uCPE SD-WAN Simplifies the Digital Transformation Journey
December 20, 2018
A major goal of branch consolidation with SD-WAN is overall reduction of WAN cost and complexity through managing bandwidth requirements and automating change management and policy adherence, while simplifying appliance and software sprawl.
Branch-edge infrastructure complexity and cost remain significant issues, as the average branch office of mid- to large-enterprises typically includes four to five individual hardware and software components, making product acquisition, integration, operations and support both time consuming and very high cost.
Enterprises have initiated a wave of digital transformation strategies that is changing the fundamental approach to how business and productivity services are delivered to their internal and external customers. The enterprise IT landscape has evolved rapidly influenced by the increased importance of cloud, the explosion of Software-as-a-Service (SaaS) and the ongoing adoption of IoT (Internet of Things), which are computing trends changing how businesses serve their customers but also catalysts for how they are looking to re-architect global business networks. The rise of transformation IT models and their expected digital user experiences are bringing to light the inefficiencies of existing wide area network (WAN) architectures and the cost of the connectivity services they consume.
Versa Software-Defined Branch (SD-Branch) transforms the enterprise branch through a cloud-native multi-tenant software platform with integrated networking and security services. Enterprise IT can deploy a unified and fully automated software services platform to solve their complex WAN and branch architectures. A key element of SD-Branch is the concept of the universal CPE or uCPE.
A key challenge to more efficient branch network operations is the need to provision, manage and operate a complex array of disparate network functions and devices on the branch premises. The typical large branch may have many separate appliances to deliver the networking and security stack for each WAN or tenant: an Ethernet switch, Wi-Fi controller, router, firewall, LTE, VPN, secure web-gateway (SWG) plus WAN optimization.
Each branch legacy device function has its own unique OS and management console, so it can be a challenge to correlate data and events to effectively troubleshoot or monitor for application quality of experience, connectivity outages and security vulnerabilities. Take, for example, the software-defined branch: Versa’s SD-Branch solution natively supports multiple WAN edge networking and security services onto a single software stack and can host non-Versa virtualized functions offering simpler management of Versa services and third party VNFs.
Combining SD-WAN with the principles of uCPE provides a consistent and scalable architecture for the edge network, offering the flexibility to deploy services you need today but add/remove services as needed for tomorrow due to the virtualization support of the underlying platform. Device consolidation is achieved by taking advantage of virtualization and service-chaining native functions or third-party images. Versa’s specific value-add is that we further reduce the asset bloat (physical and virtual) because we have the network and security stack built in – now opening up internal IT or an MSP to deploy ancillary virtual services to enhance the digital architecture of the business (e.g., voice services, edge computing functions, sensors, gateways).
Visibility and management are greatly simplified with the Versa architecture because everything is running on one box compared to multiple boxes – while alternative uCPE architectures typically still require multiple windows and separate licensing schemes. Versa’s core value is that we can deliver WAN edge functionality all within one envelope:
- Single appliance, optimized for you uCPE performance
- One workflow for management, control, visibility
- Automating networking and security stack interoperability
- Automating and managing lifecycle of nonhost-oriented services (3rd party VNFs)
What are some of the inherent benefits to SD-WAN driven uCPE deployments?
To be clear, uCPE is a platform, i.e., what the services run on – whether native, or virtualized as a guest VM, and thus SD-WAN is a hosted service/function but arguably the most important foundational element upon which to transition to a full-blown uCPE implementation.
With Versa, SD-WAN and uCPE services are unified so the underlying platform has best-of-breed networking and security services inherently but can also host complementary services. Because of the uCPE platform and SD-WAN construct enabled by the Versa Secure Cloud IP architecture – visibility, service-chains, policies and automation are easier and run natively.
Simplify Network Management Leveraging uCPE SD-WAN Platforms: A uniform dashboard provides simplified management and visibility across multiple circuit and Internet providers, technologies, applications and geographies – regardless of the underlying transport or networking and security services. End-to-end network management of the entire WAN edge network and security stack is easily maintained by an MSP or in-house admin.
Operational Agility via a Single Platform: Unified connectivity across multiple providers and transport types (MPLS, broadband, wireless) is possible, while improved application performance for hybrid cloud environments and seamless, secure access to multiple Cloud Service Providers (CSPs) is relatively seamless; and Versa’s uCPE automates native and 3rd party services and service-chain maps to deliver time-to-market efficiencies.
Reduced Cost – Changes the Procurement and Consumption Game: uCPE promises to deliver 20-30% more operational savings than conventional branch architectures because of appliance sprawl reduction and service automation; additionally, in many cases SD-WAN accelerates cost savings by shifting volume traffic to commodity Internet transports instead of higher cost MPLS.
What business value outcomes can enterprises expect to realize with SD-WAN uCPE?
Organizational: The traditional IT outsourced model is less desirable, in part because the performance reporting structure is not always optimized, and it becomes necessary to integrate the infrastructure, architecture and operations teams. The digital transformation imperative dictates that enterprises must transition to digital and automated means to innovate and optimize operations. uCPE integrates the cross-organizational services and brings simplicity and tool unification to help bridge the gap between traditional silos.
Financial: uCPE makes it possible for WAN edge functions to be delivered virtually and as-a-service – increasingly, enterprises no longer want to run multiple functions consumed by multiple devices and need the flexibility to deploy NFV services for the on-demand. The granularity of data analytics and reporting derived from SD-WAN uCPE also allows for managing transport and concurrently, while creating a competitive and transparent environment for business users.
Technical: Analytics combined with automation and NFV architectures mandate the use of service orchestration for operators and admins in order to keep up with the inevitable rate of change. Enterprises must also manage standards, improvements and changes without drift, which impacts orchestration performance. Versa SD-Branch allows enterprises to operationalize monitoring, change management and service orchestration through a single pane of glass. The solution should be able to ingest other tools data or functions data to then export out or make use of other services data to feed to the SD-WAN visibility and analytics engine. While this doesn’t necessarily remove the need for other top-layer management services, the SD-WAN fabric and control construct implicitly supports lifecycle management and monitoring of all services, which in some cases negate the need for an upper layer network/security orchestrator but not the upper layer service orchestrator.
SD-Branch analytics also make it easier for organizations to standardize processes across separate client accounts executed by technology, with extrapolation of data for differentiated insights and feeding intelligence into agile methodologies. Customers benefit immensely from inherent service automation in the sense that conditions and events trigger an executable for pre-change check. The SD-WAN uCPE should do the initial boot-strap and instantiation of services with pre-defined configurations in a repository (e.g., cloud-init).
However, in the case of Versa, we can take API calls from our northbound API to then deliver NETCONF/YANG data modeling parameters to some devices (virtual). Specifically, it is about defining the service-chain maps, interfaces for virtual services and footprint of the virtual services. Those services still need their Enterprise Management System (EMS) to do the advanced configuration and parameters, if they are not pre-defined and provided in a parameterized configuration file uploaded to Versa’s repository.
There are many customer challenges that SD-WAN uCPE helps address. For example, aging wide area networks with considerable technology debt, are in need of a new architecture and technology refresh. The explosion of data growth is driving the need for near-infinite bandwidth. Technical debt is compounded by the need to increasingly manage multiple equipment manufacturers and regional/global network providers as business expands globally and from M&A, while the requirements continue to grow for increased segmentation for security and compliance, as well as the need to reduce cost and remove assets from the books, shifting from CAPEX to OPEX. All of these challenges can be quickly and simply addressed with a WAN edge uCPE transformation, with SD-WAN at the core.