By Tom Nolle

Managed SD-WAN devices at the edge could be how network operators personalize services for enterprises.

image1

Picture: jamesteohart

If you stop and think, a lot of our expectations about network services are really about personality—our own. We’d like our services to work, well, the way we work. We’d like them to know us, to tune to our needs, right? Do you think that some giant global interconnect with hundreds of thousands of elements is going to be able to do that? Nope, which means personalized services will have to come down to the only piece we really own—the lowly network edge.

We learned decades ago that you can’t make giant networks user- or service-aware. Awareness of this sort, which is known as “statefulness” in network-speak, means sticking little pieces of a virtual-you into the network to represent your interests. Maybe these pieces are an entry in a routing table, or maybe they’re a policy stored in some repository and sent to the devices that handle your traffic, but they’re individualized if what they’re doing is to personalize. That just doesn’t scale. Not only are there too many little pieces, network traffic could get reconfigured or a device could fail, and all at once your personalizing pieces aren’t even where your traffic is going.

Who’s selling SASE, and what do you get?
Enter the edge device. It’s easy to ignore the box that terminates your service, to maybe sit a cup of coffee on it or cover it in clutter. Give it some respect instead. The nice thing about an edge device in the network is that it’s dedicated to you. If there’s anywhere in that giant global interconnect that could be expected to know anything about you, that little terminating box is it, and that personalization potential makes it very valuable indeed.

You’d think that since we’ve had service terminations for as long as we’ve had services, people would have figured out that the edge is important in personalizing services, but somehow that seems to get missed. Two things have come along to change that. First, software-defined WAN (SD-WAN), which provides users with small-site VPN on-ramp connections using the internet. Second, the latest grand and mysterious invention of the analyst community, the secure access service edge (SASE).

SD-WAN personalizes service at the edge

SD-WAN is exploding in popularity; my own research says that there are almost three times as many sites on SD-WANs today as there were a year ago. There are probably 50 vendors and dozens of communications and managed-service providers who offer SD-WAN, and with that kind of competition, it’s not surprising that competition is driving everyone to invent new features for it. Today, supporting small sites and even applications in the cloud is table stakes. Work-from-home, service telemetry, application prioritization, and even zero-trust security are now being added.

The reason this feature-enhancing process is relatively easy for SD-WAN vendors/providers and hard for network service providers and the internet is the edge personalization mentioned above. If you have an SD-WAN, you have an on-ramp to a virtual network located where the users are, the edge. That on-ramp can do just about everything that’s practical to personalize your service relationships, to make your service look like it was designed for you, because it’s yours, virtually speaking.

We can’t personalize our vast network to reflect our application priorities, but maybe we don’t have to. Capacity is most limited and most expensive at the point of user connection. SD-WAN can enforce application-traffic prioritization at the edge–the critical point of congestion. That’s probably the biggest step you could take toward QoS, but SD-WAN could also tag traffic by priority or send it along a different route. All that’s needed is a standard way of identifying priorities, one that both the SD-WAN and the network would support, and we’d have end-to-end QoS.

That’s not all. Any virtual network offers a degree of intrinsic security, and some SD-WANs offer session-aware zero-trust security. Add intrinsic security with some intrinsic access-point prioritization and QoS classification, and you create something that’s hard to match without SD-WAN, and that might mean that SD-WAN could displace the SASE concept rather than fulfilling it. (That may be why AT&T just announced it was using the Fortinet stack for “managed SASE”; Fortinet includes SD-WAN.)

SD-WAN: Smart gateway to a dumb network

SD-WAN is now the anchor concept at the edge, the gateway to new service features. This shift in edge thinking, if it’s as real as it now seems to be, could be really profound. It doesn’t say that networks don’t matter, but that all they can be expected to do is convey experiences that are created at the edge. Is the best network one that’s invisible and costs nothing? There’s more truth to that than might appear.

Shifting the features of services to a device on the premises, makes those features something that many vendors could sell. It could promote managed services, both to exploit the benefits of a smart edge device to look after SLAs and to offer operators an opportunity to sell something with a higher profit margin. That would make the service market more competitive. It could make the internet, which is the true universal network, into the only network, and focus “network” technology on managing costs. The smart edge enables a dumb network.

SD-WAN as a service

Network operators are going to have to respond to this new edge-centric vision, and managed services seems to be the only thing they can really do. If services become more personalized, then every network user is almost a private network, and supporting this could be more than many companies could hope to handle. SD-WAN’s embedded management tools could provide the operators with a way to get some management economy of scale and let them offer a managed service at a price users would pay. And still, of course, earn operators a tidy new profit.

If you think that enterprises won’t accept managed service, look to the cloud. We’re already seeing that cloud-computing services are shifting more toward managed services, because that’s what users want. It’s not helpful to have a wonderful low-touch managed-cloud service sitting on top of a high-touch network service, and even the cloud providers are said to be working on their own SD-WAN and managed service strategy.

The edge is not only your friend, it may be your best friend. Next time you see your edge device, wipe off a bit of the coffee stains and tidy up its workplace. It’s your on-ramp to the future of network services.

Tom Nolle is president of CIMI Corporation, a strategic consulting firm in Voorhees, New Jersey. His projects have taken him all over the world and into nearly every network technology.