Gartner Report: Enterprise Network Services Market Trends for SD-WAN and NFV

As SD-WAN and Internet adoption in enterprise WANs grows, competition in service management increases. Network service providers must rethink the market and service delivery to ensure they meet new enterprise demands.

[[343982]]

Market Status

Software-defined WAN (SD-WAN) is becoming the choice of enterprises in WAN Edge updates. At the same time, MPLS is gradually being replaced by the Internet to meet the ever-increasing WAN bandwidth.

Network service providers are increasingly facing new competitive challenges in overlay SD-WAN hosting and underlay WAN transport.

The market remains hesitant about WAN Edge applications based on Network Function Virtualization (NFV) as enterprises view the technology as immature, complex and not cost-effective.

Enterprises need to rebuild network security for the cloud, Internet, and SD-WAN, which creates opportunities for the convergence of WAN Edge and network security services.

To cater to the market trend of SD-WAN and NFV services, network service providers must:

• Transform enterprise networks by providing choice and flexibility, including fully open options in the components of WAN services (equipment, access, transport and management).
• Leverage a broad communications portfolio to integrate additional services such as SIP trunking, managed LAN/WLAN, and unified communications and collaboration into SD-WAN offerings and bundle them where appropriate.
• By leveraging the network-based NFV platform (POP points and cloud gateways) and partnerships with cloud security vendors, combined with SASE (Secure Access Service Edge) to provide extensive and flexible network security services to meet the growing distributed security needs.

By 2024, 60% of enterprises will adopt SD-WAN to increase agility and enhance support for cloud applications, up from less than 20% today.

Most enterprises need to transform their WAN to optimize access to public and private clouds and become more agile and flexible to effectively support current and future digital needs. Gartner predicts that enterprise spending on cloud services will grow to $405 billion by 2023. To transform the WAN into an effective enabler rather than an obstacle to enterprise transformation, the following stringent requirements need to be met:

• Flexible and agile networks that can respond to rapidly changing needs.
• Cost-effective bandwidth to meet new demands.
• Improved visibility, reporting, and analysis of network and, more importantly, application workload performance.
• Scalability and support for IoT implementations, edge computing, and various industry-specific use cases.
• A more flexible approach to network management to accommodate different enterprise usage preferences, from fully vendor-managed to self-managed.
• The need for intent-based configuration and self-healing networks.

Based on this, Gartner summarizes the market trends of SD-WAN and NFV services.

Figure 1. Market trends of the SD-WAN and NFV service markets

Market trends for SD-WAN and NFV services

1. SD-WAN becomes the choice of enterprise WAN Edge

As enterprises migrate to the cloud, the traditional hub-and-spoke WAN architecture has proven to be suboptimal in terms of agility, flexibility, and low-cost bandwidth. SD-WAN products provide a better solution for deploying and managing traditional routers for hybrid or pure Internet-based WANs, which also brings more flexible WAN Edge hosting capabilities.

Gartner predicts that enterprise spending on SD-WAN equipment is expected to grow by more than 55% year-over-year and at a compound annual growth rate of 23.4% between 2018 and 2023, estimating that SD-WAN technology is already in use in more than 500,000 branch offices worldwide. In fact, by the end of 2019, more than 50% of managed WAN solution deployments used SD-WAN technology, and by 2024, market penetration will reach 60%.

Most network service providers (NSPs) choose vendors such as VMware, Cisco (which acquired Viptela and Meraki) and Silver Peak, but vendors such as Versa Networks, Fortinet, Juniper Networks and Nuage Networks also give the market more choices. Gartner expects enterprise spending on managed SD-WAN services to grow at a compound annual growth rate of 76.1%, and by 2023, enterprise spending is expected to be close to $5.7 billion.

Due to price and technology limitations, enterprises are still slower than expected to adopt NFV-based delivery models. In a Gartner survey, 39% of enterprises believe that technology and supplier risks are the main obstacles to the widespread adoption of NFV-based services. Leading NSPs are working to provide more hardware platform and software function options while trying to ensure quality and reduce complexity. Gartner believes that NFV will become the main delivery model for enterprise networks, but it is still unclear whether most functions will be delivered through local white boxes (uCPE) or from the cloud (NFV nodes in the network).

