Whether an enterprise deploys software-defined wide area networking (SD-WAN) technology at the edge, in the cloud, or a hybrid of the two, it’s clear that physical SD-WAN appliances won’t be replaced anytime soon.
However, SD-WAN appliances do range in functionality depending on how “thick” or “thin” vendors want these to be.
Thick appliances tend to contain most of the SD-WAN functionality in the appliance itself — firewalls, WAN optimization, dynamic path routing, and quality-of-service (QoS) capabilities. Conversely, thin appliances typically have minimal hardware requirements where some or most functions are accessed and managed from the cloud or a virtual data center, said Dell’Oro Analyst Shin Umeda.
“SD-WAN is an overlay of software throughout branch offices, but some vendors have a cloud overlay of the SD-WAN software that manages the traffic, data paths, and WAN,” Umeda said. “And this is where [appliances] can be very different from vendor to vendor, but both options are going to have an appliance on-premises no matter what.”
However, it isn’t always a case of one being better than the other. The topology of an enterprise’s network must be considered as well as how far along with cloud adoption an enterprise is. “Also, thick/thin may not always be an either/or choice. Both can be deployed in a single location as a way to transition or to meet specific function requirements,” Umeda said.
While not always the case, SD-WAN vendors that offer thick appliances tend to be paired with enterprises that have very few of their network functions in the cloud or a virtual data center.
The idea is to pack as much SD-WAN functionality in the appliance as you can and place a box at each location, and when they are all deployed, an overlay has been created, said David Greenfield, secure networking evangelist at Cato Networks.
“I think most [vendors] tend to be on-premises using an appliance. Maybe because that’s what customers are used to seeing and how their businesses are set up,” Umeda said. “The flavor of functions may change over time, but we expect the architecture to stay the same because in the near-term, most of the vendors in this space tend to have closed platforms, meaning they don’t run other vendors’ functions on their CPE [customer premises equipment].”
For example, the enterprise market for branch office appliances is very dominated by Cisco’s ISR routers, which IWAN software runs on. On a revenue basis, Dell’Oro estimated that in 2016, Cisco owned 81 percent of the access router market, addressing small, medium, and large businesses.
The research firm estimated that in 2017, between 70 percent and 80 percent of all SD-WAN appliances will be thick. However, that number is expected to shrink to 50 percent to 60 percent by 2021.
“The first step is to move to SD-WAN, and over time you might change the location of the functions and transition to a thinner model,” Umeda said.
However, the choice of appliances available on the market today isn’t so black and white. SD-WAN vendors like Versa, VeloCloud, and Silver Peak offer a range of devices to sell to the customer, and they vary depending on how many functions they can run.
For example, SD-WAN vendor VeloCloud offers multiple appliances depending on how many functions customers want on-premises versus the cloud. It has appliances that run completely on–premises, with all of the functions running in the appliance; appliances running on-premises and in the cloud where some of the functionality sits in the cloud; and appliances where almost all of the functions are managed from the cloud, said VeloCloud Co-Founder and VP of Products, Steve Woo.
“We bridged the gap of running SD-WAN on-premises and in the cloud, which means we put an SD-WAN footprint at the site via an appliance with software,” Woo said. “And we also needed to put an appliance at the doorstep of the cloud infrastructure so we can provide the same enterprise performance and configuration in the cloud.”
In this hybrid model, the functions are sitting both in the branch and the cloud. These functions include dynamic path routing, firewalls, encryption services, multiple link options, and management capabilities.
Woo also sees the trend moving toward thinner appliances as enterprises adopt the cloud. However, he recognizes that “huge enterprises have so much on-premises that it’ll be a while before they move everything to the cloud and will most likely adopt a hybrid solution until that happens.”
With SD-WAN vendors seeing the deployment trend moving toward cloud, many vendors have focused their strategy around this — and some exclusively.
For example, SD-WAN vendor Aryaka sees on-premises deployments as a limiting model because MPLS isn’t designed for cloud connectivity or globally distributed data centers, said Gary Sevounts, chief marketing officer at Aryaka.
However, in order for global SD-WAN deployments to work, there needs to be private connectivity — other than MPLS — to normalize latency, Sevounts claimed. Similarly, John Flick, VP of IT at KPS Global, uses Cato’s SD-WAN cloud, and he said that once KPS hits Cato’s network, it’s on Cato’s private network until the traffic gets to its destination. By avoiding the public Internet, the company is able to avoid latency, Flick said.
But there are multiple flavors of cloud-based SD-WAN. The most common model is to have a thinner appliance where the SD-WAN is simply managed from the cloud. An even more cloud-based approach calls for a thin appliance where almost all of the functionality sits at a point of presence (PoP) and is delivered to the appliance, in addition to management being from the cloud. Vendors like Aryaka and Cato Networks embrace the latter.
While the functionality of cloud-based appliances is similar to that of thicker ones on-premises, there are some benefits from deploying from the cloud. For example, the sheer cost of a thick appliance holding many functions is typically much greater than a thinner one. Additionally, the speed of configuring and deploying SD-WAN technology is usually faster from the cloud, compared to manually setting up and connecting branch locations with a thicker appliance.
“Just because an enterprise uses a public cloud doesn’t mean your SD-WAN has to be delivered from the cloud,”Sevounts said. “But once an enterprise builds a cloud infrastructure, this becomes second nature.”