The SD-WAN space has been percolating for years, and there are some recent signs that it may finally be sticking its head out beyond the old extend-the-VPN-to-small-sites mission. One thing that seems to stand out in two announcements is a managed services connection. As always, though, there’s no shortage of competitive intrigue in the mix, and so the outcome of all of this is still a bit murky.
SD-WAN is the most recent virtual-networking strategy to emerge, but not the first. From the early days of virtualization and the cloud, virtual networks were the go-to strategy for sharing network and hosting infrastructure among multiple tenants, including organizations within a company whose information technology had to be kept separate for security/compliance reasons. Virtual networks create, in some way, an overlay on top of ordinary IP networks, and this overlay strategy allows for connectivity management at a highly refined level, without impacting or depending on features of the underlying IP transport. Connectivity is separated from transport, in short.
Enterprises have so far embraced virtual networking for more mundane reasons. Some have adopted it in their data centers to improve security, and most recently many have used SD-WAN to extend corporate VPNs to locations where MPLS is either not available or not economical. The refined connectivity control that virtual networking and SD-WANs could offer wasn’t the user priority, which is why most SD-WAN products did, and still do, little to enhance connectivity control value-add.
Not all SD-WAN products have been so myopic. When Juniper acquired 128 Technology, they acquired what I’ve said from the first was the best overall SD-WAN and virtual-networking strategy available. The biggest selling point for 128 Technology was and is its session-aware handling of traffic, which means that it can identify user-to-application relationships and assign traffic priorities and even connection permission based on that. Integration of 128T’s SD-WAN with Juniper’s AI platform (Marvis and Mist) provides improved operations automation, and the combination of the two offers both network operators and managed service providers (CSPs and MSPs) a strong basis for a managed SD-WAN offering.
Managed services are quietly getting hot, and especially managed SD-WAN. Part of the reason is that enterprises are generally having issues with acquiring and maintaining the skilled network operations professionals they need, given competition from cloud and network providers and equipment vendors. Another part is that in the small-site locations where SD-WAN is the only VPN option, local technical skills are likely very limited, and a managed service is the only realistic solution. My data shows that CSP and MSP managed SD-WAN services are the largest source of new SD-WAN sites.
Then there’s the whole SASE thing. When you start talking about a service edge device and security in the same breath, it’s hard not to think of SD-WAN and what security it might bring to the table. The session-awareness approach can offer zero-touch security by letting users define what sessions are allowed, and barring everything else. Prioritization for QoE is a natural feature of SASE too.
Finally, the cloud. The largest source of cloud applications for enterprises is the front-ending of core business applications in the data center with friendly web-centric portals. This is how most companies have provided for user access to their data, including online ordering, and it’s also increasingly how companies want to support worker access, particularly given that many workers now want to use smartphones, tablets, Chromebooks, and other stuff in their work-from-home mode of operation. If the cloud is where these new application on-ramps are located, then workers need to get to the cloud rather than directly access the data center. Even before the Juniper acquisition, 128 Technology had a strong hybrid and multi-cloud story, as good as or better than the rest of the players.
If all of this stuff is important, and if Juniper has acquired an SD-WAN player that can do all of it and well, then it would be truly surprising if there weren’t competitive counterpunches in process, and we had two of them recently.
Extreme Networks is acquiring the Ipanema SD-WAN division of Infovista, with the apparent goal of bringing its network offerings up to address competition in the managed SD-WAN space. Extreme already has its ExtremeCloud managed service portfolio, but the Ipanema SD-WAN has “application intelligence”, allowing it to make decisions on QoE based on the specific importance of applications using the network. It’s also able to support dynamic routing in hybrid and multi-cloud applications. Finally, it pushes a “cloud-native” implementation. I think it’s clear that Extreme will be enhancing the application-intelligence features to extend their utility in security and access control, moving them closer to feature parity with Juniper’s 128 Technology and Marvis/Mist capability.
Cisco sees the handwriting on the wall too, but they may be speaking a little different language. Recall that Cisco has its own Cisco Plus network-as-a-service and expensing-versus-capitalizing offering. Cisco also has the most strategic influence of enterprise network buyers of any vendor, having in fact almost twice the influence of Juniper and five times that of Extreme. A decision to push SD-WAN features and enhancements through CSP/MSP channels would undermine their own as-a-service plans and reduce the impact of their enterprise account control. I think their positioning of their ThousandEyes deal shows that tension.
The SDxCentral story characterizes this as “Cisco’s WAN-on-Demand Strategy”, which sure sounds like an as-a-service strategy. Is it a coincidence that this is also how Cisco described its Cisco-Plus…as a NaaS? What the Cisco strategy with ThousandEyes does is improve visibility across all clouds and networks. The WAN-on-Demand stuff is really a Cisco initiative involving a bunch of cloud relationships for SD-WAN routing, which ThousandEyes can provide visibility for and that Cisco’s management products can look into and facilitate acting on. It’s not directly comparable to the Juniper or Extreme session/application awareness stuff.
WAN-on-demand does raise the question of whether Cisco is subducting IP and IP networks, promoting an overlay SD-WAN approach to respond to the fact that the cloud is becoming the application front-end of choice, and thus the thing that customers, partners, and employees have to connect with. By promoting cloud interconnect, Cisco is promoting the use of cloud provider backbones, and if all IP networks are just the plumbing underneath a Cisco NaaS vision, then a Cisco managed service strategy for SD-WAN could become the go-to managed-service solution, or so Cisco hopes.
Cisco could obviously make their offerings available to CSPs and MSPs, and could promote a managed-service vision and SD-WAN vision competitive with other vendors, or they may have decided that they want to get into the space on their own, and are starting to position the “NaaS” term as a placeholder for their own strategy, and a way of avoiding saying they’re going to offer managed SD-WAN and other network services, a statement that would surely raise the risk of channel conflict with CSPs and MSPs. We’ll have to watch how Cisco positions over the next few months, because service provider fall planning cycles are only roughly a month away.