(soft upbeat music) - Hey guys, Naj Qazi here, welcome to another awesome video. In today's video, I'm gonna touch base on
SD-WAN competitive landscape. We're gonna do a Gartner
Magic Quadrant review, of the top three players
in the SD-WAN space, and I'm gonna give you a No BS review. So it's gonna be a very exciting one, I'm pumped without
further ado, let's roll. (upbeat music) Let's jump right into it. Here are the topics I
plan on covering today. First, Gartner Magic Quadrant. Second, Cisco Viptela SD-WAN. Third, Silver Peak. Four, VMware VeloCloud, and finally, I'm gonna give
you a bunch of pro tips. With that, let me take
you on a quick journey. So here I am curiously
wondering what's happening on those islands, let's check 'em out. We got four different islands here. We got the Gartner Magic
Quadrant Island, Cisco Island, Silver Peak Island and
VMware VeloCloud Island. Let's get started with the
Gartner Magic Quadrant Island. Here are we gonna do a quick analysis, of the Gartner Magic
Quadrant in particular, we're gonna look at the quadrant for WAN Edge infrastructure. This is the SD-WAN quadrant, Gartner decided in their infinite wisdom, to call it WAN Edge infrastructure, I'm being a bit cynical here but I think it's very appropriately named. So Gartner Magic Quadrant, without getting into too much
detail is divided into four different boxes called quadrants. So we start off with the Leaders quadrant, which is the top right, Visionaries is the bottom right, Niche Players is the bottom
left, Challengers top left. Now instead of spending
time in other quadrants, we're just gonna focus
on Leaders quadrant. Another item I want to draw your attention to is the X and Y axes. The Y-axis shows the ability to execute by each of these players, and at the bottom we are seeing
the completeness of vision. so Leaders are the ones that
not only have a great vision, but they have an amazing
ability to execute. That being said, let's zoom
into the leaders quadrant. This year's Gardner Magic
Quadrant is very unique in a sense that we have a lot of Leaders that have emerged in 2020. Last year in 2019 there
were only two players, that were considered Leaders. VMware VelaCloud, and Silver Peak. Even Cisco had been pushed
into the Challengers quadrant, in 2019 but in 2018, Cisco is
also in the leaders quadrant. And the reason for Cisco's shift, had to do with the Viptela acquisition and then Cisco tryna shoehorn, the iOS XE into the Viptela code, so I think that kind of caused
a little bit of that shuffle. But that being said, let's
focus in on three players, that I wanna talk about today. We'll talk about VMware VeloCloud, we'll talk about Cisco Viptela, and we'll talk about Silver Peak. I'm not gonna talk about the other guys in the Leaders quadrant, they
have their own specialties, but another element that I
want to bring to your attention before we move on from here, is there's a lot of interesting
power play going on. So Palo Alto Networks acquired CloudGenix, who specialized in SD-WAN and Silver Peak, was also recently acquired
by HPE, HP's sister company. So it's really interesting, what's going on in the SD-WAN realm. It's exciting times with that, let's go ahead and take a look at the Cisco solution real quick. So we're gonna go ahead
and visit the Cisco Island. So guys in full disclosure, I'm not gonna spend too
much time on Cisco today because my previous video
is an in-depth analysis of Cisco SD-WAN. So if you're really interested in doing a deep dive in Cisco,
check out my previous video, I'm going to provide a card in this video, so you can just tap on it. And I will also provide a link down to the video description. And I'm going to also provide
a bunch of other references, in the description below. So definitely check that out. So let's jump right
into the Cisco solution. So here's the high level view of the Cisco SD-WAN architecture, the first element I want
to draw your attention to is the separation of the
Data Plane, control plane, and the Management Plane, Data Plane is the transport the routers, the circuits, and all that. And that's what we're looking
at here in the red box. As Cisco calls them either cEdge or vEdge, depending on the type
of appliance you have, and you could either
have a physical appliance or a virtual appliance, if you happen to have
cloud based connectivity you're gonna spin up, you know, VMware, it's all ZTP or zero
touch provisioning based. This is the, the Data
Plane component of it. And you can have any
type of transport MPLS, internet, 4G, LTE, whatever have you, remember the whole idea of SD-WAN as transport is irrelevant, it's all about the
