Vendors of all stripes—network hardware vendors, telcos, hyperscalers, and a new generation of cloud-based upstarts—are jumping on the network-as-a-service (NaaS) bandwagon, so it can be confusing to sort out who is offering what.
Even the definition of NaaS is somewhat fluid. Is NaaS simply procuring networking gear on a pay-as-you go, subscription basis rather than buying it? Is NaaS just a different way of describing a managed service?
Or is NaaS something fundamentally different that addresses a growing challenge for network execs: how to provide network connectivity, resiliency, security, and scalability in a multicloud world?
According to IDC analyst Brandon Butler, “NaaS is a cloud-enabled, usage-based consumption model that allows users to acquire and orchestrate network capabilities without owning, building, or maintaining their own infrastructure. NaaS can provide an alternative consumption model for a broad range of network elements, including wired and wireless LANs, WANs, and VPNs, as well as branch, data-center, edge, multicloud, and hybrid-cloud environments. It can be used to deliver new network models such as secure access service edge (SASE). NaaS can allow IT teams to more easily scale up or down, rapidly deploy new services, and optimise the balance between CapEx and OpEx.
Will Townsend, an analyst at Moor Insights, adds, “A complete NaaS offering includes several key elements. For one, it requires a highly scalable cloud-native architecture. Additionally, it should incorporate a high degree of automation, artificial intelligence (AI) and machine learning (ML) capabilities to facilitate self-healing, observability, and assurance. This architectural approach also allows businesses to tailor performance optimisation to specific workloads. Additional potential benefits include a guaranteed quality of service, improved IT agility and resource management for line-of-business support. Last, but not least, of course, is the ability to treat infrastructure as an operational expense on the balance sheet.”
The vendor landscape for NaaS can be broken down into five categories: networking equipment players, telecommunication providers, cloud service providers, WAN transport vendors, and multi-cloud networking vendors. Here’s a sampling of the types of services enterprises can order from vendors in each category.
1. Networking vendors
HPE-Aruba: Diving into GreenLake
HPE-Aruba has been a leader in the NaaS movement since its launch of GreenLake NaaS in 2017, and the announcement in 2019 that it planned to offer its entire portfolio as a service. Most recently, HPE has made NaaS easier for customers to consume by creating pre-configured service packs for wireless and wired networking, SD-Branch, SD-WAN, network policy, and user experience. Each service pack includes Aruba hardware, software, and service components.
GreenLake NaaS for Aruba is a subscription-based, monthly payment model that gives customers the option to scale up or down as business needs change, a customer experience management dashboard, automatic hardware refreshes, software updates, as well as recycling of end-of-life equipment. There’s also an option for remote management and monitoring provided by Aruba.
One NaaS option is GreenLake for Microsoft Azure Stack HCI which enables customers to run Windows and Linux VMs across hybrid clouds, on-prem, and edge environments. This offering is built on Lighthouse, physical infrastructure that incorporates compute, storage, and networking, and is delivered to customer sites.
HPE also has a storage-based NaaS called GreenLake Cloud Data Services, which enables customers to self-provision storage infrastructure as-a-service. It also has a high-performance computing option that includes advanced Nvidia GPUs.
Juniper Networks: Visibility through Mist
Juniper Networks is leaning hard into NaaS. The company is not only offering networking functionality as a service, it is also providing a clear deployment path through managed service providers (MSP) and re-sellers. And Juniper is even offering flexible financing options through Juniper Financial Services.
Juniper NaaS leverages its cloud-based AIOps platform (based on technology from Mist Systems) that enables management of wired networks, wireless deployments and SD-WAN from a single portal. Customers have the option of going through an MSP who would use APIs to integrate with the customer’s internal systems. Or they can go through re-sellers and manage the system themselves, while taking advantage of subscription-based financing.
The benefits of Juniper NaaS include insights and automation across the networking stack, as well as customisable service levels with visibility down to the client, application and session layer to assure the best user experience. The service enables customers to easily scale up cloud services and manage/monitor network usage. In addition, Juniper integrates security with the networking fabric by extending visibility, threat intelligence, and policy enforcement to every connection point.
On the financial side, Juniper is offering flexible payment options for managed services and predictable monthly payments for subscription services.
Dell: Reaching for the APEX
In 2019, CEO Michael Dell announced that Dell planned to move aggressively into NaaS, and the company has followed through, offering a broad portfolio of storage, data security and compute resources in a subscription-based, as-a-service format.
The Dell APEX NaaS includes block, file and object storage, backup and disaster recovery, virtual machines, containers, application development and high-performance computing. By giving companies control over all of their data no matter where it is located through the Dell APEX Console, companies can better protect against cyberattacks, meet data privacy and other regulatory requirements, and improve incident response.
