SD-WAN Growth 2019 v2.6 final - Secure SD-WAN Vendor · Key Findings • The SD-WAN market has...
Transcript of SD-WAN Growth 2019 v2.6 final - Secure SD-WAN Vendor · Key Findings • The SD-WAN market has...
Key Findings • The SD-WAN market has reached mainstream adoption. Enterprises and
service providers see SD-WAN as the edge networking platform of the future.• Futuriom expects the SD-WAN tools and software market to grow at a CAGR of
33% to $2.1 billion in 2020, $2.75B in 2021,and $3.5B by 2022.• Futuriom is increasing revenue forecast by 130% over last year’s forecast for
the year 2021. Based on bottom-up data collection from vendor sources.• The top drivers of SD-WAN adoption are network security and streamlined
management via cloud software and orchestration.• Of the 40+ SD-WAN software and tools vendors, the vendors leading in
revenue traction, according to Futuriom end-user surveys, are AryakaNetworks, VMware/Velocloud, Silver Peak Systems, and Cisco/Viptela.
• Cisco’s revenue reporting metrics are opaque, and it is difficult to break outSD-WAN revenue from other reporting segments such as routers.
• Additional vendors distinguishing themselves in the “Top Ten” of 40+ SD- WAN software and tools vendors include Cato Networks, CloudGenix,Cradlepoint, Fatpipe Networks, Nuage Networks, and Versa Networks.
• M&A activity is likely to pick up. Aryaka, Cato Networks, CloudGenix, FatPipe,and Versa Networks are strong candidates for M&A or IPO.
• Companies included in the Report. Aryaka Networks, Cisco Systems, CatoNetworks, Citrix Systems, CloudGenix, Fatpipe Networks, Fortinet, JuniperNetworks, Nuage Networks (Nokia), Silver Peak, Versa Networks, VMware.
2019 SD-WAN Growth Outlook Breaking down the virtualized wide-area networking (WAN) market
Premium Technology Research 2019
Featuring:
2
Table of Contents
Top Drivers for SD-WAN Demand 6
Ø Security and Security Services 7
Ø Support for Cloud and Multi-cloud Connectivity 8
Ø Ease of Use: Router and Management Fatigue 8
Ø Reduced Opex and Capex 9
SD-WAN Use Cases and Features 11
SD-WAN Architectures & Strategies 16
Ø Key Differentiators in the SD-WAN Market 17
Ø SD-WAN Players Strength and Focus 20
Ø SD-WAN Strategies of Networking Incumbents 21 Ø Leading SD-WAN Startups 25 Ø Other SD-WAN Players to Watch 28
Ø Key Questions to Ask About SD-WAN Features 30
34
38
SD-WAN Growth Forecast
Conclusion
SD-WAN Leader Profile 39
3
Intro: SD-WAN Accelerates in 2019
It’s been an interesting year for software-defined wide-area networking (SD-WAN) so
far, with business activity increasing and the market accepting and deploying the
technology to manage the operating costs (opex) and capital expense (capex) of
deploying new bandwidth, whether it’s used to connect global branch offices or
datacenters.
Futuriom has been closely following this market for the past six years, including
correctly predicting it would be a fertile area for delivering revenue growth in
enterprise networking. Since our SD-WAN Growth Report Report last year, Futuriom
has conducted dozens of end-user interviews, surveyed the pattern of activity among
SD-WAN vendors, and conducted surveys with leading service providers and
customers. This year’s report presents the trends we see in the market, based on end-
market primary research.
What we’ve found is that enterprises are now educated about SD-WAN and no longer
see it as an early, experimental market. The market is maturing, and buyers are
interested in the multiple benefits of SD-WAN, including improving and managing
broadband Internet, reducing network costs for both connectivity and opex, and
improved management and automation. Service providers are aware of this trend and
are scrambling to put together managed services offerings, as their MPLS offerings
will clearly be replaced by SD-WAN services in the long term.
What we’ve found, in general, is that SD-WAN fits the unique characteristics of
enterprises looking to buy connectivity, network management, and applications from
the cloud. There are many reasons for this. The business world has been conditioned
to buy IT services, on-demand, from the cloud. Now enterprises want to buy WAN from
the cloud – rather than have it controlled by service providers or hardware vendors
4
seeking customer lock-in with proprietary equipment on expensive private lines. At
the same time, gains in Internet availability and bandwidth optimization technology,
such as WAN optimization, de-duplication, load-balancing, and link balancing, have
become more sophisticated, enabling enterprises to leverage Internet broadband for
business applications. This is driving a deeper look at SD-WAN, which has the
potential to lower both operating costs (opex) and capital expense (capex) of
managing enterprise WAN connections.
All of this has made SD-WAN, or cloud-delivered WAN, a dominant growth area for
enterprise communications services. Enterprises will buy SD-WAN to reduce the
complexity in configuring branch-office devices, routing schemes, and network
addresses. With SD-WAN, much of these functions can be abstracted into the cloud
and managed by the service provider or an enterprise manager using a cloud
interface, rather than using proprietary networking equipment.
Our conclusion is that growth of the SD-WAN market is likely to gather momentum in
2019-2020, with revenue cracking solidly into the billions of dollars and the
technology evolving to a point at which it’s accepted in the marketplace. The SD-WAN
market is the most successful representation of software-defined networking,
offering real value and return on investment (ROI) to enterprises looking to reduce the
escalating costs of their WANs.
As is common with hot markets, many players are rushing to plant their flags. The SD-
WAN market, which by some measures has more than 40 vendors assigned to it, is
becoming ever cluttered with competitors and their noisy marketing messages. That’s
why in this report we try to lay out the land and report the largest players and what
they are doing.
5
Top Drivers for SD-WAN Demand In our discussion with end users, common themes emerge in the search for an SD-
WAN solution. Both enterprises and service providers are looking for a more flexible
model of delivering connectivity solutions using the cloud software model.
