Virtualization Technology News and Information
Countering the Hype in Enterprise Edge Connectivity - Going Back-to-Basics
With the recent wave of new solutions in the marketplace targeted at the enterprise edge, from revamped edge solutions like SD-WAN, SD-Branch, and now SASE, life can be confusing for enterprise CIOs. Similar dilemmas confront MSPs and telecommunications providers looking to offer managed edge solutions to the enterprise. Meanwhile, technology vendors are aggressively innovating and revamping existing offerings to address new enterprise requirements - 70+ SD-WAN vendors and counting - but they've sown more confusion in the process. 

In this two-part blog, AvidThink takes a back-to-basics approach to examining current challenges in enterprise connectivity. We'll reflect on new requirements and provide our views on the different classes of solutions today, examining how the enterprise edge connectivity market could evolve. The first article provides a quick overview of changes in the enterprise connectivity landscape today, and the new set of requirements resulting from these changes. The second article in the series looks at the classes of solutions available today and provides our view on how the market could evolve.

Upgrading the Edge, Rise of Clouds and the Multicloud

The continual push towards more bandwidth, improved security, and lower costs, have driven CIOs to update aging routers, firewalls, WAN optimizers, and other appliances in the mini-conga line at the enterprise edge. Further, it's now clear that enterprise application-use patterns have changed quite dramatically in the past few years. Companies continue to embrace mobile technologies, as well as public cloud services in the form of SaaS, IaaS, and PaaS. Corporate IT, often encouraged by heads of lines of business, now sanction migration to SaaS solutions, from hosted mail to web-based office and collaboration applications. And previously reticent CISOs now accept the use of SaaS file-sharing solutions even for sensitive corporate data.

This move to mobile and cloud is changing the communication patterns from traditional hub-and-spoke, with enterprise data centers at the heart, to one anchored in distributed clouds. The enterprise edge has to evolve include mobile devices and mobile pop-up locations, applications hosted on public PaaS and IaaS platforms, as well as popular SaaS applications - Office 365, GSuite, Zoom, Dropbox, Box, and SalesForce. In many companies, popular SaaS apps consume up to 80% of corporate networking traffic. Today's network communication topologies look more like a collection of partial meshes for internal traffic, with lots of north-south communication to the clouds. And public and private clouds now constitute a new remote "edge" for companies.

Beyond remote or corporate HQ to clouds, there's also an increased need to manage connections to multiple distributed clouds simultaneously and across geographic locations. Where before corporations would pick a strategic cloud partner, most enterprises today have multiple cloud relationships, using AWS, Azure, GCP, and more for different corporation initiatives.

An Explosion of Complexity in Connectivity

If the only thing that had changed was the enterprise edge, CIOs could easily play the typical collapse-and-upgrade game, buying new all-in-one multifunction appliances. Remember how integrated routers came to be? What about that Unified Threat Management (UTM) box or the next-generation firewalls that kept adding more capabilities? Unfortunately, along with the evolution of needs at edge locations, we also have a continuing rise in mobile workers that demand to work from all locations: hotels, airports, homes, and yes, the proverbial beach or poolside. Add to that, the need to connect IoT devices or potential application and data store at edge computing locations, and now we understand the headaches and complexity that CIOs face today.

With IoT devices, the connectivity solutions need to provide a managed, secure and reliable link from those devices back to either hosted IoT hub services or to enterprise applications running in VPCs in various clouds. For mobile users, the connectivity fabric needs to identify and tie them via both corporate devices and user-owned devices into sensitive corporate networks with enterprise applications and data.

This potent mix of more edges, more endpoints and device types, coupled with ongoing breaches and attacks, and increased compliance needs (GDPR and CCPA) is pushing CIOs to seek and implement new solutions. They realize that the solution needs to be one that is multidomain and multidisciplinary.

The Convergence of Networking and Security

Whether you buy into Gartner's SASE or not, network connectivity without security no longer makes sense in today's world. Yes, Gartner has thrown everything and the kitchen sink into the framework called SASE. In some ways, it doesn't matter whether SASE is precisely the right approach or not nor whether it's too complex to implement. It does matter that CIOs take a new look at enterprise edge connectivity and decide for themselves what the appropriate solutions and strategies are. AvidThink suggests a back-to-basics analysis, first breaking everything down and then recreating what makes sense in this new world.

