Why do I think Cisco a better choice over Blue Coat?

In any emerging market there are vendors who are technology innovators, and there are incumbent vendors in neighboring spaces who attempt to claim leadership in the emerging area through innovative marketing. WAN optimization is no exception to this observation. While it is easy to update web sites and data sheets with the "correct" marketing message, and to add superficial features that mimic a competitor's product, it is far harder to build a truly innovative product that creates value for customers.

Although Blue Coat has a 10+ year history focused on web caching and web security, they have recently made aggressive claims regarding market leadership in WAN optimization. To validate these claims of leadership, I have listed 10 key questions that are important for any Blue Coat customer to explore:

10) How can Blue Coat scale WAN optimization deployments if their ProxySG product uses a per-peer data store architecture for the Byte Cache? In an earlier blog, I discussed this important issue that affects both Blue Coat and Cisco WAAS: http://blog.riverbed.com/2009/01/riverbeds-universal-data-store.html

9) If the write-back setting for CIFS acceleration involves data integrity risks, then why would Blue Coat enable this feature by default? Page 70 of Volume 2 in the Blue Coat SGOS 5.4 manual warns that data loss can occur if the WAN experiences a disconnect while using Blue Coat's CIFS write-back feature. Personally, I would think that risk of data loss is serious-enough of a consequence that this write-back feature should be disabled by default. Note that unlike Blue Coat, the Riverbed Steelhead does not use a cache architecture, and therefore does not add any new risk of data loss or corruption for CIFS acceleration. This is certainly proven out by the thousands of Riverbed customers who are actively using the Steelhead solution in its default configuration for CIFS acceleration.

8) How many Blue Coat customers are using ProxySG for WAN optimization of non-web traffic? This is a question that Blue Coat has steadfastly refused to answer, as if they didn't know (and what market leader wouldn't know what their products are being used for?). But in a 2 June 2009 teleconference, Blue Coat CEO Brian Nesmith gave a clue by stating, "In [pure] WAN optimization, we win deals based on our ability to accelerate two key application areas -- secure web applications and video streaming." Associating web applications with WAN optimization is a clever word-play, because it allows Blue Coat to claim leadership in WAN optimization on the basis of legacy web caching features and capabilities that they have offered since the 1990's.

7) Why is there so little discussion about WAN optimization on Blue Coat's community forums? If Blue Coat is truly the leader in WAN optimization, then I would expect their customers to be actively discussing WAN optimization topics in Blue Coat's community forums. This is certainly the case with Riverbed's community forums (www.wdsforum.org), and you also see some discussion about WAAS and WAN optimization in Cisco's NetPro forums. But in the case of Blue Coat's community forums (http://forums.bluecoat.com/viewforum.php?f=1&sid=e3b8f8d5d2c10d9f75c47d6b0c9503f0), the discussion seems exclusively focused on web security topics such as how to filter You Tube. There is almost no discussion at all about WAN optimization (or at least how the general market would define WAN optimization).

6) How does Blue Coat's dual Object Cache/Byte Cache architecture affect ProxySG's ability to scale throughput and performance? Most computer systems bottleneck performance on disk I/O, unless you're talking about an embedded disk-less system. After all, disk seek/read/write times are much slower than RAM memory access times, and I would think the same to be true for Blue Coat's caching systems. But the difference with Blue Coat compared to Riverbed is that ProxySG must read and write cached data on disk twice--once in the Object Cache, and again in the Byte Cache. Having to read and write the same data to disk two times should raise throughput/performance scalability concerns. In contrast, with Riverbed data is only represented once on disk, in the byte-level SDR data store.

5) Why is Blue Coat's user manual 3000 pages long? Does this indicate that the product is difficult to use? Ease-of-use and simplicity are key elements of a solution that can be deployed and maintained in large networks. A complex product breeds more complexity and frustration.

4) Why would Blue Coat as a "security" vendor offer a product lacking disk encryption for persistent disk data? Any vendor with substantional deployments in WAN optimization would know that customers will be using them in all types of office locations, including small branch offices which may lack adequate security over weekends and evenings. An intruder can easily steal the disk drives of the ProxySG device, which store in cleartext passwords, security certificates, credit card numbers and any other data that users send over supposedly-secure SSL connections.

3) When will Blue Coat deliver a one-box solution for WAN optimization/web security/QoS/traffic monitoring? This was the original promise of Blue Coat's acquisition of Packeteer, but it appears the long-awaited integrated one-product solution will not happen at all. In contrast, Riverbed's RSP provides the framework to deliver WAN optimization, web security, QoS enforcement, and traffic monitoring capabilities, all in a single Steelhead appliance.

2) Why are PacketShaper revenues declining? According to SEC documents, historic PacketShaper product revenues (not including support or services revenue) from before their acquisition by Blue Coat exceeded $25M per quarter over several quarters in 2006 and 2007. But Blue Coat's most recent PacketShaper quarterly product revenues amounted to only $15M. It appears PacketShaper is losing significant revenue.

