Fellow Network World blogger Zeus Kerravala, wrote an interesting post in his Network World blog last month about the need for a different type of WAN Optimization from branch to the cloud. He also wrote another piece here about the need for “next-generation WAN Optimization.”
While we’ll get into the details through the course of this column, let me start with the punch line: WAN Virtualization is the next-generation complement to WAN Optimization that Zeus is looking for, especially in conjunction with colocation as part of the NEW architecture. Responding to the points Zeus makes in his posts makes an excellent way to frame how the capabilities of and benefits brought by WAN Virtualization, often in conjunction with colocation, complement those of WAN Optimization.
In his pieces, Zeus persuasively argues for the need for a solution beyond today’s WAN optimization. In particular, video, both recorded and real-time, cloud computing and desktop virtualization and VDI are not well enough served by the WAN Optimization solutions available today from market leader Riverbed, or the offerings from any of the other WAN Optimization Controller (WOC) market leaders like Cisco or Silver Peak. On these points he and I are in complete agreement.
He also argues, also persuasively, that a complete solution must “move … from being a tactical technology used to solve a few application performance problems to a strategic technology that will solve the majority of today’s application performance problems and stay in step with the demands of a next-generation WAN.” On this point as well, he’ll get no argument from me.
Today’s WAN Optimization solutions deliver application acceleration via compression and data deduplication across all applications, plus specialized support for Microsoft's CIFS file access protocol and other application-specific optimization techniques to improve application performance in the general case. As Zeus notes, WAN Opt does best at speeding the performance of a handful of non-real-time applications such as email, Windows file services, and network backup.
Another great point Zeus makes, specifically as it relates to any move to cloud computing and optimizing (public) cloud-based applications, is that security at the network level needs to be maintained as well as it is today, on top of the additional security needed at the application and service level for individual or combined cloud services. Zeus and I differ on the best solution to this issue, but we’ll come back to that more in a bit. All in all, while he doesn’t focus on the network economics as much as I’d like to see, we’re in fairly broad agreement on the problems that need to be addressed.
Where WAN Optimization is good at reducing bandwidth consumption, speeding up multiple transfers of the same data and in particular speeding up remote file access, WAN Virtualization has specific techniques that help real-time and highly interactive applications in ways that WAN Opt simply cannot.
WAN Virtualization, from the likes of Mushroom Networks, Ipanema Technologies, or Talari Networks, enables the use of multiple WAN connections to augment or replace individual private WAN connections. It uses RAID-like techniques to deliver end-to-end reliability and predictable application performance for TCP-based applications, and ultra-reliable, cost-effective, superior support for real-time application traffic like VoIP and videoconferencing, even when using highly “imperfect” public Internet links.
WAN Virtualization provides multipath multiplexing for both aggregating bandwidth and delivering reliability, with some implementations offering sub-second reaction, dynamically engineering around network trouble - outright link failures, and also high packet loss or excess latency - as it occurs.
For real-time applications like videoconferencing, WAN Virtualization delivers the ultra-reliable, cost-effective support Zeus seeks. The cost effectiveness comes from the fact that the enterprise can safely take advantage of Internet links which are far less expensive than MPLS connections, something simply not possible previously for enterprise WAN managers for whom quite correctly network reliability and application performance predictability are top concerns. The ultra-reliable part comes from WAN Virtualization’s ability to choose network paths with the least packet loss and lowest jitter for such high-priority real-time traffic, and to switch sub-second to a better path in the face of high loss or jitter.
For VDI, where responsiveness is critical, as well as for VoIP (and video, too, given sufficient bandwidth), where eliminating loss and minimizing jitter leads to the highest voice/video quality, WAN Virtualization can provide still greater flow reliability for these low-bandwidth but highly time-sensitive flows by replicating the flow traffic along a second network path (suppressing duplicates at the receiving appliance), and so delivering highly responsive VDI and “perfect” sound and voice quality even in the face of outright link failure, high route convergence times, or even high packet loss or jitter/latency caused by network congestion on one of the connections.
So one big part of our “disagreement” might simply be terminology or definitions. “A rose by any other name would smell as sweet…” What Zeus refers to as “next-gen WAN optimization,” I refer to as the Next-generation Enterprise WAN (NEW) architecture. In fact, though, Zeus wants to define “WAN optimization” as “anything that sits at the WAN edge and optimizes network performance.” There are multiple problems with this definition.