overlay, not the underlay. And by the way the Data Plane component is also the underlay of the network. Now let's shift our attention
to the Control Plane. This is where the value
proposition of SD-WAN shines, so here we separate the
Control Plane from the routers and we have now moved that intelligence into the controllers in particular, vSmart controllers. They're the brands of the entire solution. And they're the ones that are responsible for pushing the routing
and security configuration down to the routers at
the bottom of the screen, you're talking horizontal scale, which means if you need to
add more SD-WAN appliances, you can just keep adding
more and more of these smart controllers. Finally, the Management Plane component, and this is the key because vManage, is where everything happens. This is the portal that
you as a customer log into once you purchase a solution, and from here you get to
configure all the controllers, and not only you get to
configure but you can monitor, you can troubleshoot, you
have a view of the entire as SD-WAN fabric right here
in the vManage controller. You also have third-party
APIs that you can leverage different types of automation solutions. As I mentioned earlier, for more details of
watch my previous video, for the sake of expediency, I'm gonna move to the next section. Now let's quickly take a look
at the appliance portfolio. So what Cisco has is the
traditional ISR ASR portfolio. Depending on your site,
you may be a good fit for an ISR 1,000 or ISR
4,000, or maybe an ASR 1,000. It just depends, if it's a branch site, if it's a data center
or something in between. And if you happen to
have cloud-based access, and do AWS Azure or GCP, you're going to have
to spin up a CSR 1,000. Moving onto the next item. When Cisco acquired Viptela for (indistinct) of $600 million, this is the portfolio that Cisco
acquired the vEdge platform from Viptela they never got rid of it, these appliance are still available and the reason they are available is because they're very, cost-effective. Now the big thing about these boxes the vEdge boxes that they
do not support security. And if you're using the vEdge boxes, that of course if you
have the infrastructure the service component like AWS Azure GCP, you'll spin up the vEdge cloud. Finally, the virtualization component, these two boxes ENCS 5,000 and CSB 5,000, you can run different
virtual network functions, watch my previous video to learn more. And now let's shift our
attention to Silver Peak. I'm gonna spend a little bit
more time on Silver Peak, and Vela cloud, because I
haven't created a separate video on either of these vendors,
so I wanna make sure that you guys have a good understanding. The Silver Peak SD-WAN
platform is called unity, and there are three components
to the entire solution. The first piece is the Unity Orchestrator, this is the brains of the entire solution. This is the centralized controller, you ca.n figure monitor and everything in between right here on the orchestrator, it could be on prem, it
could be in the cloud, or you can have it as a
orchestrator as a service where Silver Peak hosts, the orchestrator in their
cloud and you get access to it. And that's typically
the most recommended way of doing SD-WAN, is to go with
the cloud-based orchestrator, because it's a lot more simpler. However, another
component to keep in mind, is that when you do get the
cloud-based orchestrator, there's typically additional
costs associated with it. Not every single vendor will charge you, but most of them will do, for hosting the
orchestrator in their cloud, because naturally they
have to spend resources, on your behalf to let that
orchestrator be available. And that typically do a pretty good job, they have high availability setup as well. So you don't have to worry about it, but just wanted to
share that tip with you. Second element of the solution
is the Unity EdgeConnect. These are the boxes that you will have in a physical form factor, or a in a virtual form, in the cloud, and these are the SD-WAN appliances. These are the Data Plane devices. And finally the third
element of the solution is an optional component, and
that is the Boost license. And Boost is the WAN
Optimization component. One thing to keep in
mind guys is Silver Peak, were WAN OP or WAN
Optimization specialists before they got involved with SD-WAN. So they have really amazing
WAN Optimization capability and they actually brought
all that secret source, from their WAN Optimization realm, and merged it into the SD-WAN code. And I think that really
gives Silver Peak an edge in the industry when it comes
to their SD-WAN offering. But once again, this is