2. Competition is intensifying for both WAN Edge products and managed SD-WAN services

As SD-WAN technology matures, competition in the SD-WAN product and managed services market is becoming increasingly fierce, and vendors are working hard to stand out in various ways, such as:

• Expanding its offerings with additional networking capabilities and, most importantly, security features (e.g., Riverbed's partnerships with Versa Networks and Fortinet).
• More cloud-based solutions, and a move to as-a-service offerings and innovative licensing models (such as Aryaka’s cloud-first SD-WAN).
• Providing an enhanced WAN backbone over the Internet to improve application performance (Cisco’s Meraki, Silver Peak, VMware, and other SD-WAN vendors working with Teridion).

Most NSPs have already competed in the market to provide enterprise managed SD-WAN services. However, the cloud-based centralized management and zero-touch configuration supported by SD-WAN have broken the traditional NSP-centric managed network service procurement model, and the new procurement model allows enterprises to choose disaggregated managed SD-WAN components.

For the WAN access and transport layers, enterprises have more and more alternatives to choose from, which also brings challenges to NSPs:

• For enterprises that want to reduce lock-in to MPLS providers, take advantage of bargaining power or follow the BYO (bring-your-own) approach, moving WAN connections to the Internet provides more options for enterprises. For example, Expereo, GlobalInternet, GTT Communications, etc. all adopt the BYO approach.
• Some OEMs (Aryaka, Cato Networks) and some independent backbone providers (Teridion, Mode) offer alternatives to MPLS and public Internet WAN transport through a variety of methods, such as their own private backbone or innovative routing solutions over the Internet.
• Enterprises and service providers (including those that do not own any network) can leverage carrier hub interconnects (e.g. CoreSite, Digital Realty, Equinix) for WAN backbone/transport.
• Microsoft's Azure Virtual WAN leverages the backbone network of hyperscalers and is likely to be chosen by enterprises (especially Azure customers) for WAN transport as its price competitiveness improves. Microsoft is working with several SD-WAN OEMs (such as Cisco, Nuage Networks, Riverbed and Silver Peak) as well as NSPs (such as BT and Tata Communications) and non-network service providers (such as Open Systems) to reach service management integration agreements.

Gartner predicts in its SD-WAN Managed Services Market Guide that by the end of 2022, 40% of global enterprise SD-WAN plans will separate some or all of the underlying WAN transport from managed SD-WAN services.

For managed WAN services, NSPs are beginning to adopt a network provider-agnostic approach to improve the competitiveness of their offers. They need to ensure that their products offer real choice and flexibility in the equipment, access, transport and management layers of WAN services, including full openness to the Internet as the primary WAN connection method where appropriate, rather than insisting on MPLS. NSPs can also bundle other services into WAN products, such as SIP trunking and UCaaS.

As competition for managed SD-WAN services intensifies, NSPs will need to find new ways to differentiate themselves.

3. The NFV-based WAN Edge market is still developing slowly

Currently, many NSPs offer NFV-based service delivery from their cloud gateways to enable network functions such as security and WAN optimization. However, the NFV-based enterprise edge network service delivery model (virtual CPE [vCPE]) is still not widely available, but is provided by a few regional or global NSPs (such as AT&T, BT, Colt, GTT Communications, Verizon, Vodafone, etc.).

• Delivered on the customer's local virtualization platform or universal CPE. Most NSPs first offer Brite-boxes (branded white boxes) from vendors such as Cisco (Enterprise Network Computing System [ENCS]) and Juniper Networks (NFX Series), followed by pure white boxes from OEMs such as ADVA, Dell, Lanner, etc. Leading service providers of uCPE products, such as AT&T and Verizon, are expanding the scope of white boxes and customizing them according to customer usage, trying to optimize the balance between functionality, performance and price. Virtual routing, firewalls, SD-WAN and WAN optimization are the most commonly used functions, and usually require at least two alternative technologies. Others may also include more advanced security functions, virtual session border controllers (SBCs) and some other VNFs. At present, Gartner believes that enterprise adoption of uCPE is still lower than expected.
• Delivered from NFV nodes in the operator's network. Some NSPs, such as AT&T, Colt, GTT Communications, Masergy, NTT Communications, and Verizon, have launched commercial, enterprise-grade WAN edge network services on NFV nodes in their networks. However, this market is still immature, and only a few of these NSPs have launched NFV nodes that can support global deployment, and further development is still needed to provide fully automated end-to-end service orchestration. The most commonly used services are firewalls and WAN optimization. But paying customers are still very limited.
• Some NSPs, such as BT and Verizon, have included in their managed network services the possibility of hosting SD-WAN VNFs on public cloud providers such as Microsoft Azure and AWS.

