Recently Cavell had a call with VeloCloud (part of VMWare) to discuss federation of their SD WAN gateways, as they had mentioned it in a previous announcement.
Federation is one of the ‘holy grails’ of distributed technology, and one that is hard to achieve for many reasons. For those unfamiliar, federation is two similar systems being able to work together even if they are being run by different companies. In networking systems this means that users from one network and another that are operating to the same standards, or on the same technology can intercommunicate or share infrastructure.
In the VeloCloud example, this would mean that rather than looking for the closest VeloCloud gateway operated by your Service Provider, you’d look for the closest VeloCloud gateway regardless of operator. This could serve to reduce latency and provide a smoother customer experience depending on the customer’s distance from an on-network gateway. With workforces growing more mobile and more remote, guaranteeing quality of access is becoming more of a challenge for companies.
It’s important to note that VeloCloud, do already have a large gateway network with approximately 2,000 gateways across 100 countries, so latency and access issues may not be a problem for many. This network is available for any service provider running a service hosted by VeloCloud who can supplement their own gateways by adding these VeloCloud operated gateways to their offerings based on customer needs. However, although it is currently being worked on, this is not available for companies that are hosting their own VeloCloud service.
Yet even if this doesn’t present an immediate problem, it is worth exploring because of the changing nature of workforces. As many more services become cloud-focused, the location of employees relative to datacentres and network tools becomes more and more relevant. Cloud providers will need to start considering access pathways for these users and how to optimise experiences. Creating a federated network of your solution providers that creates multiple pathways for access could be a key part of that strategy.
If this is so great, why don’t more people do it? Well to start, if a service provider allows other people to access their gateways, how do they identify and charge those people for access? Also how do they ensure that their own customer’s quality of service remains high? In the VeloCloud example, we might see the vendor orchestrating and managing a large amount of cross-party agreements and billing arrangements for this to succeed.
Can this work? Federation has been an idea discussed across technology providers for years, especially in the communications space. Those who favour open source communication tools imagine a world where rather than having the walled silos of different deployments of the same white label technology, instead the users of that platform can identify and communicate with each other freely.
These ideas rarely come to fruition because billing and sharing agreements grow too complex, and there isn’t really an incentive like there is with access. It is in many companies’ interest not to allow federation, as it increases friction, which may push people to switch services if a regular contact is on the competing service. See for example, what happens with many communications tools, which arguably run on similar technologies like WebRTC. However, it is in the vendor’s interests not to facilitate inter-communication as they are trying to secure market share.
We do, however, have an example of federation in the communications industry that works worldwide daily – roaming mobile phones. This is achievable because of the standardisation of comms protocols, but also because of two key factors, the ultimate need for reliable and local access for the service to work for customers, and the unique identifier (Sim Card) that each person has to indicate who they are and where they come from. This means there is a distinct need for better quality of service, and there is a direct path to identification and billing.
Do VeloCloud customers have this need? Arguably the closer a gateway is to you, the more reliable the service you receive, and VeloCloud have worked hard to have a large network that can serve people worldwide. As a service provider you are also most likely to service and sell to customers that make sense and fit within your existing network profile. However, in this ever increasingly mobile world (barring the issues of recent weeks), it is easy to imagine that there will be many remote and mobile workers regularly on the move who need access to corporate services and may move away from their service provider’s network. If these users must transit large distances to find a gateway, they may find themselves unable to work efficiently. This is one of the reasons, as mentioned earlier, that VeloCloud is moving to implement federation with non-VeloCloud-hosted versions of the platform. There may already be a VeloCloud gateway where they are travelling too, however, if there was a gap then service could degrade. It’s possible that this gap could be filled by a federated network of VeloCloud gateways, allowing a user to ‘roam’ anywhere based on their need.
This is why the idea of federation is interesting to us here at Cavell because, one of the larger predictions of this year is that we will start to transition to a more edge based-security approach called “Secure Access Service Edge” (SASE) where security is handled on a case by case basis at the edge of the network. One main feature of this approach is strict user-based authentication, which grants access based on user profiles, location, and other requirements. This then determines the type of security protocols deployed, and how much access the user can be granted.
If we throw in the ability to control network routing with that, and we use the unique user profile combined with a federated approach, you can begin to see how a vendor could make arrangements between its different providers using its software to enable a specific user to access services via the most convenient pathway (at a cost) with activity tracked and billed in a secure way.
The industry is still quite far away from this, but I think the conclusion is that with these new approaches to edge computing and security, coupled with the more flexible networking requirements, a lot of doors are opened to new ways of operating. If we are identifying specific users and basing access to company services on that, then perhaps the cloud-hosted model can move further and allow for access to services that make sense beyond the company under the same principles.
I think that VeloCloud are in a good position in terms of network, and they are already making progress on federation. I don’t think they have a need to go as far as I have outlined above because they have already curated and established a lot of gateways globally for use. However, allowing non-VeloCloud-hosted companies access to that network should be a priority as it enables larger companies who want to host their own instance of the technology a lot more reach to service a global workforce.
VMWare is also working to ensure it is on the cutting edge of network technology, an example is its recent acquisition of AI Ops company Nyansa to give it even more analytics in the branch and a competing proposition with current “SD-Branch” vendors. Also, part of the consideration of that purchase must be the future implications of machine learning led network awareness on security and stability. This coupled with recent upgrades to its Virtual Cloud Networking architecture and NSX-T, position the company well in the networking space moving forwards.
Cavell will be watching for future announcements in this space. One thing that has become apparent through all these discussions is that the way that companies access data and expect to be able to use services is changing. So, we as an industry must embrace that changing nature and work to identify the solutions that let us give the best services to our customers. Whether this ends up in a fully distributed network where identity is the great gatekeeper that enables access to all services or one that still relies on corporate specific services that include a wholly owned corporate datacentre (physical or virtual) is yet to be seen.