1) Can Blue Coat scale WAN optimization for non-Web traffic? As noted in question 8 above, it seems Blue Coat is largely claiming leadership in WAN optimization based on their legacy ability to cache web traffic. And I have no doubt that Blue Coat can deploy web caches and proxies to 100's of sites. But my question is can Blue Coat's WAN optimization features for CIFS and Exchange be scaled for full deployment in large networks? There is no evidence to support that they can. Rather, the evidence indicates that when you exclude web cache deployments, most Blue Coat WAN optimization deployments are quite small--three to nine boxes according to Blue Coat CEO Brian Nesmith in a 25 Aug 2009 teleconference.

Cisco does not have the edge when it come to Gartner, but who really reads Gartner anymore anyway? In the real world Cisco is just too big of a company and they win on discounts to the customer. I cannot understand how they can give 60% off to customers on the price. I think they inflate the list price to make it look good when they give huge discounts. Why else do it?

Just for that reason customers think they are really getting a deal, but if the list price is so inflated then it is really no apples to apples. Thats how Cisco wins and how they sell the WAAS.

#1) Cannot comment on this. However, why are you worrying about market sizes. All of the top 3 have reasonable enough deployed numbers to not worry.

#2) I've never experienced data loss, and have not seen anyone else voice concerns on this subject on the BC forums. I suspect it's a possibility in any of the WAN Optimization technologies just from how they work. If you cache writes in memory and power dies, that write is toast.

#3) Setup is a breeze. Took less than 10 minutes from box to functionality. Most of the manual (which I have not read) is about security, not WAN Optimization. Sounds like you have been drinking the competitor cool-aid. Both RVBD and CSCO pointed this out to me.

#4) I don't believe that your credit cards would be stored on the disk unencrypted, unless you were saving them on a network share unencrypted, or sending them via email unencrypted. If you are, you have bigger issues.

#5) I Don't look at discount levels. I only looked at the actual dollar amounts needed to implement a solution. You might be right that Cisco can undercut everyone else, but it doesn't make it the best solution.

Discounted products that don't really get the job done wall have a very short product life. By this I mean if the customer has a real need to optimize traffic over the WAN, Internet or intranet, and they take advantage of less capable product offerings from WAAS, Citrix, Expand, and Bluecoat, then they will be talking to companies like Riverbed or Silver Peak in the very near future. A couple of examples I know of in my work selling to the Federal Government.

A few examples of failures of Cisco, Juniper, and Citrix:

In 2006 the commercial side of the FDIC purchased the Cisco WAAS solution over Riverbed. Early into their deployment of WAAS they ran into multiple problems with WAAS, and to this day it is still not working as advertized, the FDIC is not getting what they needed, contractors involved in the project were fired, and long term Federal employees left their jobs because of the stigma from the failure of their choice to install the WAAS products. The federal employees who left the FDIC, due to the WAAS debacle, ended up at OTC where they recommended to the OTC that they buy either Silver Peak or Riverbed WAN-OP products; they seem to have learned the lesson that you can get fired for buying Cisco products, or at least forced to leave.

In 2007 the US Attorney Generals Office purchased multiple millions of dollars of the Juniper WAN-OP product. They too soon had multiple problems getting the Juniper WAN-OP product to work and ended up asking Riverbed if they would offer some kind of trade-in deal to replace the Juniper products. The Juniper product at least worked better than WAAS, but the complexity and number of boxes need to do what Silver Peak can do with one box in most cases, and Riverbed can do with many less boxes than Juniper's solution, made it a failure in the eyes of the US Attorney's office had hoped for. It should be noted that Juniper has announced they will no longer offer their WAN-Op products, and there have been rumors that they may ant to buy Riverbed, but I think Silver Peak would be a much better fit for Juniper.

Recently Citrix won a $20M deal with the US Army for WAN-Op needs, mainly because they offer support for the SCPS protocol, as does Riverbed. SCPS is a set of network protocols based on IP, TCP, and FTP, and provides improvements to satellite and similar high latency, high loss links. The Army soon found out that although Citrix does support skips, the WAN-Op product they offer is really pretty useless and is not getting the job done for our troops. Silver Peak has recently completed testing in labs at MITRE, one of the contractors supporting the Army, and they have been chosen as the current leader, even over Riverbed for this Data Replication need. So know Silver Peak will tested to possibly replace Citrix in what is referred to as the tactical WAN-Op need, meaning something our military people in battle areas and locations around the world must rely on to really, really work.

Lastly, while Riverbed has a great product and has basically made the WAN-Op market segment what it is today, generation-2 products like Silver Peak have taken what Riverbed did, made serious improvements that include FEC and POC to correct loss, which does still exist on modern networks, and offer the fastest throughput on a single appliance to meet the needs of high bandwidth WAN speeds like OC-3 and OC-12, Riverbed stops at 310Mbps unless they stack multiple boxes. Both de-duplicate the WAN traffic, Riverbed at layer 4 and only for TCP, Silver Peak at layer 3 allowing them to optimize TCP, UDP and other layer 3 protocols, plus they can optimize Citric and RDP traffic very well. If you want a product that does not incorporate techniques that will not work when certain application layer protocols change, then choose an application agnostic solution, i.e. one that doesn't do application layer specific optimizations, other than CIFS perhaps because it is extremely chatty.

