Enterprises are demanding a new generation of cloud-based wide-area networking services that's swallowing up SD-WAN, killing network functions virtualization (NFV) and challenging existing telco business and technology models, according to Gartner analysts.
Gartner has given the new network delivery business model a name, and it's an ugly one: SASE, pronounced "sassy," which stands for the "Secure Access Service Edge." And if Gartner is right, the effect on service providers' business is going to be ugly too.
The SASE transformation has been building for years. Five years ago, almost all enterprise applications and data lived in the data center, Gartner analyst Joe Skorupa tells Light Reading. Branch office networking connected to the data center, as did remote workers. Whatever cloud access was necessary then went to the data center first, then out to the public Internet.
"Now, applications are pretty much everywhere," Skorupa says. Some are in the data center, some are outside of it. Mission-critical applications live in the cloud, including Workday, Microsoft Office 365, and custom applications written for Microsoft Azure and Amazon Web Services. "The data center is no longer the center of the universe," he says.
Skorupa adds, "We have gone from having a 'data center' to having 'centers of data,' and they are all over the place."
Likewise, consumers of data aren't just branch offices. Endpoints are mobile. "They're a sales executive sitting in a car with a cup of coffee and an iPad," Skorupa says. "They're not funneling through the data center. It's a hub and spoke. But the hub is the individual, which could be a person, could be an IoT device, and could be software."
The new network architecture requires different technologies to suit different needs, Skorupa says. For example, a home worker doesn't need SD-WAN because they're not balancing multiple links, but that worker does need quality-of-service guarantees to make video calls. On the other hand, a branch office requires SD-WAN for security and path selection.
The changing nature of business requires changing security policies and technology as well, Skorupa says. "If it's a contractor using an untrusted laptop logging in from Southeast Asia at two o'clock Sunday morning directly into Salesforce, trying to get at the entire client database, you want to apply a lot of security policy against that," Skorupa says.
Additionally, enterprise locations need intrusion detection and prevention services (IDS/IPS), data loss prevention (DLP), anti-spam, anti-malware, whitelisting, blacklisting and so on. "The overhead of trying to keep that stuff patched is a nightmare. You're always out of date. You're not going to put seven boxes stacked up -- and duct them to the back of my iPad when I'm traveling," Skorupa says. Cloud delivery is the only model that makes sense.
He adds, "The only way to apply policy anywhere and everywhere, scaling up and scaling down as needed, delivering a set of functions you need on demand, is to deliver it primarily cloud-based."
R.I.P. CPE That means on-premises equipment needs to go from being the standard way of delivering enterprise services to a specialized case, says the Gartner man.
"The model says on-prem only when you must, cloud-delivered whenever you can," Skorupa says.
This "represents an existential threat to NFV" because NFV depends on selling expensive boxes that happen to be x86-based. The cost benefits promised initially for NFV failed to materialize because vendors simply refused to lower their prices by a lot, Skorupa says.
NFV proved "incredibly complicated," and while the telco industry struggled to make it work, "application consumption patterns changed and the branch was no longer the center of the universe, and a solution that was non-scalable and hard to maintain and expensive and complex winds up being obsoleted by something that is elastic and easy to maintain and it's cloud delivered," Skorupa says.
There are cases where NFV makes sense. "But by and large the days of NFV have already come and gone. It's basically stillborn," Skorupa says.
In a July note, Gartner recommends several steps for technology and service providers to succeed in the new market. They need to transform offerings to a cloud-native architecture, transform business models to "cloud-native-as-a service," deliver "a clear vision" to the market, fill out their "portfolio organically, with the fewest acquisitions possible to minimize integration challenges and inconsistencies across services," and invest in distributed real estate, such as PoPs and colocation facilities, to place service as close to the access point as required.
Gartner names several vendors as already network-security focused, including Cato Networks, Fortinet, Forcepoint, Juniper and Versa Networks. Other SD-WAN vendors without cloud-delivered security are partnering with Zscaler, Palo Alto Networks and others.
Of course, the industry being what it is, these vendors are going into paroxysms of joy by merely being mentioned by Gartner. Versa and Cato Networks put out press releases and statements on their websites, and zScaler devoted some discussion to the subject on an earnings call.
Telcos behind the eight-ball Cato Networks, for one, sees the shift to SASE as a competitive advantage. "Telcos are behind the eight-ball," Yishah Yovel, Cato CMO and chief strategist, tells Light Reading. Telco networks are based on appliances, and they're two years behind catching up on the cloud networking model.
Telcos are disadvantaged because they don't own the code. "If I'm a Palo Alto or Zscaler, I have my own code. I already have some percentage of the SASE platform. Telcos don't operate this way. They integrate other people's code. That's very dangerous for them, unless they become more of a software player.""
Looked at one way, Gartner's SASE pitch is nothing new. Indeed, when a Cato Networks spokesman brought it to my attention a few weeks ago, I initially scoffed.
Normally I would have been more polite, but I was in a bad mood on account of being still jet-lagged and sleep deprived from a trip to Dallas, to Light Reading's Network Virtualization & Software Defined Networking conference, which was all about the trends Gartner had apparently just discovered. And it wasn't the first year we've done that conference; far from it. So my first reaction to the tip was, "Thank you, Captain Obvious!"
The software-defined networking (SDN) movement, launched at the beginning of the decade, was all about moving network intelligence into software for increased agility; the reason we don't hear much about that anymore is because the philosophy has become mainstream.
More recently, AT&T, Orange and startup Rakuten are aggressively moving their networks to cloud architectures. Just last week, Colt launched a new line of universal CPE (uCPE) equipment, providing SD-WAN, firewall and other services to enterprises, based on NFV.
Still, NFV has attracted skeptics almost since its founding in 2012, and at about the same time Gartner issued its SASE note, we reported that critics were saying the technology is too rigid and monolithic for the cloud era, (though Prayson Pate, CTO, Edge Cloud, ADVA Optical Networking took issue with our report).
However, my initial dismissal was misplaced. Gartner does a good job of weaving together and articulating several long-term trends shaping the service provider business and networks. Gartner deserves credit for stepping back and summarizing a decade of trends in a few pages.
Also, Gartner is influential, particularly among enterprises who are service provider customers. Gartner's SASE coinage means ideas about wide-area network virtualization and cloudification have gone mainstream. Telcos are going to start hearing demand for SASE, and need to be prepared to meet it.
For more about how AT&T, Orange, Rakuten and other service providers already cloudifying and virtualizing their networks, see these articles:
- Colt Brings Virtual Networks to Enterprise Premises
- AT&T's Wheelus: From Mechanization to Automation
- Alaska's Rakuten Preps for 4G Launch
- Why AT&T's latest open source contribution matters
- Common NFVI Telco Taskforce (CNTT) Boasts Reference Milestone
- AT&T on Track for 100% Core Network Virtualization Next Year
- Rakuten Delays Launch of Cloud-Native Network
- It's Groundhog Day! Explaining AT&T's Microsoft & IBM Deals
- AT&T & Microsoft Ink 'Extensive' Deal for Cloud, 5G, AI & Edge
- Is X by Orange Showing Us the OTT Future for Telcos?
— Mitch Wagner Executive Editor, Light Reading