SDN and Security: A Marriage Made in Heaven - Or Not?
at 10.00am PST
Software-defined networking has come onto the scene and changed the way we think about moving packets throughout a network. But it has also morphed into multiple definitions and approaches, driven by both vendors and enterprise customers. But how does security fit into this picture? This talk will discuss the convergence of SDN and security and will try to make sense of them both.
1: Understand all types of SDN.
2: Understand SDN and security.
3: Understand how a secure SDN makes a network safer.
Chuck Black, Senior Software Developer, Tallac Networks
SD-Branch: What it is and why you’ll need it
SD-WAN deployments show the power of software-defined networking and virtualization to improve bandwidth efficiency and deliver application performance, and now this software-centric approach is being applied to the unique requirements of branch offices.
Known as SD-Branch, this next step in the evolution of branch technology can be defined as a single hardware platform that supports SD-WAN, routing, integrated security and LAN/Wi-Fi functions that can all be managed centrally.
The most compelling argument for SD-Branch is operational agility. IT organizations can rapidly deploy and provision a network branch-in-a-box solution for new locations. Via a centralized management console, they can control and adjust all branch network and security functions.
Reducing or eliminating the need for trained IT personnel to visit remote branch locations results in significant cost and time savings. SD-Branch also promises to reduce hardware costs by deploying software on consolidated hardware as compared to many separate appliances.
Other SD-Branch benefits include:
- Decreased cost of support and maintenance contracts because fewer vendors will be involved.
- The ability to right-size hardware requirements for each branch thanks to software virtualization.
- A smaller hardware footprint, which is ideal for space-constrained branches.
- Network performance scalability. As network requirements change, the performance of any function can be tuned up or down by changing processor allocation or adding hardware resources.
- Lower power consumption because one power-efficient platform replaces many appliances.
Over time the SD-Branch will be easier to deploy, less complex to manage, and more responsive to changing requirements at the branch. The cost benefits in CAPEX and OPEX could be significant as the technology matures.
Before discussing how to plan for and migrate to SD-Branch, let’s take a look at how branch offices came to be crowded with so many single-function devices in the first place.
History of Branch Sprawl
Distributed organizations rely on communications to and from branch locations to ensure user productivity, provide responsive customer service, and run a variety of targeted applications. The advent of modern (client/server) branch networks began in the late 1980’s with PC LANs being connected to centralized servers over low speed links (typically modems). The founding of Cisco Systems brought the industry the concept of the multi-protocol router which continues to connect most branch locations to centralized data centers.
The increased popularity of the Internet as a WAN connection has increased security demands at the branch. During the late 1990s, firewalls and other network security devices were deployed at the branch to control/monitor incoming and outgoing network traffic.
Wi-Fi became popular in early 2000’s as the means to allow PCs and other devices to access the branch network. Over this time, Wi-Fi has become the preferred method for accessing the corporate network (as compared to ethernet) and is popular for branches to offer Wi-Fi access for customers, guests, and partners visiting their locations.
Introduced in 2004 by Riverbed, WAN Optimization appliances are widely adopted at branch locations to improve the efficiency of data file transfer over the WAN. It employs a variety of techniques including de-duplication, compression, and traffic priorization.
Advent of SD-WAN
A number of start-up suppliers introduced SD-WAN in the 2014-to-2015 time frame, and now several dozen vendors support it to improve WAN communications. SD-WAN provides a network overlay which improves network uptime, provides for application prioritization via quality of service policies, offers Internet security and centralized management. SD-WAN needs support in branch offices.
The layers of newly introduced product types have naturally led to a proliferation of technologies at the branch. Each technology typically has its own integrated hardware/software appliance to handle rapidly increasing performance requirements and advanced features. As a result, the majority of organizations have four to six different network boxes at their branch locations, and most deployments are multi-vendor with unique management interfaces.
Securing the Branch Network
The increased number and variety of devices – IoT, phones, tablets – connected to the branch network provides more opportunities for hackers to access sensitive data. Gartner estimates that fully one third of all attacks occur at the branch. Over the last 10-plus years IT has deployed a variety of security appliances at the branch including IP VPNs, secure web gateways, intrusion detection and prevention systems and next-generation firewalls. These appliances, with their overlapping functionality which often come from different vendors, create additional operational complexity at the branch.
