Critical Capabilities for WAN Edge Infrastructure

Overview

Key Findings

  • The global wide-area network (WAN) edge market is crowded with more than 60 vendors providing viable technology solutions combining a mix of software-defined WAN (SD-WAN), branch office routing, WAN optimization and edge security features.
  • Routing is no longer a differentiating factor in evaluating WAN edge solutions, as all vendors provide routing capabilities to meet nearly all enterprise branch routing requirements.
  • Traditional branch office routers are no longer sufficiently agile to meet the demands of digital business and cloud IT delivery.

Recommendations

To build and sustain dependable infrastructure, I&O leaders should:

  • Avoid further investments in aging branch router platforms by leveraging next-generation WAN edge solutions.
  • Take advantage of any WAN refresh opportunities to redesign their WAN architecture by evaluating a shortlist of vendors that match their primary use case.
  • Maximize reliability while controlling costs by using new software capabilities to leverage multiple, simultaneous circuits (MPLS, internet, LTE) according to branch office and application requirements.

Strategic Planning Assumption

By 2023, more than 50% of the existing installed base of branch office routers will have been replaced by modern WAN edge solutions.

What You Need to Know

A new WAN edge market has emerged over the past four years to deal with the shift from traditional hub-and-spoke WAN architectures to connect with more distributed cloud services and internet-based resources. Infrastructure and operations (I&O) leaders responsible for networking can use the critical capabilities assessed in this report to narrow down their search for appropriate solutions that more closely meet their requirements.In this inaugural “Critical Capabilities for WAN Edge Infrastructure,” we analyze three popular use cases:

  • A regional WAN that is typical in many midsize enterprises (MSEs) or larger enterprises with a smaller number of WAN locations (fewer than 50 sites).
  • A global WAN requirement for larger multinational organizations with 250 to more than 1,000 sites, and that spans at least two continents with a variety of local requirements.
  • A large-scale retail WAN typified by small footprint locations — such as gas stations, convenience stores and similar environments — that scales from hundreds to thousands of near-identical locations, either domestically or across multiple countries and regions.

Analysis

Critical Capabilities Use-Case Graphics

Figure 1. Vendors’ Product Scores for the Midsize Enterprise/Regional WAN Use Case

Source: Gartner (December 2018)

Vendors’ Product Scores for the Midsize Enterprise/Regional WAN Use Case

Figure 2. Vendors’ Product Scores for the Large Global WAN Use Case

Source: Gartner (December 2018)

Vendors’ Product Scores for the Large Global WAN Use Case

Figure 3. Vendors’ Product Scores for the Small Footprint Retail WAN Use Case

Source: Gartner (December 2018)

Vendors’ Product Scores for the Small Footprint Retail WAN Use Case

Vendors

Aryaka

Aryaka is a privately held company headquartered in San Mateo, California, U.S.Aryaka approaches the SD-WAN market with its fully managed network as a service (NaaS) offering, SmartConnect. SmartConnect is inclusive of Aryaka’s network access point (ANAP) customer premises equipment (CPE), which includes advanced WAN path mitigation features such as application acceleration and mitigation of data loss on the WAN.SmartConnect supports both branch connectivity and cloud access through its global backbone. Customers connect to the nearest backbone point of presence (POP), which also includes cloud-hosted gateways. To reduce cost, customers can choose to route noncritical and nonlatency-sensitive traffic directly to the internet.Aryaka also offers SmartAccess, a clientless SD-WAN product for mobile employees. Because SmartConnect is a 100%-managed solution, it is a good fit for companies of any size and in most geographic regions that are looking for a turnkey managed solution, though potential customers should check to ensure that backhaul connections are reasonably short.Aryaka ranked in the top half for the large global WAN use case, which is indicative of its global footprint and strong optimized backbone service. Potential adopters should be aware that, presently, there is limited ability to do self-configuration without interacting directly with an Aryaka technician.

Barracuda

Barracuda is a privately held company located in Campbell, California, U.S., with over 18,000 WAN edge customers primarily using its traditional security and data protection products.Barracuda approaches the WAN edge market with SD-WAN software enhancements to its existing CloudGen firewall appliance. The appliance is available in both physical and virtual form factors and in Amazon Web Services (AWS), Microsoft Azure and Google Cloud marketplaces, but Barracuda does not provide dedicated cloud gateway functionality. Because Barracuda has, historically, focused on the MSE market, its products tend to be extremely price competitive, feature rich, and simple to deploy and manage, though its SD-WAN features need work to meet the expected operational simplicity.Barracuda ranked in the top half for both the MSE/regional WAN and large global WAN use cases. However, its historic focus on MSEs makes it especially suitable for midsize organizations located in the Americas and Western Europe.

