This week, we published our Secure Access Service Edge (SASE) Forecast and Research report, a deep analysis on the market, the key players, and the opportunity that lies ahead for it. We expect SASE revenue to grow more than 500% by 2025. As a result of strong market growth, we also expect a tremendous opportunity for new vendors to stake their claim in this increasingly complex environment. As the SASE market is at a relatively early stage, many vendors are introducing new products and services to the marketplace, many of which can be considered “best-of-breed” offerings.
We think enterprises will be navigating multiple priorities, shifting between the needs of their security teams and their networking teams. As enterprises shift toward Zero Trust and SASE architectures, they are increasingly evaluating and deploying multi-vendor cloud-delivered security services, and it is not currently necessary for all the SASE elements to come from a single vendor. For example, HPE Aruba (Silver Peak) offers freedom of choice through a best-of-breed multi-vendor partner ecosystem. HPE Aruba’s approach is reinforced by the hundreds of deployments they have alongside cloud-delivered security services from partners like ZScaler, Netskope and Check Point. Enterprises working with vendors like HPE Aruba, with a multi-vendor partnering strategy, should be able to continue working with vendors they have worked with already or be able to pick “best-of-breed” systems.
The news media has featured our research, and the reports have had interesting takes, for example a Dark Reading article, SASE Surge: Why the Market Is Poised to Grow, focuses on the significant growth opportunities for the market.
Juniper held its industry analyst day last week to present its strategy update to the market; the company wants to change networking for the cloud era. The company reiterated its commitment to three customer types: cloud provider, service provider, and enterprise. The company is making investments to take advantage of multiple technologies: 400 Gbps, 5G, Multi-cloud, segment routing across its portfolio for multiple IPv4 and IPv6 use cases; artificial intelligence (AI); and security. An underlying theme for Juniper’s enterprise strategy is its AI-focus that comes with its Mist acquisition, a WLAN company; the company is transferring this AI technology to its wireline products in the coming quarters. We cannot emphasize enough how big the opportunity is for Juniper in the enterprise market. The company has taken on a big task by extending the Mist AI engine to other parts of the portfolio, starting with the campus and branch switching and routing products, but we expect customers will see the value of automation and intelligence throughout the enterprise product line.
The company highlighted several key points of differentiation:
• A cloud-optimized, Linux based version of Junos is available for certain data center use cases
Enterprise. To emphasize its re-invigorated focus on enterprise, the company highlighted its recently closed acquisition of Mist Systems, an AI and WLAN vendor, which bolsters its enterprise product breadth. Now Juniper has a wide product portfolio: WLAN, switching, SD-WAN, routing, and security.
Service Provider. The company is showing good growth in its cloud-delivered SD-WAN offering. The company supports segment routing across its portfolio for multiple IPv4 and IPv6 use caseswhich it believes will allow it to serve 5G needs of operators. Contrail system Networking has been deployed widely to control and manage virtualized infrastructure EPC, IMS, and combined control plane systems at operators. Juniper continues to invest in high performance routing as evidenced by its strong position in the emerging 400Gbps market.
Cloud. Juniper expects that in the 400 Gbps era, it can take market share in Tier 1 hyperscaler switching because it has addressed some deficiencies it had not delivered in the 100 Gbps era. This includes support for SONIC, P4, Stratum, and other private APIs. It expects to ship the PTX 10008/16, with 14.4 Tbps per slot, by year-end 2019. Juniper is also disaggregating Junos to meet cloud operators’ flexible consumption models and cloud-optimized architectures.
Business Model. The company expects that by the year 2021, it will get 16% of its revenues from software. It revealed that recently, it was at 10%.
We attended the Comcast Business analyst event in Philadelphia. We find the Business Services part of Comcast is interesting, and so do customers, because it is growing rapidly. It installs a “new Ethernet every four minutes,” and has “40-45K installs per month.” The company shared with the audience that it is expanding the breadth of its services to grow its potential revenue it can get from each customer, and in many cases is either acquiring or developing this technology itself. We see these development efforts as moving up the technology stack.
