Network as a Service, SD-WAN, and the pursuit of zero stack

Network as a Service and SD-WAN. Courtesy Image/orosk Network as a Service and SD-WAN. Courtesy Image/orosk
<center>Network as a Service and SD-WAN. Courtesy Image/orosk</center>

According to Gartner, virtual customer premises equipment (vCPE) can reduce key network costs by 30% while increasing flexibility. This helps quantify the benefits of a theoretical “zero stack” for branch locations within a WAN.

The idea behind “zero stack” is simple: elimination of customer premises equipment (CPE). Provisioning, maintaining, and updating appliances at branches slows WAN operations down. The more you can reduce this complexity, the more scalable and efficient the WAN can become.

While a true zero stack at branch locations is impractical (some white box appliances are needed for load balancing and encryption), Network as a Service (NaaS) and cloud-based SD-WAN provide enterprises a way to move significantly closer to the “zero stack” branch by eliminating a large number of appliances.


Below, we’ll explore why CPE slows down the WAN, and how NaaS and cloud-based SD-WAN are helping enterprises streamline their branch locations.

The old way: multiple CPE appliances

Traditionally, branch locations for banks, retailers, and other similar organizations required a variety of proprietary appliances to enable WAN connectivity. In addition to a router, branches often require WAN optimizers, Next-generation Firewalls (NGFWs), and more.

Each of these appliances has to be configured and maintained. While doing so for one branch may be feasible, at scale managing hundreds of discrete appliances becomes a challenge. For large WANs, complex rollouts can take years to complete. Things are further complicated when you consider many branch locations don’t have dedicated IT staff capable of working on the appliances if they go down.

As time passes, hardware appliances tend to age poorly. As hardware gets older, functionality becomes dated and security holes are discovered. With hardware appliances, new functionality and security patches must first be developed by the vendor. This requires firmware or software updates, or even new hardware. In both cases, it may take months or years for a specific feature to be added when dealing with proprietary hardware. Then, when the patch becomes available, roll-outs can be a time-consuming endeavor.

Further, there inevitably comes a point when hardware reaches an EOL (end of life) state and security and functionality updates cease. This creates a need for a hardware refresh that comes with the same challenges as provisioning branches with CPE appliances.

The modern approach: cloud-based SD-WAN

NaaS helped address some of the challenges of maintaining multiple CPE appliances at branch locates. Branches keep a router onsite and simply connect to a cloud-based location where the rest of the functionality required is delivered.

Cloud-based SD-WAN takes this approach and uses it to deliver key WAN connectivity functionality. With cloud-based SD-WAN, enterprises benefit from centralized application-aware routing, dynamic path selection, and built-in security.

There are a myriad of benefits unlocked by taking this centralized and software-defined approach. First, SD-WAN functions can be performed where they are most efficient and effective. For example, packet replication and traffic compression can occur on the edge of the network while intelligent route management and security analysis can occur on the service provider’s network backbone.

Next, the WAN becomes significantly more scalable. With WAN resources centralized in a secure cloud-based network, the wait-times associated with multiple proprietary CPE appliances go away. This is easy to conceptualize when you consider the differences between rolling out new functionality and standing up a new branch with cloud-based SD-WAN vs the traditional CPE appliance-based approach.

Consider the differences in adding new functionality with a cloud-based solution vs a proprietary appliance. As opposed to the wait times and patching associated with proprietary CPE, with a cloud provider, the service provider patches and maintains the underlying infrastructure.

Patches are abstracted away from the enterprise and new functionality can be rapidly deployed as WAN infrastructure is built using cloud-native software running on commodity servers. Once IT tests and validates new functionality at a select number of sites, it can rapidly deploy the same changes across all locations thanks to a centralized management paradigm.

Similarly, the provisioning of new sites becomes much simpler when WAN infrastructure is software-defined. As opposed to configuring multiple proprietary devices, basic white box CPE and a zero-touch SD-WAN appliance onsite enable access to a full suite of network and security features in the cloud. 

Further, by building security into the network, cloud-based SD-WAN can reduce the load on branch networks and corporate security appliances while also improving network security. If a packet is blocked on the provider’s network, it doesn’t threaten the enterprise or consume network bandwidth or firewall capacity.

Cloud-based SD-WAN moves the branch stack closer to zero

While true zero stack isn’t feasible, a scalable WAN is. By reducing the amount of CPE at branch locations, enterprises can cut a lot of the fat out of their networks. Cloud-based SD-WAN eliminates the need for most proprietary WAN network and security appliances.

Centralized cloud-based SD-WAN brings elasticity to branch deployments and does away with much of the complexity associated with on-premises appliances. By embracing cloud-based SD-WAN, enterprises can streamline their branch deployments and improve WAN agility.

Courtesy Image/orosk