At a more strategic level, Dell says APEX will help enterprises achieve consistent operations across multicloud environments, bridge the gap between public cloud agility and private cloud control, and streamline operations for better business outcomes.
Dell is offering its own professional services to help companies plan and implement their transition to NaaS. There is also a managed services option for customers who want to run Dell infrastructure in Equinix data centers.
Cisco: Cisco Plus adds SASE
CEO Chuck Robbins has said the company plans to eventually offer its entire portfolio through the NaaS model, but the company is taking a decidedly incremental approach.
Its first NaaS offering, Cisco Plus Hybrid Cloud, included consumption-based options for virtual desktop infrastructure (Cisco HyperFlex hyperconverged infrastructure with third-party VDI software) edge compute, virtualisation and bare metal compute (on Cisco UCS servers), and data-center networking (with Cisco Nexus and MDS switches).
More recently, Cisco introduced a turnkey SASE subscription service called Cisco+ Secure Connect Now. The service integrates functionality that Cisco has acquired over the years, including SD-WAN from Meraki, Zero Trust Network Access from Duo, and observability from ThousandEyes.
Verizon: NaaS as an onramp to digital transformation
Verizon is leveraging its vast global network, managed-service expertise, and deep ties to enterprise customers to offer NaaS that includes managed SD-WAN, VoIP, and security services in a modular, scalable, pay-per usage format.
Verizon says its NaaS runs on a programmable, modernised network that delivers services in a more agile, resilient and cloud-centric way than traditional network infrastructures. On a more strategic level, Verizon says its NaaS can support new business models and help transform operations.
Benefits include improved levels of performance, efficiency and agility, lower capex costs, and the elimination of hardware upgrades. The NaaS platform provides visibility and automated control of network functions, enables organisations to gain visibility and insights into network and application performance, and simplify network management with automation and centralised tools.
Verizon also recognises that there is a transition involved in switching to NaaS, so the company offers its own professional services team as well as an ecosystem of partners to help enterprises create a transition strategy and implement it.
Lumen Technologies: Pay by the hour
Lumen Technologies (formerly CenturyLink) is taking NaaS to the next level by offering self-service provisioning of secure WAN connectivity over its private network that customers can pay for by the hour. Of course, they offer monthly rates as well for more stable workloads.
Lumen’s pitch to customers is: Why go to all the trouble of implementing an SD-WAN overlay and then running traffic over the unsecure internet, when you can gain all the benefits of flexible, optimised, secure connections on its global private network.
Lumen’s Dynamic Connections service helps companies quickly boost WAN capacity to meet seasonal spikes in demand, and it can help companies dynamically manage the performance of WAN traffic and workloads.
Lumen says its current offering is an early example of where NaaS is headed. “In the future, instead of spinning up connections yourself, you can expect APIs to flex your underlying networking fabric automatically based on your preferences and real-time reporting from your applications,” the company says.
Google: Virtual private cloud
Google offers a range of networking services built on top of its global infrastructure that leverage automation, AI, and programmability.
Google’s Virtual Private Cloud (VPC) service enables customers to define fine-grained networking policies, including IP address ranges, firewalls, cloud VPNs and cloud routers. Other available services include DNS, load balancing, content delivery network, IDS, NAT, DDoS protection and web-application firewall.
Through the Google Network Connectivity Center, customers can connect on-prem, Google Cloud, and other cloud networks and manage them through a centralised hub.
Google offers network service tiers, so customers can choose the right tier for the appropriate workload. This enables customers to improve performance for high-priority apps and better control network costs.
Microsoft: NaaS on the Azure backbone
Azure Virtual WAN is hub-and-spoke based architecture that provides NaaS for connectivity, security, and routing on the Azure global backbone. Customers can take advantage of the subscription service to gain the benefits of scalability, ease of deployment, reduced IT costs, low latency, high performance, and advanced routing.
The service has three options: Connectivity for branch offices and remote users, including SD-WAN links and VPN gateways; security services such as Azure firewall; and virtual routing, either site-to-site or point-to-point.
Microsoft is also partnering with other vendors to improve ease-of-use and integration between third-party products and the Azure environment. For example, the Fortinet FortiGate SD-WAN/Network Virtual Appliance is now natively integrated with Azure Virtual WAN. The Versa SASE service is also integrated with Azure Virtual WAN enabling customers to deploy the Versa service and use the Azure hub as a central connectivity point.
Graphiant: Network edge as-a-service
Startup Graphiant has launched a service that provides network-edge connectivity over its own private network. Graphiant makes the case that MPLS is private and secure, but too inflexible and costly for today’s networking needs. SD-WAN adds edge-to-cloud connectivity over consumer broadband, but that can introduce performance issues associated with the public internet. And SD-WAN can be difficult to manage and maintain.