To understand Comcast Business, you have to know that it has unique approaches to its different customer segments. The organization addresses customers of different sizes, and it does not use the same terminology as some others do: SMB (<20 employees), Mid-market (20+ employees), Enterprise (Fortune 1000). We think it is more common that small is considered 100 employees and smaller, which would include SMB and Comcast’s Mid-Market, and that mid would be 101 employees or greater. Here are the Comcast Business market views:
More details about customer segments. In addition to attacking three customer size groups with distinct approaches, it also serves two verticals (carriers and government) segments with different strategies and recently acquired Deep Blue (May 2019) that serves WiFi to venues and hospitality verticals. Each served customer type uses different combinations of third-party developed technology and Comcast in-house developed technology. The company has 4,000 people developing in-house technology. As a mix of total systems sold to customers, today, Comcast Business uses a higher mix of in-house developed technology when serving its small and mid-market customers than it does when serving large enterprises. The group that serves Enterprise Solutions serves large enterprises using mostly using third-party technology from vendors like Cisco, Fortinet, and HPE.
On the other hand, the company serves smaller-sized customers using fully or partially in-house developed technology. Comcast Business’s SVP Product Management, Bob Victor, summed up its approach to working with third-party vendors by saying, “We want to totally commoditize hardware.” We assume he means this is a long-term goal because, during the event, the company told us of new hardware and software relationships announced with new vendors.
For small and mid businesses, the company has developed several in-house technology systems that compete with vendor-supplied technology. One such example is its WiFi Pro service, which combines internet connection and WiFi service. In WiFi Pro, which was introduced a couple of years ago to small businesses and is available at up to four Access Points, the company sources WLAN access points from a non-branded access point. Based on our discussions at this conference, we would not rule out that at least some of the in-house developed technology may be supplanted by vendor-supplied technology if there is a compelling reason. However, on multiple occasions, we learned that the direction the Comcast Business is going is to develop in-house technologies and bring these directly to customers, first with smaller customers, and perhaps very long term to large enterprises.
Managed Services. The company delivers both transport/network services and transport bundled with other services; there is a case to be made that Comcast Business’ bundled services could be called Managed Services. However, even Comcast says there is some confusion about using the terminology “Managed Services,” because of customer expectations; some customers see it as a very high level of services, where customers do nothing, while others see it as Comcast Business is “working with” the customer to deliver the service.
Playing to Strengths. On an overall basis, Bill Stemper, who runs Comcast Business, says the company’s strategy is to focus on serving the wireline needs of businesses in the US. He says, “this is where we invest. We expect to focus this way for decades.”
Small Business details. Stemper said that the company would bring “mobile to small business.” It will bring mobile to this segment when “all the systems are squared away, and when sales reps are capable of selling this additional service without slowing down customer purchasing decisions on the existing suite of services.” It is currently offering mobile in selected markets to learn more about selling this new service. We expect mobile to small business to be offered sometime in 2020.
Growth Avenues in Mid-Market. The company made it clear that it believes the mid-market is an enormous growth opportunity. And, starting in 2020 and beyond, the company says, it is putting more investment into it to improve coverage, its focus, and its reach. Today, the company has 800 reps targeting the in mid-market and plays to strengths in certain verticals such as government, education, and healthcare.
Large Enterprise Opportunities. Approaching the Fortune 1000, the company has its most meaningful exposure in finance, healthcare, restaurants, retail, hospitality verticals. The company is finding customers who, according to Comcast, are replacing MPLS service with broadband and getting a 50% cost reduction and an order of magnitude speed improvement. Comcast introduced a leader from a large finance company to the audience, and though we cannot name the customer, the company shared that it had moved initially to use Comcast transport, and is currently doing a proof of concept for voice and Comcast’s ActiveCore SD-WAN service. Comcast reiterated its plans to use Cisco, Fortinet, and HPE at large enterprise (Fortune 1000), though implied it is entering another phase that it internally calls Enterprise 2.0 for its Enterprise Solutions group. In Enterprise 2.0, the company hinted it might develop more in-house technology and further implied its ActiveCore (SD-WAN is one service it offers in ActiveCore) might find a home in some large enterprises. Comcast’s customer endorsed the idea of using white box universal CPE loaded with “best of breed services” instead of buying vendor-supplied routers so it will not have to replace 15,000 routers when it comes to upgrading time or transitioning.