The New Requirements 

From our conversations with different organizations at enterprises and service providers - from application development to DevOps to networking to security teams - we've pulled together the following set of capabilities that an enterprise solution will need from a networking and security perspective. The list is by no means exhaustive, but it does represent the top attributes that keep coming up in our conversations:

  • Secure - The solution needs to provide built-in security, protection against distributed (DDoS) and man-in-the-middle attacks, mutual-authentication (between a device, user and a service, or in between services), and work in a zero-trust environment.
  • Policy-driven - To provide manageability, the solution will likely be policy driven, supporting high-level constructs and declarations that guide configuration of the network. The notion of configuring each network element no longer scales.
  • Identity-aware - Ascertaining the identity of users, devices, and applications prior to connection is a critical enterprise requirement. The solution needs to integrate into appropriate identity stores to determine the identity of endpoints connecting to the network, along with their entitlements.
  • Application-aware - To provide both appropriate security and quality of service, the connectivity layer needs to understand the nature of application traffic being carried and apply policies intelligently.
  • Transport-agnostic - The connectivity layer should work regardless of the underlying networking transport. Note that this is not the same as saying the solution can't be transport-aware and knowingly optimize for higher-loss or higher-latency connections (e.g., satellite), rather that it shouldn't be dependent on only certain underlay types.
  • Endpoint agnostic and cloud friendly - Connectivity needs to span both infrastructure that is controlled and owned by the enterprise as well as that which sits on top of other people's infrastructure, like public clouds. The fabric needs to reach across all varieties of endpoint, from IoT to mobile devices, from laptops to desktops, from private to public clouds.
  • Portable and addressing-agnostic - The network fabric needs to be able to connect endpoints regardless of where they are, and not be dependent on IP address.
  • Scalable and high performance - In today's high-bandwidth world, the solution needs to be able to reach multi-Gbps to Tbps, whilst simultaneously managing thousands and, for IOT, tens of thousands of endpoints.
  • Efficient - Given mobile and IoT devices have small compute and memory footprint, the network layer should not require huge compute resources to implement.
  • Transparent - The solution cannot create too much friction during deployment or impact the application traffic in observable ways.
  • Easy to troubleshoot - With the complexity and number of connections for most applications today, the solution needs to provide the necessary telemetry and visibility to troubleshoot issues in policy or underlay.
  • Automation friendly - Most deployments today are automated and orchestrated by programs and scripts. The solution needs to provide APIs and hooks to allow for programmatic set up, configuration and tear down, and most importantly, be developer friendly.
  • Reliable - The solution needs to be robust in connectivity and self-healing if possible. It needs to seamlessly handle node or network failures, re-routing or re-instantiating as needed.
  • Centrally managed - The solution needs to be easy to manage. usually from the cloud, and should provide unified visibility across all networks and endpoints.

If you're still with us, you'll realize that's a long list of new requirements for connectivity in enterprises, from the edge to the cloud. Despite the numerous challenges, there are vendors in the playing field that are stepping up to address these challenges. In our next blog, we'll examine some of these classes of solutions and see how they measure up.


Disclosure: We at AvidThink are grateful to NetFoundry for their support of this blog series. Independent of sponsorship, AvidThink has made every attempt to provide an unbiased view of the existing enterprise connectivity space. Reach out to us at with your feedback and questions.

About the Author

roy chua 

Roy Chua is founder and principal at AvidThink, an independent research and advisory service formed in 2018 out of SDxCentral's research group. Prior to co-founding SDxCentral and running its research and product teams, Chua was a management consultant working with both Fortune 500 and startup technology companies on go-to-market and product consulting. As an early proponent of the software-defined infrastructure movement, Chua is a frequent speaker at technology events in the telco and cloud space and a regular contributor to major leading online publications. A graduate of UC Berkeley's electrical engineering and computer science program and MIT's Sloan School of Business, Chua has 20+ years of experience in telco and enterprise cloud computing, networking and security, including founding several Silicon Valley startups. He can be reached at; follow him at @AvidThink and @WireRoy

Published Friday, March 06, 2020 1:05 PM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2020>