Who are the top/best WAN providers? Netify recommend considering Cato, Silver Peak, Cloud Genix (Palo Alto), Aryaka, VeloCloud, Versa, Meraki, BT Business, Masergy and Expereo. In this article, we cover each service offering in more detail and the benefits of each vendor & provider.
What are key areas IT teams need to consider when selecting their next WAN provider? CNaC (Cloud Native Carrier) represents the biggest shift in WAN procurement over the last 30 years.
At Netify, we are keen proponents of the CNaC architecture due to the shift in thinking away from the traditional WAN service provider experience. Over the last 20-30 years, IT teams have almost been resigned to the issues and problems which are typically associated with the telco managed MPLS WAN services experience. While most providers will provide an SLA to cover uptime and service response, the in-life WAN provider experience was (and remains) invariably poor and often business impacting. To fix these issues, we need to establish why.
Learn more →
We don’t have to delve too deep to establish that the issues surround process and network complexity. Whenever an add, move or change is requested, the cumbersome and time-consuming ticketing process is instigated, which often spans days of back and forth discussions before the content can be validated.
The underlying telco network is complex making the service inaccessible from the traditional edge router without significant in-house expertise. CNaC is creating a multi-tier service offering where IT teams no longer have to choose between DIY, Co-managed or fully managed services. This capability is made possible because the vendor and user is positioned to access the complete technology stack as follows:
- IT teams use the vendor management portal to make their own changes
- IT teams involve the vendor when extra expertise is required
- The SD WAN solution is fully monitored
CNaC represents an evolution of the next generation of WAN providers across customer deployment and in-life experience. The major business benefit surrounds the reduction in complexity and ownership of the end to end technology process. SD WAN is the main delivery technology for CNaC based architecture but not all solutions are equal in terms of their capability.
“Selecting your WAN provider requires careful evaluation across not only features but the ability for the vendor or provider to control the technology stack.”
SD WAN (Software-Defined WAN) vs MPLS (Multi-Protocol Label Switching)
SD WAN is no longer a new up and coming technology, Software WAN solutions are being adopted by almost every organisation from SME to large Global Enterprise. While this fact does not mean SD WAN is the default best-fit for every organisation, the technology will almost certainly figure within your procurement investigations and digital transformation projects.The reasons are clear:
- The majority of businesses are adopting public Cloud-based SaaS applications which are accessible across the Internet.
- SD WAN vendors are the enabler to accessing Cloud exchange providers.
- Remote working via Internet connectivity is now the norm for employees and partners.
- Agility is needed to deploy connectivity faster and where temporary services are required.
- The Internet is comparable in terms of performance vs MPLS network services.
- Diversity is easier to achieve by using multiple Internet circuit types.
- SASE security is capable of ensuring network protection wherever the user is located.
- Cost savings are achievable compared to managed private WAN services.
- IT teams need to simplify their WAN architecture and management.
- Flexible DR (Disaster Recovery) operations via fast and efficient network orchestration.
- Support for all connectivity types including Broadband, 100Mbps, 1Gbps, 10Gbps Ethernet, 4G, 5G and LTE.
- Higher bandwidth is required by load balancing/ sharing/aggregating circuits.
How to choose between vendors, service providers, distributors, integrators and value-added resellers?
We discussed CNaC as our recommended option when initially considering WAN providers. While Netify suggests CNaC as the default standard for most business requirements, there are scenarios where other options could potentially represent a better fit.
- CNaC Vendor - the end to end technology stack is owned by the vendor. (Cato and Aryaka are good examples)
- Vendor plus partner - the technology stack is delivered, deployed and supported by an accredited partner. (Meraki and Silver Peak are good examples)
- Service provider - the traditional telco forms partnerships with 2 or 3 vendors but does not own the stack and will often apply legacy processes which removes some of the agility.
- Service provider hybrid - the telco does have vendor partnerships but has also developed their own unique go-to-market products. (Masergy is a good example)
- Integrator - specialises in specific technology areas and will work with vendors to gain accreditations to deliver service across WAN and security.
- Distributer - working with the vendors to deploy and deliver hardware on a global basis.
When selecting WAN providers, the options above make sense based on relationships and requirements. As an example, if requirements are fairly standard and not too complex, an end to end CNaC vendor would be the best fit. However, suppose your business is already working with an integrator because your requirements are complex in nature. In that case, their SD WAN partnerships and knowledge may represent a better outcome. And finally there are the service providers which typically partner with SD WAN vendors and offer some form of product capability and connectivity underlay as a component of their service offering.
What are the challenges for the Global Enterprise business?
Selecting a Global WAN provider requires thought across application performance. This is especially true when evaluating SD WAN which offers four typical deployment strategies.
- Multiple ISP backbone connectivity - selecting an in-region ISP allows IT teams to ensure the most cost-effective ISP is utilised vs SLA.
- Single ISP backbone connectivity - one ISP across all global offices results in traffic transiting a single AS. (where possible)
- SD WAN providers with their own private backbone - certain vendors have deployed their own PoP’s which are accessible globally.
- MPLS providers - using private based MPLS should remain an option where end to end QoS (Quality of Service) and maximum SLA guarantees are required or access to private cloud is mandated. MPLS does not (by default) require IPSec encryption services to maintain security due to the technologies inherent privacy.
In the past 24 months, Netify are changing our position on the use of single ISP backbone as the architecture of choice for Global businesses. In summary, this is largely because we recognise the global nature of users, their remote working and BYoD (Bring your own device) approach to resource and network access. Providing the in country ISP is offering robust service levels and is recognised for their network capability, there are no reasons why using multi-ISP’s should be avoided. We previously recommended using a single ISP backbone but have found performance is equal when routing traffic over multiple global ISP backbones.
