Beyond SD-WANs and SASE: AI-WANs are Smarter, and the Secure Service Edge is Stronger as the Edge Becomes the New Border

March 22, 2022

By Matthew Vulpis, Content Contributor

For businesses to sustain in the current and post-COVID-19 world, they will need to adapt their business models through digital transformation to support a virtual workforce and virtual supply chain. And at the heart of enabling digital transformation is reliable connectivity integrated with ubiquitous communication and collaboration.

To keep up with the competition, as well as current consumer expectations, businesses began adopting cloud-based applications and services to avoid infrastructure cost and complexity, increase IT agility, and accelerate digital transformation. According to a 2021 global industry survey, 92 percent of enterprises already had a multi-cloud strategy, and 80 percent had a hybrid cloud strategy.

Along with the cloud, companies began increasingly adopting Software-defined Wide Area Networks (SD-WANs) to aid in the digital transformation processes. These are virtual WAN architectures that allow enterprises to leverage any combination of transport services, including MPLS, LTE (News - Alert), and broadband internet services, to connect users to applications securely.

"Traditional WANs rely on physical routers to connect remote or branch users to applications hosted on data centers," explained Rob Sese, Sr. Director of Vision and Strategy for ConnX, a provider of a global, multiservice communications platform that brings an advanced, cloud-centric offering to large and medium-sized enterprises. "SD-WAN separates the control and management processes from the underlying networking hardware, making them available as software that can be easily configured and deployed. A centralized control plane means network administrators can write new rules and policies and then configure and deploy them across an entire network at once, and this evolution has completely changed the landscape of private enterprise networking over the last decade. Unfortunately, with the vast amount of innovative technology hitting the market today, SD-WANs are no longer able to handle the capabilities associated with many new devices and applications. This is most notable when it comes to artificial intelligence (AI), with companies today increasingly wanting AI-driven insights and automation for the ease and the optimization they provide. This inspired us to establish our AI-WAN offering, working with Juniper."

Most SD-WAN solutions are not integrated, Sese went on to explain. "Instead, their Virtual Network Functions (VNFs) are service chained and not integrated into a single VNF," Sese said, adding, "you might be surprised how many SD-WAN solutions do not integrate with voice and unified communications, and most companies don't want to continue down the path of siloed point solutions anymore. We've been very successful coming at the global, distributed enterprise networking challenge by approaching it from the angle of telephony – voice is still the most popular app in the world and the hardest when it comes to service assurance. AI solutions, like those we have adopted developed by Juniper, are incredibly powerful as they automate much of what is needed to maintain the highest level of quality, allowing people to be heard and seen while collaborating from anywhere in the world."

Most orchestration and automation platforms today are not AI-powered and don't have tools that support a fully integrated data and UC network, let alone one that extends to analog connections. To solve this problem, more organizations are beginning to turn to AI-WAN solutions.

"AI-WAN is simply the next step in SD-WAN evolution, combining the two technologies in order to reduce errors and enable businesses to make changes at digital speeds," Sese went on to say. "Since manually tweaking and tuning the network to adapt to business changes can be time consuming and error-prone, AI-WAN eliminates this need by being able to make these intelligent and informed decisions on its own, based on policy and parameters."

AI-WAN supports a variety of session optimization and intelligent routing features to ensure high performance and service quality for diverse applications and services. Furthermore, server load-balancing capabilities can automatically distribute workloads across cloud or data center resources to optimize application performance, and a unique lossless application delivery capability boosts WAN bandwidth utilization, helping improve performance over lower-capacity WAN connections.

"AI-WAN also improves cybersecurity, which is a necessity as cybercrime rises in volume, sophistication, and speed," Sese explained. "AI-WAN provides a deny-by-default approach for zero-trust security. This gives companies a stateful firewall that protects applications and infrastructure against data loss and malicious attacks. AI-WAN also gives network administrators full visibility into individual traffic flows, so they can efficiently monitor end-to-end sessions, evaluate service quality, and troubleshoot problems."

When we asked Sese about the Secure Access Service Edge (SASE, which is a term coined by Gartner (News - Alert) a few years ago), he said, "Just like SD-WANs have been forced to evolve, especially as more and more people work from home or from the road, and as IT and OT teams continue to merge to address opportunities and risks at the edge of the network, SASE has also had to evolve, and today there is a clear march toward the Security Service Edge (SSE), which simplifies provisioning, implementation, monitoring, management, and security, leaving the inherent complexities and irregularities of SD-WAN in the dust."