While the shift in enterprise bandwidth to cloud access is one of the overarching
drivers toward a new SD-WAN architecture, it is also reinforced by many broader
trends in IT. The chart below, from a recent Futuriom Service Provider SD-WAN survey,
recaps strong drivers expressed by service providers in their discussions with
enterprise customers about SD-WAN technology.
6
As you can see, the top perceived drivers are better security (31.7%), support for
cloud and edge services (26%), and ease of use/management (21%). What’s
impressive in our reading of survey data as well as interviews with end users is the
breadth of problems they hope to solve with SD-WAN. The SD-WAN platform is seen
as a networking management tool that can improve security, provide more visibility
into applications and network usage, improve bandwidth while reducing cost, and
ease network management headaches.
Below are some of the most common areas of benefit seen in SD-WAN platforms. Security and Security Services
The data from a recent Futuriom Service Provider SD-WAN survey shows that 31.7%
of service providers cited security as a strong driver for customers to buy SD-WAN
technology, which reflects a common theme in the market: SD-WAN platforms are
seen as a crucial tool in delivering next-generation network security services.
The reason for this is multi-fold. First of all, security concerns are on the rise across IT,
as the number of breaches and risks increase. Second of all, IT professionals that we
have surveyed see managing multiple security tools as problematic, costly, and time
consuming. So platforms that can be used to consolidate or integrate security add
value to the enterprise.
SD-WAN platforms can streamline security management by integrating cloud security
tools as well as network security tools into the same framework. Many of the SD-WAN
vendors, including Cato Networks and Versa Networks, have focused on this story by
building their own security functions directly into the platform. But many other SD-
WAN vendors are developing a security strategy based on best-of-breed applications,
partnering with leading security firms such as Palo Alto Networks and Zscaler to
7
integrate third-party security technology into the SD-WAN offering. Over the past
year, we have seen security grow in importance as a component of SD-WAN.
Support for Cloud and Multi-cloud Connectivity The acceleration of cloud services and software-as-a-service model (SaaS), in which an
enterprise accesses many applications using the Internet in the cloud, rather than
applications residing in a private datacenter, has changed traffic patterns in enterprise
networks. This is a fundamental change for the way that networks were built over the
last several decades, when enterprises were focusing on building internal, private
connections between datacenters and branches.
Cloud platforms are driving business models and IT operations toward a global,
public-Internet orientation. Forecasts show the use of IT services in the cloud is
steadily growing and expected to continue over the next 10 years. Amazon’s recent
quarterly results released showed Amazon Web Services (AWS) growing 43% year-
over-year growth.
Overall, cloud computing is projected to increase from $67 billion in 2015 to $162
billion in 2020, with compound annual growth rate (CAGR) of 19%, according to a
cross-section of industry research.
Moving forward, Futuriom expects SD-WAN platforms to become a vehicle for virtual
networking across multiple clouds, known as multicloud. Because SD-WAN can be
used to provision and manage virtual overlays, it makes sense that it can drive
multicloud connectivity.
Ease of Use: Router and Management Fatigue CIOs and IT managers are seeking more flexibility in connecting branches with a
software-driven model that can get branches and offices up and running quickly,
8
without the need for complicated network configurations. Networks based on
complex proprietary routing schemes are falling out of favor. SD-WAN technology
offers the capability to drive branch equipment configurations from the cloud,
speeding up orchestration of branch office equipment to connect branches more
quickly and at lower cost.
End-users regularly cite the need to streamline the configuration and control of
branch connectivity devices – otherwise known as customer premises equipment
(CPE) – including eliminating or replacing routers altogether with more standardized
SD-WAN devices, which can be based on commercial off-the-shelf hardware.
In a series of interviews Futuriom conducted with end users, we found that the hidden
cost of managing routers was a motivation to switch to an SD-WAN platform. One
user of Silver Peak's SD-WAN product, Tennessee Oncology Chief Information Officer
David Stewart, said of the healthcare provider’s move to SD-WAN technology:
“We initially started discussions with Cisco using a traditional router
architecture and the initial estimates were astronomical — the Silver Peak
platform was probably one-third of the cost. And we no longer need somebody
familiar with BGP (Border Gateway Protocol) routing and all the complexities of
managing routers.”
In addition, cloud management is often cited by service providers as being in high
demand for enterprise WAN services, as reflected in our survey data.
Reduced Opex and Capex
Of course, reducing network costs, both for opex and capex, is important. In Futuriom’s
survey work and interviews, cost reduction is often second to security, cloud
connectivity, performance, and management concerns, but it’s still important.
9
As connectivity demand strains network resources, the need for more cost effective
transport will not subside. Data shows more enterprise demand for broadband and
networking connectivity circuits for 100 Mbps and above, and gigabit Ethernet coming
online as well. As cloud services proliferate, the thirst for bandwidth is accelerating,
and IT managers need a break in cost. Using expensive private-line and MPLS circuits
is no longer a solution – managers are looking for ways to optimize and secure less
expensive Internet broadband circuits. SD-WAN technologies offer a way to do that
with demonstrable return on investment (ROI).
The end users that Futuriom speaks with regularly cite the need to reduce the costs of
network connectivity, including expensive private lines. But they are also focused on
operations, and they see SD-WAN as streamlining the cost of operating the network.
The expansion of options, including more reliable broadband and emerging mobile
options for enterprise connectivity, means that SD-WAN can be used to manage,
combine, and optimize multiple network links to boost bandwidth and reduce overall
costs.
10
SD-WAN Use Cases and Features
Futuriom’s ongoing interviews with dozens of equipment providers and WAN users
reveals the following goals in connecting the WAN in these new cloud environments:
• Optimize and accelerate WAN traffic to the cloud
• Improve overall network security
• Reduce costs related to WAN bandwidth
• Leverage multiple access technologies such as fiber, DSL, and wireless
• Increased flexibility in CPE so that management can be outsourced or updated
with software-only upgrades
• Improve capability to purchase, provision, and manage network services via the
cloud, using software
The technology industry likes to discuss “uses cases” of a technology, but this can also
be thought of as a function of a feature. Customers and end users are looking to solve
problems, so a new technology will be deployed if it solves these problems.
