The State of SD-WAN Today: Making Sense of the Hype
Multi-cloud application deployments require a new approach to enterprise WAN architecture. SD-WAN solutions provide the ability to successfully manage today’s more complex hybrid cloud environments, but the category is quickly becoming crowded with a plethora of vendors, products, and competing claims. How can IT architects, engineers, and managers alike make sense of this emergent marketplace and determine the solutions best suited for their environment?
Where Are We?
Over the course of the past decade, cloud computing has unequivocally moved to the forefront of enterprise IT architecture. “Cloud’s” transformation from a set of abstractions and often inchoate intentions, compelling and frightening at the same time, to its current position as the dominant hosting, compute, and storage paradigm has been an evolutionary affair. We did not arrive at “Cloud First” overnight.
But arrive we have. Intel Security’s late 2016 global survey of 2,000+ cloud security IT professionals and decision-makers across all industry verticals revealed that fully 93% of organizations were by then employing cloud services of one sort or another. Further, 80% of these organizations indicated they had explicitly adopted enterprise Cloud First strategies, meaning priority was now being given to deploying applications on cloud platforms or as cloud-based services rather than using traditional on-premise architectures. Almost three-quarters of these enterprises professed to be storing “some or all of their sensitive data in public clouds.” Just as telling, these Cloud Firsters reported expecting their IT budgets to be 80% dedicated to cloud services by the end of 2017. Those without such priorities also believed their organizations would trend in that direction, albeit at a slower pace. This dramatic transition in enterprise IT spending from traditional architectures to cloud services – what Gartner aptly calls the “cloud shift” – arrives with equally dramatic financial implications: Gartner estimates the aggregate amount of redirected IT spend reached $111 billion by YE 2016; analysts expect that figure to increase further to $216 billion by 2020.
How Did We Get Here?
Cloud’s success was never a foregone conclusion. Quite the contrary: for those present when cloud computing first arrived on the scene, these latest adoption numbers will be nothing short of astonishing. Indeed, Cloud’s early years were marked by understandably high skepticism in the enterprise, particularly with regard to such fundamental matters as data security, systems availability, and overall management controls.
Early cloud adopters tended to be accordingly conservative, carefully kicking the tires of this new computing metaphor by leveraging single-application solutions such as hosted email services or employing specific cloud-based business functions such as CRM or ERP. Over time, the cloud marketplace evolved to provide a broader range of hosting solutions, from Infrastructure- to Platform- to Software-as-a-Service. Major vendors introduced new products that allowed customers to establish cloud-like capabilities within their organizations’ private, on-premise data centers. Business IT, under pressure to cut costs while improving time-to-market in the wake of the Great Recession, became more and more inclined to consider alternatives to traditional systems deployment architectures. In an increasingly global, “always-on”, customer-and-application-driven age, it became increasingly compelling to consider leveraging this matrix of newly-available cloud options to improve enterprise agility, enhance end-customers’ experience, and drive more successful business outcomes.
The resulting transformation, as much a matter of changing consciousness as of computing paradigms, is seen in the dominance today of “hybrid cloud” application environments, where customers have chosen increasingly to adopt a best-of-breed approach to building their particular enterprise application mix. As Intel’s late 2016 survey indicates, the majority of organizations polled – from 50% in healthcare to 73% in the insurance industry – are now operating in hybrid mode. What this means is that organizations may choose, for example, to run their email and office automation suites – such as Office 365 – out of the Microsoft cloud (or Google Docs and its cohort out of the Google cloud), their ERP application out of, say, the SAP or Oracle cloud, CRM out of the Salesforce cloud, Web services out of Amazon Web Services, and proprietary line-of-business applications from legacy servers on a private VMware cloud running in their enterprise data center. More than a few major applications might be hosted in a distributed architecture over multiple hosts in several data centers, dictated by the business and technical requirements at hand. Over the past two years, this hybrid approach has very much become the dominant enterprise application deployment paradigm, with the average across all verticals reaching 57% in 2016, a 3x increase over 2015, when private clouds still maintained the majority position. Gartner expects that number to increase to 70% by 2019. As Intel’s report put it, “cloud is here to stay.” Increasingly, it is clear, that comment refers to “hybrid cloud.”