In addition to NSPs, some managed service providers and operators can also provide the required NFV infrastructure (NFVI) to provide NFV-based deployments for enterprises and other service providers, as well as large geographic coverage and high-speed connections. In 2019, Equinix released many WAN-related products, including a globally interconnected cloud exchange architecture, where enterprises and service providers can establish virtualized points of presence (NFV POPs) in their data centers.

Buyer Trends

1. SD-WAN usage surges

With the steady growth of cloud computing and the growing demand for 20% to 30% incremental bandwidth each year, most organizations are adjusting their WAN architectures. Currently, it is less common to completely replace MPLS with SD-WAN, and more common to adjust MPLS to the appropriate bandwidth to support locally hosted applications, provide key location connections, and increasingly support direct connections to cloud providers. Increased bandwidth requirements are now typically met through Internet connections.

Ethernet access with speeds between 10 Mbps and 10 Gbps is replacing traditional time-division multiplexing (TDM) lines. As access prices fall, enterprises often provision access lines at higher speeds than required, but limit port capacity to current needs. In this way, they can more easily upgrade capacity as needed. This approach also enables some service providers to offer on-demand network services.

2. SD-WAN and Internet network security need to be restructured

Enterprise WAN security issues are impacted by multiple factors, such as applications distributed across clouds, the growth of remote users, and the variety of edge devices accessing the WAN.

With the adoption of SD-WAN and the Internet, security perimeters and traditional data center-centric security architectures also need to change. We see that almost all enterprises are adopting:

• On-premises security appliances at local branch offices (either standalone next-generation firewall [NGFW] appliances or SD-WAN products with enhanced security capabilities).
• Cloud-based security is achieved by redirecting traffic to a Secure Web Gateway (SWG).

3. Enterprises have not yet realized the benefits of uCPE

Despite the relentless efforts and investments made by NSPs, uCPE has not been able to gain significant adoption by enterprises due to price constraints, lack of economic attractiveness, and technical and management complexity. Driven by exaggerated market hype, high expectations for performance improvements in flexibility and cost reduction have largely remained unfulfilled due to:

• In many typical use cases, the pricing of a total solution consisting of hardware, pure white or grey boxes, and individual software function licenses (often priced separately) is not attractive. The price of VNF software is almost indistinguishable from that of traditional OEM bundles of proprietary hardware and software.
• The enterprise's choices are limited to software vendors that have been selected and tested to run on the uCPE hardware selected by the service provider.
• Multi-vendor NFV solutions still face technical complexity and technical limitations, including VNF interoperability, lack of a unified management framework, and throughput and overall performance of multiple VNFs on a single general-purpose x86 server platform.

Further investment and market development are needed to further enhance uCPE’s agility, flexibility and return on investment, so that more companies will be interested in it.

4. More hosting services, more choices

Gartner points out that the growth of managed network services has brought opportunities due to the increasing complexity of WAN management and the desire of enterprises to reduce the risk of network transformation. Enterprises can better control SD-WAN policies and network configuration through service portals and APIs, and this joint management approach is gaining support from customers.

Overlay uses SD-WAN and the underlying layer uses the Internet, which is conducive to the decoupling of WAN management and WAN access transmission sources. Over time, it is expected that system integrators (SIs), non-network service providers, ISPs and other smaller innovative managed network services will be increasingly chosen by enterprises.

5. Visibility, collaborative management, automation and business outcomes

Over the past 12 months, Gartner has observed that most senior buyers are increasingly demanding the following capabilities:

• Service Visibility
• Zero Touch Provisioning
• Configuration based on business policies
• Co-management
• Using APIs for service orchestration
• E-bonding
• Network Automation and Intent-Based Networking (IBN)

The popularity of SD-WAN has also shifted the consideration of purchase from network technology to transformation results and service levels. Enterprises are seeking more realistic goals and countermeasures.

