That’s not to say SD-WAN products are faulty. Rather, Nuage thinks it has a broader take on SD-WAN that’s more appealing to service providers and enterprises. And the company hopes to nail that point home with a handful of SD-WAN enhancements being launched today with the Nuage 4.0 software release. (UPDATE: Nuage has now posted a blog entry with further details.)
SD-WAN tends to get pitched as a way to select the best WAN connection to use. Nuage, which prefers the term virtualized network services (VNS), extends the idea further, focusing on connecting any user to any application. In other words, it’s more about the endpoints than the WAN connectivity itself.
Moreover, Nuage — which, remember, was an Alcatel-Lucent subsidiary and is now owned by Nokia — boasts there’s a security angle. Its SD-WAN can keep policies consistent between endpoints, even if the SD-WAN link crosses the boundary between a customer’s own network and, say, a public cloud (more on that later).
“I had this customer from Europe — very large provider. They have opcos [operating companies] in different countries, but they can’t offer a service that even stretches beyond an opco,” says Sunil Khandekar, Nuage’s CEO. Nuage’s aim is to create an SD-WAN that could reach across those subsidiaries’ networks and also reach into the public cloud.
It’s still the same network virtualization that Nuage has always done, but with longer reach. You could call it a service overlay.
“Your users are everywhere, and you want to put your data in the right place. All of it should be able to be seamlessly connected, with policy,” says Houman Modarres, Nuage’s head of marketing.
Bare Metal Support
Keep in mind, this concept of connecting any user to any application, regardless of location, was part of Nuage’s VNS product all along. What’s being announced in Nuage 4.0 are a couple of ways to extend that concept.
For example, the new release includes support for bare-metal servers as endpoints of an SD-WAN connection. Typically, Nuage’s endpoints have had to be switches or routers. Nuage 4.0 introduces a version of the company’s virtual router/switch that can run on a bare metal server. It’s calling this the VRS-B.
This opens up the possibility of not running a top-of-rack switch at all. “The customers get to take advantage of the so-called white box phenomenon, because it normalizes the hardware plane,” Khandekar says.
It’s also an example of Nuage being able to control policy further out toward the endpoints. If the bare metal server is attached to a top-of-rack switch, then Nuage’s SD-WAN connection would end at the switch. Security policies wouldn’t automatically apply on the link between the switch and the server, Khandekar says.
VRS-B is available only for Linux servers so far, although Nuage officials say they intend to support other operating systems later.
A CPE for AWS
Nuage already offers physical and virtual customer premises equipment (CPE) to sit at branch offices. Nuage 4.0 introduces a CPE for the edge of the data center, acting as the gateway router to the WAN or the Internet; it’s called the network services gateway border router (NSG-BR).
It’s meant to connect the users in the branch office to applications in the cloud while preserving the policies and automation features that are present on either side.
“That doesn’t happen [normally]. Today they are completely different silos, different policies, different control planes,” says Saurabh Sandhir, Nuage’s vice president of product management. “To map the two is a manual process.”
Taking the idea a step further, Nuage 4.0 also includes an NSG variant to sit inside Amazon Web Services (AWS). Analogous to the bare metal feature, this means Nuage’s SD-WAN can reach all the way into the public cloud.
“If they want to burst into public cloud and preserve their policies, they can,” says Modarres.
It’s possible for Nuage to support an endpoint inside other clouds such as Microsoft Azure or Google Cloud Platform, officials say. It’s just that Nuage doesn’t yet have a prefab NSG that’s ready for a customer to install quickly. (They’re on the way, officials say).
In a related move, Nuage is wrapping up its security capabilities under one name: virtualized security services (VSS). This includes some new features in Nuage 4.0 but also plays off of some previously launched features.
The idea is to emphasize that Nuage’s network virtualization can detect suspicious activity and launch policies that would either isolate or stop it. One new feature that helps on the detection side is a beefed-up version of Nuage’s analytics engine.
Nuage can also help prevent security breaches by applying microsegmentation, but this is a pretty common byproduct of most network virtualization schemes.