Build your shortlist in 90 seconds or less. To help you find the top SD WAN vendors that will fit your needs, complete our short quiz. Learn more →
Lastly, for the best possible performance and SLA’s, vendors with their own private backbone or Internet gateway architecture should be considered.
How to decide on the components of your Hybrid WAN architecture.
The majority of your user and office requirements will be well served by SD WAN vendors. With this said, there will always be reasons to deploy other circuit types to meet the demands of data centres and metro area campus locations. Layer 2 VPLS (Virtual Private LAN Services) or VLL (Virtual Leased Lines) are often used to connect data centres and hosting facilities.
Who are the best/top WAN providers?
The list below represents a combination of SD WAN vendors and traditional service providers. We have outlined which vendors follow the CNaC architecture, SASE security and backbone type.
What is SASE security?
SASE (Secure Access Service Edge) encompasses NGFW (Next-Generation Firewall), Secure Web Gateway and URL filtering (SWG), anti-malware (NGAV), Managed Intrusion Protection (IPS) and Managed Threat Detection and Response (MDR). CATO Networks Cato is a globally capable CNaC SD WAN vendor with 50+ global PoPs which are connected via multiple ISPs to offer the best possible traffic and network performance.
The Cato proposition offers single private IP backbone with route optimisation to sense the best paths based on latency, jitter and packet loss. Cato was the fist vendor to offer SASE (Secure Access Service Edge) security built into their SD WAN appliance WAN edge device - security as-a-service is now their core value proposition. Cloud access into ASW and Azure is optimised across their backbone which avoids the need for AWS DirectConnect and ExpressRoute.
Silver Peak is known for their WAN optimisation capability with strong SD WAN orchestration and comprehensive features. The Silver Peak solution is deployed across end-to-end Internet services; they do not offer public gateways or private backbone access. SASE security is delivered via partnerships which include options such as zScaler. Silver Peak also require a partner to deliver services, you cannot buy SD WAN directly which means careful attention should be given to this aspect during the procurement process. Silver Peak offer adaptive FEC (Forward Error Correction) which helps to maintain voice conversations when issues occur with packet loss.
Recently bought by Palo Alto, the combination of both organisations has resulted in both strong SD WAN and SASE security. With this said, the products have not been merged together under one technology platform, meaning processes may not be totally fluid when dealing with both aspects of their solution. Cloud Genix are known for their ability to measure application performance at layer 7 which selects the best path based on knowledge of packet loss, latency and jitter to better support mission-critical applications.
Aryaka is a private backbone operator with strong capability around CNaC managed WAN services. Their proposition is partnered with AWS but other cloud providers can be manually configured to prioritise and enhance access. One of the major strengths of Aryaka is their ability to offer management of SD WAN underlay circuits regardless of the provider. Perhaps one issue with Aryaka is their lack of built-in SASE security capability. With this said, Aryaka does offer strong integration with security vendors, including management interface support.
VeloCloud is a Gartner magic quadrant leader offering access to 100+ global Internet gateways with cloud and traffic routing prioritisation. The VeloCloud gateways are an alternative to the pure Internet architecture and fully private based offerings from Cato and Aryaka. Selected VeloCloud devices support 4G, 5G and LTE which allows IT teams to deploy without the need for an external modem. Lastly, VeloCloud does not offer SASE security but operates well with partners by integrating features into their management interface.
Versa are another Gartner magic quadrant leader known for their background in next-generation firewall Security provision alongside the flexibility to run SD WAN on multiple platforms. If your business is deemed as large or complex, Versa might be a consideration due to their capability to support advanced routing, multi-tenancy with sophisticated and comprehensive analytics. Support for all connectivity types is available, including private MPLS.
One of the challenges when evaluating Meraki is the need also to consider your potential Cisco partner. While buying Meraki hardware for DIY deployment and management should be relatively straight-forward, anything requiring added involvement will need partner evaluation. In terms of SD WAN, Meraki is a good fit for retail or any organisation with multiple branch offices and simple connectivity requirements. Other benefits include next-generation Firewall, strong Wifi and security camera support.
BT doesn’t really require an introduction from the perspective of brand. Their approach to SD WAN has been firmly aimed at the BT Global Services customer base where the main partnerships are with Meraki and Cisco SD WAN (Viptela). In recent news, VeloCloud is currently undergoing evaluation as a further addition to the Cisco partnership. The BT SD WAN proposition is largely aimed at managed services provision with the ability to add their global IP product-set resulting in an end to end billing and support platform from one provider.
The Masergy proposition has always been ahead in respect of features. Their legacy MPLS platform was (and still is) one of the most well-architected core backbones ever provisioned. Ideally suited to metro financial area customers which are positioned to take advantage of city to city connectivity with the best possible latency and jitter for application throughput. Masergy is very different today and one of the only service providers to evolve their own propositions which include their Cisco based UCAAS and comprehensive security services.
One of the leading pioneers in creating global Internet partnerships as the enabler to SD WAN underlay connectivity. Expereo has recently acquired Global Internet which further enhances their reach and capability. Netify utilises Expereo alongside vendors to deliver global underlay connectivity at the best possible price point. One shortcoming is their ability to deliver national capability, which is not ideally suited to their partnerships. Expereo also offers Cisco Meraki SD WAN to compliment their underlay aggregation services.