Think of cloud services and the typical image is SaaS applications, like Salesforce.com and Google Apps, maybe rented computer capacity on Amazon Web Services and Rackspace. Until now, one piece of the infrastructure puzzle has largely escaped cloudification: the network. But a new generation of services built in major co-lo hubs and delivered over the Internet promises to do for networks what EC2 and Salesforce have done for computing and packaged applications: Add speed and flexibility and, just maybe, cut costs.
How? Much as IaaS and SaaS leverage multitenant economies of scale to contain expenses while increasing flexibility and enhancing scalability, cloud-based networks use ubiquitous and less-expensive ISP circuits as the platform for configuring and managing network equipment or even delivering private WAN-like services.
These cloud offerings, pioneered by wireless vendors seeking better ways to manage hundreds and thousands of access points, can now automate the configuration and administration of all manner of WAN equipment, from branch office routers to security appliances. Other products go even further, actually delivering WAN services out of the cloud, allowing IT to replace complex and expensive MPLS, T1, or optical (DWDM) circuits with an Internet-based private WAN.
Another new network service category essentially builds a multiparty VPN in the cloud, eliminating the setup headaches of conventional SSL, L2TP, or IPsec VPNs while allowing remote clients, soon to include mobile devices, to simultaneously join multiple private clouds.
The cloud is poised to profoundly change WANs in two important ways: how distributed networks are managed and how they are delivered. The former amounts to a SaaS approach to network administration, where management consoles and device configuration screens sit in a cloud service, are accessed via browser apps, and use web APIs to push changes to remote network equipment. Often called “cloud-enabled networks,” the approach was pioneered by wireless LAN vendors trying to streamline the consistent configuration and ongoing administration of thousands of distributed APs but is increasingly applied to things like branch office routers, VPN gateways, and other security appliances.
The second change entails delivering private network services over a public utility. Although cloud services inherently rely on the Internet, they are obviously not all public services. Indeed, enterprises have been tunneling private traffic over the Internet using VPNs for years. Much as Salesforce, NetSuite, and Workday use the cloud to deliver dedicated instances of enterprise applications, companies like Aryaka and Pertino now deliver network-as-a-service (NaaS) offerings where the backbone is the intrinsically nondeterministic Internet, not private point-to-point or MPLS circuits, but with capabilities mirroring those of traditional private WANs.
Although cloud network services are still young, 25% of respondents use them now, with an additional 11% in some phase of investigation and 26% intrigued by the idea. Of course, as with all online services, the chief bugaboo is data security: 78% of our respondents mention it as a top concern, followed by service availability and reliability at 48%. Our take is that "unsecure!” is a Pavlovian response whenever some IT pros hear the word "cloud." Don’t believe us? When asked which three features they would find most attractive in a WAN service, only 21% named end-to-end data encryption as one of their selections.
More important by far than encryption, client VPNs, or edge redundancy are lower capital and operational costs along with ease and speed of deployment. Takeaway: Money and convenience trump security and reliability every time, lip service notwithstanding. The stated concern over reliability is likewise overblown when you consider only 19% of respondents would value service SLAs with teeth including detailed performance guarantees and non-compliance penalties. So let’s start being honest, if only with ourselves.