Below, Futuriom summarizes the most popular use cases and features that we hear
about from end users. These are the main reasons that SD-WAN will be purchased or
implemented.
Router replacement and Open CPE: One of the higher costs of WAN frequently cited
by enterprise customers is the opex of managing proprietary hardware and CPE,
including branch-office routers. For example, if you have a load of Cisco gear, it might
require having a Cisco Certified Internetwork Engineer (CCIE). Not only is this
complicated, but it can also introduce errors and complexities in building and
managing the network as the proprietary gear is configured.
11
One of the key differentiating points of SD-WAN vendors is to simplify the
deployment and management of CPE – especially if you are a retail company that has
to manage hundreds or thousands of branches. For example, many SD-WAN hardware
and software implementations can be deployed with templates and remote
configuration. By running SD-WAN on COTS, the organization can standardize on
cheaper, standardized hardware platforms that are managed from the cloud. Another
approach is to implement a light or virtual client than can be installed on existing
routers, firewalls, or other network edge devices.
Regardless of the approach, the key is that the SD-WAN platform can be managed
using a unified approach from the cloud, rather than requiring manual, on-site
management.
Security and Cloud VPN for Branch Office (including firewall replacement): One of
the allures of SD-WAN technology is that it can be used to deploy a virtual private
network (VPN) as a software overlay using end-to-end encryption. This helps meet
security requirements for businesses that may want to connect branch offices or retail
outlets but also have high security requirements. It also means that value-added
security services such as stronger encryption, malware detection, and intrusion
detection services (IDS) can be offered by the SD-WAN providers. Security is
becoming an important checklist item for SD-WAN. Futuriom sees many SD-WAN
providers racing to adopt as many security features as possible, whether it is through
native development or partnerships.
WAN Optimization: One of the goals of SD-WAN is to improve the performance of
applications on the network. WAN optimization, once a discrete function delivered
with a hardware or software appliances, is being integrated into SD-WAN
functionality. Many SD-WAN technologies include WAN optimization functionality and
we expect this to be a checklist item in SD-WAN deployments. A similar trend
12
originated in the applications delivery controller (ADC) market, in which ADCs
optimized the access and performance of applications on a network. That is why many
of the WAN optimization (WAN-Opt) vendors, such as Silver Peak, FatPipe, and
Riverbed, have adopted SD-WAN architectures and built SD-WAN products.
Application Performance Enhancement: Cloud WAN solutions can be built that
optimize access to cloud applications by monitoring traffic and routing higher-priority
business applications ahead of leisure services such as Netflix and YouTube.
Additionally, many WAN services can peer directly with cloud services to offer a “fast
lane” to the business applications. These techniques can be used to "offload"
enterprise WAN backhaul, routing cloud traffic directly to the source using a
combination of broadband technologies. This will also have the effect of challenging
the traditional ADC model of providing these services as part of a discrete hardware
device. In addition, some SD-WAN vendors are working with cloud vendors to set up
specialized cloud gateways and POPs in cloud datacenters to provide more direct
access to cloud applications.
Broadband Link Balancing: One of the key features of many SD-WAN services is the
ability to aggregate and load-balance broadband links, such as combining mobile
broadband, fiber, DSL, and/or cable. As broadband technologies proliferate and point-
to-point 5G becomes a reality, this will help to maximize resources and build a more
mission-critical WAN. In addition, SD-WAN solutions can be used to optimize cloud
connectivity using mobile connections. Examples might include the Internet of Things
(IoT), whereby a retail kiosk or a commercial truck is connected to the corporate WAN
using mobile connectivity, whether that be cellular or through other flavors of WAN
(such as WiFi or LoRa). In these cases, having SD-WAN features such as WAN
optimization and central SD-WAN software routing can optimize connectivity to save
money on cellular or WAN connection costs. VeloCloud (owned by VMware) was one
of the early innovators to push these features.
13
The diagram below, provided by Silver Peak, shows how an SD-WAN architecture can
adapt to shifting demand from private networks to cloud and SaaS apps by redirecting
network traffic to where the applications are, in real time.
Source: Silver Peak
A similar model, provided by VMware’s VeloCloud division, can be seen below.
Source: VMware
SD-WAN architectures can vary widely, but most solutions focus on the same goals:
Improving the use of broadband Internet and balancing connectivity with MPLS
private lines while at the same time optimizing access to cloud applications.
14
Network-as-a-service (NaaS) and Network Functions Virtualization (NFV): Many
enterprises don't even want to build or manage the WAN, but they also want
something better than plain-vanilla Internet. In this case, they can go to NaaS
providers who can provide software that aggregates existing broadband services into
an SD-WAN that is managed by the service provider. Customers can provision and
operate the WAN using a provisioning and management system provided with a web
interface, and they avoid the costly process of managing and configuring hardware,
because the hardware is provided by the service provider and managed using SD-WAN
software.
SD-WAN is increasingly being seen as a way to deliver either a cloud networking
service or a platform for delivering NFV applications by service providers.
Aryaka and Cato Networks are the notable SD-WAN NaaS providers in the market,
operating their own “middle mile” network using network POPs (in Aryaka’s case) and
IP transit (in Cato’s case). VeloCloud has a unique architecture with cloud gateways
that enables it to operate as a NaaS as well as an NFV platform. In addition, some SD-
WAN vendors such as Versa Networks are focusing on building a fully integrated NFV
platform with SD-WAN, to target service providers looking to launch SD-WAN
managed services from the cloud.