What's It Mean?
This rapid transformation of application deployment architectures has had major implications for enterprise networks. Not surprisingly, it has created significant WAN performance, reliability, and security challenges. Traditional WAN architectures, designed to meet 20-25 year old client/server performance needs, simply cannot accommodate the greater demands of today’s increasingly complex multi-site hybrid WAN environments. The trouble begins at the foundational network layers, where the relatively low-speed, high-latency (and expensive) legacy MPLS links between data centers and remote entities are incapable of delivering the bandwidth needed by many of today’s cloud applications and their accompanying data streams. Further, traditional WAN “hub-and-spoke” structures typically hairpin (or “trombone”) all enterprise WAN traffic, including Internet traffic, back through the enterprise network core, often introducing significant latency and jitter along the way – again impacting the end-user experience to such a degree that cloud deployments can easily become incapable of supporting efficient business operations. Finally, legacy network architectures, which generally involve deploying multiple single-purpose pieces of equipment at each WAN location (whether core or branch edge) are famously complex and time-consuming to configure, install, manage, and maintain. Provisioning, as anyone who has witnessed it is aware, is typically done in a highly manual fashion, at the command line, one network device at a time. Effective network management is complicated accordingly, especially in small-to-midsize (SME) enterprises (that is, organizations with < 1,000 devices), where IT may be particularly understaffed, thus rendering network availability and security even more difficult to ensure. Such legacy environments provide little opportunity for business agility. Network configuration updates, circuit upgrades, feature changes, and functionality enhancements no matter how small require senior, hands-on engineering resources – and more time than the business would usually prefer. Typically, these environments have not yet made the transition to more advanced DevOps frameworks, where configuration management, testing, and new feature deployments have become more automated, efficient, and resilient.
Without question, the arrival of hybrid cloud as the primary application deployment paradigm requires a complete rethinking of our enterprise WAN architectures. It is long past time when IT and business alike can simply assume that legacy network structures will be able to accommodate the adoption of SaaS solutions such as Office 365 or Salesforce over existing links, or that existing branch office connectivity will be sufficient to provide adequate performance to support a new ERP or CRM solution, let alone handle the real-time streaming video traffic generated by holding an online, global all-hands employee meeting. Never mind the remote likelihood of speedy systems recovery in the aftermath of an outage or security breach in this multi-platform, multi-vendor, resource-constrained, geography-dispersed hybrid platform scenario. Legacy WAN infrastructures are ill-prepared for that, and if not simply at the ISP circuit level, then certainly at the upper management layers of the network.
What, then, are today’s heavily network-dependent enterprises to do? Gartner makes several recommendations. They advise that organizations begin by fundamentally rethinking their overall WAN architecture. Doing so will require returning to the first principles of systems design – that is, to developing an appropriately sophisticated degree of understanding of the business and application requirements suggested by their specific hybrid environments, and by aligning those accordingly with a new WAN architecture and strategy framework. They further advise focusing on the universally critical issues of application performance, systems resilience and availability, total WAN costs, and network management agility. Finally, with that understanding in hand, Gartner advises that enterprises then evaluate emerging SD-WAN technologies, with an eye toward employing software-defined WAN capabilities to resolve their hybrid management challenges.
As with software-defined networking (SDN) in general, SD-WAN aims to greatly improve network performance, reliability, and management agility while at the same time lowering costs and enhancing security. It does so by adopting an approach to architecting and presenting critical network functions that takes its conceptual lead straight out of the server virtualization playbook. As with that earlier generation of data center innovation, SD-WAN separates upper level management and control capabilities from the underlying physical infrastructure. In traditional network parlance, this means abstracting the control plane – where higher order functions such as device configuration, packet routing, traffic management, monitoring, and event logging take place – from the data plane – which carries out the actual delivery of application and user data.