Cato Networks

Cato Networks is a small, privately held company based in Tel Aviv, Israel, with more than 200 WAN edge customers.The vendor’s flagship offering is Cato Cloud, comprising branch instances called Cato Sockets, which can be hardware or software appliances; the Cato Cloud service, which includes Cato POPs and a private backbone, where security and optimized transport are provided; and requisite management via an over-the-top (OTT) cloud-based platform.The service is based on securely connecting to the Cato Cloud, which incorporates strong cloud-based security features including a next-generation firewall (NGFW), secure web gateway (SWG), anti-malware, and routing. Potential customers should check to ensure that backhaul connections are reasonably short. The solution supports forward error correction (FEC) and packet duplication, but limited WAN optimization.Cato’s GUI is basic, though extremely intuitive, and reporting capabilities are high level only. Cato is suitable for smaller, midsize use cases with regional or global reach where embedded security features are preferred.

Cisco

Cisco is a large, publicly traded company based in San Jose, California, U.S. It has more than 100,000 WAN edge customers — primarily Integrated Services Router (ISR) customers — though less than 1,000 Viptela-based SD-WAN deployments.Cisco’s flagship WAN edge networking offering is Cisco SD-WAN (based on Viptela software), running on vEdge routers (physical and virtual) and managed by the vSmart controller. Cisco is releasing a version of vEdge running on IOS XE that can run on Cisco’s ISR hardware platform. Viptela provides strong segmentation and routing capabilities, though currently lacks advanced security and WAN optimization features.Cisco’s varied WAN edge solutions are composed of SD-WAN, vWAAS, ISR and Meraki software, and ISR/ASR, ECNS, Meraki MX and vEdge hardware platforms. This makes alignment of user requirements to appropriate hardware and software options an imperative to maximize value and reduce the risks associated with choosing a misaligned Cisco platform.Cisco’s Viptela-based SD-WAN solution ranked in the top half across the three use cases. Cisco can be considered for all enterprise SD-WAN use cases. While not directly covered as part of this analysis, MSEs should consider Cisco’s Meraki MX solution for branch office SD-WAN and security requirements.

Citrix

Citrix is a Fort Lauderdale, Florida, U.S.-based public company that has established itself with its desktop virtualization, mobility management and networking. Its WAN edge product, Citrix SD-WAN, has over 500 customers. The solution is available for on-premises deployment in virtual and physical appliance form factors, and is available for deployment in the cloud as a virtual appliance.Citrix offers limited hosted cloud gateway functionality in Microsoft Azure, but customers must deploy their own virtual appliances in Google and AWS. Management of both on-premises and cloud deployments is accomplished via its cloud-based Management and Analytics System (MAS).Citrix SD-WAN’s features include WAN optimization in addition to integrated stateful firewall and WAN path conditioning. The Citrix SD-WAN product scales from small sites through to large headquarters. However, Citrix has limited experience in large-scale deployments over 500.Citrix ranked in the top third for the MSE/regional and global WAN use cases. It is recommended for companies with an existing investment in Citrix software solutions, as well as global enterprises, particularly in the financial, healthcare, manufacturing, and retail sectors.

CloudGenix

CloudGenix is a privately held company based in San Jose, California, U.S., with more than 200 WAN edge customers.CloudGenix is focused primarily on SD-WAN. Its flagship offering includes Instant-On Network (ION) devices that are available in both hardware and software form factors and also exist in the AWS marketplace. The vendor’s management portal is delivered via an OTT-managed service or via on-premises deployment. CloudGenix supports routing via OSPF, BGP and static routes, basic firewall functionality, but no WAN optimization. SD-WAN features include application policy-based forwarding with an intuitive application-level configuration GUI. The solution provides user- and application-centric segmentation with Active-Directory-based authentication. CloudGenix also offers a granular visibility and reporting solution as a stand-alone product, called CloudGenix Clarity.CloudGenix ranked as a top four vendor in the MSE/regional use case and in the top half for the global WAN use case. CloudGenix should be considered for all use cases.

Cradlepoint

Cradlepoint is a privately held company headquartered in Boise, Idaho, U.S., with more than 3,000 WAN edge customers.Cradlepoint’s flagship WAN edge offering is its NetCloud Branch Solution, which includes Advanced Edge Routers (AER) appliances, NetCloud Manager, software-defined perimeter overlay and 24/7 support. It can be deployed by the enterprise or deliver as a managed service. NetCloud Manager is delivered as an OTT cloud-based service.Cradlepoint offers a broad suite of branch office, mobile and IoT-focused appliances with an emphasis on 4G LTE data networking that includes integrated Wi-Fi access points, a firewall and Wi-Fi-as-a-WAN. The vendor supports SD-WAN with network-oriented application forwarding. Cradlepoint provides good application visibility and reporting, including very rich alarm notifications.Cradlepoint ranks in the top four vendors for the small footprint retail WAN use case and is especially suited for large and distributed retail outlets and restaurants, along with other situations where a large number of distributed locations with standard deployments is required.