With the Graphiant service, customers connect their locations to the Graphiant edge, and all routing is performed by a multi-tenant stateless core that allows for any-to-any connectivity among locations. Graphiant provides its own custom hardware, which it says can be easily configured and programmed by the customer via a cloud-based management portal, so customers can create service level agreements (SLAs) for applications.
Last-mile connectivity can be done over any type of network, including the public Internet. Traffic is encrypted from point to point and never decrypted in transit.
Graphiant says the advantages of its service are faster time to deploy and scale network resources, accelerated and simplified adoption of cloud resources, improved security through end-to-end encryption, predictable application performance, and lower costs.
The underlying technology is Vector Packet Processing (VPP), an open-source framework for speeding the movement of encrypted network traffic. With VPP, the platform attaches metadata labels to packets, which gives the network information on what route a packet should take to reach its destination. VPP also packages multiple packets together, so that processing is done in bulk, which improves performance.
Megaport: Middleman to the cloud
Megaport is a NaaS vendor that partners with hyperscalers, colo providers, and SD-WAN/SASE vendors like Cisco to deliver a multi-cloud overlay called a software-defined cloud interconnect (SDCI).
With Megaport One, customers don’t make any changes to their SD-WANs or SASE implementations; they simply run SD-WAN or SASE traffic over the Megaport 700-PoP private network, rather than the public internet.
Megaport’s secure cloud connectivity as a service comes with benefits of NaaS including a subscription payment model, scale-up/scale down options, fast deployment, real-time reporting and analytics, and automated ordering, provisioning, and orchestration of network resources in the cloud.
Use cases include high-performance computing (HPC) infrastructure, networking from on-prem-to-cloud or cloud-to-cloud, and more efficient deployment of applications in the cloud.
With Megaport serving as the vendor-neutral middleman, customers can pick and choose best-of-breed options across cloud providers and networking-gear vendors and connect to all cloud-based resources through a single physical SDCI port.
Perimeter 81: Converged network and security
Perimeter 81 offers a cloud-based converged network and security platform as-a-service that includes a VPN alternative, firewall-as-a-service, secure web gateway, malware protection, software-defined perimeter and Zero Trust Network Access.
In terms of architecture, the Perimiter 81 NaaS has three parts: the client that runs on the end user device, the controller that enforces access control, and the gateways that encrypt traffic. To deploy, IT logs in via a web browser, sets up gateways to the closest Perimeter 81 PoP, then creates encrypted tunnels to the cloud or local environment. Next comes the onboarding of users and the creation of groups that can access specific parts of the network based on their credentials, device postures, IP address locations, and other granular qualifiers.
Benefits include fast deployment, support for popular SaaS applications, unlimited bandwidth, automatic Wi-Fi security, DNS filtering, two-factor authentication, auditing and reporting. The Perimeter 81 pricing model is per gateway and per end user.
Alkira: Cloud Area Networking
Alkira offers a service that integrates networking and security gear from vendors including Cisco, Fortinet, Palo Alto, and HPE-Aruba across the hyperscale cloud environments of AWS, Azure, and Google.
Alkira CTO Atif Khan says, “Modern organisations have a tough time managing a messy sprawl of sites, regions, users, SD-WAN fabrics, and clouds. They need a quick way to connect all these pieces together. Cloud Area Networking does that.”
The Alkira service provides firewall-as-service, network segmentation, and routing among cloud regions, on-premises, and SaaS applications. The subscription-based service doesn’t require the purchase of hardware, and there are no software agents to install.
Alkira has built what is being described by some analysts as a supercloud; a service that runs across multiple clouds, leverages the cloud-native tools of each hyperscaler and abstracts the underlay of each cloud platform in order to provide a unified experience for customers.
Khan says, “Think of us as the Alkira cloud, but it sits inside the hyperscaler infrastructure by using raw capabilities of the hyperscalers, and that gives us unlimited scale.”
Aviatrix: Navigating multiclouds
Aviatrix provides an overlay control plane that enables customers to manage network, security, and connectivity to multiple clouds from a single interface.
With Aviatrix, customers deploy a controller that can operate on any cloud platform. The controller automatically spins up a gateway that provides embedded security, traffic inspection and policy enforcement. The gateway software forms a network data plane that manages features such as network telemetry and troubleshooting, Layer-4 firewalls, NAT gateways, network segmentation, threat detection and mitigation.
Aviatrix CoPilot is the user interface for centralised cloud networking and security. CoPilot uses common network management tools such as traceroute, packet capture, and NetFlow analytics to help network teams stay on top of network issues in multicloud environments.
The pay-as-you-go service is available on the cloud providers’ marketplace, with no contract negotiation and no upfront commitment. Aviatrix charges for connections and services provided on those connections.