Masergy and CenturyLink, two companies who pioneered virtual customer premises equipment, now have introduced new features as virtual network functions, beginning to deliver on NFV's promise of faster service delivery.
On Monday, Masergy Communications Inc. unveiled its WAN Encryption offer as a virtual network function in its VNF store. Last week, CenturyLink Inc. (NYSE: CTL) announced its SD-WAN plans, building on Versa Networks ' software-based approach, as an NFV offering. In both cases, the companies see their new services as examples of using NFV to deliver new products that respond to customer needs more rapidly. (See Masergy Adds Advanced WAN Encryption VNF, Versa Makes Its Mark at CenturyLink and CenturyLink Sets Sights on SD-WAN.)
In CenturyLink's case, the determination to get to market quickly even means using "Agile" software development and bringing to market an SD-WAN product version that may not be perfect, but will be perfected in the coming months, says Eric Barrett, director of new product management.
"We wanted to handle this in an Agile development, so we could learn our lessons and adjust as we move forward," Barrett says. "This [SD-WAN] is so new, it would be tough to adjust to hit the mark right out of the gate, so we decided to take it out and learn our lessons as we move forward."
Instead of integrating its SD-WAN service into the Programmable Services Backbone (PSB) that today supports its other virtualized services and is orchestrated by Ciena's Blue Planet, CenturyLink will start by deploying a separate infrastructure at a smaller number of network points of presence, and then in a later phase, integrate the Versa software into the PSB, and Blue Planet's orchestration.
That's a very different approach from the massive testing and integration effort that would have preceded a service rollout in the past, Barrett says. "Because this is a software service, we have to think like a software development shop and not a telco."
NFV in action
Masergy's WAN Encryption service uses Certes Networks Inc. 's CryptoFlow technology to encrypt data in transit on an end-to-end basis at either Layer 2, 3 or 4, says Paul Ruelas, director of product management. And while it can be deployed as software on a standard Dell server, if the customer chooses, Masergy has added WAN Encryption to its VNF store to be delivered to customers alongside its other virtualized functions, including firewalls.
It's the latest in what CTO Tim Naramore says will be a series of announcements from Masergy on new NFV-based functions and services. In some cases, those additions with be a new vendor version or an open source approach to existing functionality, he says, but some additions will be new services, as with WAN Encryption. They will be added to what the global service provider already delivers on its virtual CPE or from the cloud.
"As we onboard these [features], we just have to figure out how they fit into the stack and how you chain the various functions together," he comments. "Now that we have built this engine that can download these things and manage them and sell them, this is hopefully the way we do managed services going forward."
In the case of WAN Encryption, enterprises pay for how much bandwidth they want to encrypt, and that's a scalable function, Ruelas notes. Masergy controls a centralized multi-tenant re-keying function which uses internal communications to speak to all the end points and control key release changes every 24 hours, he says.
The service addresses a growing need of some enterprises to encrypt their data traffic for protection, whether to meet specific requirements, such as HIPPA rules, conform to specific government compliance rules, or protect traffic that traverses borders from government spying -- particularly that which comes from Europe to the US, Naramore notes.
Not every customer has that need or wants the expense of encrypting traffic, he adds. But having that as a potential tool will become more important moving forward, Naramore says.
"If you look at it down the road in three to four years, encryption is going to expand its role in the network," he says, due not only to criminal activity and the expanding threat landscape but also to state-sponsored attacks which have already caused companies to lose intellectual property.
Making broadband work better
CenturyLink's SD-WAN service is also a response to customer demand -- in this case, the need to eliminate choke points in the network created by branch offices still tied to T-1s. Using broadband services and SD-WAN delivered as over-the-top functionality, CenturyLink can let its enterprise customers more effectively connect their branch offices to cloud services today and the coming Internet of Things applications as well, Barrett says.
Enterprise customers' other option for doing that today involves setting up IP-Sec tunnels, a process which is more complex and which doesn't offer visibility or options for further security, he adds.
"More and more applications are being spun up from cloud-based apps and IoT, and all of that is being pushed to these branch offices," mostly over MPLS using T1 lines, he notes. For operations such as retailers and banks, using existing hardware-based SD-WAN options would require managing their own infrastructure, and when the end-points are scattered across the service landscape, that becomes its own challenge.
A prime reason CenturyLink chose Versa as its SD-WAN vendor was because it was unique in offering a multi-tenant solution, Barrett says. In addition, since Versa's founders are Juniper Networks Inc. (NYSE: JNPR) veterans, they understand the service provider world and the language of MPLS and created something enterprises can more easily embrace.
Today, the SD-WAN is rolled out with 17 proof-of-concept customers, and CenturyLink is taking what it learns and using that to improve the product going forward.
"We are learning a ton of lessons, this is so new for everybody," Barrett comments. "I think it would be foolish for us to try to guess where this is going to be two years from now. It is better for us to make small incremental improvements and learn our lessons along the way."
In addition, CenturyLink will look to add another vendor at some point, since single-vendor deployments are not its norm. For the time being, its customer portal for SD-WAN is a white labeled version of Versa's, but that, too, is likely to change at some point.
— Carol Wilson, Editor-at-Large, Light Reading