In a traditional network, recall that each independent device (such as a router or a switch) is comprised of both a control plane and an accompanying data plane. The two are essentially inseparable. They are configured and managed as a single entity. Under SD-WAN, however, all “intelligent” device functions are moved into the control plane, which can then be programmed to provide functions and capabilities specific to that particular device and environment. A single control plane can be comprised of both a “control and services layer” and a “business policy and orchestration layer.” Basic services such as centralized performance monitoring, traffic routing and management, security, and QoS exist at this services layer, whereas business policies are established, automated, and executed at the orchestration layer. Policy-based instructions from the control plane can be delivered not to just one, but multiple data planes using established API’s via a “southbound interface.” Conversely, communication from the data plane to the control plane is effected by way of a “northbound interface.”
The programmable policies implemented through this “secure overlay” architecture can be used to establish and manage a wide range of critical network capabilities, from application-based bandwidth prioritization to intelligent circuit selection to automating configuration changes and the execution of any number of security policies. Network services, in effect, can be instantiated on a richly-developed control plane and delivered on demand (or as scheduled) to any point across the enterprise WAN. Everything from network behavior and performance to standard maintenance and administration can be performed through an automated policy orchestration engine. No longer are administrators constrained by a network device’s factory-delivered, hardware-centric feature set, or by the need to “bolt-on” a new appliance for every new piece of desired functionality, but are instead empowered to build a network that meets their specific business requirements and can be changed as business circumstances dictate. That “building” now involves employing a new generation of SD-WAN technologies, and takes place fundamentally via software.
Without question, such a broad range of capabilities, assuming they are fully-realized as advertised, renders SD-WAN a high-value entry on the enterprise technology stage – one with the potential to be just as potent a force as server virtualization proved to be. In fact, as with server virtualization, SD-WAN presents more than a highly compelling network management feature set for significantly improving hybrid cloud and WAN branch/edge operations: it also promises significant cost savings. As several IDC analysts have pointed out, SD-WAN innovations provide the “ability to defray MPLS costs, simplify and automate WAN operations, improve application traffic management, and dynamically deliver on the cost and efficiency benefits associated with intelligent path selection.” As a result, Gartner estimates, “SD-WAN can be up to two and a half times less expensive than a traditional WAN architecture. A 250-branch WAN over three years is estimated to cost $1,285,000 in a traditional WAN architecture, but only $452,500 with an SD-WAN deployment. The ability to use commodity routers is the biggest savings, along with staffing and a small decrease in router maintenance and support.”
The SD-WAN value proposition described by these analysts is plainly hard to beat: significantly enhanced application performance in environments typically known for their high latency and poor responsiveness, vastly improved, policy-driven, centralized network management capabilities, security-in-depth, and a very attractive ROI calculus. Not surprisingly, technology vendors and potential enterprise customers alike have taken little time to begin recognizing the substantial potential benefits to be realized by leveraging this new approach to hybrid cloud WAN management.
The Competitive Landscape
Vendor, and investor, response has been and continues to be unambiguously positive – indeed, overwhelmingly so for anyone trying to stay current with the developments in this highly dynamic space. One only needs to consult Gartner’s recent survey of SD-WAN product offerings to understand immediately the rapid development of the sector. In their May 2017 “Competitive Landscape: WAN Edge” analysis, Gartner notes that more than 40 competitors have now entered the SD-WAN field, 23 of which have attained a degree of market reach sufficient to warrant detailed assessment in their view as potential targets for enterprise adopters. Such a crowded product field, with all comers attempting to address the same, highly-focused problem set, makes for a challenging job of product differentiation. Gartner approaches the task from a couple of angles. First, they break SD-WAN vendors into four categories. Legacy networking equipment companies represent their first bucket. Familiar names like Cisco, Juniper, and Brocade fall into this group, which essentially addresses the market by extending existing product lines, as for instance, in Cisco’s recent acquisition of Viptela. Second, they call out a number of WAN optimization vendors who are also basically enhancing their product sets while rebranding themselves as SD-WAN players – Riverbed, Talari, and FatPipe fall into this category. Third, they present what we’ll call the “pure-play” SD-WAN startups, companies formed to explicitly address the SD-WAN management opportunity. Finally, they point to the legacy service providers – Comcast, AT&T, and CenturyLink – all of whom have started to offer SD-WAN as part of their bundled product and services suites.