an optional component, you don't have to get it. There's something you could
get the big benefit being, you don't have to buy
another WAN optimization box. If you happen to be big into WAN OP, with Silver Peak as the WAN, you can get rid of the
hardware and combine that functionality or consolidate
it into the same hardware, so it's more like a one box type solution, which kind of makes it
once again attractive from a financial stand point. Now let's shift our attention to the Silver Peak Unity
EdgeConnect Hardware Portfolio. So as you can see here on the screen, you what you have is t-shirt
size style model numbers, so EdgeConnect ultra small, extra small, small all the way up to extra large. And as you can see third row
down, a typical WAN Bandwidth, this is where you'll look at
the model name of the box, and then match it with the WAN Bandwidth. Remember guys with SD-WAN, we look at the circuits that we have and how much capacity we're
gonna need on that box. And the WAN Bandwidth shown
here is the total bandwidth. Whether you have a single circuit, or you have multiple circuits, the key to pay attention
to is all together, that's the maximum WAN
throughput you're gonna get on that box. And you also wanna look
at the type of features you wanna subscribe to and make
sure you pick the right box. We'll talk more about that in a bit. Now let's visit the
VM-ware VeloCloud Island, VeloCloud solution is divided
into three components. First, let's look at the green box, we have the VMware SD-WAN
Edge, it's a virtual Edge, there's a lot of
flexibility and deployment, it's a purpose-built hardware
offered by VeloCloud. They also work closely with
Dell for fulfillment purposes. On top of having a physical hardware you can also have a
Virtual Edge in the cloud, which is pretty much the same
as any other SD-WAN vendor. But what is unique about VeloCloud, is the fact that you have
the ability to run a VNF or a virtual network function
specifically a third party VNF right on your SD-WAN appliance. For example, Palo Alto network firewall. You have the ability to
run a virtual instance of a PAN firewall right on your
VeloCloud SD-WAN appliance, once again making it very attractive, one box solution approach. Very interesting and unique
from that perspective. And you can have a
branch data center cloud, whatever have you00 . The box below it (indistinct) here we look at the orchestrator
and the controllers. This is the portal that you log into, this is the brains of the entire solution, this is where everything happens. This is where you configure
your business policies. This is where the API are, if you want to do third-party automation, this is where the Zero
Touch Provisioning is done, and this is where you
configure all the templates and everything. You also monitor the environment here. You can have it running on VMware, if it's in a virtual form, or your service provider
might have it hosted, or you could have the controller on-prem, but one thing to keep in mind is you have to get special approval, if you want to run it on prem,
depending on the deal size. This is not something
VeloCloud offers by default, to all the customers. So to me, it's a bit of a negative, but it's not a huge
negative because about 95% of the customers are completely fine with a cloud hosted orchestrator
and a controller model. They don't really need to
deploy the controllers on-prem but if you happen to be on
the on-prem side of the house, this is something to keep in mind. And as I mentioned, you can
figure your policies there, your API APIs, and your
Zero Touch Provisioning. Now let's move on to the final box here, VMware SD-WAN Gateways. Now this is also something
unique to VeloCloud, and what's happening
here is we have optimized cloud on-ramp. So if you guys are familiar
with the previous video I did called Cisco cloud
on-ramp, it's the same idea here but the big difference is
VMware has already set up multiple gateways, hundreds
of gateways across the globe. And in those gateways, they
have their appliances sitting and they're constantly
monitoring the quality of connectivity into the
different SaaS and IS providers, and they're constantly
detecting which part is better and which location is better
from a geography perspective. And they redirect the traffic
based on how the traffic is performing and how the
servers are responding, in real time, so it's a unique value
proposition from VMware. It's fully managed by VMware, you don't have to worry about it, all you have to do is just make sure you have the appropriate licensing tier. So you have this function
available, it's Multi-tenant, and as I mentioned, these
gateways are strategically placed, in different top tier network