15
SD-WAN Architectures & Strategies
There are many approaches to building SD-WAN. According to Futuriom’s research,
there are at least 40 providers of SD-WAN tools, platforms, and services. For the
purposes of this report, we have focused on the technology vendors, platforms, and
services that we consider leaders in the market
The diagram below shows how SD-WAN technology can be used to build a virtual
overlay that connects the edge domain, data-center domain, private MPLS networks,
and cloud.
16
Key Differentiators in the SD-WAN Market
In a market with more than 40+ providers, Futuriom tracks approximately 16 SD-WAN
companies with sufficient funding, technology, and market share.
There are many architectural differences between the SD-WAN players, all of which
must be assessed by the buyers. Some SD-WAN solutions will be suited to end
markets such as retail or small-medium business (SMB), which are more focused on
easing the pain of managing the branch offices and virtual private networks (VPNs),
while others are building more comprehensive solutions that can facilitate routing
and quality of service (QoS) from end-to-end, whether it’s crossing a datacenter or
multiple clouds.
Below are some of the architectural debates that are frequently discussed in assessing
solutions.
Thick Client vs. Thin Client: The competition over the client for the SD-WAN network
is a common one. One can view this as “thick client or “thin client,” meaning whether
functionality is delivered primarily from the cloud or a POP or loaded into the
customer CPE.
The tradeoff in thick vs. thin comes down to the cost and power of the CPE. Thick
clients demand more powerful processing (more expense) but will inherently deliver
more performance for applications such as security and NFV at the branch.
As an example, startup Versa Networks is a proponent of a thick branch, by pushing
integrated security software that runs on a more powerful CPE. On the other side of
the spectrum, Silver Peak and VeloCloud advocate a thinner branch and adhere to the
strategy of providing security services with third-party partners such as Palo Alto
Networks and Zscaler, allowing the customer to choose the security platform
delivered from the cloud or integrated with an existing firewall appliance. Advocating
17
perhaps the thinnest client of all is Cato Networks, whose client is primarily a software
agent than can run on COTS hardware and deliver most functionality from the cloud.
POP, no POP, or Cloud? Does the SD-WAN vendor own its own network or points of
presence (POPs)? These strategies also vary. SD-WAN vendors such as Aryaka and Cato
are really service providers, offering their solution primarily as cloud services running
over existing network transport. Cato’s model is perhaps the most extreme, as founder
Shlomo Kramer recently told Futuriom is that he doesn’t believe the model of
deploying a technology platform with a traditional managed service provider will
work, because the customer ultimately wants the flexibility of managing their network
from the cloud.
Then there are vendors trying to provide the best of both worlds. VMware’s VeloCloud
offers an SD-WAN hardware and software platform, but it also maintains its own cloud
gateways, which are access gateways placed in cloud hosting POPs to deliver software
and services closer to regional cloud nodes.
To complicate things, 2019 also saw momentum behind cloud SD-WAN gateways, in
which major cloud providers such as Microsoft’s Azure, Amazon Web Services (AWS),
and Google’s Cloud Platform (GCP) are building gateways integrated with the various
SD-WAN providers. We expect this to continue to be a trend, with the cloud providers
providing more integrated direct access points in partnership with SD-WAN vendors.
WiFi or Not? Some vendors are coming at the SD-WAN problem from the cloud and the
overlay network (Cato and VMware), whereas others are coming from a branch-office
routing and WiFi heritage, such as Cisco (Meraki) and Cradlepoint. Ultimately, it makes
sense that SD-WAN integrates WiFi and cellular wireless connectivity with the SD-
WAN management platforms, because these are just other forms of connectivity.
Cisco’s progress in telling this story – i.e. how it will integrate Meraki and SD-WAN – is
somewhat vague. Others, such as Cradlepoint, have a solid wireless story but lack
18
some of the depth in the core SD-WAN cloud functionality that enables a full suite of
features that can also manage application performance and integration on wired
networks. Over time, Futuriom expects all of these areas to converge – and the
winners will be the SD-WAN vendors and providers that can successfully integrate and
manage all branch networking devices into one SD-WAN platform. This will also be a
driver of merger activity, as the larger networking vendors look to fuse WiFi
management and SD-WAN manage. In the future, it makes more sense for enterprises
to be able to manage their wireless and wireline management platforms from one
platform.
Comprehensive Routing and Multi-cloud: A key differentiator in the market will be
the routing functionality offered by the SD-WAN vendor, specifically on an open CPE
or in the cloud itself. This includes support of common routing protocols such as BGP
and OSPF. Some router incumbents, specifically Cisco, are reluctant to offer routing
functionality outside of their own hardware platform. Others, such as Nuage Networks
(Nokia), are aggressively pushing sophisticated routing functionality in a generic CPE
as well as the cloud. Futuriom believes a key differentiator will be how SD-WAN
evolves into a multi-cloud routing platform. The vendors that take this approach will
be successful by providing secure end-to-end connectivity from the branch to the
cloud.
The chart below shows the focus and specialization of leading SD-WAN vendors
Futuriom follows.
19
20
SD-WAN Strategies of Networking Incumbents
The large networking vendors are important to watch in the SD-WAN space, as their
networking equipment franchise comes under assault by the more software-centric
startups. Many of the incumbents have seen the strategic value of SD-WAN and have
made significant investments in the space. This has included a wide range of M&A,
internal development and PowerPoint.
For that reason, it’s important to review what the larger vendors are doing with their
SD-WAN strategy.