IT organizations need to carefully coordinate network security with their security teams. Network security at the branch needs to mesh with security for devices, the campus network and the data center. Ideally, traffic at the branch is inspected for anomalies, with suspect traffic being sent to centralized resources or the cloud for further action. Branch security operations are best when fully automated and when they leverage centralized data-center and cloud-based intelligence.
Promise of SDN and Virtualization
The concepts of SDN and network virtualization have been widely deployed in the data center over the past four-to-five years. Improvements in server processing technology (Moore’s Law) and better network software now allows a wide variety of network applications to be run on common server platforms. The industry is now ready and able to transition from special function appliances to software applications running on one or more servers.
Planning for SD-Branch: Recommendations for IT Professionals
The branch network is a critical piece of the IT infrastructure for most distributed organizations. The branch network is responsible for providing reliable, high quality communications to and from remote locations. It must be secure, easy to deploy, able to be managed centrally and cost effective. Requirements for branch networks continue to evolve with needs for increased bandwidth, quality of service, security and support for IoT.
SDN and network virtualization technologies have matured to the point where they can deliver significant benefits for branch networks. For example, SD-WAN technology is rapidly being deployed to improve the quality of application delivery and reducing operational complexity. SD-WAN suppliers are rapidly consolidating branch network functions and have reduced (or eliminated) the need for branch routers and WAN optimization.
The broader concept of SD-Branch is still in its early stages. During 2018, we will see a number of suppliers introduce their SD-Branch solutions. These initial SD-Branch implementations will primarily be single-vendor and may lack state-of-the-art technology in some applications.
IT leaders should carefully evaluate the benefits of the SD-branch architecture. Migration to SD-Branch will likely require significant changes to the existing branch network and may require a forklift upgrade. SD-Branch suppliers should be evaluated on their current and near-future technology, technology partnerships (e.g. security), and deployment options (do it yourself, channel partners, and managed solutions).
SD-Branch deployments will make the most sense for greenfield deployments, situations that require rapid deployment of new branch networks and branches with end-of-life equipment such routers and WAN-optimization appliances. IT leaders should continue to deploy SD-WAN solutions with their compelling benefits and plan for a phased deployment of SD-Branch over the next few years.
A number of SD-WAN, Wi-Fi, and router suppliers have recently introduced or soon plan to announce expansions from their current platforms that enable SD-Branch functionality. Early SD-Branch solutions will be largely proprietary and may have limited functionality for some of the network/security applications. SD-Branch is currently best positioned for rapid deployment at new or temporary branch locations. Over time, it is likely to become the go-to architecture for branch networking.
Migrating to SD-Branch
Migration from the current branch network architecture will be challenging for most IT organizations. First generation SD-Branch technology that is being introduced now offers state of the art technology in some functions but weaker offerings in other functions. For 2018, SD-Branch solutions will be focused on single-vendor solutions – some with application support from partners (e.g. security suppliers).
SD-WAN suppliers are likely to be the most aggressive with SD-Branch as they rapidly expand their offerings, which already include WAN optimization, routing, and security, as well as support for LAN functionality (Ethernet switching and Wi-Fi). Wi-Fi and router suppliers are also expanding their capabilities to include SD-WAN functions. IT organizations will have the option to deploy SD-Branch as an appliance, as software on standardized servers or as a managed service with the service provider managing the on-premises software and hardware.
Lee Doyle is Principal Analyst at Doyle Research, providing client focused targeted analysis on the evolution of intelligent networks.
RSA Conference Moscone Center April 18th 2018
Come and see Chuck Black talk at the RSA Conference. The session is “SDN & Security: A Marriage Made in Heaven or Not”. It is on 4/18 from 1:45-2:30PM at Moscone Center in SF at the RSA conference
HP veterans make it easy to set up office Internet, without the IT guys April 2017
HP veterans make it easy to set up office Internet, without the IT guys
BY CATHIE ANDERSON
April 30, 2017 06:00 AM
As new mobile applications pushed consumers and corporations into the era of cloud computing, a handful of Hewlett-Packard veterans envisioned a business world where any office manager could set up a safe, reliable wireless internet network in minutes – without calling an IT guy.