Cybera

Cybera is a privately held company based in Franklin, Tennessee, with approximately 1,300 customers largely based in the U.S.Cybera’s WAN edge solution is based on the Cybera network services platform to deliver a secure application network solution. The solution comprises Cybera Edge Appliances, a universal policy controller and a service insertion framework deployed as OTT services. Each application runs in its own virtual network and is managed end to end by Cybera.Cybera has a number of customers with more than 3,000 endpoints and has demonstrated large-scale environment experience. The vendor met the base requirements for all three use cases and was the highest ranked in the retail use case.Cybera should be considered for all retail WAN use cases, especially for situations where there is a large number of similar small footprint locations.

FatPipe Networks

FatPipe Networks is a small, privately held company based in Salt Lake City, Utah, U.S., with more than 1,500 WAN edge customers, primarily in North America.FatPipe offers a broad array of WAN products including secure routers, link aggregators/load balancers and WAN optimization. Its flagship WAN edge offering is the FatPipe SD-WAN, which includes the company’s MPVPN CPE (physical and virtual) and its Symphony orchestrator. FatPipe has strong path selection and link-bonding capabilities, with extensive experience supporting hybrid network architectures.FatPipe meets our requirements for both MSE/regional and global WAN use cases. However, it is more applicable to MSE requirements based on its geographic footprint and experience. Enterprises with regional networks, especially in North America, should consider FatPipe.

Forcepoint

Forcepoint is a privately held company, co-owned by Raytheon Company and Vista Equity partners. The vendor is headquartered in Austin, Texas, U.S., with more than 300 WAN edge customers.Forcepoint is a pure-play security company that offers SD-WAN as a feature on its NGFW platform. Its flagship product is the Forcepoint NGFW 321 hardware appliance. The vendor also offers software appliances, supports bare-metal deployment and provides images in the AWS/Azure marketplaces.Forcepoint provides a deep set of security capabilities that include NGFW, DLP, antibot and an SWG service, all of which provide strong differentiation for the total solution. The application identification is very good, but SD-WAN forwarding is basic. The appliance supports compression, but no other WAN optimization. The GUI is basic and very network oriented, but offers good visibility and reporting.Forcepoint ranks in the top half for the MSE/regional and retail use cases. The solution is suitable for midsize and retail use cases without complex WAN topologies, where security is a strong requirement.

Fortinet

Fortinet is a public company based in Sunnyvale, California, U.S. It is primarily recognized for its security and related network products.Fortinet’s SD-WAN product is FortiGate, a full NGFW with SD-WAN capabilities. FortiGate is available in physical, virtual and cloud resident form factors. However, it does not offer hosted cloud gateways and lacks some advanced SD-WAN path mitigation capabilities such as packet duplication. Existing FortiGate firewall customers can add SD-WAN capabilities via a software upgrade and can manage the solution via the on-premises or cloud-deployed FortiManager, or as a cloud service with FortiCloud.Fortinet’s established global channel and support system, in addition to its existing base of over 300,000 firewall users, has established it as a reliable and cost-effective solution, especially where security is a primary focus.Fortinet ranks in the top five vendors for both the MSE/regional and global WAN use cases. Companies of all sizes, and in any geographic region, should consider Fortinet, especially when a strong security platform is desirable.

Huawei

Huawei is a privately held company headquartered in Shenzhen, China, with more than 20,000 WAN edge customers.Huawei offers a broad array of infrastructure hardware and software, including networking, servers and cloud. Its flagship WAN edge offering is the AR series router, which is available as a software instance, single-instance appliance, and as a vCPE platform. The management provisioning, service chaining and automation are delivered by Huawei’s Agile Controller. The appliance has good routing support and a broad range of basic security features. In addition, the vCPE platform can host Huiwei’s NGFW along with third-party applications.The platform has good SD-WAN capabilities, but with network-oriented application policy settings. There is also a broad range of WAN optimization functions, such as compression, caching, TCP optimization and FEC. The GUI is basic and somewhat technical in nature, offering limited visibility and reporting, but good alarm handling.Huawei scores well in all use cases and ranks in the top third for the global WAN use case. It should be considered for all use cases.

Juniper Networks

Juniper Networks is a large, publicly traded company based in Sunnyvale, California, U.S. It has more than 20,000 WAN edge customers, which are primarily security focused WAN deployments based on the SRX security/routing platform.Juniper’s flagship WAN edge solution is its Contrail SD-WAN, comprising its SRX Series Services Gateways (physical, virtual and cloud) and Contrail Service Orchestration.Juniper’s primary route to market is through long-standing network service provider relationships, often leveraging its NFX vCPE appliances. Juniper lacks key features such as WAN optimization and has limited experience delivering SD-WAN solutions directly to the enterprise market. The solution is still somewhat fragmented for enterprise DIY deployment.Juniper meets our requirements for all use cases and can be considered for all use cases globally, especially when sourced via carrier-managed service solutions.

