• Cybersecurity Glossary
Managed SD-WAN vs Self managed: which to choose?
Managed SD-WAN is a deployment model where a service provider or vendor operates the SD-WAN platform on behalf of the customer, handling design, configuration, monitoring and ongoing changes. Self managed (DIY) SD-WAN is the opposite: the customer’s own IT team owns the platform end to end, from hardware to policy definition to day two operations. A third path, co managed SD-WAN, splits responsibility between the provider and the internal team. The right choice depends on in house expertise, budget, scale and how much operational control your business needs. Teldat supports all three models through the CNM SD-WAN Suite and its partner ecosystem.
Managed SD-WAN vs Self managed SD-WAN
Managed SD-WAN is a service in which a managed service provider (MSP), telecom carrier or vendor takes operational responsibility for the customer’s SD-WAN infrastructure. The provider owns the design, deploys the edge devices, operates the controller, monitors network health 24×7 and handles every change request. The customer receives SD-WAN as a service governed by an SLA, paying a recurring fee per site or per managed device.
Self managed SD-WAN (sometimes called DIY SD-WAN) puts the customer in full control. The internal networking team procures the hardware, builds the overlay policies, integrates with security and identity systems and runs day two operations. The vendor provides the platform, software licences and support, but the customer operates it. This model is common in organizations with mature network and security teams, strict data sovereignty requirements or unique technical environments.
Co managed SD-WAN sits between the two. Responsibility is split by domain: the provider may run the underlying transport, monitoring and first line support, while the customer retains control over policy, segmentation and application routing. Co management is often the practical outcome of a negotiation between the appetite for outsourcing and the need to keep sensitive policy decisions in house.
The three deployment models in detail
The three SD-WAN deployment models differ in who holds the operational keys. The same Teldat CNM SD-WAN Suite runs underneath all of them; what changes is where the responsibility for design, change management and monitoring sits. The models below are the ones most commonly found in enterprise deployments.
Managed SD-WAN vs Self managed SD-WAN: side by side
Managed and self managed SD-WAN address the same networking problem but distribute responsibility, risk and cost in very different ways. The table below contrasts the two models across the dimensions that matter most during a procurement decision. Co managed options generally fall somewhere between the two columns.
| Dimension | Managed SD-WAN | Self managed SD-WAN |
|---|---|---|
| Responsibility | Provider operates platform end to end; customer consumes service | Customer owns every layer of operation |
| Time to deploy | Weeks; provider brings repeatable process and pre built templates | Months on first deployment; faster once templates are established |
| In house skills | Minimal; customer needs strong vendor management, not SD-WAN expertise | Substantial; requires a trained network and security engineering team |
| Cost model | OPEX; predictable recurring fee per site, SLA backed | CAPEX for hardware plus OPEX for licences and internal staff |
| Control over policy | Indirect; changes go through the provider and its change window | Direct; internal team applies policy changes in real time |
| Speed of change | Governed by provider change management; hours to days | Minutes, bounded by internal approvals |
| Customization | Standardized catalog of services; deep custom work is chargeable | Full flexibility; any supported feature can be used |
| Visibility | Provider dashboards and periodic reports | Raw telemetry and full integration with customer observability stack |
| Security ownership | Shared; provider secures the platform, customer defines business policy | Fully internal; aligns with existing security governance |
| Risk profile | Vendor concentration risk and SLA dependency | Operational risk concentrated in internal team capacity |
| Best fit | Distributed retail, mid market, organizations without a dedicated NOC | Regulated industries, large enterprises with mature network teams |
No model is universally better. The right answer depends on the balance between control and overhead that your organization can realistically sustain over a five year horizon. Most enterprises end up in a co managed configuration: they outsource the parts they do not differentiate on and keep control over the parts that intersect with security, compliance or core applications. Teldat CNM SD-WAN Suite is designed to operate equally well in any of these configurations without platform lock in.