Now, over in a small office in a Rocklin, Chuck Black, Paul Congdon, Matt Davy, Ali Ezzet and Bill Johnson are ushering in that world. They accepted early retirement packages from HP to found Tallac Networks in 2012.
Johnson, Tallac’s president, asked this columnist to think back to “the old days,” five to 10 years ago: “When you had to set up a network, you usually had to hire an IT guy. He had to install a bunch of stuff, and he had to have a certain certification and education to set all that up and make it all work.”
Tallac’s engineers have created a setup wizard that makes the job as easy as TurboTax has made tax filing. Within minutes, a system can be up and running, said Andrew Wilkinson, Tallac’s vice president of sales and marketing, and once that setup process is complete, Tallac’s devices phone into the cloud and automatically establish a local area network, or LAN.
Wilkinson and Johnson talked with The Bee about their work to create an autonomous network that will recognize when the network connection is failing and take corrective action before humans notice.
Q: How did you come to work on this concept?
Johnson: In 2012, there was a group of us working at Hewlett Packard, and they offered the ability to take a package. We’d been working there for quite a while: Paul as chief technologist, Ali as a system architect, and me as the research and development manager. We said, “You know, with everything that is changing right now, it’s a good time to go out and reinvent how campus (internet) networks are built and deployed.”
We took that vision and we built it. We got some help from hardware manufacturers because they see this coming. They’re one of our investors who came in with money and partnership opportunities, so we have hardware, we have software that orchestrates that hardware and we have a new business model.
Describe your business model.
Wilkinson: So, you use a wireless network at home, at a business, all around the world. What happens when the wi-fi doesn’t work? It’s a disaster, right?
So, what do you do at home if the Wi-Fi doesn’t work? One of the first things they tell you when you call up is you unplug it. Well, it’s the same in a big building. You have these IT-trained guys running around when something happens, and they have to call someone, find out what’s going on, and get them to come out and reboot the system.
We’re bringing a level of automation that makes those kind of networks even more reliable. We want to take all the intelligence of the guy who drives out in his car and does all the clever, magical stuff and automate it.
There’s more to it than the automation. There’s making sure that it’s secure, making sure that it adapts to the business need. Imagine a business with five locations, and they want a sixth one. I can get that sixth one up and running in hours, not days, which is typically how it was.
We don’t have to live in a world where Wi-Fi stops working and people think, “Should I just go home? Do I use the Wi-Fi hotspot on my (mobile) phone? What’s going to happen to our credit-card transactions?”
Those kind of things should become a thing of the past. It’s like electricity. Occasionally, it’s out, and we all know why. Some event knocked it out. But most of the time, we just turn it on and it works because, behind the scenes, someone has automated all that stuff and it works.
Q: Why do you think the time is right for this particular innovation?
Wilkinson: There’s a big market out there. There’s a staggering amount of money — $25 billion spent across the industry from the very big companies such as ExxonMobil and Time Warner down to the (small to midsize businesses). Everyone has a network of varying degrees of complexity. We see this market continuing to change from this world of having someone on site to fix networking issues and into a world where they will want someone to repair it from anywhere. They will want to automate it, and they will want it to be error-free. They won’t want a configuration error that crashes their connection.
We also see that everyone is shifting to a world where you pay by the month. A lot of applications now, you don’t buy the software for $800. You pay $15 a month. We pay so much a month for our cellular phones. We pay so much a month for our electricity bill. Well, networking is going in the same direction, where it’s a utility. We pay so much and it’s provided for us.
Paying monthly is changing the industry from the old days when you’d go to Cisco and spend $100,000 in a big capital chunk that had to last for three years. The world is saying, “Rather than that big capital expenditure hump, let’s just do this model where you’re paying so much a month.”
And, a lot changed with cloud computing (where remote servers on the internet store, manage and process data rather than a local server or a personal computer).
