Thanks to all who joined us for the Nuage Networks webinar: The 5 Key Success Factors on your Digital Transformation Journey for the WAN and Beyond. With over 20 SD-WAN solutions in the market it is increasingly difficult to select the right one. Nuage Networks provided an evaluation framework that can be used to not only simplify the process, but also identify the key success factors. After the webinar, we took questions from the audience. Read the full The 5 Key Success Factors on your Digital Transformation Journey for the WAN and Beyond Q&A below.
What would be the perfect profile to make the most out of SD-WAN, how large do I have to be or what services do I need to justify looking at SD-WAN?
Alastair Johnson: SD-WAN is suitable for all business/enterprises with networking and connectivity needs. Some typical “perfect profiles” but with differing requirements are:
- Small business with only one site that desires visibility of traffic and applications running from the site; wants managed security services (cloud-delivered or on-premises); and potentially has connectivity requirements to cloud IaaS/PaaS/SaaS vendors. In this case, a single-site SD-WAN service with advanced network analytics, security functionality and cloud connectivity delivered over an Internet circuit is a great fit.
- Small-medium business with 2-10 sites that desires reliable, secured connectivity with a medium (e.g. 8×5) SLA, does not want to pay for or manage IP-VPNs and CPEs, and requires similar functionality as in use case (1). In this case, an SD-WAN service with advanced network analytics, security functionality and cloud connectivity delivered over an Internet circuit (optional: LTE backup) is a great fit.
- Large enterprise with 10-1000+ sites that desires a highly flexible, self-manageable, VPN platform that can deliver segmentation, application aware routing, L2 and L3 VPNs, security services, analytics, cloud connectivity, and B2B connectivity over any underlay. In this case, SD-WAN as a platform fits on top of all the existing underlay connectivity services used (e.g. MPLS VPN, Carrier Ethernet, Internet, LTE, …) to enhance security, reduce time to deploy services and changes, and improve audit compliance.
What is the most challenging part about deploying an SD-WAN solution?
Typically, overcoming business inertia of “we’ve always done it this way”. Many enterprises established MPLS-based VPNs 15-20 years ago and have not revisited the architecture or design since. This has impacted the viability of cloud services and functionality being deployed within the enterprise.
Typically, when reviewing the benefits of SD-WAN with both IT and corporate executives, enterprises begin to understand the financial, operational, and technical benefits of SD-WAN in short order. Over 70% of RFPs seen in 2017 for Enterprise connectivity have made some form of requirement for SD-WAN functionality.
Do you see Enterprises deploying SD-WAN on their own or are they looking to get it from their carriers?
Broadly this can be broken down into two areas:
- Early adopter enterprises, which are typically extremely technical extra-large enterprises, with extensive in-house IT/networking/cloud/devops staff. These enterprises look and behave more like a medium service provider/carrier, and have typically both been aggressive early adopters, and also typical self-managing enterprises.
- Everybody else: for most corporate organizations, the corporate WAN is a necessary business tool, but not something that is managed day-to-day in-house: connectivity is typically outsourced to service providers, even if routers or firewalls are managed within the IT organization. For enterprises in this category, a service-provider managed SD-WAN service brings the best of both worlds: outsourced management of the connectivity/transport, and self-management of the overlay service with real-time visibility and configuration.
What is the most common VPN services requested by Enterprise customers today?
The most typical SD-WAN VPN seen is L3 VPNs with hybrid connectivity (MPLS VPN + Internet), augmented by direct SaaS connectivity, e.g. via IPsec spoke connections to cloud providers.
In terms of virtual infrastructure, what does Nuage require on the x86 CPE or DC or PoP side, in order to deploy, provision and orchestrate a VNF or a service chain on that location? (is it KVM, OpenStack, etc?)
Nuage Virtualized Services Platform (VSP), the technology core of both the Nuage SD-WAN and SD-DC products can be deployed on top of KVM or ESXi in the datacenter or POP. This infrastructure can be managed by CMS such as OpenStack.
In the SD-DC, the Nuage vSwitch (VRS) can be deployed on KVM/ESXi/Hyper-V/Linux containers, in addition to providing connectivity to bare-metal servers and VxLAN VTEP switches. VSP can be integrated with CMS (OpenStack/CloudStack/vCenter/Kubernetes) to real-time configure the virtualized network and provide seamless connectivity between virtualized machine or container in any environment.
In the SD-WAN, the Nuage NSG CPE can be installed as a VM on x86 whitebox systems (KVM/ESXi), or as a SD-WAN VNF on a uCPE (KVM/ESXi). Nuage sells a broad portfolio of x86-based NSG appliances to meet any site requirements with the NSG software pre-installed and integrated. Virtualized NSG instances can also be deployed in AWS.
