This question (really two questions) has been popping up quite a bit lately. Let me see if I can explain.
First, let's define what SD-WAN is. SD-WAN leverages the SDN concept of separating the control plane from the data plane and creating a controller running software that can enact control and policies on the network. However, in the SD-WAN implementation, the controller never actually receives nor forwards any network traffic. The controller contains software and policy databases, along side a communication protocols to interface to network devices. In this implementation what really happens is the controller can query the network devices, even decode packet flows and streams. It can then instruct the end nodes to tunnel and encrypt traffic usually using IPsec inside VxLAN.
In the diagram on the right we see everything in black and green being part of the Enterprise Network and the Blue being the Service Provider network.
The key here is the controller and it's ability to provision tunnels on interfaces of the enterprise nodes in such a way to leverage either/or the MPLS, Internet or other network interfaces that may be available to meet enterprise application goals.
The object of this service is to simplify provisioning as the network manager in the enterprise no longer is configuring routers and switches (as much anyway), and the Controller function can provide traffic analysis and best path selection out of the available interfaces. I have heard that this new product replaces the router, and that sound byte has resonated in the industry. While this is potentially possible over time, it is not likely in the short term.
Nonetheless, this new set of tools we call SD-WAN is a major step forward for network managers as we use software to control the networks. The security vulnerability, of course, is the controller. These devices will need to be very secure, not Linux based honey holes for the hackers. Although the companies making these solutions say their nodes keep operating if the controller is wiped out, more or less frozen in place. At least the network stays up.
The node boxes technically can be anything, but most of the players offer x86 based systems as their nodes. The entrants into the market boast "open" design, but they truly are closed with "open" API's. Seems these days, if you have an API you are "open".
Now for the second question - does this replace MPLS? Perhaps in the enterprise networks, if the encryption and encapsulation can operate at the breakneck speeds required of forwarding. That said, SD-WAN is not likely to replace MPLS if the blue box above is a Service Provider network. The MPLS services there are seen by the enterprise nodes as interfaces, end of story. None of this addresses MPLS' sweet spot called Traffic Engineering. Furthermore, no one has explained how the enterprise and the service provider interface for SD-WAN, like many of the issues (MTU and Fragmentation management, IPv6 support, etc.) much of this is to be determined as of this writing.
It is early days for SD-WAN and we may see a lot more development and functionality in the coming months.
We hope this helps answer the question(s).