The phrase “software-defined ….” has come into the IT lexicon with a rush in the past two years, starting with software-defined networking and extending to what some product marketers claim is software-defined everything.
Now meet the software-defined virtual wide area network.
It comes from a startup called Viptela Inc., created by a group of men from Juniper Networks, Cisco Systems, Alcatel-Lucent and other tech companies to take the principle of SDN for enterprises — a software controller that centrally applies policies to routers and switches — and marries it to the WAN.
The San Jose, Calif., company came out of stealth mode on Tuesday promising its solution is “fundamentally transforming” how large companies can build and secure wide area networks.
“Our goal is to make secure connectivity a utility,” Ramesh Prabagaran, vice-president of product management, said in an interview.
In his telling, enterprises with a large number of branches have two problems: for security reasons their branches are often stuck using poky MPLS or T1 connections with speeds of around 1.5 Mbps, compared to the 50 Mbps people can get in their homes from Internet providers; the hub-and-spoke WAN networks, which means traffic runs from each branch to the data centre, limits the kind of applications they can create.
The result is app development is slow.
Banks, for example, would like to have “virtual tellers” in branches — video kiosks or screens for customers with links to tellers in nearby branches who could help with certain problems when things get busy. But if traffic is forced to go between branches and data centers rather than directly between branches, it slows down communications.
Similarly, the inability of MPLS to allow traffic segmentation means a retailer that shares connectivity with several partners — say a department store with an independent optician and pharmacist inside — means a lack of flexibility.
Viptela’s approach is to make the WAN look like a large virtual network. Its vEdge Routers sit at the edge of the network. A software-base vSmart Controller that runs on VMware (customer supplies the server) sits above that establishing a secure connection to the routers, with an overlay for sharing routes and policies.Overseeing all is vManage software, a for management and configuring devices.
Customers can buy the controller or have it provided as a managed service.
“We are one of the first companies to integrate routing and security in a single solution,” Prabagaran said.
Because the solution is transport agnostic it can blend and segment any network — MPLS, cellular, Internet, Ethernet. So a customer can, for example, run Internet traffic on one network, email on another and cloud applications on a third. Or have internal traffic on one and a partner on another.
Setting up branch to branch communications is easier than on most WANs. Security is assured with end-to-end encryption
Pricing is a mix of up front cost plus plus a recurring licence fee. List price for the lowest router is US$2,995. The larger model, which can be customized, run up to US$20,000. Controller prices range up to $4,000 depending on requirements.
Among the advantages, the company says, is the ability to roll out applications faster than before.
Industry analyst Zeus Kerravala said that from a briefing it’s an interesting approach. “What they’re trying to do is bring a level of agility to WAN its never had before.”
Compared to data centre networks, the WAN hasn’t evolved much in 30 years, he said.
Vipela’s approach could appeal to large organizations that rely heavily on WANs with budget sensitivity, like school boards, he said.
The company is looking for integrators and service providers to sell its solution.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."