Johnson: You can plug in several of our devices. They all phone home themselves, get their configuration from the cloud. It’s pushed back out, along with whatever special services you might have ordered. Boom, it’s up and running. In the old days, you would have to get on every one of those devices with a console cable and type through a command-line interface. You’d set the internet address and set the radio strength. All that is now done through automation.
Wilkinson: The industry has to progress to a level of automation where the network will start healing itself before anyone even notices. We shouldn’t get to the point where someone stops and says, “Is the Internet working for you?” And suddenly, everyone is at a standstill.
We want to get to the level where that doesn’t happen. Our analogy is the self-driving car. Wouldn’t it be great if we could just get in, give it a destination, and it takes care of it for us? We want our networks to become almost autonomous. They’re meant to be doing what they’re doing, and the moment they stop, they’re looking at themselves and taking action. We see a future where a network will go, “Wait a second. I can’t reach the Internet,” and it starts a series of routines like a technician would do if he’s there …
There comes a certain point in time when you need to get to that expert — perhaps one in every 10 instances, and that person can do it real-time without having to travel. That’s the difference between us and our competition. We want to see a level of automation and self-healing of a network rather than today’s world of the $150-an-hour technician that’s going to take two hours to get there.
Q: Are Tallac’s system currently in the marketplace?
Johnson: We have thousands of devices in use around the world today, currently plugged in and serving hundreds of thousands of end users. (That includes local organizations such as Hacker Lab and Center of Praise Ministries.)
We really see our customer as being the managed service provider (companies that remotely manage information technology services for businesses). The reality of being a boot-strapped company is we have the solution and technology, but we’re still trying to build the revenue base to be able to afford salespeople. We’re not big enough to grow a big sales team at this point in time.
We’re branding our product under the names of larger companies. They have a sales force that can promote the solution — or at least a subset of the solution. It doesn’t fulfill all of our vision yet, because that’s held for our own use, but they use components of our technology and take that to market. That’s how we’re building our current revenue base.
Q: What’s a big challenge you face?
Wilkinson: When you’re a small company, you realize just how difficult it is to make noise in the world. You are this big (holding his thumb apart from his forefinger) in this ocean. You’ve got great stuff, but you have to refine and refine the message because you’ve got nanoseconds of opportunity to find the connection to get the next set of customers who will get you to the next chunk of revenue.
How Cloud Management and SDN Killed the Traditional Enterprise LAN Sept 2016
Attend BrightTALK with Paul Congdon, CTO, Tallac Networks on Sept 20th, 2016 11am PT
A colleague of mine recently mashed up a famous R.E.M song for his blog. He reworked the famous lyrics to say, “It’s the end of the LAN as we know it… And I feel fine”. He couldn’t have been more spot on. As IT resources continue to move to the cloud, traditional infrastructure and the processes associated with running it are literally going out the window. One of the last IT resources to still make the migration to the cloud is the Enterprise LAN. However, since everything else is moving to the cloud, and the way we use our LAN is changing. The actual critical IT resources still on the LAN have changed. Cloud management and Software Defined Networking are making it possible to radically simplify your Enterprise LAN – perhaps to the point where you can pay someone else to operate it. Tallac Networks is defining the SD-LAN ecosystem and is behind the next wave of the cloud movement – management and control of the Enterprise LAN.
Comstock names Tallac as startup of the month May 2016
A cloud solution that connects customers to a customized web experience
You can’t deny it: The cloud is everywhere. Thanks to tech titans like Google, Amazon and Apple, the idea of data storage has shifted from bulky, blinking units in an enclosed place to the more abstract concept of data stored in open, virtual space.
It’s easy to see the appeal of virtualization. The cloud is accessible from anywhere, which means it can be managed remotely. This eliminates the need for an onsite network engineer and lowers costs. But Bill Johnson, president of Tallac Networks, saw something missing in this mass migration to the cloud.
“The only thing that hasn’t gone to the cloud is the network itself,” he says.