Carrier opportunity. Bill Stemper, who leads Comcast Business explained that, since 2009, it has served carrier Ethernet to the mobile industry and it will pursue 5G opportunistically. Elaborating further, Stemper said it would decide whether we can get leverage on new builds to serve 5G simultaneously with other customer types. So, it sounds like building new plant to serve only 5G backhaul is not in the cards.
Deep Blue WLAN. In May 2019, the company acquired a Troy, NY-based WiFi services company. We understand from the presentations that Deep Blue was growing at least 30%/year for several years before the acquisition and that its revenues may have hit around $40M. The company designs/installs third-party WLAN and associated systems, then operates the networks for a recurring fee mainly in verticals such hospitality and large venues. The wholly-owned subsidiary has developed advanced software and services capabilities that could easily be leveraged across the other parts of Comcast Business, but from what we learned, there has been no cross-fertilization as of yet.
Products. The company is expanding the number of services it can deliver to customers, thereby increasing its possible revenues to each customer. It began offering SD-WAN services three years ago. It plans to expand beyond SD-WAN. In its mid-market customer focus, the company will soon offer security (Advanced Firewall and UTM, for instance), routing, and a bit later on, voice gateway (SBC) and WiFi. For premises-based VNFs, these are run on a universal CPE (uCPE) that today costs about $1,000 to Comcast and it will be launching a $500 uCPE with similar capabilities soon. The company is updating the cable plant that serves business users, where 4 M businesses are passed, towards a “mid split” architecture that allows for greater upstream speeds so that initially 50 Mbps up and down will be possible, and then over time 100/100, 300/300 and longer-term 1 Gbps up and down. The company also uses EPON for more demanding needs and places like multiple dwelling units; it won’t be moving to XG PON (10 Gbps) for the foreseeable future.
The company has a multi-vendor approach with these VNFs. This week, it announced Fortinet UTM/security. We expect the company could announce other security, routing and perhaps longer-term, other SD-WAN vendor options. We think the company will stick with a single WiFi cloud controller for at least the next year or so, but indicated it could introduce at least one more vendor’s technology afterward. The $500 uCPE device is capable of 1 Gbps SD-WAN throughput, as well as advanced firewall at 1 Gbps and has UTM at 600 Mbps. These are impressive throughput numbers, we think, especially because similar throughput capabilities are available on proprietary boxes from vendors that cost much more.
Additionally, the product called CBR2, a new version of its Comcast business router, will be coming soon. Both the original CBR and CBR2 have WLAN as a built-in feature. But, neither the CBR nor the CBR2 has sufficient WLAN coverage capabilities to satisfy a mid-sized business, so Comcast thinks its soon-to-be-launched WLAN plans to mid-sized businesses allow it to serve more customers. One such new target from these added WLAN capabilities will be the E-Rate program, which is a partial funding mechanism for K-12 schools overseen by the US FCC, is one such target.
Comcast emphasized that it has spent significant time and resources developing software capabilities that allow it to orchestrate VNFs, to remotely administer customer networks, and to allow multiple VNFs from different vendors, or to allow VNFs that are developedin-house by its customers.
The main message of Ribbon keynotes was that Ribbon has moved from a voice and SBC focus to a broader scope including data and analytics, such as UCaaS, Security-as-a-Service, Service Assurance-as-a-Service, SIP Trunking-as-a-Service, SD-WAN, and analytics. The company identified two major catalysts to the change in company scope: the August 2018 acquisition of enterprise SBC company Edgewater and the February 2019 acquisition of analytics company, anova. Additionally, the company confirmed that it is not pursuing service provider mobile market opportunities such as EPC or “full IMS” that are components of larget mobile equipment larger vendors. Instead, Ribbon is pursuing the mobile market by offering overlay analytics services that allow SP customers to derive value from mobile operators using monetization, network, marketing, and customer care.
The company’s core business is evolving. For instance, the company has doubled down on the Enterprise market with its Edgewater acquisition, and a result, it emphasized that it is unique because it has both service provider and enterprise SBC product offerings. The company has offered SBC on public cloud and reiterated that this capability has been available for one year. The company highlighted that it has a Tier-1 Mobile Network Operator VoLTE Interconnect contract win.