Cisco (Viptela, Meraki, ACI, Umbrella): Cisco has unleashed a barrage of SDN, SD-
WAN, and cloud security stories. The underlying motivation is that Cisco wants to
transition from being primarily a hardware provider to a provider of subscription
software services with annual recurring revenue (ARR). The challenge is that Cisco has
so many pieces, it’s hard to track exactly how they will work together – and from the
customer perspective, this has the potential to be too complex and expensive. For
example, do you really want to use Cisco Meraki to manage wireless connectivity, ACI
to manage routing, and Viptela as SD-WAN software? In 2017, Cisco purchased Viptela
for $610 million, but enterprise end users we speak to seem relatively confused by
whether Viptela will be a separate platform or fully integrated into Cisco’s router
portfolio. Currently, what we’re hearing in the channel is that Cisco is aggressively
pushing its own hardware. In addition, the general feedback we have gotten from the
end users is that Cisco’s solution risks being too expensive and complex with many
moving parts. Insurgent startups such as Silver Peak and VMware VeloCloud have
driven much of their success with a “simpler branch” strategy that can replace routers
with a lower-cost device and SD-WAN management platform, and this is resonating
with end users.
21
Juniper Networks: Juniper has positioned Contrail orchestration product as an SD-
WAN tool, but Juniper has been slow to market to develop a more comprehensive SD-
WAN strategy. In addition, in our discussion with Juniper executives, it’s not clear that
Juniper sees SD-WAN as a strategic platform, and this could be a huge mistake. Part of
this, in our opinion, has been complicated by Juniper’s organizational structure that
splits the marketing of SD-WAN in service provider and enterprise divisions, which
have conflicting agendas. Recently, Juniper made a move to put Contrail management
in the cloud and use it to manage all devices, whether it’s routers or its own open
cloud CPE devices. This development is in the tradition of Juniper focusing on
developing its own high-performance hardware, so it’s a plus that the company has
both its own routers and COTS CPE to use as SD-WAN devices. Juniper also has
significant security resources such as its vSRX (virtual firewall), which can be deployed
using Contrail. Juniper is in a good position with many of the key components of a
wide-ranging SD-WAN story, but our sense is the company is not fully committed to
the market and the company will need to double down on marketing – or it might have
to make another acquisition to be seen as a true leader in the SD-WAN market.
Nuage Networks Nokia: Nokia’s Nuage division (which focuses on cloud networking)
late in 2018 relaunched its SD-WAN strategy, anchored by its Nuage VNS network
virtualization product. This was a much-needed and smart move, as VNS is a strong
datacenter virtualization product that rivals Cisco ACI and VMware NSX with multi-
tenancy features. SD-WAN is one of the applications for VNS, by setting up virtualized
WAN connections and delivering virtual network functions. In the past year, Nuage has
beefed up the SD-WAN story by anchoring its powerful CPE devices, the NSG, to SD-
WAN. Nuage has cleverly leveraged its routing expertise to build strong routing
features directly into VNS and SD-WAN, which means that the NSG is a powerful
router. This includes carrier-grade routing features, such as the handling of BGP and
LAN peering, which enables service providers or large enterprises to connect
22
disparate networks into the virtualization system using standard routing protocols.
The NSG also has many built-in security functions such as an integrated next-
generation firewall and layer 7 applications visibility. The positioning of a discrete
CPE device with high-powered routing features is a significant differentiation and will
make Nuage a strong contender for SD-WAN deployments, especially among service
providers and large enterprises that want powerful routing functionality in the CPE
devices. Unlike Cisco, Nuage has integrated VNS and SD-WAN 2.0 management to
avoid the problem of having separate management interfaces. Futuriom was recently
given a demo of the Nuage SD-WAN cloud management interface, and it’s impressive
enough that we consider it a key differentiator.
VMware (VeloCloud Division): VMware purchased VeloCloud in late 2017, for a price
of $545 million disclosed in VMware’s annual 10K (though sources tell us the way the
deal is structured, the payout could escalate). The deal made a lot of sense because
VMware, which has a strong presence in the date-center SDN market with its NSX
product, would integrate with VeloCloud and extend virtualized networking
connectivity and services out to the branch with VeloCloud. The strategy has been
successful. VeloCloud has a unique architecture combining orchestrator, controllers
and dataplane with cloud gateways which allows it to scale in both multi-tenancy,
edges as well as performance. This enables the flexible platform to be sold both to
service providers to enterprises in a NaaS or DIY mode. VMware’s VeloCloud is one of
the top three SD-WAN players in revenue, according to our market surveysds.
This makes VMware/VeloCloud one of the best positioned of the networking giants for
SD-WAN with a compelling end-to-end virtualized networking portfolio. Without a
legacy of hardware sales, VMware can aggressively sell SD-WAN as a new software
platform to reduce the complexity and cost of hardware appliances. Vendors with
routing legacies such as Cisco, Juniper, and Nokia have a larger installed base of
hardware, which they will have to defend. On the other hand, VMware’s overlay
23
approach often ignores control and integration with underlaying hardware, meaning
that it will need to be integrated with traditional networking hardware to provide a
comprehensive end-to- end solution.
24
Leading SD-WAN Startups Futuriom believes that the successful SD-WAN companies will be in high demand as
acquisition targets, but some may also opt to pursue an IPO to reward their private
investors.
Our ranking methodology includes three categories of data: 1) Revenue estimates
from internal and external sources, 2) Word-of-mouth from industry sources, and 3)
Existing public customer announcements and proof points.
Based on the available information, we believe several SD-WAN companies should be
considered on the shortlist, and we include them in our “Top Ten.” Futuriom believe
the criteria to be the following:
• At least a $50 million annual revenue run rate in 2019.
• Close to cashflow-positive, or at least the capability to show how it would
become cashflow-positive.
• Growing customer base. Futuriom believes the companies below meet the general criteria for a potential IPO.
If they do not target IPOs or decide on other strategies, they could be top acquisition
candidates:
Aryaka Networks operates 26 global POPs. It has focused on a strategy of improving
the performance of the “middle mile,” for example connecting branch offices around
the globe. This is a pragmatic approach that appeals to midsized to larger enterprises
looking to leverage the public Internet with SD-WAN to provide quality of service to
offices around the world. Recently, Aryaka introduced its Passport security platform,
which enables a cloud firewall and threat protection features from third parties.