Nuage Networks

Nuage Networks is based in Mountain View, California, U.S. and is a division of publicly traded Nokia Networks, based in Espoo, Finland. Nuage Networks has approximately 400 WAN edge enterprise customers and approximately 50 service provider partners on its flagship offering.Nuage Networks’ Virtualized Network Services (VNS) include its Virtualized Services Directory (VSD), the Virtualized Services Controller (VSC), and the Network Services Gateway (NSG) CPE (physical, virtual and cloud).The vendor has developed a highly scalable WAN edge SD-WAN solution with robust routing capabilities. It leverages well-established relations with network service providers around the globe, though it has only limited experience dealing directly to support DIY enterprise accounts.Nuage Networks fully meets our requirements for all three use cases and can be considered for all SD-WAN projects sourced through service provider channels.

Peplink

Peplink is a publicly held company based in Hong Kong with over 3,500 production customers. It is listed on the Hong Kong Stock Exchange as Plover Bay Technologies.Peplink’s WAN edge solution is based on its MAX and Balance router platforms and EPX SD-WAN platform. It also offers enterprise and industrial Wi-Fi solutions. Peplink specializes in WAN solutions with wireless connectivity as a key requirement — either for mobile enterprise communications or when multiple wireless links are required. A wide variety of industrialized, multiport LTE platforms are available.Peplink fully meets our requirements for regional WAN and retail WAN deployments. It should be considered for all mobile and wireless-based WAN requirements, or when mobile connectivity is a key requirement.

Riverbed

Riverbed is a privately held company based in San Francisco, California, U.S. Historically recognized as a leader for its WAN optimization platform, it has over 30,000 customers of its traditional products and has over 1,000 customers using its Steelhead SD and SteelConnect SD-WAN products.The Riverbed SD-WAN platform is available in both appliance and virtualized form factors and is managed via SteelConnect Manager, which can be deployed on-premises or in the cloud. Riverbed does not offer vendor-hosted cloud gateways. However, it does offer one-click deployment of cloud-based appliances on AWS and Microsoft Azure.Riverbed recently partnered with Microsoft to utilize the Azure backbone to support integrated SD-WAN as a service, in addition to cloud-hosted gateways in the Azure cloud. Although Riverbed’s SD-WAN solution offers excellent WOC capabilities, it lacks many advanced features such as link remediation and path conditioning, and it has in the past been more expensive than its competition. Riverbed is aware of the pricing disparity and has rolled out a more aggressive pricing structure beginning in June 2018.Riverbed ranks in the top half of vendors for the global WAN use case. Riverbed SD-WAN is suitable for midsize and large companies globally, especially where WAN optimization is a primary driver.

Silver Peak

Silver Peak is a privately held company headquartered in Santa Clara, California, U.S. Silver Peak integrates its long-standing WAN optimization into its flagship Unity EdgeConnect SD-WAN offering.Currently, EdgeConnect SD-WAN has over 1,000 customers and offers strong path conditioning capabilities, in addition to Unity Boost WAN optimization. It is available in physical, virtual and cloud resident (AWS, Microsoft Azure, Oracle and Google marketplaces) form factors. EdgeConnect integrates with many security providers including Check Point, Palo Alto and Zscaler. However, it lacks internal NGFW capabilities of its own. The solution also lacks any cloud-resident gateways or any SD-WAN as service capabilities.Silver Peak ranks in the top three vendors for both the MSE/regional and large global WAN use cases. Companies of any size located in North America, Western Europe and Asia/Pacific should consider Silver Peak for SD-WAN, especially where WAN optimization is a priority.

Talari

Talari is a privately held company headquartered in San Jose, California, U.S. Talari has a history of supporting critical deployments such as those in 911 call centers and the military, with over 500 public and private sector deployments.Talari includes its strong WAN path conditioning technologies in its SD-WAN offering. Its SD-WAN solution is available in physical, virtual and cloud-based appliances, all of which are managed by the Talari Aware on-premises or cloud-based management platform. It includes routing, WAN optimization and a stateful firewall, in addition to an available NGFW. The strength of the Talari solution lies in its strong link aggregation and remediation capabilities. However, Talari has limited channels and carrier partnerships outside of the U.S.Talari fully meets our requirements for both the MSE/regional and large global WAN use cases. Its solution can be considered by organizations with less than 250 sites with a strong emphasis on survivability of mission-critical applications.