From that starting point, Rocklin-based Tallac Networks created a Networking-as-a-Service (NaaS) solution for customers who want web access on their own terms. Basically, Tallac provides a cloud-managed platform for managed service providers (MSPs), who configure customer networks for specific purposes.
Think Starbucks. Many businesses have Wi-Fi, but with a Tallac virtualized network, a business owner can build brand loyalty by securely extending their Wi-Fi to guests. Similarly, a teacher can use this solution to restrict online access in a classroom to sites only related to the current lesson. A parent can set up a network that prevents children from clicking their way onto adult sites.
“Think about it like this: We’re providing electricity,” says Andrew Wilkinson, the company’s vice president of sales and marketing. “But you decide what you plug in, and how you want to use the heater and stove.”
The startup is run by Hewlett-Packard and Cisco veterans with more than 150 years of combined enterprise networking experience. In terms of funding, Johnson calls Tallac a “slightly assisted bootstrap startup.” Bolstered by a seed round of private funding, Tallac now has contracts with dozens of MSPs, including Comcast. Johnson measures returns by the number of devices an MSP sells to various customers, which he estimates to be worth more than $500 million a year.
Generally, users of Tallac’s networks include schools, banks, retail establishments and hotels. He avoids naming specific customers because technically Tallac only serves as the bridge, and he doesn’t want to undermine any MSPs.
“If an MSP is using our services and sells it to a bank, that bank is not really our customer,” he says, but Tallac has worked directly with businesses in some cases.
For example, Tallac reached out to Hacker Lab in Sacramento, where reliable Wi-Fi is a top priority for the various startups based there. “We basically can’t have the internet go down,” says Eric Ullrich, co-founder of Hacker Lab. “If it does, it needs to go back up really fast.”
Hacker Lab agreed to partner with Tallac and has been using its virtualized network solution for about a year. The decision was a matter of security but also proximity because, as Ullrich says, “How often do you get to work with a local provider?”
For the second year in a row, Tallac also provided a customizable network for the California CareForce free health clinic in the Coachella Valley. The annual event offers free medical, dental and vision services, and organizers needed three distinct networks: a password-protected one for staff to verify volunteer medical professional certificates; a patient registration network to allow volunteers to browse on their downtime without hogging bandwidth; and a guest network for patients waiting to get their teeth cleaned or eyes checked, which needed to be isolated to protect the privacy of medical information.
Despite the growth of Tallac, marketing remains a challenge. This isn’t a quick-pitch type of service that a layperson would understand in 60 seconds. For that reason, the startup’s team has created a curriculum to educate and train workforces, partners and customers on how Tallac is making the mass migration to the cloud one that won’t leave anyone behind.
“We could’ve said we’re going to become the next Comcast, build a system, build a channel, but that was was just too much,” Johnson says. “Now we bring services to them, as well as bring people onto the network.”
MAY 5, 2016 By Russell Nichols
Rescuing a Healthcare Clinic Network with SDN and the Cloud March 2016
If you are a networking person, you always hear people telling you what a hassle it is to set-up a temporary ad-hoc network at a mobile event – well, I can tell you first hand – with SDN and Cloud Management, it isn’t all that bad…really.
|Unreliable Building Wiring|
For the second year in a row, Tallac Networks supported the California CareForce (www.californiacareforce.org) free health clinic at the Riverside Fairgrounds in The Coachella Valley of California by providing a SDN-enabled cloud-based wired and wireless network. I got the opportunity to play all the roles in getting the networks up and running. This annual event is a huge free medical, dental and vision clinic sponsored by Golden Voice (www.goldenvoice.com), the guys who put on the Coachella Valley Music Festival (www.coachella.com). It is one of their ways of giving back to the community where they host their 3 week long rip roaring concert event – I actually haven’t attended, but have heard is it sort of a modern day Burning Man meets Woodstock.