Aryaka is likely to be among several SD-WAN startup players to reach $100 million in
25
revenue. Company leadership has expressed the desire to file for an IPO, which we
expect could occur in late 2019 or 2020.
Cato Networks is positioned as one of the leading NAAS providers in the SD-WAN
market, which it calls the Cato Cloud. Cato has a unique cloud-focused architecture, in
which hardware devices are placed in datacenters to connect to the company's
network of 40 worldwide points-of-presence (POPs). Cato operates these POPs with
its own IP-based network overlay. If any of those POPs endpoints fail, the Cato
network circumvents the connection by routing traffic around the failure. These high-
availability – or "HA" features – are built into all the client, appliance, and POP layers
with software. Cato provides a lightweight software “thin client” loaded onto COTS
hardware. Another big differentiator for Cato is that it provides a full security stack in
the cloud. This includes a Threat Hunting System (CTHS) capability that IT
organizations can use to identify which endpoints attached to the SD-WAN service are
potentially compromised. That data can then be used to quarantine endpoints
attached to the Cato network. CTHS leverages machine-learning algorithms.
CloudGenix recently made some headlines by raising a significant $65 million funding
round. It has major customers in the banking and retail industries, with some
examples including Columbia Sportswear, Autodesk, and Bank of Marin. In a recent
case study submitted to Futuriom, Prakash Kota – vice president of IT at San Rafael,
Calif.-based Autodesk, which makes 3D design and engineering software – says the
company picked CloudGenix to unify connectivity at all its offices, including remote
small offices, in a mesh network through the Internet instead of through hub sites. In
tests, he says, the CloudGenix solution provided better performance. Cloudgenix
offers application-specific service-level agreements (SLAs) with major cloud providers
including Microsoft Azure, AWS, and Microsoft Office365, and provides tools to
manage traffic at the application level. The company says one of its unique
approaches is the capability to monitor application sessions at the TCP level,
26
evaluating response time. The software also comes with network automation and
network monitoring tools. Company officials have told Futuriom that the organization
in the last year grew bookings and revenue at a 300% rate.
Silver Peak has moved from its base in WAN optimization appliances in software and
successfully diversified into faster growing SD-WAN products and services. Silver
Peak officials recently told Futuriom that Silver Peak Unity EdgeConnect, its SD-WAN
product, now represents more than half of Silver Peak's revenue. The company’s
growth rate is substantial – it grew 200% in 2018 – and the company is estimated to
have roughly doubled the number of employees in the last year. The company also
says it has 25 customers that have spent more than $1 million each, globally. This
customer base is in large retail, large healthcare, oil and gas, technology companies,
insurance, legal services, and other industries. It’s a broad market, and Silver Peak is
well positioned for growth. Many of the customers we have spoken with say that
Silver Peak’s strength is that it can be deployed and managed very efficiently via the
cloud management functions, including the remote configuration of devices using
management templates. This is a key feature for companies that are moving to SD-
WAN as a branch-office router replacement strategy.
Cradlepoint, based in Boise, ID, is focused on mobile segment of SD-WAN, where it
can connect corporate assets such as information kiosks and retail point-of-sale units
using a secure SD-WAN overlay. It gained additional credibility in the SD-WAN space
when in 2015 it acquired the SD-WAN technology assets of Pertino Networks, giving it
SD-WAN controller capabilities, which improve routing and network performance.
Cradlepoint has an impressive customer base, and the company’s leadership says it
has market penetration in more than half of the top Fortune 100-ranked companies.
FatPipe is another company that has successfully transitioned from a WAN
optimization player to a broader technology provider of SD-WAN and edge VPN tools.
27
Based in Salt Lake City, it has been around longer than some of the hot Silicon Valley
startups, and it has a solid roster of customers. The company is reportedly profitable,
according to our sources. Revenue is expected to be in the $50 million to $75 million
range in 2019, according to our sources. As one of the SD-WAN pioneers, FatPipe has
hundreds of customers that use its technology to connect branch offices, create
secure VPN overlays, and provide WAN optimization and application performance.
Versa Networks has focused on building an SD-WAN, security, and virtual network
functions (VNF) platform for service providers, although it also sells to large
enterprises. Historically, the customer mix has been about 75% service providers and
25% enterprise, according to the company. Key customers include Adobe, Capital
One, Virgin Media, Comcast, and Verizon. Revenue growth is high, and Futuriom
expects Versa to be approaching $100 million in annual recurring revenue (ARR) in
the next year. Versa provides the FlexVNF platform, which is a software stack that
provides routing, SD-WAN, and security and is capable of running on COTS CPE, virtual
appliance, and cloud platforms. The platform features full multi-tenancy, multiple
deployment options, and zero-touch provisioning to help solution providers to create
NFV-based managed service offerings. One of Versa's key differentiators has been to
focus on a high-performance "thick branch" that includes its own integrated security
stack. The Versa SD-Security solution includes a NGFW/UTM, malware protection, URL
and content filtering, NG-IPS and anti-virus, DDoS, and VPN/next-generation VPN. It
can be deployed with zero-touch provisioning and automatic service chaining of
different security network functions.
Other SD-WAN Players to Watch Citrix has been repositioning its Netscaler ADC product as a cloud-based SD-WAN.
Futuriom considers this a smart and necessary move, because, as we have observed,
ADC hardware will eventually go away and the software functionality is being
28
absorbed into a software-defined NFV platform. But Citrix has been quiet lately and
has not been as aggressive as other appliance vendors that have made the transition,
such as Silver Peak, which is going directly after the enterprise router-replacement
and management market.
Fortinet is a security and firewall company that has been adding SD-WAN
functionality to its portfolio. The FortiGate Secure SD-WAN includes NGFW security,
SD-WAN, advanced routing, and WAN optimization capabilities. Fortinet in April
announced it is introducing the industry’s first SoC4 SD-WAN ASIC (application
specific integrated circuit), which it says will deliver the industry’s fastest application
identification and steering for more than 5,000 applications. The company believes
this will allow users to avoid delays in accessing their applications and accelerates
overlay performance, providing low latency and the best possible user experience for
business-critical applications. Given the fact that Fortinet has a wide presence in the
firewall market, and with the functionality of firewalls converging with SD-WAN to
provide security functionality at the edge, it is a company to watch in this market.