points of presence or pops around the globe. And the VMware SD-WAN Edge portfolio, it's divided into small, medium, and large the smallest box being Edge 510, to the largest box being
Edge 3,800, for example, if you have a location that
needs a 500 Meg connectivity, you'll pick Edge 610 box. If you happen to have a site that requires two gig connectivity, you're
gonna need an Edge 840 box. If that outside auto
requires a third-party VNF, being ran on the same box, you
could run a virtual instance of a PAN firewall right
on your Edge 840 box. And finally, if you have a
side that has a requirement of 10 plus gig connectivity, you're gonna pick the Edge 3,800 box. Now that being said, a lot is
happening in the SD-WAN space at a very fast pace guys,
so don't kill the messenger, by the time you're watching this video, and you're talking to VMware
and some of these boxes are end of life, or
are no longer available because like I said a lot is happening, new silicon, new chip set. So new pieces of hardware are
constantly being rolled out, so take some of the hardware
information that I'm sharing with you with a grain of salt
and just make sure you refer to your vendor documentation
for up-to-date information. And now let me talk about
the most exciting stuff, the pro tips. Let me take a moment to
emphasize this right here, is a money shot, this is the money slide. Okay, if you could take
just one key takeaway from this entire conversation
today, it's right here. This is not something
you're gonna find in books. This is not something
you're gonna be able to find in documentation. This is based on real world experience that I've acquired over the
years as a solution architect, talking to different
vendors and customers, and reading different documentation. So this right here could easily save you, days worth of research. Let's jump right in. Let's look at row by row. So VM-ware and Silver Peak
only have a single controller, whereas Cisco has three
separate controllers. Now I believe Cisco did
themselves a little bit of a disservice by creating
three separate controllers, because it confuses a
lot of the customers, but the reality of the matter is guys, you don't have to touch any of
those additional controllers, you only mess with the vManage. Everything else is behind the scenes. You never touch 'em, they're
automatically configured to remanage. Second element, packet loss compensation. And that's a big one, technologies like forward error correction and packet order correction
and packet duplication, and here Silver Peak shines. Based on some of the research I've done, and some of the customers that
I've talked to Silver Peak is able to handle up to 10%
packet loss compensation. So you could be on a broadband circuit, experience up to 10% packet loss, and your voice and video
will still be okay. That is massive. Cisco recently introduced
their forward error correction, and packet duplication, it's there, not sure how great that is
because it's a recent feature, time will tell. But Cisco just recently
rolled it out and with VMware, can expect around 2%
packet loss compensation. The next element per packet, load sharing versus
flow-based load sharing, even though the Cisco documentation says it's less intrusive, to
do flow based load sharing because you're not doing
asymmetrical routing and all that. However, I do know that
Silver Peak, for example can also do flow-based
load sharing as well. So keeping that in mind, I
think they're all on par, and their own proprietary technology that they use is pretty good at doing the load sharing piece of it. Now another element to keep in
mind is the VRF segmentation. So with VMware, only up
to 16 VRFs are supported, Silver Peak uses VXLAN based segmentation, they call them BIO or
business intent overlays, maximum I believe they only support seven, that number might change
tomorrow, but as of this video, only seven business
intent overlays supported. Cisco, however, offer
unlimited segmentation, they call it unlimited but
there are physical limitations on the box as far as how
many VRFs you can create, I think it taps out at between two to 300, that's a lot, I have yet to
see a clear real world use case for having that many VRS. Next up, this is what the geeks
out there, VMware uses VCMP of VeloCloud management protocols, Silver Peak uses Subnet
sharing and Cisco uses OMP or Overlay Management Protocol. From a hand-off perspective
both VMware and VeloCloud can only do ethernet handoff,
copper, or a fiber-based, whereas Cisco is unique in a sense that they can offer ethernet or TDM, TDM being T1, T3 or DS1,
DS3 those type of circuits. Now, most of the customers
