SLAs) for cloud applications. Achieving those SLAs requires cloud service providers to have more control over the networks being used to access cloud applications, Srivastava said.

It is unclear exactly how big of an advantage there is to owning a POP network. Most branch offices will be running either VMware or Microsoft Hyper-V at their branch office, said Milind Bhise, senior director of product marketing for Riverbed. The Riverbed approach provides organizations with the flexibility to support either class of virtual machines.

“We let them deploy on a server they have or an appliance we provide,” Bhise said.

Riverbed, like many other SD-WAN providers, is assuming the cloud service provider will prefer to invest and manage its own POP network.Whatever the path an IT organization selects, it’s clear that connecting SD-WANs to cloud networks is becoming easier and faster.