In the end the difference between the only two serious contenders in the WAN-Op market, Riverbed and Silver Peak, it boils down to two differences between their products;

1.) Riverbed has a WAN output limit of 310Mbps, at least they estimate their fastest box will do 310Mbps, and Silver Peak’s fastest box will do 1Gbps, even with encryption on.
2.) Riverbed adds application specific optimizations for certain applications; which can be vulnerable to changes in the applications, like MAPI and SMB/CIFS as two recent examples, not to mention the problem they had with changes made by Autodesk that affected files transfer speeds. Silver Peak stays away from the applications specific optimizations, accept for CIFS, and replaces the app layer optimization with error corrections via Forward Error Correction (FEC), and Packet Order Correction (POC) and dynamic TCP window sizing that actually works.

After becoming very familiar with many of the above WAN-Op technologies, I really feel Silver Peak will soon be the new market leader as soon groups like Gartner, and other third party testers/reviewers take a closer look at what really matters for WAN-Op. Next-Gen, or Gen-2 WAN Optimization, I think that is what Silver Peak offers now!

My two Pesos . . .

In the reports that come out you see both of these companies in the number two or three spot with Cisco moving to number three in most. Why do you think Cisco is moving to number three and Blue Coat is moving up?

RBC Capital Markets Managing Director - Mark Sue gives his take on Riverbed's most recent quarter, "After a tough 2Q, Riverbed came out of the penalty box and delivered a strong 3Q. Strength from the federal segment combined with the recovery of slipped deals enabled the company to post revenues of $102.6M (+12% QoQ) ahead of Consensus of $97M. Earnings came in at $0.19 vs. Consensus of $0.15 due to the higher revenues and healthy gross margins of 78.1%. 4Q09 revenue guidance was healthy at $104M-$107M vs. prior consensus of $104M. RVBD expects non-GAAP EPS of $0.18 vs. prior consensus of $0.17. Following results, our CY10 revenues and earnings increase from $456M to $466M, EPS from $0.85 to $0.89; introducing CY11 revenues of $548M (+18% YoY) and earnings of $1.00.

"Riverbed's product revenue returned to growth +15% QoQ vs. flat last quarter. Service revenues (+4% QoQ) posted a modest increase, albeit off a higher base. The U.S. represented 57% of sales at $58.3M vs. 55% last quarter."

Sue continued, "US enterprise was mixed as federal sales increased sharply. Overall government sales grew to 29% of product revenues. Federal is expected to be a good contributor again in Q4 yet not as strong. EMEA contributed 25% at $25.7M, +3% QoQ with good performance in Australia and rest-of-world was 18%. Riverbed's optimism is primarily European based for Q4."

Sued added, "Gross margins increased by 200bps sequentially to 78.1% largely due to product and channel mix. The Company expects 4Q09 gross margins to settle closer to 76%. Operating margins improved sharply from 16.7% to 22% yet in typical Riverbed fashion the company guided for a sequential increase in opex. We're forecasting Riverbed to exit 2010 with operating margins of 23%.

"Balance sheet remains healthy: cash of ~$300M. CFO was $38.2M compared to $8.2M in 2Q. Deferred revenue was $76M, +9% QoQ primarily from maintenance and support contracts. In 3Q09 RVBD repurchased ~620,000 shares for $12M."

Sue concluded, "Riverbed was behind plan and decided to abandon its Atlas products, ceding defeat. Its core addressable market may be under-penetrated and large enough for Riverbed to drive its top line. With the stock trading at 27X our CY10 EPS, we would maintain our valuation discipline. Strip out the $3.94 in cash/share and its closer to 22X our CY10."

--------------------------------------------------------------

Sincerely,

Brad Reese on Cisco
Network World Cisco Subnet
BradReese.Com Cisco Refurbished

I hate to be contrarian to all this, but it seems to me that each vendor, whether it's Riverbed, Cisco or Blue Coat has a place in this market, otherwise, why would each of them garner enough market share to gather the attention of Gartner or IDC or other analysts in this space? If you check with any of the analysts, I don't think there's any disagreement that these are really the three dominant players in the WAN Opt market.

If you actually look at the three differing solutions, I think each one has its strengths and each its weaknesses. Riverbed is the clear choice if your primary concern is CIFS and getting the most reduction in bandwidth use. They've made an art of this, and lots of loyal customers. Blue Coat on the other hand, does an okay job of bandwidth reduction but they're the clear choice if you're carrying HTTP and video traffic across the WAN and need to block some unnecessary web traffic and optimize the rest. Cisco is the choice if you need to be integrated into your ISR or you just are a Cisco shop and need to be standardized on one vendor.

I could go into the downsides of each, but let's just say each one does have them, there's no such thing as a perfect product. I think it's all just a matter of what fits where, and for each company finding what fits best in their environment.

I can't believe there's so much bashing go around, rather than realistic discussions about the benefits and downsides of each solution. Larry, I've seen other posts of yours where you indicate you're a Riverbed reseller. Why not do it here?