By no means will all of these 40+ vendors, not to mention the inevitable future late arrivers to the field, survive the competitive landscape that is now shaping up. Gartner expects the field to be winnowed over the next few years to no more than 10 major players. Many of the smaller companies will be acquired or simply fail. Part of the challenge in choosing the vendor most appropriate for a given enterprise, apart from the rather obvious one of ensuring that their specific solution set meets the specific requirements set at hand, is in understanding their place in the SD-WAN market, and what that implies in terms of knowing what to expect from them as potential technology partners. Gartner provides further guidance in this regard by differentiating vendors as either “Protectors,” “Evolutionary Disruptors,” or as “Revolutionary Disruptors.”
“Protectors” are comprised of players like Cisco or Juniper, that is: “entrenched incumbents that try to preserve their position” in the broader networking marketplace as it evolves toward a stronger set of hybrid cloud management solutions. “Evolutionary Disruptors” include players such as Cybera, Riverbed, and Nuage, strong, typically established companies with a record of success in an adjacent network industry market that are looking to broaden their offerings and are doing so in a way that will be compelling to enterprises who need better hybrid environment management solutions but without taking on out-sized risks. Finally, “Revolutionary Disruptors” are typically comprised of startups, new players such as Viptela and CloudGenix, looking to “radically restructure the market” in ways that will create compelling growth opportunities as they push ahead. Gartner’s assessment of the 23 vendor subset they culled from the larger pack of entrants makes for a highly useful beginning overview of the SD-WAN product and solution marketplace.
Also of value in assessing one’s options is IDC’s “Innovators Report,” published this past May as well, which focuses on 5 SD-WAN vendors who by IDC’s estimation are making significant contributions to the market: CloudGenix, Cybera, VeloCloud, Versa, and Viptela (recently acquired by Cisco). Each of these is heralded for their specific solution sets, but importantly each addresses the core requirements of SD-WAN. As IDC’s Rohit Mehra puts it: "Enterprise IT has been given a mandate to reduce operational complexity and costs, while ensuring that branch and remote sites are configured to optimally and securely connect users to a diverse mix of cloud-based and traditional on-prem applications." In other words, and again, application performance and availability, hybrid connectivity, security, and cost are the considerations that rise to the top. There are no one-trick ponies at the front of this field. These leaders all provide comprehensive solutions sets, integrating all of the above critical components, while also providing feature-rich management interfaces to make their offerings even more compelling.
The Road Ahead
Enterprise demand for such innovation has been unambiguous; adoption rates are anticipated to increase dramatically in the next few years. Today, the 451 Research group estimates that 10% of enterprise organizations (those with 500 employees or more) have deployed SD-WAN solutions of some type, a doubling over 2015 levels; another 20% are expected to deploy a solution within the next 2 years; and an additional 30% of the enterprise market is current considering doing so. In terms of total dollar spend, IDC estimates the SD-WAN marketplace brought in $225M in 2015, $600M in 2016, and is expected to reach $1.4B this year – a level that Gartner earlier predicted wouldn’t be reached until 2020. As things stand now, again based on IDC’s research, the market is estimated to hit $2.6B by 2018 and $6B by 2020. Gartner’s Andrew Lerner may in fact be making an understatement when he says that “SD-WAN is pretty hot right now.” Indeed, it has become, as he puts it, the “shiny new object” in networking. And for good reason: as we’ve seen, legacy WANs simply haven’t been able to handle the demands of hybrid cloud network management.
All that said, it is still early days in the SD-WAN business. Even its larger enthusiasts and boosters in the technology community agree that enterprises are still very much in the early adopter phase of Gartner’s famous hype curve. As we’ve noted here, the market is awash in vendors and products. Further innovation and product development can be expected, and quickly, to meet market demand. Vendor acquisitions and marketplace consolidation has only just begun. Accordingly, the level of market “noise” and hype can only be expected to increase as well in the days and months ahead. Navigating this dynamic and exciting marketplace will be challenging, but as we have attempted to lay out above, there are key signposts that one can employ to guide enterprises along the way. First, while hybrid computing may indeed be a relatively new phenomenon, especially in its emergent form today, many of the essential SD-WAN concepts are not new. Multi-pathing, application-based routing, the use of Internet broadband over MPLS, active/active failover, encrypted communications, management overlays, “x-as-a-service” – all have been around for varying lengths of time. What is new is their integration into robust, full-featured, packaged solutions, whether in the form of software running on a commodity appliance or as a cloud-based service. It is this combination of features that one needs to focus on as one works to select the best solution for their particular environment. The need to match solutions to requirements is also nothing new, or at least it shouldn’t be.