To deploy, provision and orchestrate a service chain to VNFs in a POP or DC, VSP takes care of all networking requirements, e.g.:
- Provision a service chain to redirect traffic, e.g. “from source DESKTOP_LAN to destination INTERNET and destination port is 80 and protocol is tcp action REDIRECT destination PROXY” across SD-WAN sites
- Traffic is redirected from the typical L3 routing path to the DC/POP where the PROXY VNF is deployed and attached (e.g. to a NSG or VRS)
- Traffic is delivered to the PROXY VNF
In addition to service chains to the POP or DC, Nuage supports branch-in-a-box functionality on the 7850 NSG-E300, NSG-X200, and NSG-X systems which allows for direct VNF deployment on-premises, eliminating the need to deploy multiple physical appliances, or manage both a “uCPE” and SD-WAN functionality – all seamlessly integrated into a single network orchestration stack.
Does VSP require NFVI investment in order to be hosted in DC or PoP, or VSP can also be deployed in Public Cloud and consumed from there?
While we recommend that our customers deploy Virtualized Services Platform on dedicated servers in their private DCs, the VMs can be deployed anywhere you can run a VM (Amazon, IBM SoftLayer etc.)
Which team from the Service provider is the most ideal team to manage the SDWAN network. Is it the Core team or the Access Team?
Typically it becomes a new, cross-functional hybrid team incorporating skill-set from across the business:
- Access and CPE management teams bring value and knowledge of circuit types, procurement, partnerships and on-site services
- Service edge teams understand existing IP-VPN and Carrier Ethernet services, network footprint and NNI partners
- Core teams to provide traffic engineering and capacity management
- IT/Virtualization teams to provide infrastructure management, datacenter support, and value-added functions
As part of SDN and in particular SD-WAN deployment, many service providers are discovering that cross-skilling and following a NetDevOps model brings significant advantages to both the human resourcing and service design and operation.
During the presentation we have seen applications being deployed on CPEs in the branch, and in DCs in the PoP – what is the percentage mix of applications and services deployed between the branch and DC?
Most of our deployments have VNFs deployed in the DC and in some cases POP/CO locations. We have seen recently, a few of our SPs go with deploying the functions on the CPE at the branch. It is difficult to put a percentage to this, but we would guess 80/20 would be a good estimate as the CPEs that would host VNFs tend to require more resources and may not make sense to deploy in smaller branches, hence the service chaining option to a VNF in a POP or DC, where you can server multiple branches.
A significant advantage to the Nuage platform is to support both VNF deployment models, ensuring that SPs and Enterprises are not deploying expensive assets that are not fully leveraged (e.g. uCPE systems deployed with only a single VNF). This also allows enterprises to mix-and-match CPE and functionality to the site size, but also to deploy functionality in the most optimal location (“NFV Optimization”).
What are the key differentiators Nuage boast over the likes of Viptela Velocloud?
There are many advantages we have over other vendors in this space, but we will focus on four. From a networking prospective, we have a multi-tenant solution that offer L2 and L3 VPN connectivity and the platform. Some of the other solutions either offer L3 only and do not have support for multi-tenancy. We have 3 modes to support NFV, “embedded”, “hosted” and “service chained” and for the “hosted” mode, we offer life-cycle management of the VNF from deployment and instantiation to monitoring and service chaining. Furthermore, we have an open platform with over 30 partners who take advantage of our API (100% of the capabilities we have are available to partners) to perform integrations, giving customers a variety of options that meet their specific needs. Finally, we are the only solution on the market that offers true end-to-end from the branch to the DC (including networking inside the DC) and public cloud. This is something that other players are claiming to do, but they do that with a collection of solutions that are custom-grouped together, we do it with a single API using one platform.
Nuage is able to do SD networks on LAN configuration traffic flow beyond the WAN traffic using openflow for example?
Extensibility into the SD-LAN space is a key objective of the Nuage SD-WAN platform, such as incorporating SDN-management of WiFi functionality into our 7850 NSG portfolio.
In addition to our own capability, Nuage has an open, multi-vendor integration with OVSDB-based switches.
What is VSP commercial structure – without talking about pricing – what is the mix of capex vs. opex investment, does Nuage charge per VSP instance and/or per VNF deployed, and/or per physical device managed?
VSP can be purchased in both as perpetual (“CapEx”) or subscription (“OpEx”) models. The pricing model for VSP is based upon the number of VSP instances deployed with some scale-out factors.
For both SD-WAN and SD-DC, licensing is flexible based on number of devices (physical or virtual) and functionality enabled on each, and can also be purchased in perpetual or subscription models.