today could care less about TDM, everybody is pretty much on ethernet, but just wanted to throw it out there in case if you had some TDM
circuits in your environment. Next up is security, both VMware and Silver
Peak, for the most part, tell the customers that you
should look into a secure internet getway or a cloud
access security broker, somebody like a Zscaler or
could be any other cloud-based security vendor, but
that's what they recommend. However, as I mentioned earlier, that VeloCloud have the
ability to host third-party VNF locally if you wanted to do that. And Cisco is unique in a sense that they have their
own full blown security. So you can do layer seven app firewall. You can do IPS and IDs. You can do URL filtering. You can do advanced malware protection, and you can do Umbrella DNS security all configured on the Viptela box. So once again, Cisco is in
a unique position there, Cisco also support cloud based security. Next up is the WAN optimization,
Silver Peak shines there, VeloCloud doesn't do any optimization, whereas Viptela has the
WAN OP on the roadmap, As far as I know, Silver
Peak is a clear winner. Next up unified communication
features or voice features, so if you have CUCM express
running on your routers, Cisco started supporting
this feature a couple of months ago and it's there, so Cisco is clearly a
leader in that regard. And finally, if you've full Cisco shop, if you have invested a
ton of money with Cisco and if you happen to have
a ton of Cisco switches and you also have Cisco SD-WAN, Cisco has started integrating SD-WAN and software defined
access or SDA via as SGT or security group tags
or scalable group tags, so you can actually have a
unified policy across the board. So it's kind of a unique
element from that perspective, and Cisco has already started
pushing these features out as I speak. So once again, Cisco is clearly
a leader in that regard. That being said, let's talk
about key differentiators. VMware VeloCloud, because
of their third-party VNF, I believe that's a unique differentiator. Silver Peak their 10% packet loss, plus their WAN OP capability
absolutely key differentiators. For Cisco Viptela, they have
multiple handoff options, so if you have a very
diversified handoff requirement for your circuits,
Cisco is a clear winner, and also if you wanna do local firewall, local IDs IPS on your SD-WAN appliances Cisco is a clear winner in that area. Now let's move on to the
key SD-WAN questions, that you need to be concerned
with in order to design, a best practice SD-WAN solution. So what you need to be
looking at is when is your WAN contract up. You need to look at when
is your hardware contract coming up for renewal. How many sites do you have on MPLS? Can you take advantage of being on? Can you maybe ditch a
couple of MPLS circuits and use internet instead? How many sites do you have altogether? This is important because
that'll help you understand the skill so you can
pick the right vendor, that is capable of
handling that many sites. Circuits, you need to see
the the type and the size of those circuits, whether or not those circuits
are active, active today, if not, SD-WAN can help you there, any performance issues
that you have today, whether or not your WAN routers
are currently being managed by a third party, or if
you're managing them, whether or not you need to
isolate different business units, if you do, how many do you have? Do you have a distributed firewall model, where you have a firewall at each site, or do you back haul all the
traffic to your data center, because of a centralized security model? Who's your firewall vendor? This question is important because that will help you understand, whether or not the SD-WAN
vendor you're about to pick, if they play nice with
your firewall vendor. If you happen to be a 100% Cisco shop, how recent are your ISR and ASR routers? If they're fairly recent, you probably don't need
to buy new ISR and ASR. You can just probably do
a softer upgrade on them, to enable SD-WAN
functionality through iOS XE. If you happen to be a Meraki shop, if you have a lot of
Meraki APs and switches, maybe Meraki SD-WAN is a good solution. I know we didn't talk
about Meraki SD-WAN today, but it's also a pretty decent solution if you don't need a lot
of bells and whistles, it gets the job done, maybe
Meraki's the way to go. If you already have their
access points and switches, maybe do a full stack Meraki,
something to think about. Next up, what are your
business critical applications? And finally what's your cloud strategy? It's important to understand
your cloud strategy, because that will help you determine whether or not you need the
