uCPE Platforms Maximize the Business Opportunity for System Integrators Deploying SD-WAN


By Charlie Ashton
Charlie Ashton is the President of 21K Consulting. The opinions expressed in this guest blog post are his own.

Open architectures based on Universal Customer Premise Equipment (uCPE) platforms overcome the limitations of first-generation SD-WAN deployments. New, high-value business opportunities are emerging for System Integrators (SIs) and Managed Service Providers (MSPs) in managed Software-Defined Wide Area Networking (SD-WAN) services and edge compute applications.

SD-WAN: strong traction with enterprises worldwide

SD-WAN allows enterprises to utilize various channels including MPLS, LTE, and broadband Internet in a software-defined network overlay

Enterprise customers worldwide are adopting SD-WAN to reduce the costs of their networking infrastructure by reducing the dependence on MPLS, while improving the performance of their cloud-hosed applications, enhancing users' experience and increasing their business productivity. Most industry analysts estimate that the SD-WAN market is growing at 35-40% per year, with IDC forecasting a total market size of $4.5B in 2022. Frost and Sullivan estimates that 80% of enterprises would prefer to license SD-WAN as a managed service rather than operate it themselves, so SD-WAN represents a massive new business opportunity for SIs and MSPs looking to improve their bottom line.

While SD-WAN has achieved strong traction, constraints imposed by the architecture of first-generation solutions limit the business potential for SIs and MSPs who are deploying this type of service. Fortunately, the industry is transitioning to a second-generation approach which addresses these challenges.

Limitations of first-generation SD-WAN

First-generation SD-WAN products were vertically integrated, comprising proprietary software running on dedicated hardware appliances, with no flexibility for changes or enhancements to the function set after deployment at the customer premise. This represents a significant limitation in the case of an enterprise customer who, for example, has standardized on a specific security vendor across their IT network that is different from the security vendor selected by the SD-WAN provider.

In many cases, a customer needs their SI or MSP partner to add a newly-released network function to their SD-WAN after deployment, such as a next-generation firewall or load balancer. Alternatively, a customer may want to exchange a specific application within the SD-WAN for an alternative provided by another software vendor, for reasons of cost, performance, quality or reliability.

In other scenarios, customers need to run their own applications on the servers that host the SD-WAN functions, in a dedicated "tenant space". In many cases, these are edge compute applications representing extensions of functions hosted in a public or private cloud. Applications such as industrial IoT (IIoT), highly-immersive augmented reality (AR), video surveillance and smart retail all leverage edge compute to achieve critical low-latency decision-making and/or to minimize the bandwidth required for backhaul to the cloud. Often, these applications are physically co-located with SD-WAN services, so significant CAPEX and OPEX savings are possible if they are hosted on the same platform.

In terms of physical hardware, some first-generation SD-WANs required multiple appliances to implement all the SD-WAN functions, such as separate Customer Premise Equipment (CPE), router and firewall.

Beyond these limitations that directly impact enterprise customers, first-generation SD-WANs also impose significant limitations on the SIs and MSPs that deliver them. They are unable to customize the SD-WAN to meet the specific needs of individual customers, or to offer SD-WAN solutions that are differentiated and optimized for specific vertical markets such as healthcare, financial services, manufacturing etc.

uCPE to the rescue

Rather than proprietary software running on dedicated hardware appliances, second-generation SD-WAN solutions comprise standards-compliant virtualized applications running on "white box" servers under the control of a secure software virtualization platform.

A uCPE-based SD-WAN platform deployed under a managed services agreement provides the SI or MSP with the flexibility to deploy whatever combination of applications is best suited to the specific requirements of an enterprise customer or a vertical market segment.

A uCPE based service offering allows its applications to be deployed and replaced on demand.SIs and MSPs can select from compatible applications available from multiple suppliers, while retaining the option to replace one function with another after deployment in order to improve the performance or functionality of their customer's SD-WAN. Security patches can be implemented as soon as an updated application is available, without waiting for a vendor to update a complete, monolithic hardware-plus-software product. For customers that require the installation of, for example, a firewall from a vendor pre-approved or even mandated by their IT organization, the SI or MSP can install and configure the appropriate firewall as part of the unique application set for that customer.

Customers who need to run their own applications in a dedicated tenant space on the uCPE servers can be accommodated by provisioning appropriate compute, networking and storage resources while providing secure access to whitelisted team members. Edge compute applications can be hosted on the same platform as the SD-WAN services and managed within the same dashboard.

The same flexibility applies to the software virtualization platform. As long as the original platform selected by the SI or MSP conforms to the applicable open standards, then it can be replaced at a later date if a newer product offers superior performance, latency, security, reliability or cost. This applies whether the replacement product is from a competing vendor or simply an upgrade to the original platform.

Finally, the uCPE approach to managed SD-WAN maximizes the customer's hardware options. Ideally, the SI or MSP will choose a white box server based on an Arm or Intel Architecture processor, provisioned appropriately for the expected workloads. If resource requirements change because of different workloads, or a more cost-effective server becomes available, then as long as it meets the appropriate standards the SI or MSP can introduce it without changing software.

While some software virtualization platforms use OpenStack to perform the lifecycle management of virtualized applications, others have emerged that eliminate the need for OpenStack. Typically using NETCONF, these platforms have smaller footprint requirements for CPU cores, memory and storage, enabling the SD-WAN to be installed on lower-cost, lower-power hardware.

A fully-scalable software virtualization platform allows an SI or MSP to cost-effectively support an enterprise customer whose requirements for throughput, capacity and even hosted applications vary widely across a large number of branch offices and remote users. The identical, scalable virtualization platform can be deployed at each node.

A uCPE platform with centralized management of both infrastructure and services ensures efficient operational support for remote branch offices, especially if they lack local IT support with the necessary skills in configuration and management.

Case study: CMC Networks

One company that understood and leveraged the benefits of a uCPE-based SD-WAN architecture is CMC Networks, a Communications Service Provider (CSP) based in South Africa. To provide the application flexibility that their enterprise customers needed and thereby expand their SD-WAN customer base, CMC needed to deploy unique combinations of network functions from multiple vendors on a flexible software platform located at each customer premise, that could be upgraded with additional functions after initial deployment.

Leveraging a uCPE software virtualization and management platform from Enea, CMC Networks was able to provide uCPE-based managed SD-WAN services to new types of enterprise customers. It's now cost-effective for them to support enterprises who have specific requirements for application vendors or need the flexibility to change and expand the range of services in their SD-WAN after initial deployment. Through this second-generation SD-WAN architecture, CMC has expanded the market for their SD-WAN services while also accelerating their customers' business transformations

uCPE-based SD-WAN brings new opportunities for integrators

By implementing their managed SD-WAN and/or edge compute deployments as centrally-managed multi-vendor solutions hosted on industry-standard uCPE platforms, SIs and MSPs can maximize the flexibility of the services they provide, expand their customer base and boost their Average Revenue per User (ARPU).