Teldat

Teldat is an established, privately held communications company based in Madrid, Spain and Nuremberg, Germany, with more than 700 WAN edge customers.Teldat offers a broad range of voice and data products including LAN, WAN, WLAN and voice, and its Integra-T division provides integration, maintenance and support services. Its flagship WAN edge offering is the Teldat-iM8, an SD-WAN edge gateway, and the Colibri NetManager (CNM).Teldat has good routing support, but only basic security features. It offers good SD-WAN capabilities, but with network-oriented policy settings. There is limited range of WAN optimization functions, such as web caching, video caching and a file server. The GUI is basic and somewhat technical in nature, and offers limited visibility and reporting, but good alarm handling.Teldat fully meets our requirements for all three use cases and ranks second in the retail WAN use case. The solution is suitable for midsize and retail use cases looking for a service-provider-delivered solution without complex WAN topologies.

Versa

Versa is a small, privately held company based in San Jose, California, U.S., with more than 500 WAN edge customers.Versa focuses on branch/WAN functions including routing, security and SD-WAN. Its flagship WAN edge offering is Versa FlexVNF software, and has the requisite management and orchestration. FlexVNF can be delivered as a branded appliance, in AWS and Microsoft Azure cloud marketplaces, and as a software appliance. It supports very good SD-WAN capabilities with application-oriented policy controls. There is also support of a broad range of security functions, including NGFW, IPS, AV and SWG.While Versa supports FEC, there are no native WAN optimization features. The GUI is intuitive and application oriented, with good support of predefined templates.Versa ranked in the top three vendors for all use cases and should be considered for all use cases, except those that need integrated WAN optimization.

VMware

VMware is a large, publicly traded company based in Palo Alto, California, U.S. It has an estimated 3,000 or more WAN edge customers via its December 2017 acquisition of VeloCloud.VMware’s flagship offering is NSX SD-WAN by VeloCloud, which includes edge appliances, orchestration and cloud-resident gateways. The vendor’s edge appliances are available as hardware, software and in the AWS and Microsoft Azure marketplaces. VMware offers improved application performance capabilities with reasonably complete WAN optimization features, while the VeloCloud quality score measures application-based quality of experience. The solution includes strong SD-WAN capabilities that, combined with its OTT gateways, offer enterprises a platform for cloud migration.While VMware includes a standard firewall, it lacks some security elements such as SWG and NGFW.VMware was the top ranked vendor for both the MSE/regional and large global WAN use cases, illustrating its application-focused capabilities for streamlined operations and strong optimization and cloud integration. VMware is relevant to Gartner clients in all verticals and geographies, and should be considered for all SD-WAN opportunities globally.

Context

WAN edge products are increasingly important to deliver the required features for a modern WAN. The WAN edge market is a combination of existing capabilities such as routing, WAN optimization and edge security combined with emerging SD-WAN technologies.WAN edge solutions can be combined with cloud residence functionality for overarching policy and operational control, as well as cloud gateways and security. The result is a simpler, more streamlined remote office footprint that enables organizations to better deal with more dynamic and distributed traffic flows resulting from greater use of cloud and internet resources.

Product/Service Class Definition

WAN edge solutions cover a broad spectrum of deployment and procurement options. Branch office footprint can be delivered as a fully integrated appliance, an open VNF-ready hardware and software solution, or as virtualized software. Some solution providers offer full turnkey service options that may or may not include underlying transport. In some cases, solutions are deployed as hardware or software in all enterprise locations with possible deployments in cloud service provider locations (often available in the cloud marketplace), while other solutions also offer cloud resident gateways, which are deployed in selective locations to enhance the delivery of internet/cloud-destined traffic. A variety of capabilities run between these cloud pops — from basic VPN tunneling and route determination, to more complete WAN optimization, security and cloud optimization features. Business models also cover a range of options including traditional capex-heavy buy and manage solutions, to opex-heavy subscription-based solutions, to full opex-based service offerings.

Critical Capabilities Definition

SD-WAN FeaturesSD-WAN features include application-based policy configuration and path determination, simplified operational environments and provisions to secure WAN traffic.SD-WAN represents a simplified way of deploying and managing the WAN edge. SD-WAN provides a lightweight replacement for WAN routers with an ability to terminate multiple diverse carrier transport options. Operationally, SD-WAN allows for zero-touch configuration, centralized application policy control, dynamic path selection across diverse WAN connections, and support for VPNs.Routing FeaturesRouting is required to integrate into existing LAN, data center and carrier environments, though in most situations branch office routing features are no longer a deciding factor for WAN edge solutions.The integrated WAN edge infrastructure must be able to seamlessly interface to existing enterprise LAN equipment and WAN services, with support for static/dynamic routing and common LAN/WAN interfaces. WAN edge solutions must have proven ability to scale to large environments, and must include a range of routing protocols and physical interfaces to integrate into existing environments. While routing is still an important feature it is no longer the dominant requirement for branch office WAN connectivity. This is illustrated by the low weight given within all three use cases and the ability of all vendors in this analysis to meet at least basic routing capabilities.WAN OptimizationWAN optimization provides capabilities to improve application performance across the WAN using techniques such as TCP optimization, compression/deduplication and application-level protocol optimization.While a mature, stand-alone technology, WAN optimization is a required feature in some WAN edge architectures to ensure applications meet user experience expectations. WAN optimization is especially relevant when dealing with high-latency situations that often arise on global networks. Key requirements include TCP protocol optimizations, HTTP and SSL optimizations, in-line compression and deduplication. Latency mitigation techniques are the most critical in today’s broad market. Basic WAN optimization should include a range of TCP optimizations and basic in-line compression. Advanced WAN optimization can include deduplication, file-based caching and protocol-specific optimizations. Cloud resident gateways can further enhance optimization for cloud-based applications.OperationsNew WAN edge solutions should enable significantly simplified operational environments compared to traditional branch office routing solutions and included centralized configurations, automatic software updates and business policy configurations.Integrated WAN edge solutions should dramatically simplify the complexity associated with management, configuration and orchestration of WAN infrastructure. Gartner’s basic operational requirements include the following:

  • The level of expertise required to configure branch office policies is akin to what is required to set up a basic home wireless network with consumer-grade equipment. Policies should be configurable using application and business rules and require a minimum of networking expertise.
  • Networkwide configuration must be supported for all required configurations via a central controller that can automatically push/pull out all individual device configuration data. The controller acts as a repository for all configuration data, as well as all device and network reporting.
  • Configuration parameters are application centric and/or business centric and can be created/applied/changed by personnel who are not well versed in networking technologies.
  • The solution must support zero-touch deployment for new branches, which entails on-site branch personnel making physical (i.e., cabling) changes only and administrators not having to make configuration changes to bring new branches online.

Deployment FlexibilityNew WAN edge solutions need to deliver a variety of form factors, WAN interfaces and deployment options. Hardware, software and cloud options are important for many architectures.The fundamental purpose is to enable connectivity between enterprise users, applications and services that reside in distributed locations, including headquarters, branches, corporate data centers, colocation/hosting facilities, and cloud providers. This means that WAN edge infrastructure must be able to support a diverse set of deployment options, including hardware appliances, software (VNF) or as a cloud-based service. Virtual form factors must be available on several hypervisors, in cloud marketplaces and enable connectivity to cloud services. All form factors must scale from low throughput scenarios to very high throughput, as well as small to very large networks. Managed service offerings, or a primary business model to delivery WAN edge as a service, are also available to meet the needs of organizations looking for services rather than product. WAN edge offerings must allow for redundant solutions for high availability in an integrated turnkey manner. Appliances should offer multiple choices for WAN connectivity, such as Ethernet, E1/T1 and 4G/LTE.Small Platform FlexibilityThe ability to scale downwards in a fit-for-purpose solution that meets form factor and financial requirements. These platforms typically require fewer interfaces or to be packaged with specific interface types. They also require less raw throughput than solutions for larger remote offices.Virtual Application EnvironmentsSome environments need more strict control of application and connectivity environments to ensure security and compliance. This is especially prevalent in the retail use case.The key requirement for virtual application environments is to automatically partition the network based on categories of applications. These features are necessary to help deploy large-scale environments where there are different network and security requirements for different classes of applications or destination sites. Due to the typical deployment in small locations, any devices need to be physically small and robust, with a variety of interface options, especially for flexible wireless functionality all in a cost-effective package (either via lower cost hardware and software or via cost-effective service offerings). Advanced management of wireless interfaces adds to application reliability. Application categories include payment authorization, loyalty programs, inventory control and related applications, guest Wi-Fi/internet access, and kiosk applications.

Use Cases

Midsize Enterprise/Regional WANA small, most likely regional, WAN that fits MSEs and similar environments with fewer than 50 sites to ensure reliable WAN connectivity to both internal and external services.Many midsize and other enterprises need to interconnect fewer than 50 sites within a small geographical area such as a country or a number of countries within a specific geographic region. Most offices support less than 50 people. They often continue to use MPLS for core connectivity but also use internet-only access for small branch offices or for direct internet access and backup to MPLS for sites with a growing reliance on internet connectivity. These enterprises rely on a variety of business applications with an increasing reliance on SaaS applications. They need visibility and strong application control, but require only selective or minimal use of WAN optimization.Large Global WANRequirements include the ability to scale to hundreds of sites, across multiple geographic regions. Remote offices will have different uses, scale and feature requirements.Many global enterprises with large WAN span more than 250 sites across several countries in several regions. Extensive use of hybrid cloud and a strong need to control WAN expenses leads to extensive use of hybrid WAN and use of branch office internet access. These enterprises make extensive use of a large variety of business applications and need detailed visibility, as well as strong application control and wide use of WAN optimization.While WAN optimization is less important in many of today’s networks, it can still play an important role to mitigate latency in global networks. Remote offices will often have varying characteristics — for example, small sales offices, development offices for technical staff (product development, software/hardware engineering), larger administration locations for support staff, or more industrial locations for manufacturing and logistics resource development.Small Footprint Retail WANA small footprint retail WAN environment requires security and virtualized application services, and to simply replicate environments across a very large number of sites.This use case is representative of small site/mass deployment needs that are common in such retail markets as convenience stores, gas stations and independent insurance agents. WAN connectivity is typically required for a very large number of small footprint sites (often many thousands of locations) with a very common set of solution needs.Typical support is for a small and very specific group of applications, such as point of sale, inventory and guest internet access. There’s a strong expense focus for this use case — i.e., minimum capital and WAN expenditures — with a heavy reliance on internet where possible, often using 4G/LTE or VSAT for either primary or backup connections with rapid failover between connections. Support required for both active/standby and active/active WAN connections depends on specific site locations. An ability to monitor wireless (LTE/VSAT) links without sending and tracking packets may be required.