Technology Trends

1. SD-WAN moves towards standardization of results

As more and more enterprises and service providers adopt SD-WAN, there is growing interest in the definition and standards of common services. In August 2019, MEF released the standard MEF 70, which defines the expected behavior of SD-WAN products, which has received support from technology vendors and service providers. Now, MEF continues to work on the new MEF 3.0 SD-WAN certification program, as well as further improvements to the initial standard, which is not yet incorporated into the definition of protocols or other technical specifications. However, SD-WAN solutions remain proprietary on the control plane, and customers cannot mix and match controllers and edge devices from different SD-WAN technologies in one Overlay.

2. Open standards and open source

The collaboration between CSPs (communications service providers) and industry bodies OCP and ONAP, as well as other network service providers, aims to foster a large ecosystem of network vendors around open standards and open source solutions, with the goal of creating a market that can provide enterprises and service providers with more innovation, cost efficiency and more choices. The most famous example of this strategy is AT&T. In 2017, AT&T opened its ECOMP code, and ECOMP (Enhanced Control, Orchestration, Management and Policy) eventually became an open source project under the Linux Foundation. At the same time, the company also announced that it would officially host its open source distributed network operating system (dNOS) to the Linux Foundation and change the project name to DANOS.

At the same time, leading CSPs continue to expand their virtual network services and NFV-based enterprise network service delivery models. The focus is on:

• Gain more choice through major network providers to enhance the breadth and depth of service.
• Enhanced service catalog with breadth and depth of VNFs from leading network vendors for more choice.
• Offering a wider range of uCPEs and working with OEMs and chip manufacturers to improve performance (especially in multi-VNF deployments) to provide more attractive price points.
• Issues with interoperability and technical complexity lead to lengthy bring-up times for new VNFs and uCPEs, limiting the options and flexibility of pre-tested service chains. We are working with the industry to address these issues.
• Prepare to use NFV POP architecture to support future edge computing and hosted customer workloads.

3. Improve automation

While expanding SD-WAN technology options, leading NSPs are working to enhance the customer experience: offering self-service configuration options, improved performance visibility to the individual application and user level, and advanced analytics capabilities available through portals.

Today, more and more NSPs are offering bandwidth-on-demand services, with some supporting more advanced features such as adding additional endpoints, on-demand cloud services, etc. NSPs are investing in SDN, NFV, strong automation capabilities, end-to-end service orchestration, and interoperability with other providers' programmable networks, which will enhance current network on-demand services. However, most of today's SDN and NFV deployments are immature, and most NSPs lack fully integrated end-to-end delivery capabilities.

Over time, enterprise network solutions will evolve into intent-based networking (IBN) solutions, where a high degree of automation will enable the network to monitor itself and ensure that policy intent is always met at the time of configuration. Artificial intelligence (AI)/machine learning (ML) will ensure the delivery of results by measuring network parameters in real time and proactively fix problems before they actually occur.

4. New options for WAN transmission

NSPs will continue to invest in Ethernet-enabled fiber links to further improve the speed and coverage of wired Internet access, while making initial investments in 5G, which could become a viable alternative for last-mile WAN connections. In 2019, SD-WAN vendors and network service providers jointly developed 5G-enabled SD-WAN services. The first mass production deployments are expected in 2020.

There are more and more options in the market for enterprises to provide alternative WAN transport to NSP's MPLS services. Providers such as Aryaka and Cato Networks provide enhanced private backbones in addition to SD-WAN technology and managed services. Carrier centers such as Equinix and hyperscalers such as Microsoft Azure have built huge backbones that enterprises (as well as service providers) can use for WAN transport. Providers such as Anapaya, Mode and Teridion provide innovative overlay solutions on the public Internet to improve application performance, allowing enterprises to rely on the public Internet for WAN transport.

5. Convergence of SD-WAN and Network Security

SD-WAN technology vendors are adding advanced security features to their products, either through their own intellectual property or through partnerships (such as Citrix and Palo Alto Networks). Similarly, security vendors are also adding SD-WAN capabilities to their products. One of the most successful examples here is Fortinet. Its product FortiGate adds its own SD-WAN capabilities to the unified threat management (UTM) capabilities of the provider and has climbed to third place in shipment market share in the second quarter of 2009. In addition, vendors such as Cato Networks and Open Systems have also enhanced the security of their hosted SD-WAN services.

