609-920-5020

SD-WAN Migration for Nonprofits: How One Medical Organization Replaced MPLS With a Fully Meshed, Redundant Network

  • D.E. Bottom Line Consulting
  • December 15, 2025
  • Edited 1 week ago

Table of Contents

From Legacy MPLS to Fully Meshed SD-WAN: A Nonprofit Medical Organization’s Network Modernization Journey

Introduction

Many nonprofit medical organizations struggle with the same challenge: delivering secure, compliant, always-on connectivity across multiple sites without breaking the budget. For years, our client — a <500-employee, highly regulated medical nonprofit with roughly 20 statewide locations — relied on long-standing MPLS, EDI, and ENS point-to-point circuits to keep its intranet and data center accessible.

The setup worked… until it didn’t.

When sites went down, they were down. No failover. No redundancy. No diversity. And as the Systems Engineer put it plainly, “If we had all the money in the world, I’d get redundancy everywhere.”

This is the story of how that aspiration became reality — and how the organization migrated from a legacy architecture to a fully managed, logically and physically diverse SD-WAN fabric, increasing bandwidth from 50 Mbps at most sites to 100 Mbps–3 Gbps, improving resiliency exponentially, and doing it all within essentially the same operating budget.

The Legacy Environment — Stable, but Fragile

The organization’s network was built on a traditional MPLS/EDI/ENS point-to-point model. It had been reliable for years, but reliability and resiliency are not the same thing.

How the MPLS / EDI / ENS Network Was Designed

 What the legacy model looked like

Single circuits at each branch location with redundancy only at HQ/Data Center

Legacy MPLS, EDI, and ENS point-to-point network architecture showing a nonprofit medical organization with single-circuit connections and no redundancy at remote sites.

One of the hardest parts of any network modernization is getting to the truth of what the client needs versus what they want.

DE Bottom Line spent multiple sessions aligning:

  1. Technical requirements
  2. Budget constraints
  3. Future cloud direction
  4. Redundancy goals
  5. Existing hardware value
  6. PoC risks
  7. Long-term operational considerations

This engagement exemplifies how DE Bottom Line’s cost reduction services and network modernization consulting help organizations improve resiliency and performance while maintaining strict budget discipline.

Pain Points of a Point-to-Point Architecture

Although the circuits were DIA, meaning theoretically stable, downtime still meant downtime:

  • Single circuit per site → any outage directly impacted clinical and administrative workflows.
  • Redundancy only at HQ → every remote site remained a single point of failure.
  • Brownouts were common → not catastrophic, but disruptive enough that IT noticed.
  • IT team was lean and overburdened → troubleshooting, ticketing, and escalations consumed valuable time.
  • MPLS perceived as “secure but outdated” → leadership knew they were behind the curve.

SLA credits? Mostly “paper SLAs.” Nothing meaningful was ever paid out.

The goal wasn’t to fix a broken system — it was to future-proof the network while improving redundancy, elevating security, simplifying operations, and preparing for increased cloud adoption (EHR, SaaS workflows, data center shifts)

Why Network Modernization Became Inevitable

Three factors drove the organization forward:

  1. Aging MPLS/EDI/ENS infrastructure
  2. Desire for fully managed uplinks, firewalls, and SD-WAN appliances
  3. Need for redundancy across every site, not just HQ

Crucially, pricing pressure wasn’t the main driver — but the realization that they could achieve significantly more for roughly the same cost accelerated the decision.

Vendor Evaluation — Meraki vs. Fortinet vs. VeloCloud

SD-WAN Platforms Considered

Vendor Comparison Table

Vendor

Strengths

Weaknesses / Pitfalls

Notes

Meraki

Integrated ecosystem with existing switches/APs; familiar Cloud Portal; strong NGFW features via MSP security stack; 24/7/365 management

MX devices vary in WAN support (status quo bias can influence IT decisions)

Ultimately selected, pending PoC

Fortinet

Aggressive pricing; high-performance appliances; very strong multi-WAN handling

Perception of switching platforms created hesitation internally

A strong contender technically and economically

VeloCloud

Premium SD-WAN capabilities; robust cloud gateway strategy

Pricing at higher tiers; “premiere” positioning

More than the client needed

The Biggest Vendor Pitfall — Selling What They Want

Not overselling — but selling what they wanted to sell, rather than what the client asked for.

Example:
If an appliance only supports two active WANs, why sell four circuits?

Throughput Sizing — The Most Common SD-WAN Mistake

Should appliances match:

  • Existing bandwidth?
  • Planned future bandwidth?
  • Cost-constrained bandwidth?

A chicken-or-egg scenario. Ultimately, DE Bottom Line engineered a model that:

  • Avoided throttling
  • Allowed bandwidth growth
  • Balanced performance and cost
  • Prevented paying premiums for unnecessary appliance tiers

Avoiding unnecessary appliance upgrades and oversized circuits is a key part of optimizing telecom expenses and ensuring long-term WAN cost optimization.

The Modern SD-WAN Architecture — Fully Meshed, Redundant, and Diverse

Redundancy Strategy Across All Locations

  • Dual carrier whenever available
  • Dual-path diversity (fiber + coax or fiber + 5G)
  • 5G Peplink backup additionally at HA locations
  • Starlink-fed mobile units with MX-68C participating in SD-WAN
  • Physically and logically diverse entrances where applicable

Security and Compliance Considerations

  • NGFW capabilities through Meraki MX
  • Advanced security Cisco licensing
  • Existing Zero Trust Network Access (ZTNA) retained
  • No SASE needed at this stage, though the architecture supports future evolution

Migration Strategy — Phased, Controlled, Zero-Head-Rolling

Why a Phased Rollout Is Critical

A Big Bang rollout across 20 sites might be bold — but it’s also reckless. With clinical workloads and high compliance requirements, the organization chose a 2–6 month phased rollout, beginning with a secondary site PoC.

