SD-WAN is evolving, fueled by a potent cocktail of cloud, edge, and networking technologies that we call multicloud.
Until recently, multicloud deployments were more often about managing workloads running in multiple clouds, Zeus Kerravala, principal analyst at ZK Research, told SDxCentral.
“I take workload A, and I put it in cloud one, and I take workload B, and I put it in cloud two. So I’m using multiple clouds, but it’s not multicloud in the sense that I’m actually building an app that will pull resources from both clouds,” he said. But with “the rise of composite applications, that’s actually what’s happening.”
This, in conjunction with edge compute coming under the cloud umbrella, is driving the need for a very different kind of WAN, Kerravala explained.
Over the past two years, multicloud platforms have steadily gained traction, and today there is a veritable grab bag of eccentric personalities toting “novel” platform approaches. Several vendors, including Alkira, Aviatrix, and Prosimo, have seen early successes in the space — especially among large, distributed enterprises — and the SD-WAN vendors have taken notice.
Networking Follows Compute“Network changes have always tracked along the lines of computing,” Kerravala said. “We didn’t really need WANs until we started doing PC computing. We didn’t really need SD-WAN until we started doing cloud computing.”
Now, as the definition of the cloud evolves to include the edge, and applications begin spanning multiple providers, the WAN is once again undergoing a metamorphosis, he explained. “That compute evolution is driving the need for a different kind of WAN.”
One of the biggest challenges facing existing SD-WAN architectures is the ephemeral nature of the edge and the cloud-native applications running on it.
Due to the limited resources available to an edge location, an application may only run as long as it needs to before shutting itself down again. By comparison, the cloud and the virtual machines running on it are relatively stable and the connections to them more permanent.
“When you start dealing with edge computing, it’s the first time ever we’ve actually had to connect compute resources that were this ephemeral in nature,” Kerravala said.
There are two ways of approaching this challenge, according to Kerravala. The first is by maintaining a connection to the workload, which comes at the expense of higher costs and an increased attack surface. Meanwhile, the second is to extend that ephemerality to the network so that the connection only lasts as long as the workload is running.
The latter is the approach championed by many of the emerging multicloud vendors, including Aviatrix and Alkira.
SD-WAN’s Evolution to the multicloudThat’s not to say the SD-WAN vendors have been sleeping on the job. Cisco, VMware, and Fortinet — three of the leading SD-WAN vendors by marketshare — for example, have retooled their platforms in recent months to address growing demand for multicloud networking.
Cisco’s recent ThousandEyes integration opened the door to automatically route traffic across middle-mile networks that are instantiated on demand and then torn down again when they’re no longer needed.
Likewise, VMware is leaning on the distributed nature of its VeloCloud SD-WAN platform to be the hub for connecting applications running across multiple clouds.
The SD-WAN vendors also have something the multicloud startups don’t: a large customer install base looking for ways to apply their existing investments as a remedy to their multicloud management migraines. This advantage has made helping the SD-WAN vendors accelerate development of these technologies a lucrative opportunity for the public cloud providers, on which the applications reside.
Earlier this month, Amazon Web Services (AWS) unveiled Cloud WAN, a managed service designed to streamline the process of connecting on-premises data centers and branch offices to the cloud provider’s global backbone network.
The service isn’t unique, and rival cloud providers Google and Microsoft offer nearly identical functionality via Network Connectivity Center and Azure vWAN, respectively. Megaport, Equinix, and Apcela also offer similar functionality over their respective networks.
These services have quickly garnered support from SD-WAN vendors that see it as an opportunity to streamline deployments and offer MPLS-like performance that can be initiated in a matter of minutes.
If the cloud providers can pull this off — which is something Kerravala isn’t entirely convinced of yet — “that’ll be really appealing to companies because you would drop the cost, and you could make it very ephemeral.”
And while AWS and its contemporaries aren’t going to usurp the telcos anytime soon, Kerravala argues the competition could force operators’ hands and drive innovation in the field.
“I think the good thing with AWS is they don’t really shy away from competition. In fact, I think they like the competition because it makes everybody better, ” he said.
Who Stands to Win the Multicloud RaceThese cloud integrations come as networking vendors move to expand their security capabilities and roll out ever more capable secure access service edge (SASE) products.
Even multicloud vendors have announced security features and integrations in recent months to assuage their customer’s security concerns. Earlier this year, Alkira announced integrations first with Palo Alto Networks and later Check Point. Just last week it added Cisco firewalls to the list.
Meanwhile, Aviatrix recently added threat feeds to its multicloud orchestration offering.
Heading into the new year, Kerravala says it’s the large companies like Cisco or Palo Alto Networks with broad portfolios that have the advantage.
“It’s almost like we’re moving from best of breed to best of suite,” he said. “You’ve got to have not just the best infrastructure technology, but I think you need to have a lot of the other tools and capabilities, and analytics, to be able to address that going forward.”
Unsurprisingly, it's security capabilities that Kerravala says will make the difference. “The two really interesting companies that could have a big impact are Fortinet and Palo [Alto Networks] just because they’ve got a lot of capabilities from the security side of things,” he said.