Riverbed Networks, much like Silver Peak and Citrix, was a WAN appliance vendor that
has been repositioning toward the cloud as an SD-WAN vendor. However, the
company has been somewhat opaque about its SD-WAN strategy, and from what we
hear from enterprise customers, it does not often get shortlisted as an SD-WAN
platform. Part of the challenge is that recently the company was bought by a private-
equity firm, so it’s unclear as to the amount of resources that will be committed to
developing a full-fledged SD-WAN Platform.
29
Key Questions to Ask About SD-WAN Features In enterprises ranging from small to large, there is immense diversity in customer
needs. Some SD-WAN solutions are suited to some customers, while others may need
something entirely different.
In our discussion with end-users and supplies, the same questions come up again and
again. Here is a summary of some of the key questions you might want to ask about an
SD-WAN technology platform or NAAS provider.
Q: Is the hardware CPE open and what protocols and routing
technologies does it support?
There is wide variation among the providers in the feature-sets of CPE. Some SD-WAN
CPE equipment is driven by proprietary orchestration technology that will not allow
the customer to install other vendors’ equipment. Some CPE supports advanced
routing schemes such as Border Gateway Protocol (BGP), some do not.
Q: How much routing at the edge CPE? Futuriom has found that routing technology at the edge, in the CPE, is a key
differentiator. Important features including the ability to route using common
protocols such as BGP and OSPF (open shortest path first). Many customers are
looking for an SD-WAN solution that not only provides traditional SD-WAN services,
such as orchestration and applications prioritization from the cloud, but they are also
hoping to replace expensive branch office routers with more affordable CPE. If the SD-
WAN box is simply being stacked on top of the branch router, that may not be the right
solution.
30
Q: How powerful is the management interface and orchestration? One of the major innovations of SD-WAN is moving behind the tedious, manual
configuration of branch CPE (often routers) using arcane and proprietary management
interfaces including command-line interface (CLI) technical know-how. One of the key
advantages of SD-WAN will be its capability to streamline management with a
graphical user interface (GUI) that not only gives managers visibility into the SD-WAN,
but also applications activity and cloud services. In addition, some SD-WAN platforms
include powerful deployment templates that speed up adoption and reduce opex.
Orchestration templates, which allow specific types of branch installations to be pre-
selected using the orchestration software, are powerful management features.
Futuriom believes that the SD-WAN management interfaces, orchestration, and
deployment templates will be a key differentiator among the many products on the
market.
Q: Are there intent-based networking features? Intent-based networking is the next frontier of networking, in which networks can be
programmed to respond in real-time to network or business demands. Some SD-WAN
providers are moving to include business intelligence and intent-based features in the
SD-WAN products.
Q: Is WAN optimization built in? Does it cost extra? SD-WAN growth has proven to be naturally complementary to WAN optimization,
which was used to condition private-line applications to network conditions. However,
as some WAN optimization vendors are integrating their products with SD-WAN, and
vice versa, there are differing business models in offering functionality. Futuriom
believes it’s going to be most appealing to the customers to have WAN optimization to
31
be natively built into the SD-WAN architecture, without requiring additional or
separate equipment.
Q: What is the security architecture? Integrated network security is becoming a checklist item for SD-WAN solutions, but
there is a wide variety of solutions. In some cases, the CPE may include a builtin
firewall or it may connect to a cloud security services. Futuriom believes that many
enterprises will want as many security features as possible built into the SD-WAN
solutions, including integrated firewall capabilities at the edge as well as security
functions offered from the cloud.
Q: What is the NFV Strategy? Futuriom believes that SD-WAN platforms have the potential to become fertile
strategic platforms in IT by offering the ability to upgrade NFV from the cloud, across
the network, without requiring new equipment. For example, a customer may want to
add applications such as firewall, deep-packet inspection, applications control, and
routing using a centralized software platform. How easy is it to do this, and does it
operate on the same hardware platform? What type of partnerships does the vendor
have with leading best-of-breed NFV applications, such as firewall and security
services?
Q: Is the platform cloud-ready? Cloud is a loaded term that is often misused in marketing. What we mean by this
question is, how much of the platform can run from multiple forms of clouds, whether
it be a public, private, or hybrid cloud? Can it run natively in the cloud from a public
cloud instance without requiring specialized hardware? What type of partnerships
does the vendor have with the leading public cloud services such as Azure, AWS, and
32
GCP? Depending on the customer architecture, the solutions that are most oriented
toward the cloud are likely to have the broadest appeal.
Q: Does the solution support multi-tenancy?
Multi-tenancy is a key functionality sought by many larger enterprises or service
providers who would like to segment applications or customer traffic on one CPE for
multiple users, customers, or applications. One example might be an enterprise that
wants different business unites to share the same SD-WAN with segmented channels.
A service provider obviously needs the ability to host an SD-WAN in the same area –
perhaps the same building – and provide multi-tenancy for multiple customers. In
some situations, multi-tenancy can be a must-have feature.
33
SD-WAN Growth Forecast There is no doubt that SD-WAN is a hot market, having attracted billions of dollars in
investment and customer interest. After years of startup hype, the deployments have
started in earnest, with customers investing real money for key ROI return. Futuriom
has conducted in-depth interviews with SD-WAN service providers, technology
vendors, and customers to gain insight into how revenue will scale in the market.
Forecasting revenue in the SD-WAN market is inherently difficult. The challenges
include the following problems:
• Different business models of different SD-WAN providers and how they charge
for services, software, and hardware
• Revenue recognition models of hardware versus software
• The services model versus the software model.