Pros and Cons of each model
Every deployment model has a clear upside and a matching downside. The six cards below summarize what each model typically delivers and what it typically demands in exchange. Read them as trade pairs, not isolated features.
How to choose?: the decision framework
Choosing between managed and self managed SD-WAN is less about technology and more about organizational fit. Run the following six questions before locking in a model. If your answers skew toward the first option in each pair, managed is the safer bet. If they skew toward the second, self management is within reach.
Total cost of ownership considerations
A TCO comparison is the only honest way to compare managed and self managed SD-WAN. The sticker price of licences and hardware is rarely the decisive factor. The dimensions below are the ones that usually move the total by more than 20 percent in either direction, and they are the ones most commonly overlooked in initial proposals.
Teldat support for every SD-WAN model
Teldat is designed to operate across every deployment model without forcing a choice between control and convenience. The CNM SD-WAN Suite runs identically whether the operator is the customer’s own team, a Teldat partner or a hybrid of both. That portability is the main reason Teldat SD-WAN is used by service providers, enterprises and public sector organizations on the same underlying platform.
The Teldat model neutrality advantage: most SD-WAN vendors force customers into either a product only or a service only posture. Teldat manufactures the hardware, builds the CNM SD-WAN Suite and works with an ecosystem of partners that can operate it. A customer can start self managed and hand over operations to a partner two years later when the footprint outgrows the internal team, without changing the platform underneath. Policies, templates and integrations carry across every operational model, which is exactly where most SD-WAN migration budgets get spent.
Frequently asked questions about managed and self managed SD-WAN – (FAQ’s)
❯ What is the difference between managed and self managed SD-WAN?
Managed SD-WAN is a service in which a provider operates the SD-WAN platform on behalf of the customer under an SLA, handling design, configuration, monitoring and change management. Self managed SD-WAN (DIY) keeps full operational ownership inside the customer’s IT team. The vendor provides the platform and support, but the customer runs it. Managed trades control for less internal workload and predictable OPEX. Self managed demands more staff but gives you direct authority over every policy decision and usually wins on unit economics at large scale.
❯ When should a company choose managed SD-WAN?
Managed SD-WAN is the right choice when the organization lacks SD-WAN skilled engineers, needs fast rollout across many geographies, prefers OPEX over CAPEX and does not want to operate a 24×7 NOC. It is also a strong fit for mid market and distributed retail environments where the value of network operations is in consistency and uptime rather than deep customization.
❯ When is self managed SD-WAN the better option?
Self management makes sense when the organization already has a mature network engineering team, operates in a regulated industry that requires tight control over policy and segmentation, runs a stable or moderately growing footprint, and has the budget to invest in staff and monitoring tooling. At large scale, self management often has better unit economics than a fully managed service.
❯ What is co managed SD-WAN?
Co managed SD-WAN is a hybrid model in which the service provider and the customer share operational responsibility. A common split has the provider handling monitoring, hardware replacement and first line incident response, while the customer owns security policy, segmentation and application routing. Co management is the most common outcome for mature enterprise deployments because it balances control and overhead.
❯ Does Teldat offer both managed and self managed SD-WAN?
Yes. The Teldat CNM SD-WAN Suite is designed to operate identically under any model. Customers can run the platform themselves, consume it through a Teldat partner as a fully managed service, or share operations with a partner in a co managed configuration. Role based access control and multi tenant architecture support all three options on the same platform.
❯ Can I switch from managed to self managed SD-WAN later?
With Teldat, yes. Because the CNM SD-WAN Suite is the same platform whether operated by the customer or a partner, transitioning between models is a matter of transferring operational responsibility, role based access and runbooks, not a platform migration. Investment in policies, templates and integrations is preserved across model changes, which avoids the exit cost typical of pure managed service contracts.
Find the right SD-WAN model for your business
Managed, self managed or co managed, Teldat CNM SD-WAN Suite runs the same way on the same platform. Combined with be.Safe Pro SSE and be.Safe XDR, it delivers networking and security from a single European vendor, proven at scale across 2,700 branches.