AI-WAN solutions are quickly becoming essential for businesses that want to sustain, survive, and prosper through these challenging and uncertain economic conditions.

"Our industry is in a state of constant flux," Sese said, "and highly entrepreneurial and innovative service providers always adapt faster than the incumbents. "If you want to see the future – and be prepared for it, look to the edge. The edge has always been a challenge to build and manage, but with today's breakthrough secure web gateways, ZTNA, CASB, firewall as a service, and small but powerful new CPE, we have tamed the edge and changed the relationship between the edge and cloud."

Sese said the last few years have been busier than ever, as evidenced by the massive AI-WAN and SSE solutions ConnX has rolled out, including a complete migration of the legacy network of one of the largest retailers in the U.S., spurred by the pandemic and immediate need to move the company up to a more secure, agile, software-controlled, edge and cloud architecture.

"We, along with several partners in the ConnX ecosystem, was tapped to simplify and strengthen the communications and collaboration platform of a highly distributed voice-centric business with over 5,000 branches, a huge mix of legacy key systems using local analog trunks, a gap in back-up data and disaster recovery for mission-critical retail applications, and an overwhelmingly complex and expensive set of management and operating elements," Sese said, noting that the project required an unprecedented "need for speed" because of the impact of the pandemic on retailers.

"We very quickly centralized UCaaS and SIP trunking and deployed virtual edge gateways, powered by Juniper SSR, MIST and MARVIS, and leveraged our Portal, AI-Ops, along with our Service and Security Assurance offering to complete the migration at the rate of 30-40 stores per night, across nearly 5,000 stores," Sese says. "The AI-WAN plus Secure Service Edge scales extremely elegantly, and today we are supporting over 40,000 end-users on our platform, which manages approximately 8 million calls per month. Our Maestro analytics service, in parallel with our AI-Ops capabilities, automates between 1-2 million events per day, with an average of only 300 requiring human intervention."

Sese said not only did the transformation reduce operational costs by $30 million, resulting in a $6 million ROI for the retailer, "The CEO of the company publicly stated that their 11% growth during the pandemic would have been unachievable without this more intelligent, automated, and secure architecture. The benefits are very real, and the benefits are sustainable."

"The pandemic caused so many technology and service companies to step up their game," Sese said. "The rapid pivot to remote and hybrid working made us stronger, and with workforces likely to remain virtual, enterprises are focusing on the new perimeter, the edge, rather than investing more into SD-WAN headquarters and branch connectivity and security. We have seen with our own eyes the power and potential of AI-WAN combined with SSE making it possible for anyone to work from anywhere, and when wireless, private 5G begins to grow, you'll see even more gains when it comes to assured speed, quality, performance, and resilience. It's been inspiring to see the resilience of people over the last few years in the face of a devastating global health crisis," Sese summarized. "More resilient connectivity, collaboration, and security technologies mirror that and are a mission-critical part of the recovery we are finally seeing underway."

Gartner's latest SSE Magic Quadrant report, published early this year, includes Zscaler, Netskope, and McAfee (News - Alert) Enterprise, who, like the rest of the pack, branded themselves as SASE vendors despite a lack of WAN service edge capabilities.

Palo Alto Networks and Cisco (News - Alert), ranked by Gartner as "challengers" after being seen as incumbents for decades, now offer both standalone SD-WAN and SSE products as well as a converged SASE platform.

Gartner analysts expect 80% of enterprises going forward will pursue a single vendor SSE platform rather than standalone security products, a vision shared by Juniper Networks (News - Alert), as described in a recent blog.

Patrick MeLampy of Juniper explained that "…WAN networks are all converging into simpler networks and application layer security will be cloud-based in the future. In building secure WANs that are experience-based, Juniper can simplify and remove decades of complexity that was added over the years to solve problems that no longer exist. By offering a single cloud infrastructure that covers Wi-Fi, switching, SD-WAN and security functionality, Juniper will lead the way to WAN as a service for all."

As these innovations are adopted, and convergence continues, Juniper believes managed service providers have a lot to look forward to this year. "The idea of putting LAN, WAN, WLAN, and more under a common umbrella – what we here at Juniper call client-to-cloud – will continue to gain momentum," added Jeff Aaron in the same blog. "This, and the increased inclusion and adoption of AI technologies, will drive the industry forward."

Edited by Luke Bellos

Get stories like this delivered straight to your inbox. [Free eNews Subscription]