Futuriom believes that whether SD-WAN is sold as a platform or a service, it is
delivering the same value proposition to the customer: Optimizing WAN bandwidth
and providing ROI in managing and deploying new WAN services. Whether it’s a
service provider selling a WAN NaaS or a enterprise technology company selling a
platform to build a managed WAN, both entities are all selling the same thing:
software that can maximize the value of their network connections.
Revenue Opportunity: NFV Integration
The value of SD-WAN will come from the SaaS or NaaS model that not only adds new
value but also substitutes hardware and software revenue for legacy network
functions such as ADC, VPN, and WAN optimization. In a legacy architecture, these
functions were sold as separate boxes and systems that were “racked and stacked” on
34
top of each other. In the ideal SD-WAN model, they will be plugged into one standard
x86 box that can accommodate new functions that are instantiated with VNFs.
This means that SD-WAN is likely to take marketshare from existing hardware based
ADC, VPN, and WAN optimization markets. For reference, here were recent revenue
opportunities in some of these areas:
WAN Optimization:
• $800m-$1B billion
ADC Market
• $2-$3B
VPN Services (for branch office connectivity):
• $10-$20B
Sources: Gartner, IDC, Markets and Markets, Goldman Sachs.
Total Addressable Market To calculate the total market opportunity, Futuriom looks at the potential for
substituted revenue of WAN Optimization, ADC, and VPN with the organic growth rate
of value-added SD-WAN – a so-called top-down forecast. We compared this with
measured organic growth rate from an aggregated base of revenue numbers given to
us by at least ten SD-WAN startup vendors – a bottom-up forecast. In addition, we
polled dozens of industry sources, including current and former members of sales
staffs, to gauge their sense of the revenues of the startups in the market.
Put these numbers together, Futuriom estimates that the total addressable market for
SD-WAN services is more than $20 billion, with a run rate of $1 billion in 2018, $1.5
billion in 2019, and a 33% compound annual growth rate (CAGR) over the next three
years. Our market forecast is a blend of these numbers, based on actual reported
35
revenues and historical values such as the estimated size of the MPLS and VPN market
(about $50 billion alone).
SD-WAN Market Acceleration In 2018, we saw and heard evidence of market acceleration. Enterprises now consider
the market mature enough. There are several reasons for this revenue growth spurt,
which include the following:
• MPLS and bandwidth fatigue: Enterprises are struggling with keeping up with
bandwidth demand while keeping costs low.
• Cloud acceleration: The move to the cloud is forcing enterprises to look at new
WAN architectures, as discussed in Section II.
• Technology maturity: Many of the startups in this market have now had years to
tweak and perfect their technology to match the needs of real-world
customers.
All this means that there are now a half-dozen companies approaching or exceeding
$100 million in revenue in the 2019-2020 timeframe. After collecting and analyzing
numbers Futuriom is now comfortable in projecting faster growth than was previously
forecast last year (2018). We now expect the SD-WAN market to hit $1.5 billion in
revenue in 2019, with the potential for $2.1 billion by 2020 and $3.4 billion by 2022.
The numbers of our forecasts are presented on the next page.
36
37
Conclusion: Agility and Cost Savings Driving SD-
WAN Adoption
The flexible, software-based approach of SD-WAN is right for the changing dynamics
of the WAN market, and it appears to be gaining market traction with end users, who
benefit from the lower costs of WAN equipment, bandwidth, and operations.
The market has evolved from slideware to customer deployments that are now
totaling hundreds of millions of dollars. Futuriom believes that in 2019 the market
will continue to accelerate and drive into the billions of dollars, including the
replacement of some legacy hardware markets for VPN, ADC, edge routers, and
firewalls. The market is consolidating around software-delivered and adaptive WAN
services that can connect either through thin customer clients or industry-standard
CPE. This trend toward more flexible WAN architectures and consolidated CPE means
that enterprises are looking to purchase more services that offer network-on-demand
capabilities.
Both the SD-WAN software and services markets have lots of room for growth as they
become platforms for delivering a wide range of functions.
CIOs and IT professionals are being incentivized on several levels to look at new SD-
WAN solutions that can lower both capex and opex, increase organizational and
management flexibility, and take away some of the management headaches of
networking.
39
Versa Networks
Product Type: Software and Hardware Target Market: Service providers, Enterprises
Virtual CPE: Yes Network POPs: No Multi-tenancy: Yes
Description: Versa FlexVNF is a cloud native software stack that spans routing, SD-WAN, and
security and capable of running on COTS CPE, virtual appliance, and cloud platforms. Versa’s
solution combines full multi-tenancy, multiple deployment options, zero-touch provisioning,
and multi-cloud extensibility to enable solution providers to create high value NFV-based
managed service offerings. Additional benefits also include resilient connectivity and critical
security functions like next-generation firewall and secure web gateway that automatically
integrate with other networking functions.
Hardware CPE: With Versa, SD-WAN and uCPE services are unified so the underlying platform
has best-of-breed networking and security services inherently but can also host complementary
services. Because of the uCPE platform and SD-WAN construct enabled by the Versa Secure
Cloud IP architecture, visibility, service-chains, policies, and automation are easier and run
natively.
Top Reference Customers: Adobe, Capital One, Verizon, Virgin Media, Comcast
Partnership Strategy: Versa is empowering MSPs to transition to NFV- and SDN-based solutions
to build a stronger foundation for service creation, which is aided by Versa’s diverse portfolio of
software-defined solutions ranging from SD-routing, SD-Security, Secure SD-WAN, and a SD
Branch solution giving the ultimate control, flexibility, and simplicity to deliver superior QoS.
Security Features: The Versa SD-Security solution provides a broad set of software-based
security functions including NGFW/UTM, malware protection, URL and content filtering, NG-IPS
and anti-virus, DDoS, and VPN/next-generation VPN.
Company URL: https://www.versa-networks.com/
SD-WAN Leader Profile