Analytics. The company sees its opportunity in the analytics market is to deliver technology to the customer for the following cases:
• Monetization (Targeting, Advertising, Sponsored Data, Campaign Efficacy)
• Network (Reduce Network Cost, Improved Quality of Experience, Proactive Alarms, Network Service Assurance)
• Marketing (Service bundles, churn reduction, product insights, inferred demographics)
• Customer Care (customer experience, bill shock, most probably cause)
We are impressed with Ribbon’s technical capabilities when it comes to using GPUs. The company has previously discussed the performance of its GPU based media interworking function as being 3.5x more powerful than a DSP-based system, or 9x more powerful than a CPU-based system and over 2x more power efficient. The company says its GPU-based systems are generally available for its D-SBC and i-SBC functions. It has evaluations at three operators: Tier-1 US MNO, Tier-1 US CSP, and Tier-1 Japan CSP. We would not be surprised if some of these customers begin deploying soon. One of its Tier-1 operators found that the GPU-based system costs half as much in capital spending and is 800% more power efficient.
Kandy, the white-label voice/messaging services brand of Ribbon discussed its success with customers such as BT, NUWAVE, AT&T, Hong Kong Broadband, Optus, and ecosystem partner, Five9. It enables UCaaS, CPaaS and WebRTC services. The company reiterated that it plans to go to market with partners, mainly service providers, instead of opening its own store-front that would compete with service providers. The company says its customer pipeline is growing.
We attended the Aruba Atmosphere 2019 user conference in Las Vegas. What we learned was that Aruba had made solid progress since last year’s Atmosphere conference. It has delivered on 802.11ax, SD-Branch (and SD-WAN), AI/ML, and Zigbee/Bluetooth 5.0, and elements of the IoT market. The company also introduced a new access point that was not hinted at last year, an 802.11ad outdoor access point. If we were to sum up the company’s main message for the show, it’s all about SD-Branch. The company took great efforts to emphasize that its portfolio has greater breadth than ever and is among the few vendors that can deliver all the networking a company may desire.
802.11ax. At last year’s event, the company told customers to expect 802.11ax products by Nov/Dec of 2018. Our market share tables show the company shipped 802.11ax for revenue in 4Q18. At the show, the company also announced some new, full-featured 802.11ax Access Points, the 530 and 550 series. These new Access Points support Bluetooth 5 and Zigbee, to allow support of IoT devices. These new 802.11ax Access Points will be available this month, April 2019.
802.11ad. The company also introduced a point to point outdoor access point. The new AP387 allows 1 Gbps at 400 meters using 802.11ad and has a backup of 5 GHz 802.11ac in case of inclement weather. This device has been shipping for a “couple months” according to the stage presentation (personnel at the show booth said since January 2019).
Machine Learning. Using Machine Learning for Client Steering and for managing Transient clients. At last year’s Atmosphere event, the company was just rolling out AI/ML to customers to improve networking capabilities for wireless users.
SD-Branch. The company disclosed that it has 25,000 SD-Branch “wins,” which means that it has many contracts to sell “at some point in the future” SD-WAN and other branch equipment systems such as WLAN and switching. At last year’s event, the company had not sold any SD-WAN, so this is a big accomplishment and signifies Aruba’s progress in delivering what it calls a Single Pane of Glass approach that includes four parts: SD-WAN orchestration, Dynamic Path Steering, Secure Connectivity, and Dynamic Segmentation.
Clearpass Device Insight. The company introduced its device recognition system, intended to simplify the discovery of IoT devices on the network. Clearpass Device Insight is available in April 2019. This cloud service uses a fingerprint database, as well as AI/ML, to find devices on the network, and then presents them by category on a single screen.
During the day-2 presentations, the company had some fun and CTO, Partha Narasimhan, showed a picture of him pretending to be an IT executive of a fictitious university.
Keynotes at the NFV World & Zero-Touch Congress in San Jose, California were very interesting today. We share our observations and view of the main themes from these interesting presentations by Nokia, NEC/Netcracker, Google, CenturyTel. The main theme of these presentations, we think, is this: NFV/SDN is now deeply in the deployment and commercial phase, where compared to 3-4 years ago, it was just a concept.
Nokia. The company announced that its Airframe server platform, which is an OCP based design, comes available with either embedded acceleration or pluggable acceleration. This comment includes its software acceleration. The company explained that its Reefshark chipset can be equipped on the Airframe server and can perform better than a non-accelerated server:
In explaining functions that an Airframe with Reefshark can perform, the company gave a good example: massive MIMO beamforming can be assisted by the machine learning capabilities.