Anyway, the health clinic takes place over 3 days in a couple of buildings at the Riverside County Fairgrounds. Let’s just say it has been awhile since some decent wiring has been installed in these buildings. There wasn’t much to work with, so we had to duct tape cables here and there to get the access points distributed across the main building.
|Unreliable Building-to-Building Wiring|
Another building across the quad area was used for the vision lab where 100s of glasses a day are cranked out for people in need. That building was connected by a strand of Ethernet draped across a roof, then a power line, then passing through an inaccessible building with some sort of unmanaged switch boosting the signal. Luckily the wire appeared at the remote building with a working L2 connection back to the main site. This was just enough for us to begin to set-up the various networks we needed to support the clinic.
The organizers of the clinic asked for three distinct networks; an Operations Network, a Patient Registration Network and a Guest Network.
The Operations Network needed to be password protected and provide Internet access so the staff can verify volunteer medical professional certificates – you don’t want a non-certified junior doctor ‘practicing’ on you at the free clinic. This network also needed guaranteed bandwidth for a really cool system from InDemand Interpreting (www.indemandinterpreting.com). The InDemand solution is a video conferencing system on wheels that allows you to establish a session with a human interpreter in the cloud that is fluent in the language of your choice. This was awesome for the doctors and dentists who needed to get critical information from those patients for whom English is a second or even third language.
InDemand Interpreting via Tallac WiFi
The Patient Registration Network was used by the volunteers to check-in and check-out patients. This network needed low-latency access to the Web-based registration server, but it did NOT need Internet access. Volunteers have some downtime in-between arriving patients and there is a desire to browse the Internet or watch videos, but we can’t afford to spare the bandwidth, so we have to keep the registration stations on an isolated network.
The third network was a Guest Network for the volunteers, patients and anyone wandering by that did need Internet access. We wanted guests to register for this network with a valid email address and explicitly accept the usage policy – which included the usual “don’t do bad stuff” and “we won’t give anyone your info” verbiage. This network needed to be rate-limited so the hordes of people wouldn’t consume all the Internet bandwidth required by the Operations Network. This network also needed to be completely isolated from the other networks to assure medical information privacy.
Setting up and operating these three distinct temporary networks, under pressure, in a short amount of time, across an ancient site with 1000s of people wandering around was where the fun began. The Tallac system was invaluable. We wanted all three SSIDs broadcasting everywhere at the Fairgrounds, but they all had to meet their specific requirements. The biggest challenge was how to extend all three of these different networks to both buildings across the unmanaged L2 network running across the power lines. There was no way to configure the switches on the site, so no way to use VLANs or set-up multiple subnets. I wanted different address domains for the guests, and those doing registration couldn’t have the Internet. A tough set of requirements when you can’t configure the existing infrastructure. The answer to these challenges was SDN, the Cloud, OpenFlow and Tunnels! Thank goodness all of these come with the Tallac solution and were just a few clicks away from being put to use.
|Last year’s wiring mess backhauling to the office.
This year, to the Cloud!
Last year, I had used GRE tunnels to get the vision lab back to the main building where there was a tunnel server, Floodlight OpenFlow controller and routers for each subnet. In the main building I had used standard VLANs over the wires we had duct taped to the walls. This made for a bit of a wiring mess in the office.
|Clinic Network Diagram|
This year, I did something simpler. I ran the Operations Network and the Registration Network on the base L2 network between the buildings, but I used OpenFlow to provide the isolation for the Registration Network. With a few clicks of a button in our Cloud system, I configured the Guest Network to use an SSL VPN backhaul to a virtual router/firewall running in the Cloud. This router/firewall dished out DHCP addresses for the guests and forwarded Internet traffic for them. The Guest SSID was rate-limited to 3 Mbps up and 2 Mbps down. Finally, I assigned an OpenFlow based Captive Portal application to the Guest Network that redirected unregistered users to a splash page that collected their email address and required acknowledgement of the usage policy. The Captive Portal application runs on-top of an OpenDaylight instance in the cloud as well. So this year, I took advantage of the Cloud and our OpenFlow capability in a big way. Above is a diagram of what it all looked like in the end. I also used our outdoor AP to cover the quad this year instead of zip-tying our indoor AP to a tent pole. I was amazed at the coverage we got with the external antennas. One of the security guards was using the Guest Network from across the Quad with no problems.
|Outdoor Coverage from the Tent|
All in all, the event went quite well. The organizers gave away over $600K in services to over 1500 people in 3 days. They made approximately 700 pair of glasses on the spot, and cleaned, filled and yanked out countless numbers of teeth.
|California CareForce Clinics|
You can see the summary numbers at (www.californiacareforce.org/cs). The network is critical to the operation of the clinic, and the diverse needs of the different networks are a perfect test case for how flexible the Tallac system is. Tallac is proud to be a sponsor of this event and you can count on us to be at the next one.