The next big disruption in the market will be the convergence of the WAN edge and network security markets to offer a service delivery model that combines cloud-based SD-WAN and extended security capabilities. Gartner describes this model as Secure Access Service Edge (SASE), which reduces operational complexity and costs and provides greater flexibility and better performance. Although vendors such as Cato Networks, Infoblox, Open Systems, Palo Alto Networks and VMware have been quick to embrace the term and offer initial products, we have not yet seen any vendor offer full SASE capabilities. Gartner expects the technology to develop well as more vendors launch their SASE offerings and enterprises gradually adopt the technology over the next five to ten years.

supplier

1. AT&T

AT&T was one of the early advocates of SDN and NFV, and the company plans to use software-defined architecture for more than 75% of its network by 2020. It launched a network-integrated SD-WAN service based on VMware NSX SD-WAN (VeloCloud) technology, which also provides overlay SD-WAN services as well as AudioCodes, Cisco SD-WAN and Juniper Networks SD-WAN. It provides a wide catalog of VNFs and pre-configured service chains, including virtual routers, security appliances, WAN optimization, software-defined WAN and SBC, from vendors including AudioCodes, Check Point Software Technologies, Cisco, Fortinet, Juniper Networks, Palo Alto Networks, Riverbed and VMware. To provide these network functions, enterprises can choose from a variety of uCPEs, including white box x86-based AT&T FlexWare appliances, AT&T's Vyatta, and Ciena and Cisco ENCS appliances, or they can use many of these VNFs from NFV POPs in the AT&T network. Currently, AT&T is actively promoting the creation of open standards and is committed to developing an open source market for network and service development.

2. Cato Networks

Cato Networks is a privately held company in Israel. The company's core product is a cloud-based service that combines SD-WAN (a global network backbone) with network security services, including Next-Generation Firewall as a Service (NGFWaaS) and Zero Trust Network Access (ZTNA) solutions. The Cato Socket SD-WAN appliance connects enterprise sites to the nearest network POP (Cato Cloud) via any combination of fiber, cable, xDSL, or 4G/LTE. The provider uses Internet Protocol Security (IPsec) tunnels to connect to major cloud providers such as Amazon AWS, Microsoft Azure, and Google Cloud. Security services are delivered through Cato Cloud and managed using the self-service Cato Networks Management application. Cato Networks insisted on using SASE to build its services early on, which is primarily aimed at the mid-market with security and cloud access needs.

3. Equinix

Equinix is ​​a data center and colocation provider. Equinix currently has more than 210 data centers in 55 major cities around the world. In 2019, Equinix completed the global promotion of its Equinix Cloud Exchange Fabric (ECX Fabric), an SDN-based connection platform (Platform Equinix) that enables its customers to establish on-demand network connections (Layer 2 or Layer 3) between the Americas, Asia Pacific and Europe through a self-service portal or API. Equinix provides a large number of interconnection services to public cloud service providers, using its platform as an option to build a customized cloud-optimized wide area network. In 2019, Equinix also launched its network edge capabilities, enabling enterprises and service providers to deploy in minutes and run their VNFs on Equinix's modular infrastructure platform. Equinix does not provide SD-WAN technology or traditional WAN transmission services.

4. Microsoft Azure Virtual WAN

Microsoft launched Azure Virtual WAN in 2018, a network service for enterprises that enables automatic virtual private network connections to Azure IaaS and leverages the Azure backbone for WAN branch-to-branch connections. The company is working with several SD-WAN vendors for service integration, such as Citrix, CloudGenix, Riverbed, Silver Peak, and Versa Networks. Security services come from companies such as BarracuAlto, Check Point Software Technologies, Fortinet, and Palo Alto Networks. Microsoft is also working with service providers such as BT and Open Systems to make Azure Virtual WAN available as a managed network service.

5. Teridion

Teridion uses an innovative routing protocol (Teridion Curated Routing) to provide cloud-based WAN services on a network of more than 300 access points around the world, built on 25 public cloud providers around the world (such as AWS, Microsoft Azure, Google Cloud Platform, IBM SoftLayer, DigitalOcean, etc.). Enterprises use IPsec connections from routers or SD-WAN devices to connect to Teridion's network. Teridion's service does not require any new hardware or software, supports dynamic capacity expansion of network connections, and is backed by SLAs. Currently, Teridion has integrated IPsec with Cisco Meraki, Citrix, Silver Peak, VMware VeloCloud, Citrix's SD-WAN, and routers for branch offices from Cisco and Fortinet.