Proof of Concept at a Secondary Site

Selecting a secondary site for the proof of concept rather than the primary HQ data center significantly reduced operational risk while still allowing the SD-WAN solution to be validated in a real-world environment. This approach ensured the architecture, failover behavior, throughput sizing, and management workflows could be tested end-to-end without introducing unnecessary exposure to mission-critical systems.

Lessons Learned During Process and Deployment

  1. Carrier pricing varies wildly — up to 35% for identical bandwidth.
    Without benchmarking, organizations dramatically overpay.
  2. Expect delays, demarc issues, incorrect handoffs — humans are involved.
  3. No ETF surprises because contracts were in renewal, giving the client a clean slate.
  4. A phased rollout avoids “head-rolling” events and keeps visibility tight.
  5. Integrating two remaining EDI/ENS sites required adding SD-WAN + an extra circuit temporarily — but the legacy circuits’ high cost will be offset within 18 months.

Quantified Transformation — Cost, Bandwidth, and Resiliency

Monthly Cost Evolution

Cost Evolution

Scenario

Monthly Cost

Legacy Environment

~$18,500

Immediate Modernized (incl. transitional circuits)

~$19,400

Final Steady State (after legacy circuits expire)

~$16,200

Savings are driven by:

  • Carrier competition
  • Removal of egregiously priced MPLS/ENS/EDI circuits
  • Consolidated SD-WAN management
  • Rationalized bandwidth purchases

Carrier pricing for identical bandwidth varied by as much as 35%, reinforcing why performance-based pricing models in cost reduction consulting often outperform traditional advisory engagements.

Bandwidth Expansion Across the Enterprise

Most sites:
From 50 Mbps → 100 Mbps to 3 Gbps
(Up to a 600% increase in many locations)

This prepares them for:

  • Heavier EHR workloads
  • SaaS usage
  • Cloud compute expansion
  • Increasing data consumption

Projected Performance Improvements

Although final data will be collected after go-live, the organization expects significant improvements in:

  • Uptime (redundancy everywhere)
  • Latency & packet loss reduction from dynamic path selection
  • Application stability via active-active WAN utilization
  • Operational efficiency (24/7/365 managed NOC/SOC + Meraki dashboard visibility)

The Human Element — IT Relief and Operational Stability

Reducing Tickets, MTTR, and Vendor Finger-Pointing

The client’s internal IT team is lean, hands-on, and juggling far too much.

SD-WAN brings operational benefits that go beyond circuits:

  • Fewer troubleshooting tickets
  • Faster MTTR
  • Centralized visibility
  • Managed failover
  • Managed WAN + LAN appliances

One Accountable Provider From Circuit to Switch

  • A single provider accountable from ISP Ciena handoff → SD-WAN appliance → firewall → switch fabric

Misconceptions & Gotchas: MPLS vs. SD-WAN

Why MPLS Is Not “More Secure”

Security today lives:

  • In the firewall
  • In the identity layer
  • In ZTNA
  • In enforcement policies
  • In segmentation
  • In cloud gateways

Not in the transport mechanism.

Why Keeping Legacy Connectivity Can Be Shortsighted

MPLS is expensive because it’s MPLS, not because it delivers superior value.

If this client had simply kept bandwidth identical to MPLS levels, they would have saved a fortune instantly. But they chose a smarter path:

  • Retire legacy dependency
  • Reinvest savings into bandwidth expansion
  • Build future-proof redundancy
  • Scale for five years, not just today

DE Bottom Line’s Role — Needs First, Then Wants

Aligning Technical Requirements With Budget Reality

Delivering More Than the Client Thought Possible

Our hero moment

We took a wishlist (“redundancy everywhere”) that shareholders assumed was cost-prohibitive — and delivered more than redundancy, at higher bandwidth tiers, with a fully managed security stack, while staying within budget and lowering long-term costs.

  • Negotiated competitive carrier pricing
  • Avoided unnecessary appliance upgrades
  • Structured a phased rollout to minimize disruption
  • Secured strong SLAs with enforcement mechanisms
  • Avoided sunk-cost waste by leveraging existing Meraki assets
  • Coordinated contract cancellations and prevented billing overruns
  • Ensured transitional sites (remaining EDI/ENS) were securely integrated
  • Facilitated vendor contributions to the client’s foundation

And as always:

If new technologies or savings emerge, we proactively notify all clients. That’s DE Bottom Line.

Final Takeaway — It’s Time to Reevaluate Your WAN Strategy

This nonprofit medical organization had a stable network — but not a resilient one. Today, it is moving toward:

  • Fully meshed SD-WAN
  • Multi-carrier redundancy
  • Physically diverse paths
  • 5G + Starlink backup on mobile units
  • NGFW cloud-managed security
  • Higher bandwidth across every location
  • Lower long-term costs
  • A future-ready architecture for EHR and cloud migration

Explore Your SD-WAN and Network Modernization Options
If your organization is relying on legacy MPLS circuits, limited redundancy, or outdated WAN design, DE Bottom Line Consulting can help you evaluate modern alternatives, benchmark costs, and design a future-ready network.

 

Request a free consultation.
Share this article with a friend

Create an account to access this functionality.
Discover the advantages

Create account