Vendors Added and Dropped

As this is the inaugural version of the WAN Critical Capabilities report, all vendors are added for the first time and none have been dropped.

Inclusion Criteria

The inclusion criteria represent the specific attributes that analysts believe are necessary for inclusion in this research. The main criteria are the same as the Magic Quadrant. The only difference is that we will cover the large-scale retail use case in the Critical Capability, so we are not excluding vendors that predominantly serve this market segment. To qualify for inclusion, vendors must:Show relevance to Gartner clients via:

  • Providing hardware and/or software addressing the emerging enterprise WAN edge requirements outlined in the Market Definition/Description section of “Magic Quadrant for WAN Edge Infrastructure.” Alternatively, they can address this need by delivering a managed service that uses in-house-developed hardware/software to deliver the service.
  • Having released enterprise WAN edge networking products for general availability as of 1 June 2018. All components must be publicly available, with shipping and included on the vendor’s published price list as of this date.
  • Providing commercial support and maintenance for their enterprise WAN edge products (24/365) on multiple continents. This includes (but is not limited to) hardware/software support, access to software upgrades, and troubleshooting and technical assistance.

Show relevance to Gartner’s enterprise clients on a global basis by meeting both of the following criteria:

  • One hundred and fifty production WAN edge customers (under active support contracts) or 10 production customers with more than 500 branches deployed in each. This excludes paid pilots and POCs.
  • Demonstrate either: 1) active sales and support for enterprise WAN edge on at least two continents with at least 25 current customers based on each continent (with active support contracts); or 2) 250 WAN edge customers (with active support contracts) with at least 150 customers in one continent and at least five customers on each of two additional continents.

Basic Product CapabilitiesVendors must have generally available products as of 1 June 2018 that support all of the following capabilities. These capabilities must be supported natively on branch CPE:

  • The ability to function as/replace the branch office router/CPE
  • For product companies, multi-interface physical CPE appliance form factor with a list price of under $1,500
  • The ability to operate autonomously in the event of a loss of connection to the central management application or controller
  • Support for static routing and BGP for connections to the enterprise core
  • Support for the following WAN topologies — hub and spoke, partial mesh, full mesh — all with direct internet breakout at the branch
  • Centralized management for devices, including visibility, reporting and configuration changes and software upgrades
  • Zero-touch configuration for branch devices
  • The ability to centrally manage and configure devices via a GUI
  • VPN (Advanced Encryption Standard [AES] 256-bit encryption)
  • Dynamic traffic steering based on business or application policy (not limited to DiffServ Code Point [DSCP]/ports or IPs/circuits)
  • Support for traffic shaping and QoS
  • At least 100 well-known application profiles included, and the ability to create customized app templates
  • Support for customers to make granular device configuration changes rather than requiring the customer to contact the vendor to make the change

Advanced Product CapabilitiesVendors must have generally available products or services as of 1 June 2018 that support at least six of the following 16 capabilities.

  • T1 or E1 physical interfaces
  • Embedded 3G/4G LTE modems
  • Physical and virtual form factors for branch CPE
  • Software-based appliance form factors certified for public IaaS providers such as AWS and Azure
  • Public cloud resident gateways that are delivered as a service
  • Dynamic path selection that accounts for WAN conditions at individual branches, including circuit uptime and latency, and generalized application performance
  • Basic WAN optimization (minimum TCP optimization, compression, deduplication, HTTP(S) optimization)
  • Optimized private backbone, offered by the vendor as a managed service
  • Unified communication optimization/remediation, which requires at least one of forward error correction (FEC) or packet duplication across multiple circuits
  • Firewall or next-generation firewall
  • Secure web gateway
  • Additional security capabilities such as DNS-based protection
  • Support to install third party VNF
  • Cloud-managed capabilities (management plane delivered as a cloud-resident service, offered as SaaS)
  • Asymmetric SaaS acceleration
  • Proven ability to do first packet identification of common SaaS applications for traffic steering

Table 1: Weighting for Critical Capabilities in Use Cases

Enlarge Table

Critical CapabilitiesMidsize Enterprise/Regional WANLarge Global WANSmall Footprint Retail WAN
SD-WAN Features35%25%15%
Routing Features5%10%5%
WAN Optimization5%15%2%
Operations30%20%20%
Deployment Flexibility5%15%10%
Small Platform20%10%15%
Virtual Application Environments0%5%33%
Total100%100%100%
As of 12 October 2018

Source: Gartner (December 2018)This methodology requires analysts to identify the critical capabilities for a class of products/services. Each capability is then weighted in terms of its relative important for specific product/service use cases.