The first is that it’s at odds with the way the rest of the industry describes what “WAN Optimization” is. As everyone else uses the term, “WAN Optimization” describes the two-ended technology solution (whether using physical appliances or virtual ones) that Gartner refers to as WAN Optimization Controllers (WOCs). Most of the functionality that WOCs deliver can only be achieved with agents at both ends of a WAN connection.
As Zeus wants to use the term, “WAN optimization” would not only encompass WOC functionality, it would include what the single-ended Application Delivery Controller (ADC) folks like F5, Citrix NetScaler and A10 Networks do, and it would even encompass what firewalls/IPS appliances do, market segments where the leaders are different still (Juniper, Palo Alto Networks, etc.). In fact, the URL proliferation of this blog post for all the companies, market segments and technologies alone illustrates the difficulty behind such an all-encompassing idea.
From a technical perspective, most of the functionality in WOCs deals with getting bits on and off hard disks and optimizing each application for the network, which are different technical problems than the continuous per-packet monitoring and optimization of a multi-path network fabric for all applications (as WAN Virtualization does), or doing what an ADC does for server load balancing, content switching, SSL termination, etc.
But even if the horsepower and technical design issues didn’t exist, such a combination of functionality and “single decision buying behavior” still wouldn’t be likely to happen, for numerous reasons. To wit: the standard issues of best-of-breed and the installed base problem versus all-in-one “integrated” solutions; the more recent reality that those who want a “single box” solution, especially for the branch, can achieve that using server virtualization technology with virtual appliances; the fact that the people choosing security solutions are usually not the same as those making “network decisions”; the enormous horsepower demands of IPS and next-generation firewalls; the huge OpEx and CapEx reasons why most customers prefer centralized security approaches to the necessarily distributed (or outsourced) security solution that a single “WAN Optimization” solution implies. I’d argue strongly that the last 15+ years have shown that customers almost always prefer approaches that can be deployed incrementally in existing networks to those requiring forklift upgrades of multiple pieces of the existing infrastructure.
It’s in the area of the architecture for secure Internet access to public cloud computing where Zeus and I do have more fundamental differences beyond terminology. Zeus argues for distributed Internet access at the branch and the use of cloud security services as the way to cost-effectively address branch access to public cloud services. The problem with this approach is that many enterprises prefer to centralize Internet access using partial hub-and-spoke architectures for very good reason; in particular, they do so in order to centralize and minimize the number of network security points they need to manage, reducing both CapEx and OpEx costs for security.
Using WAN Virtualization and colocation facilities as described here is a far better option, allowing enterprise WAN managers to have their cake (centralized network security which they continue to control) and eat it, too (lower WAN costs, lower troubleshooting costs, reliable Internet access performance, and network scalability). Costs are reduced by enabling the use of inexpensive broadband links at the branch, together with cheap bandwidth at the colo “hub.” Bandwidth on both sides in fact is now more scalable as well. Perhaps even more important from the perspective of using cloud computing services for mission-critical user access, access from the branch into the Internet core is now as reliable as site-to-site internal WAN connectivity.
But it gets even better than that. Using WAN Virtualization to have colocation facilities operating as full participants in the enterprise WAN makes it possible to continue the centralization of network complexity, such as powerful, expensive security hardware like IPS and next-generation firewalls, using the same equipment and same policies that protect the data center, while maintaining reliability and application performance predictability across the WAN. Having a colo deployment per geography will substantially improve performance predictability and add reliability for Internet access in general, and in particular deliver “on-net” reliability to cloud services located at the same colocation facility.
Single-ended ADCs and next-gen firewall/IPS solutions do their jobs well today, in a manner with which network managers and security managers are comfortable, in addition to having LAN/data center roles quite apart from the WAN. WAN Virtualization and its multipath approach using multiple WAN connections uniquely adds network support for applications like videoconferencing, VoIP and VDI. When combined with colocation, WAN Virtualization adds the support for a secure, reliable migration to cloud computing, with security and network reliability handled in fundamentally the same way that enterprises can do today with their existing private networks and private data centers.
This is why it’s not the all-encompassing “next-generation WAN optimization” per se that Zeus postulates is the answer. Rather, WAN Virtualization is that next-generation complement to WAN Optimization, delivering the functionality and benefits that Zeus is looking for (and then some!), especially in conjunction with colocation as part of the NEW architecture.
A leading expert in WAN/LAN switching and routing, Andy founded Talari Networks, a pioneer in WAN Virtualization technology, and served as its first CEO. Andy is the author of an upcoming book on Next-generation Enterprise WANs.