When SD-WAN is more than SD-WAN

The benefits of SD-WAN with integrated security.

As the SD-WAN market has matured, one thing has become very clear: SD-WAN will not exist on its own. The technology is merging with other networking technologies, ultimately becoming a feature of a much larger bundle. While it may be too early to say what this “new thing” will be, the rough contours are emerging.

Predominantly, we’re seeing security and SD-WANs merge. Just consider some of the activity:

  • Velocloud recently announced its SD-WAN Security Technology Partner Program to integrate with other security vendor’s products.
  • Viptela (soon to be Cisco), Silver Peak, Velocloud and others have long (well, long in the SD-WAN sense) touted integration with security vendors using service chaining.
  • Cato Networks built its own integrated security and networking stack in the cloud.
  • Masergy bundles SD-WAN (Silver Peak and its own technology) with third-party security services in the cloud.

But what’s missing in many of these integrated offerings is the completeness of the edge solution. Companies need more than just an SD-WAN in branch offices. They need firewall, IPS, anti-malware, URL filtering and anti-virus for security. Internally, networking calls for Active Directory, DHCP, DNS, and print services. Externally, the edge may need WAN optimization, bandwidth management, QOS, traffic balancing, and, yes, SD-WAN.

Over the years we packaged these services as standalone appliances, stacked on top of one another. It was kind of ironic to me. With so many appliances being repackaged servers, you’d think somebody would have the idea of licensing best-of-breed software and collapsing them all into one server.

That’s Open Systems in a nutshell. The Swiss company created a security-networking bundled services that places an x86 appliance, its Mission Control platform, on the customer premises. IT has become so specialized that no vendor can provide best-of-breed software in every area. So rather than trying to accomplish the impossible, Open Systems provides an integrated bundle for other best-of-breed software packages.

Open Systems runs the Ipanema’s application (now InfoVista) for WAN optimization, acceleration, visibility, and control. The company uses McAfee for its anti-virus, Avira for malware detection and Commtouch for threat detection and security analytics. All totaled the company claims Mission Control’s capabilities span six areas: network security, application delivery, identity management, integrated service management and global connectivity.

Normally putting a bundle like that on one appliance would pose problem. The compute and memory resources of appliances are necessarily constrained so that the appliance can be cost competitive in the market. SD-WANs appliances have comparatively little compute capabilities and the boxes are inexpensive compared to other edge devices ($400 vs. $2,000 for WAN optimization, for example). Running additional applications on them would problematic and pose problems of scaling. Previous attempts to combine security functions, for example, into a common appliance invariably led to tradeoffs. UTMs look good on paper, but as traffic demands scale, the appliances often lack the compute resources to enable all functions. As a service, Open Systems say it’s responsible for scaling and maintaining the appliance hardware not the customer. 

On paper, Open Systems provides an intriguing offering, but the question will be a matter of execution. Do all of the functions work simultaneously when traffic levels reach line rate? Can the company scale the appliances, deliver the level of services, and still be cost competitive? They’ve been doing this since before the term SD-WAN existed. Those are some of the questions I’ll look to answer and soon (if) and when I get my hands on the solution. What will you be evaluating?

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022