The attraction of SD-WAN increases in proportion to the percentage of an organization's traffic that is web-based, according to John Isch, the director of the network and voice practice in North America for Orange Business Services.
In the second installment of this Q&A, Isch says that the caveat to that reality is that security requirements can make the most elegant technical solutions impossible.
Designing, deploying and managing SD-WANs is complex, however. Working deeply with carriers, Isch suggests, simplifies life for IT departments that may not have the requisite knowledge on staff, reduces capex, and protects the organization against the wave of vendor consolidation to come.
Telco Transformation: They are interrelated, of course, but can you say how the cloud and SD-WAN fit together?
John Isch: The drive to cloud services that are accessible via the Internet is a very strong driver. One of the questions I always ask customers is, "What percentage of your traffic is Internet-destined?" Two years that was under 50%. I've met customers who've told me 85% of their traffic is destined for the Internet today.
That's an extreme, but we can use that as an example. If 85% is Internet-destined, how do I get it to the Internet in the most effective way from the cost and routing perspectives? The closer to the edge I can drive that traffic to the Internet, the better off I am if it fits my security profile.
If I want to get that traffic out locally, SD-WAN can be an enabler of that. I can do application-based routing. I can add security on top of it. If you think of SD-WAN as a virtual network function and put in a universal CPE at the edge and run it through an SDN orchestration platform then you've got the ability to do a lot of really flexible things at the edge that help enable that cloud traffic.
That said, there's one caveat that's really important. A lot of multinationals have security policies that are very restrictive. For good reason. I have a site that has maybe both MPLS and Internet and I'm going to split tunnel and send that Internet traffic directly out. That is just not possible with a lot of our customers. Their security posture just doesn't allow them to do that.
The reality of that is proving to be very complex when we're talking to customers. There's cloud-based security infrastructure that we can deploy. There are site-based firewalls. There are virtual firewalls. There's a lot of different ways that we can help customers through that. I think some of our customers when I walk in the room are expecting me to sit down and say, "Okay. Here's what you should do." The process really is more, "Okay, Mr. Customer, tell me what your infrastructure requirements are" and tell me what your security looks like. That second question limits the design dramatically.
TT: We’ve talked about Riverbed Technology. What other SD-WAN technologies is Orange Business Services using?
JI: At this point and time, we have three different SD-WAN solutions. One is based on Cisco IWAN, one is based on Ipanema, which was bought by InfoVista. We have a solution called Network Boost that's based on their Ipanema solution and then the third one is Riverbed with the SteelConnect. I wouldn't say that we're necessarily evolving from one to the other. I would say that each of those three evolve within our product portfolio.
TT: Describe the structural differences between the solutions.
JI: Cisco certainly owns the routing and switching world right now. There are customers who say, "I'm comfortable with Cisco. I have all their infrastructure everywhere and, therefore, that's the direction I want to continue on when I look at SD-WAN." IWAN makes a lot of sense for them. There are customers who are very focused on application performance, reporting and visibility. In that case, I would say, "InfoVista probably is your best fit there." Then we have other customers that have a large deployment of Riverbed and adding SteelConnect on top of SteelHead makes a lot of sense.
TT: The evolution from legacy architectures to SD-WAN sounds like a hard one, and a hard sell.
JI: I've been through several conversations or workshops with customers where we say there can be elements inside IT that say, "I want something brand new. I want the latest and greatest," but then you get down to brass tacks and we say "Okay, you've got to migrate off of what you have." Or, "Let's look at the process that you have to go through to get from where you are to what you're saying you want to do." I've been in the meeting where the realization comes in that it's a much a safer way to go to leverage existing technology and go through soft upgrades rather than a complete hardware swap out or adding unknown software and hardware to my environment.
From a feature functionality standpoint, if we have a customer who says, "I don't care what the technology is, I just want a better solution than what I have," then it's sitting down and doing the matrix of the solutions and figuring out which one works the best for them. Coffee always is an element [during those meetings.]
TT: How should enterprises protect themselves against the coming market shakeout in the SD-WAN sector?
JI: That's funny because this came up at this customer event I was at last week. One customer said, "This is why I want to buy it as a service because I don't care about the technology behind it." Then it becomes the carrier's problem to manage the lifecycle of the SD-WAN.
TT: That's a whole another reason that this whole abstraction idea is a strong one?
TT: You suggest a great carrier advantage of uCPE is, in essence, downsizing. Please explain.
JI: Another big thing that's coming up with customers right now is this idea of universal CPE and the idea that putting network functions -- like SD-WAN and fire walling, compression acceleration -- all inside the universal CPE. When you look at it from a customer's perspective the advantage has less to do with SDN and more to do with the virtualization and the ability to reduce the footprint and optimize what sits out at a site.
Sort of along the same lines is that I've got equipment that goes end of life and that creates a big problem for enterprises when they've got to replace a box. Instead, if it's software, it sure is easier to say, "I'm going to download new software," than "I've got to put a project plan together, and get funding for a large project of replacing multiple boxes at multiple sites." I think there's an element of that that's really important to customers. SD-WAN is just hitting at a really good time to put those two things together.
TT: It sounds like you are thinking that the uCPE is more on the NFV
side than the SDN side, but it's all the same big, happy family?
JI: Exactly. I don't want to miss that point. It is part of the big, happy family. It's just a good time for them to be coming together.
— Carl Weinschenk, Contributing Writer, Telco Transformation