TForce achieves cost-effective customization of their managed SD-WAN deployments

By Charlie Ashton

Charlie Ashton is the President of 21K Consulting. The opinions expressed in this guest blog post are his own.

Enea NFV Access lets TForce bring SD-WAN to large-scale enterprises

Managed SD-WAN Services created from a building block library
TForce offers managed SD-WAN services built with components from a catalog. This is enabled by a second generation SD-WAN architecture.

TForce, a professional services company headquartered in Saudi Arabia, delivers Software-Defined Wide Area Networking (SD-WAN) as a managed service. Many of their large enterprise customers have hundreds or thousands of branch offices, along with one of more central offices. These locations typically have varying requirements both for the hardware platforms that host the SD-WAN services and for the software applications that need to be included in each SD-WAN deployment.

Looking to address these customers’ requirements, TForce quickly determined that first-generation SD-WAN products wouldn’t allow them to deliver a cost-effective solution. In this post, we’ll delve into the details of this problem and explain how TForce solved it with help from Enea.

One size does not fit all

Within the larger enterprise customers served by TForce, many branch offices have pre-selected certain brands of hardware and already have servers in place, while others need to install servers with resources dimensioned for their expected software workloads, which vary between locations.

Similarly, many offices have specific requirements for the software applications that need to be included in each SD-WAN deployment. For example, some have standardized on specific security vendors while others need to run their own applications along with the SD-WAN functions, in a dedicated tenant space. Many want the ability to exchange a specific application within the SD-WAN for an alternative provided by another software vendor, for reasons of cost, performance, quality or reliability.

These requirements present a significant challenge for managed SD-WAN services deployed using first-generation SD-WAN products.

These early products were vertically integrated, comprising proprietary software running on dedicated hardware appliances, with no flexibility for changes or enhancements to the function set after deployment at the customer premise. This represents a significant limitation in the case of a TForce customer who, for example, has standardized on a specific security vendor across their IT network or who wants to add a newly-released next-generation firewall to their SD-WAN after deployment.

Beyond these limitations that impact the end customers, first-generation SD-WANs also impose significant limitations on the Managed Service Providers (MSPs) like TForce who deliver them. TForce would be unable to customize the SD-WAN to meet the specific needs of their individual customers, or to offer SD-WAN solutions that are differentiated and optimized for specific vertical markets like financial services or manufacturing.

uCPE platform brings flexibility

To satisfy the needs of their customer base, TForce needed to deploy a flexible software platform at each customer premise, capable of supporting a diverse range of server products as well as unique combinations of software services from multiple vendors. They determined their business and technical goals were best addressed by a system architecture based around a software virtualization platform fully compatible with open standards for hosting Virtual Network Functions (VNFs) in a Universal Customer Premise Equipment (uCPE) environment.

For scalability, the virtualization platform should support industry-standard hardware ranging from low-end appliances up to high-end servers. For maximum efficiency across onboarding, installation, configuration and lifecycle management, the platform should support centralized, secure cloud-based management while interfacing seamlessly with standard orchestration solutions.

After researching available solutions, TForce selected Enea NFV Access as the uCPE software virtualization platform and Enea uCPE Manager as the cloud-based management solution, both supported by the expertise of the Enea Global Services organization.

Enea NFV Access is a software virtualization platform optimized for second-generation uCPE-based SD-WANs. Fully compatible with all applicable open standards, it has been validated with both VNFs and servers from multiple ecosystem partners, ensuring maximum flexibility for customers in their vendor selection. Its onboarding wizard enables accelerated system deployments through efficient VNF onboarding, while it integrates with third-party orchestrators and service automation tools through standard interfaces.

Full support for any standard server based on Intel architecture- or Arm-based processors enables customers to choose the hardware platform that best matches the resource requirements of their applications or to leverage pre-existing vendor relationships.

Rather than using OpenStack to perform lifecycle management of VNFs, Enea NFV Access uses NETCONF, resulting in smaller footprint requirements for cores, memory and storage, enabling the SD-WAN to be installed on lower-cost, lower-power hardware.

Complementing Enea NFV Access, Enea uCPE Manager controls the provisioning, configuration and management of customer premise functions such as SD-WANs. Deployed in either a private or public cloud data center, Enea uCPE Manager enables customers to reduce the lifecycle operational costs of their SD-WANs by automating software upgrade management as well as the monitoring of events and alarms.

Enea uCPE Manager delivers the robust security required by enterprise end-users through secure management communications, secure boot and role-based access control policies.

uCPE-based SD-WAN for flexible configuration and provisioning

Thanks to Enea NFV Access and Enea uCPE Manager, TForce can efficiently deliver managed SD-WAN services to enterprises that have widely-varying hardware and software requirements across their branch offices. They can cost-effectively support deployments which need custom configurations for different offices, while ensuring the flexibility to change and expand the range of SD-WAN services after initial deployment. Through this second-generation SD-WAN architecture, TForce can efficiently expand their managed services SD-WAN business while minimizing their costs for deployment, support and maintenance.