cloud on-ramp type feature, provided by the different SD-WAN vendors. And finally SD-WAN gotchas, the pitfalls, things you wanna avoid, otherwise they will get you big time. First up advanced routing. If you have a very complex network, that requires very advanced level of BGP and all SPF and all that, you may want to look at vendors
that are really, really good with advanced routing. So among the three that
we talked about today, Cisco is a clear leader
in advanced routing. Neither VeloCloud nor Silver Peak, have any advanced routing capabilities. They have bare bone routing capabilities, their whole idea is once
you switched to SD-WAN, you could care less about routing, but the reality is
until you get to SD-WAN, you're gonna live with a
brown field environment, with a hybrid environment where
you're gonna have some sites on SD-WAN, others on traditional WAN. You better make sure that
you don't have any advanced routing needs. If you do, you better
pick the right vendor. Second one up SD-WAN
appliance total throughput. So if you're going to start
enabling advanced features, like on Cisco, for example, if you're going to do advanced firewall and IPS IDS and AMP and all that stuff, you better make sure in
advance that you understand the total throughput requirements, because the box you
initially thought you needed, you may have to go to the next level up, or maybe two levels up to pick
the right box for your sites, because now you're turning
on all these different bells and whistles. From a VPN Segmentation perspective, the key question here is, do
you need multiple overlays within the same SD-WAN fabric? Or do you need Multitenancy and have separate SD-WAN fabrics? And what I mean by that is
to answer the first question, if you need multiple overlays
within the same SD-WAN fabric, that's an easy thing to solve you just need to make
sure you have the ability to create multiple VRFs or
multiple segments or VPNs. Whereas if you had multi-tendency, then you better make sure
that your SD-WAN vendor has robust multi-tendency capabilities. And when I say Multi-tendency, that means each tenant has
its own set of controllers and so on SD-WAN fabric, completely segmented from each
other completely separate. Number four, security. For the most part, if you
have existing firewalls, by all means, use them, if they're not end-of-life,
if they're not end of support, and if you have already
invested money in them don't get rid of them, because the reality of the
matter is, a lot of the vendors have started offering security
features on the same box, but the security isn't
really that reliable yet, and the box has started
to take a lot of big hit, when you enable security
so I would closely watch this space for the next
year or two until then, keep your firewalls don't get rid of them. Multicast if you have Multicast, most of the SD-WAN vendors
do not support advanced, you know, full blown Multicast, so you may want to retain your CE routers, if you have very robust Multicast
in your environment today. Otherwise what you would
wanna do is some of the SD-WAN vendors do have very strong
Multicast capabilities, make sure you pick the
right one and sit down with our engineering team
and the sales engineer and the solutions
architect, and figure out and design the environment appropriately. And the final tip I have
for you guys, is licensing. And this is a very important one guys, most vendors have three
different licensing tiers, make sure you understand them intimately, create your feature wish-list , tell your SD-WAN vendor what
features you're interested in. If you don't need all
the bells and whistles, you don't and don't let your
vendor dictate that you do. Okay, so make sure you sit down spend some time during the planning phase, and figure out what are
the key features you need. Make sure you understand
licensing really, really well before ordering gear. If you order hardware before
doing the licensing homework guys this misstep could
cost you significantly, this could be a huge financial hit. Because once you order everything
and you start deploying, and then in the middle you
find out that you needed more features and now the boxes
that you have are not capable of running those features, because the minute you start
enabling those features, your box is gonna take a throughput hit, and now you have to upgrade. If you have 10,000 sites, that's a big hit I mean, you don't want to go bankrupt. So make sure that you do
your engineering homework ahead of time and you're good to go. And that wraps up today's video. Hopefully you guys enjoyed today's video, if you did give me a thumbs up, hit subscribe and I'll
see you in the next video.
