Mplify

Modernizing Branch Infrastructure Architecture: TD Bank’s SD-WAN Evolution and the Path to SASE

Posted by Drew Yates on Posted on Reading Time: 4 minutes

TD Bank has taken a progressive approach to modernizing its network. By moving toward internet-based connectivity and preparing for SASE integration, they have tackled key challenges while advancing with a phased approach and close alignment with technology partners. Their journey highlights the value of strategic planning and provides lessons other enterprises can apply as they adapt to the evolving demands of SD-WAN and SASE.

TD Bank is one of the 10 largest banks in the U.S. by assets, providing over 10 million customers with a full range of retail, small business, and commercial banking products and services at approximately 1,100 locations throughout the Northeast, Mid-Atlantic, Metro D.C., the Carolinas, and Florida.

TD Bank’s Head of Network Services, Drew Yates, recently shared the organization’s approach to modernizing their network as they adapt to the evolving demands of SD-WAN and SASE.

TD Bank’s SD-WAN Journey: A Phased Approach

TD Bank’s commitment to SD-WAN started in 2016, focusing primarily on its extensive retail network of over 2,400 branches across Canada and the US. Recognizing the limitations of their traditional MPLS infrastructure, they sought a solution that could enhance performance, reliability, and cost efficiency.

Phase 1 (2016): Driven by the need for better performance-based routing and to overcome “brown-out” scenarios common with MPLS, TD conducted a rigorous evaluation of over 40 SD-WAN vendors, ultimately selecting a leading startup. This initial implementation significantly improved network uptime and user experience.

Phase 1.5 (2021): Building on the initial success, TD further enhanced their Canadian network, introducing dual-SIM LTE modems for backup connectivity and transitioning all branches to Ethernet. This upgrade significantly boosted resilience, offering seamless failover during network disruptions, particularly during natural disasters. Notably, this phase involved a strategic shift towards internet-based connectivity, negotiating with carriers to maintain Ethernet local loops while migrating from MPLS to internet circuits.

Phase 2.0 (Current): TD is actively rolling out its latest SD-WAN iteration, embracing a fully internet-based transport model while eliminating MPLS entirely from its US network. This transformation involves:

  • Internet as primary transport: Utilizing internet circuits with dual-SIM LTE/5G modems for backup ensures high bandwidth availability and cost efficiency.
  • Enhanced branch security: Implementing granular segmentation at branch locations to isolate and secure IoT devices, trusted corporate devices, and semi-trusted devices, thereby strengthening overall security posture.
  • Phased SASE integration: While the initial rollout focuses on SD-WAN and internet migration, TD Bank has strategically positioned its network for future SASE integration. They plan to implement local internet breakouts for cloud-bound traffic, leveraging SASE’s cloud-delivered security controls.

Key Considerations and Lessons Learned

TD’s experience underscores several crucial aspects for successful SD-WAN and SASE adoption:

  • Embrace the Internet: The transition from MPLS to internet circuits is essential for achieving both cost savings and the bandwidth capacity needed to support modern business demands. TD’s proactive negotiation with carriers highlights the importance of strategic partnerships in this shift.
  • Phased Implementation: Adopting a phased approach allows organizations to gradually introduce new technologies, mitigating risks and ensuring operational stability. TD’s iterative strategy demonstrates a thoughtful balance between immediate needs and long-term vision.
  • Automation is Critical: Investing in network automation streamlines deployment, configuration management, and software lifecycle management, significantly reducing operational overhead and enabling rapid scaling. TD’s automation framework, initially developed for software currency, proved instrumental in their rapid SD-WAN 2.0 rollout.
  • Prioritize Security: Addressing security concerns upfront is paramount. TD’s implementation of granular segmentation at branch locations exemplifies a proactive security approach, particularly with the proliferation of IoT devices.
  • Evaluate SASE Offerings Carefully: The SASE market is still maturing, with varying capabilities and limitations across vendors. TD’s cautious approach, ensuring compatibility between SD-WAN and future SASE solutions, highlights the importance of a comprehensive evaluation process.

