Analysts are not employed by SDxCentral and the views, thoughts, and opinions expressed in their content belong solely to the author and do not reflect the views of SDxCentral. Note: AvidThink is a separate organization, created by Roy Chua, that is not affiliated with SDxCentral.
We knew it was bound to happen — the universal SD-WAN (uSD-WAN). As SD-WAN vendors compete against each other, there are two possible architectural outcomes. One is that vendors will cluster around a few niches, and we’ll see a set of differentiated SD-WAN solutions with each niche serving specific market verticals or unique groups of users. The second is a universal SD-WAN solution with a more-or-less unified set of capabilities.
We at AvidThink predict that the universal solution is most likely, although the market could yet evolve further. At least in the vendor pitches that I’ve seen — and I’ve now seen quite a lot — there is a pattern forming for the universal SD-WAN feature set.
You Get an SD-WAN, and You Get an SD-WAN…
It looks like enterprises all want an SD-WAN. In survey after survey, everyone is on track to deploy or upgrade their WAN in the next few years. And the number of vendors who want to provide it continues to increase, as we flip security vendor after security vendor into SD-WAN vendors — Fortinet, Barracuda, now Watchguard, who’s next? At the same time, communication service providers (CSPs) and systems integrators (SIs) will continue to rollout SD-WAN as their preferred new value-add service.
Behold the universal SD-WAN.
Across all these vendors, the solution set looks to converge around the following key elements:
- Simplified cloud management with zero-touch provisioning: Core to any self-respecting SD-WAN solution is the ability to manage all edge devices from a central cloud. New devices should seamlessly bootstrap themselves and call home to receive the latest software updates and control messages from their cloud overloads.
- Multi-path selection and bonding: SD-WAN’s main claims to fame are cost reduction and improved resilience. The ability to successfully utilize multiple links — one of which being a cheap direct internet access link — is central to a solution qualifying as an SD-WAN platform. In addition, path selection intelligence that goes beyond simple linkup/link down but instead measures jitter, throughput, latency, and loss will be part of the appeal.
- Basic routing: Not much needs to be said about this one. If an SD-WAN box can’t do simple layer 3 routing, it’ll face many more challenges in the corporate world.
- Basic or advanced security: Whether the SD-WAN solution had a former life as a security solution will likely decide if it has a basic stateful firewall or provide advanced malware detection. At minimum, an SD-WAN solution will need some basic firewalling, but enterprises appreciate as much help as they can get on this front, and unified threat management (UTM) capabilities would be best to help lock down the remote site.
- Local cloud breakout: To more effectively utilize expensive private links, having safe SaaS traffic run over the direct internet links is a very welcome feature. The ability to identify applications like Salesforce, Dropbox, and Box quickly – the fewer packets the better – and shunt them appropriately will be a key feature of the uSD-WAN.
- Branch capabilities: There’s some debate around whether branch capabilities like LAN-based network access control and WiFi integration will be needed for the uSD-WAN. However, enterprises will always prefer a reduction in the box count at the edge, especially for small remote sites.
- Unified end-to-end policies: The uSD-WAN should also provide the security and networking teams with the peace of mind of a unified and consistent network and security policy. I’m seeing firewall vendors, who only have box-by-box configurations, scramble to create a unified end-to-end policy model from the data center to the cloud. And vendors are starting to tie intent-based configuring into their SD-WAN offerings to make compliance and monitoring of policies easier across the entire enterprise network.
- QoS and some WAN optimization: Again, this is an area that sees some debate, with some vendors arguing that simple QoS and more than ample bandwidth negates advanced application-specific WAN optimization and forward-error correction. The reality is that all SD-WANs will have some level of QoS capabilities. Perhaps the need for advanced WAN optimization will come down to the amount of bandwidth available across all remote sites and the use cases important to each enterprise.
- Seamless and fast paths to public clouds: SD-WAN vendors will have to provide gateway connectivity to virtual private clouds located within the public clouds and to private enterprise clouds. This allows the enterprises to roll out internal applications securely to remote users regardless of where the applications are hosted. As an added capability, SD-WAN vendors are now offering express path on-ramps to public clouds via direct links from their first-hop locations. This reduces the number of hops and improves the bandwidth and latency to public clouds.
- Private-routed core solution for speed: Going beyond these fast paths to private clouds, network-as-a-service vendors are offering private WAN cores that have improved performance close to, or better than, a private MPLS network. And SD-WAN vendors are starting to partner with private, optimized core providers like MODE to offer similar capabilities. In addition, these vendors will often promise faster access to common SaaS applications like SalesForce, Box, and Dropbox as a bonus.
Some other capabilities on the verge of making their way onto the uSD-WAN feature list include the ability to offload some or all CPE functions into the cloud platforms at central office or points-of-presence. However, it’s no longer clear to us at AvidThink that the L2-based lightweight CPE will see significant traction, particularly in the enterprise space where L3-based full-function CPEs will be favored. Residential deployments are entirely another matter.
Differentiation Gets Cloudy, but Managed Features are Key
Certainly, the cloud capabilities at the bottom of our uSD-WAN feature list will be part of the differentiation between vendors. However, it will become even harder to tell the vendors apart as the lines blur between the different solutions.
In the longer term, it is the management capabilities, those which make the SIs and CSPs more agile and efficient, that will be the key differentiators between vendors. Here at AvidThink, we believe that the vast majority of SD-WANs will be purchased as managed offerings. It is therefore in these feature sets — efficient multi-tenancy, white-label branding, granular controls over self-service feature sets, etc. — that the battle will be fought and won. Let’s see if 2019 bears out this prediction.