Bikash Koley came to Juniper from Google, but had previously worked at Ciena, so he wasn't unfamiliar with the telecom space by any means. So he likely knew what he was getting into at a manufacturer whose router and security revenues were under fire on all sides, from traditional rivals such as Cisco and from newer players not burdened by a hardware legacy.
In part one of this Q&A, Koley stressed Juniper's credentials in the software space and its commitment to open source. In part two, he argues that Juniper is better prepared than its competitors to thrive at the edge of the network, where he sees multiple distinct use cases and says Juniper and its Contrail platform are ready for both. And Koley makes the case that Juniper's security strategy is also future-proofed by enabling distributed security for the virtualized world. (See Juniper CTO: Open Source Software Can Be Profitable.)
Carol Wilson: Juniper is part of the ONF [Open Networking Foundation] initiative, as you announced in June, that is focused on setting open source reference designs for what happens at the edge of the network. How is the rise of edge computing impacting Juniper and is it clear to you where the "edge" actually is and what it will look like going forward?
Bikash Koley: For us, the use cases for edge computing are pretty clear. You can broadly break it down to two distinctive use cases and sometimes I see them getting mixed up. One is where you are virtualizing your edge network infrastructure and you're operating that on an edge cloud because it needs to be close to the edge. This is going to be fundamental to how 5G gets rolled out. The reason is primarily economics. Because if you look at the economics of 5G, it would be very hard to monetize all that has been spent to turn up a 5G network if you are not able to just build as is needed, and edge cloud gives you the ability to build as is needed.
But then there's a second use case, which is how do I allow people to run applications that need to be closer to the users and by doing so, I monetize my ability to have space and power close to the user. The perfect examples of second use cases would be IoT [and] connected cars, where latency matters and you need to be close to the users. These two are somewhat distinct use cases and from Juniper's perspective -- we are actually very active in both.
CW: Can you explain what you are doing?
BK: The first use case is going to be primarily about mobility. If you go through Contrail's history, Contrail is probably the most deployed telco NFVi/SDN software out there with 200-plus customers, 40-plus are Tier 1/Tier 2 service providers all across the globe, and most of the actual production NFVi services, a vast majority of them use Contrail as NFV/SDN.
5G is a natural extension for us and we have been preparing for that for a long time. How are we preparing for it? If you look at the common characteristics of edge cloud, there are a few things that you need. You need a small footprint, because we don't actually have a lot of space and power. We have been optimizing Contrail to fit into basically a single appliance for the whole stack, which it does today. You can't run the control plane locally because again it takes too much space and power and compute. Contrail has been supporting a centralized control plane, including when the control plane runs on public cloud, for quite some time.
You need deep implementation of security because you're going to have IPsec and SSL encryption that you have to terminate, which Contrail does natively, as well as we have virtualized most of our firewall and routing devices to actually do that. On the edge, you have no option but to run microservices because full-blown services are too heavyweight to completely run on the edge. They have to be micro-service based. Contrail today has one of the best [microservice] implementations, so you can spin up microservice on containers. We do that today already for edge as a matter of fact. We have some of the first containerized VNFs [virtual network functions] that are orchestrated on Contrail. When it comes to service provider infrastructure adopting virtualization on the edge, we are very well prepared. We actually believe we are probably the most prepared when that deployment happens and we've already seen some deployments of that.
CW: Where do you see service providers deploying, other than 5G?
BK: Service providers have a distinct advantage of having an abundance of space and power that are really close, within milliseconds, of users. That is where they're differentiated from many of their competition, including public cloud. But for that to work, what they really need is, again, a cloud stack that they can deploy on the edge, that offers modularity and has all the same behaviors that I described before. Small footprint, embedded security, able to run control plane remotely, and the ability to orchestrate multiple users.
There, we have what we call Contrail distributed multicloud. The whole approach has been how do we take the micro-segmentation and multi-tenancy that we have built for core applications and how do we extend that to edge? We already have, including having the ability to securely connect your edge tapestry of core centers so that if you're doing microservices, you have a seamless infrastructure all the way from edge to core.