Equally important in choosing the right technology set from the right vendor is understanding how the product or services chosen will integrate with one’s legacy environment – or not. If one is already suffering from a highly-variegated mix of vendors and their solutions in the data center, adding yet another one may not be the best solution. And yet one should be careful not to let the legacy dog wag the tail of forward progress and a rationalizing of the overall infrastructure environment – particularly in the critical area of improved network management, which of course has significant implications for security and availability. One way to address the legacy challenge is to bring SD-WAN into the environment during a lifecycle-based upgrade. Moving to the next generation of hardware routers, firewalls, switches? Consider leveraging an SD-WAN solution at just this sort of juncture. Granted, enterprises tend not to rip and replace entire networking stacks all at once, although it does happen, but any sort of fundamental environment upgrade provides the opportunity to cuts costs and improve overall network functionality with an SD-WAN solution.
A number of other guideposts will be familiar to experienced network managers: look at vendors’ installed base; get real-world references; talk to purchasers who have gone before you; make sure you see the products in action as you build your selection list. And of course do your research: leverage the kind of resources noted above from Gartner, IDC, and 451 Research. These will be enormously helpful. As always, conduct a proof-of-concept or a pilot project with the solution or product before you commit your enterprise to paying for it. Perhaps most challenging: understand your appetite for risk and balance that with your potential SD-WAN rewards. Will you be better off with a "Protector" or an "Evolutionary Disruptor," or are you ready to embrace "Revolutionary" disruption? However obvious, these pieces of advice are not always heeded.
Finding the differentiators that matter most is ultimately a highly-subjective affair. Knowing which matter the most to you, and knowing the market’s solution offerings at an appropriate level of detail, as in all things, is what will guide you through the hype to the right SD-WAN solution.
Intel Security (McAfee), “Building Trust in a Cloudy Sky: The state of cloud adoption and security,” March 2017 (Summary available at: https://www.mcafee.com/us/resources/reports/rp-building-trust-cloudy-sky-summary-c-suite.pdf Full report available via request from McAfee).
Joe Skorupa and Bjarne Munch (Gartner), “Competitive Landscape: WAN Edge,” May 17, 2017 https://www.gartner.com/doc/3714242/competitive-landscape-wan-edge
Mark Fabbi and Neil Rickard (Gartner), “Digital Business and Cloud Demand New WAN Architectures,” November 10, 2016 https://www.gartner.com/doc/3510218/digital-business-cloud-demand-new
Tara Seals, “The Cloud: A Growing Driver for SD-WAN,” June 13, 2017 https://www.sdxcentral.com/articles/analysis/cloud-growing-driver-sd-wan/2017/06/
Zeus Kerravala (ZK Research) “A Software-Defined WAN Is a Business Imperative,” May 2015 http://www.velocloud.com/sd-wan-resources/white-papers/software-defined-wan-business-imperative-zeus-kerravala
Brad Casemore, Rajesh Ghai, Nolan Greene, Rohit Mehra, “IDC Innovators: SD-WAN, 2017” https://www.idc.com/getdoc.jsp?containerId=US42549917
“Five Software Defined-WAN Vendors Named as IDC Innovators,” May 2017 http://www.businesswire.com/news/home/20170525005172/en/Software-Defined-WAN-Vendors-Named-IDC-Innovator
Brandon Butler, “SD-WAN: What is it and why you’ll use it one day,” June 12, 2017 http://www.networkworld.com/article/3031279/software-defined-networking/sd-wan-what-it-is-and-why-you-ll-use-it-one-day.html
Brandon Butler, “IDC: SD-WAN growth is exploding for at least the next 5 years,” August 1, 2017 https://www.networkworld.com/article/3048174/wide-area-networking/idc-sd-wan-market-to-hit-6b-by-2020.html