“It’s the end of the world as we know it…" Jan 2016
“…and I feel fine !”
Whenever I start noodling on a new blog post, I almost always have a song lyric pop into my head. I’m going to date myself a bit, but this time it was a song from REM. EXCEPT I was singing it with the the alternate lyrics, “It’s the end of the LAN as we know it….and I feel fine!”
The Enterprise LAN has been around for decades. Over the years I designed and redesigned LANs more times than I care to admit. As network engineers, we took pride in designing better networks then the next guy.
But quite honestly, at this point they all look pretty much the same especially when you’re talking about mid-market businesses, say anywhere from 50 to 2,000 users. Wi-Fi APs, closet/distribution/core switches, perimeter firewalls with/without VPN and IDP capabilities, DHCP, DNS, some kind of management software…
Yet, as I’ve traveled around meeting with customers the past couple of years, I’ve been blown away by how smaller organizations build and manage their networks. Let’s take an example that’s close to home for me.
There are over 300 K12 school districts and 30 independent colleges in Indiana, most of them with fewer than 3,000 students. Nearly every one of them hires someone to design a network specific to their campus, independently solicits proposals from vendors, negotiates their own pricing and hires engineers to do the care and feeding of their network.
Do you think the networking requirements for K12 districts are THAT much different ? Does the LAN at one small, private college look that much different than the next?
Sure, there are some minor differences between a small school with 2,000 students and a large school with 15,000 students. But one 2,000 student K12 district or college’s networking requirements look pretty much like the next one. Yet, every school is still designing, building and managing their own network with absolutely no economies of scale across schools.
Now let’s compare that to another aspect of running a school – their cafeterias!
Nationally, more than 80% of colleges  outsource the management of their food service and, depending on the state, anywhere from 20-75% of K12 districts outsource their food service . The companies providing these services have much greater buying power and have much larger scale and therefore more specialized expertise in order to refine things like layout of space, recipes, processes, etc. They’ve saved schools money and, if a recent visit to my alma mater is any indication, they’ve greatly improved the quality of the service!
So why don’t they do the same thing with their networks? The answer is, they are – and at a pace that is increasing! And it’s not just education.
Why are they doing this? The specific reasons vary a bit from industry to industry – which I’ll discuss in more detail in later posts – but the overarching trend is the same and it’s driven by cloud and mobility!
SMB and mid-market businesses have embraced cloud and mobility quite rapidly. With their services moved to the cloud and accessible from anywhere, the LAN is starting to look like a utility. If the primary use of the LAN is to connect users to the Internet, from the C-level perspective, it’s really no different then someone’s home broadband, their LTE service or Wi-Fi at the coffee shop. So why are they still designing, buildings and running their LANs as if it were a unique resource providing a competitive advantage to their business?
The headache and expense of staffing qualified engineers, the unpredictable costs associated with refresh cycles…why continue to do this for something that has become a utility that provides no differentiation for your core business?
The trend towards Network-as-a-Service for SMB and mid-market business is already in full swing in certain verticals and is gaining moment. IMHO, this is the most significant trend to hit the Enterprise LAN business during my almost 20 year career in networking. It’s going to be disruptive to every aspect of the business from the sales channel to the underlying technologies in the network.
I don’t exactly how this will all play out, but as it does, I fully expect the Enterprise LAN as we know it – how it’s designed, sold, built and operated – will come to an end…
“….and I feel fine.” because I’m extremely fortunate to be part of an amazing team that is squarely focused on a next-generation Enterprise LAN solution built from the ground up for Networking-as-a-Service!
Stayed tuned for additional posts where I’ll attempt to provide more insights on how this might all play out!