We also still have use cases for that already for IoT and the connected car environment. Also in terms of standardization, there are a lot of good works that are already starting to happen in Linux Foundation. There are some that are happening as part of ETSI and IEEE, so we're following them very closely. You're going to see us joining several of those as well, as they mature and we understand which ones are going to go and have the strongest ecosystem and market traction.
CW: Do you think the industry and your customers are clear on the kinds of things you talked about? Are you having to do a lot of education in this field in terms of how all this stuff fits together?
BK:As far as that, as you have pointed out, edge is a fairly new concept to most of the industry. One of the benefits that I have is having built the front-end infrastructure for Google for many years, edge cloud is not a new concept to me or to most of the hyperscalers, because they have been building this front-end infrastructure for a long time. There is definitely a re-education involved as to what it really means. We like the movement toward edge cloud because ultimately it opens up a set of footprints that was not necessarily Juniper's territory before, but now we have the ability to go after that. So we actually love it.
CW: Alright, a little bit of change the subject here. Security is an area in which Juniper has played a strong role. Is that going to be as strong going forward?
BK: It is absolutely a strong focus for the company. Our security business, our firewall business, is actually growing. It's growing quarter over quarter. But more importantly we actually see the nature of security changing. One of the ways that it's changing is that security is becoming distributed. All the examples that you're walking through, whether it's edge cloud or distributed hybrid cloud, the security is not just perimeter. Your security is throughout the infrastructure. That's where our software-defined secure network becomes a very important strategy, where the places where you have visibility into what's happening in your infrastructure are not just firewalls. They're firewalls, they're switches, they're routers, they're overlays, overlays like Contrail. So that's one.
Two, your enforcement points are distributed. We launched a product called Contrail Security, which does micro-segmentation throughout the overlay, as Contrail is laid, including within the public cloud. We have virtualized our firewalls so you actually can run them as hosted firewalls, again, across the board. You distribute the enforcement points much closer to where the applications are or where the users are.
The last one is you need to have a common policy server, so you can apply the same security policy expected, whether it's on frame at public cloud, and you have complete coverage of the policy that you're deploying.
A combination of this, we call this framework SDSN, Software Defined Secure Network. That's a combination of distributed security enforcement, distributed visibility and common policy that ties all of this together. It remains a key focus for us, as you know, when we acquired a company called Cyphort that can advance threat protection. Overall, it's a big focus for the company.
CW: If you had to point to what you feel is Juniper's strongest differentiation or competitive advantage right now in the industry, what would you point to?
BK: If I look into the market and if I look into the technology, I think the most disruptive thing that has happened to the market is cloud and by that I just don't mean public cloud. I mean, with every application, users now have an expectation that what they're connecting to is accretive, it's reliable and it's fungible. I get to use what I need.
So if I'm a CIO, I'm trying to solve the same things for the infrastructure that I'm building in-house, or whether I'm going to go and use it from public cloud. Doing so is actually very complex and what Juniper is going after solving is ultimately how do I provide solutions where the customers don't have to choose whether they're deploying physical versus virtual, and they're deploying on-premises versus off-premises, or private cloud versus public cloud. It's true for small businesses, it's true for large enterprises and everybody in between, right?
We feel our thinking is actually ahead of the pack in the way that we're solving this because we're actually solving this with a common set of solutions. We see that as a huge differentiation for the company going forward.
CW: And you don't think this is something your competition does as well?
BK: The reality of that is at some point they will catch up but whenever you have a real disruption, that happens in the way people consume infrastructure, it's almost always the first set of companies that disrupts, they end up being market leader. The same thing happened with IP routing a long time back. I see the same disruption happening in the space. Juniper is ahead of the others in the way that we're going and solving this problem.
— Carol Wilson, Editor-at-Large, Light Reading