NEC/Netcracker. Enrique Gracia presented several uses cases of the NEC/Netcracker customers that related to NFV/SDN. He explained that 16 customers have deployed one or more of these uses cases.
Full Stack OSS/BSS/MANO. A customer deployed this system in 12 weeks to launch a VNF. The system managed both physical and virtual devices.
Expand to a new territory using VNFs from home region. A customer now delivers services to a customer outside the home territory by deploying the software and service from the network location at the home location. In this particular case, NEC/Netcracker and its customer do revenue sharing and VNFs include SD-WAN, virtual firewall and others. The service provider is expected to expand its customer addressable base by 40%, mainly targeting small/medium businesses in this non-home region. This system uses MANO, OSS, BSS and the marketplace. The company says in this case, time to revenue is expected to take 50% less time to deploy new VNFs in the future.
uCPE (Universal Customer Premises Equipment) deployment instead of branded hardware. The company worked with a service provider company to enable uCPE to be deployed as an alternative to Cisco, Juniper and others' gear.
Google Cloud. Vijoy Pandey, who represented Google Cloud, presented on the topic of using AI/ML to reconfigure its data center system. The company's cloud data center architecture has been evolving continuously since it was first introduced. Currently, the company is using its own AI/ML system to learn from current network traffic patterns in order to design its future network architecture.
CenturyTel. The company has deployed Broadcom based Ethernet switches using its own Network OS. These switches do their own packet forwarding. Additionally, the company has built its own orchestration system called VICTOR. It draws upon Ansible, NetCONF, uses the service logic interpreter from ONAP and uses parts of Open Daylight. The company plans to open source this development and the spokesperson Adam Dunstan said, perhaps jokingly, that this might be called ONAP-lite.
SD-WAN vendor Riverbed announced plans to acquire Wireless LAN vendor Xirrus today. Riverbed emphasizes its product line and portfolio strategy in the Software Defined Wide Area Network (SD-WAN) market. Xirrus has emphasized its product portfolio as being a cloud-enabled Wireless LAN (WLAN) market vendor. Two main themes come to mind with this acquisition:
As background, it is quite interesting to see the journey both Riverbed and Xirrus have followed over the years that makes this deal work. Both today are active participants in the cloud and software defined markets. Both Riverbed and Xirrus have participated successfully in their respective marketplaces to have undergone transformations as their markets have evolved.
Our view is that SD-WAN is more than WAN optimization. It is more than just security and services. And it is more than branch routers. SD-WAN is a full branch play. Every vendor will approach SD-WAN differently depending on their strengths. With the Xirrus acquisition, Riverbed just differentiated from its SD-WAN competitors by doubling down on enterprise relationships. We are excited about the SD-WAN opportunity. Many vendors are repositioning their product lines to address SD-WAN, and Riverbed is both strengthening and differentiating its product line to more fully address enterprise needs by adding LAN and WLAN capabilities to its portfolio.
WLAN industry consolidation has been a major theme in the past several years. Most recently, we've seen:
Consider that the early consolidation deals for WLAN companies were mainly to allow Ethernet Campus switch companies to sell WLAN/Campus Switch products to their customers. HPE's May 2015 acquisition of Aruba was a good example of this kind of acquisition. And the acquisition was done in large part to respond to Cisco's acquisition of Meraki a couple years before the HPE/Aruba deal. And, in a corporate M&A twist-of-fate, in mid 2016, switch vendor Brocade announced plans to acquire WLAN vendor Ruckus. But, before it could complete the deal, semiconductor vendor Broadcom announced its own plans to acquire Brocade and spin off all Brocade assets but its Fibre Channel assets, putting in motion the Arris for Ruckus and Brocade ICX switch products deal. So, the first several deals were switch/WLAN related, and like we said, more recently, WLAN acquisitions are related to broader themes than just campus switch consolidation of WLAN, including broadband equipment vendor Arris for Ruckus and SD-WAN company Riverbed for Xirrus.
This leaves very few pureplay Enterprise-class WLAN vendors in the marketplace these days, Aerohive being the largest among the pureplays. Interesting indeed.