Addressing Business and Operational Challenges

Beyond technology considerations, TD faced several business and operational hurdles:

  • Legacy Technology Phase-out: Moving away from TDM circuits was crucial for both cost optimization and technological advancement. This transition required careful planning and coordination with carriers.
  • Last-Mile Connectivity: Securing reliable and diverse last-mile internet connectivity for branch locations proved challenging, particularly within malls with limited vendor options and shared infrastructure. TD’s adoption of dual-SIM LTE/5G solutions highlights the need for creative approaches to ensure redundancy.
  • Vendor Selection and Management: The decision to self-manage their SD-WAN deployment while leveraging cloud-based controllers demonstrates TD’s balance between control and operational efficiency. Their preference for cloud-based solutions reflects a commitment to leveraging the latest features and functionalities offered by vendors.

The Role of Mplify

TD’s journey reflects the broader challenges enterprises face when modernizing branch infrastructure, migrating from MPLS to internet-based connectivity, and preparing for SASE adoption. Mplify plays a critical role in enabling this transformation by:

  • Standardization: Providing frameworks and certification programs that ensure SD-WAN and SASE solutions are interoperable, secure, and performance-validated.
  • Certification: Delivering independent validation through Mplify’s SD-WAN and SASE certifications, giving enterprises confidence that solutions meet stringent requirements for scalability, automation, and security.
  • Automation Leadership: Advancing LSO (Lifecycle Service Orchestration) APIs to simplify multi-vendor environments and accelerate time-to-deployment, supporting TD’s phased rollout and automation-driven strategy.
  • Enterprise Collaboration: Through initiatives like the Enterprise Leadership Council (ELC), Mplify ensures enterprise needs such as security segmentation, cloud alignment, and operational efficiency are represented in the evolution of network and security services.

By aligning with Mplify’s global standards and certifications, TD and other enterprises gain the ability to make informed choices, reduce integration risks, and accelerate the adoption of modern, SASE-enabled network architectures.

Looking Ahead: A SASE-Enabled Future

TD’s SD-WAN journey has laid a solid foundation for their future SASE integration. The move towards internet-based connectivity, granular security segmentation at the edge, and their phased implementation strategy have positioned them to seamlessly embrace SASE’s comprehensive security framework. Their commitment to cloud-based solutions and automation further strengthens their ability to adapt to evolving security threats and embrace a more agile, secure, and efficient network architecture.

Conclusion

TD’s SD-WAN adoption showcases a strategic and phased approach, marked by a clear understanding of business needs, technology trends, and potential challenges. Their emphasis on automation, security, and strategic partnerships has enabled them to successfully navigate the complexities of SD-WAN implementation and prepare for a seamless transition to a SASE-enabled future. Their experience serves as a valuable roadmap for enterprises seeking to modernize their network and security infrastructure while embracing the transformative potential of internet-based connectivity.

Learn More

Categories: SD-WAN, SASE
Tags: ,

Drew Yates

Head of Network Services | TD Bank

As Head of Network Services at TD Bank, Drew Yates leads transformative initiatives across the firm’s global infrastructure—driving automation, secure and stable architectures, as well as advanced connectivity technologies. He and his team’s work deliver performance and agility to support enterprise-scale growth for the firm’s next generation of banking technology.

Under his leadership, Drew and his teams have established themselves as financial-services leaders in network automation. He is a frequent industry speaker, sharing insights on automation frameworks and methodologies that drive resilience, speed, and efficiency in large-scale banking environments.

Previously as Executive Director of Network Infrastructure at Citizens Financial Group, Drew led globally distributed teams across retail, trading, and wholesale banking connectivity portfolios. During a period of strategic acquisition, he orchestrated the technical integration of eight major consumer and commercial bank mergers while also designing and implementing a hybrid-cloud network strategy that improved scalability, resilience, and delivered cost efficiency across the organization.

Earlier in his career, Drew held senior leadership and consulting roles at Dimension Data—now a part of NTT—where he established and scaled managed and professional services teams for global financial services clients.

Drew is based in the New York City and Providence, Rhode Island areas. Outside of work, he is a passionate New England-sports fan and remains engaged with the region’s technology and business community.


Share:

Stay Connected with Mplify

We’ll send you a selection of the latest news coverage, press releases, upcoming events, and our Edge VIEW Blog posts—right to your in-box, based on your preferences. You may unsubscribe at any time.

Subscribe to Mplify Updates