Critical Capabilities Rating

Each of the products/services has been evaluated on the critical capabilities on a scale of 1 to 5; a score of 1 = Poor (most or all defined requirements are not achieved), while 5 = Outstanding (significantly exceeds requirements).

Table 2: Product/Service Rating on Critical Capabilities

Enlarge Table

Critical Capabilities
SD-WAN FeaturesRouting FeaturesWAN OptimizationOperationsDeployment FlexibilitySmall Platform FlexibilityVirtual Application Environments
Aryaka3.84.04.43.23.33.11.2
Barracuda2.93.53.43.63.84.32.5
Cato Networks2.82.82.73.41.82.82.5
Cisco3.53.92.94.23.93.13.0
Citrix3.83.53.83.73.73.53.5
CloudGenix3.53.51.04.63.63.92.5
Cradlepoint3.23.81.03.83.73.94.3
Cybera3.23.51.03.93.34.54.7
FatPipe Networks3.13.53.63.33.12.62.2
Forcepoint3.33.51.84.03.53.73.1
Fortinet3.53.73.74.23.63.52.8
Huawei3.54.33.53.73.92.73.2
Juniper Networks3.64.31.04.33.33.12.7
Nuage Networks3.44.11.83.93.73.03.3
Peplink2.93.01.33.32.84.13.2
Riverbed3.43.54.63.64.03.02.2
Silver Peak3.93.54.24.53.03.32.3
Talari3.43.53.44.13.22.92.2
Teldat3.23.51.24.13.43.64.6
Versa4.13.91.44.44.33.83.5
VMware4.03.93.64.64.74.02.8
As of 12 October 2018

Source: Gartner (December 2018)Table 3 shows the product/service scores for each use case. The scores, which are generated by multiplying the use case weightings by the product/service ratings, summarize how well the critical capabilities are met for each use case.

Table 3: Product Score in Use Cases

Enlarge Table

Use Cases
Midsize Enterprise/Regional WANLarge Global WANSmall Footprint Retail WAN
Aryaka3.503.522.69
Barracuda3.493.433.25
Cato Networks2.932.742.72
Cisco3.643.593.46
Citrix3.693.693.61
CloudGenix3.793.353.41
Cradlepoint3.473.253.82
Cybera3.583.264.01
FatPipe Networks3.113.162.80
Forcepoint3.543.303.43
Fortinet3.743.673.43
Huawei3.463.593.40
Juniper Networks3.603.283.32
Nuage Networks3.443.333.44
Peplink3.182.873.22
Riverbed3.483.623.07
Silver Peak3.913.753.30
Talari3.513.413.05
Teldat3.483.253.90
Versa4.003.713.87
VMware4.194.103.78
As of 12 October 2018

Source: Gartner (December 2018)To determine an overall score for each product/service in the use cases, multiply the ratings in Table 2 by the weightings shown in Table 1.Editor: please add the following boilerplate text below the table, “To determine an overall score for each product/service in the use cases, multiply the ratings in Table 2 by the weightings shown in Table 1.”

Acronym Key and Glossary Terms

4G LTEfourth-generation long term evolution
ASRAggregation Services Router
BGPBorder Gateway Protocol
CPEcustomer premises equipment
DIYdo it yourself
DLPdata loss prevention
ECNelectronic communication network
FECforward error correction
GUIgraphical user interface
I&Oinfrastructure and operations
IPSintrusion prevention system
ISRIntegrated Services Router
LANlocal-area network
LTELong Term Evolution
MPLSMultiprotocol Label Switching
MSEmidsize enterprise
NGFWnext-generation firewall
OSPFOpen Shortest Path First
OTTover the top
POPpoint of presence
SD-WANsoftware-defined wide-area network
SWGsecure web gateway
TCPTransmission Control Protocol
vCPEvirtualized customer premises equipment (vCPE)
VNFvirtual network function
VPNvirtual private network
VSATvery small aperture terminal
vWAASvirtual Wide Area Application Services
WANwide-area network
WLANwireless local-area network
WOCWAN optimization controller

Evidence

Gartner analysts conducted more than 2,500 Gartner client inquiries on the topic of wide-area networking between 1 July 2017 and 30 June 2018.All vendors in this research responded to an extensive questionnaire regarding their current/future WAN edge networking solutions.We surveyed reference customers provided by vendors in this research. All vendors in this research provided reference customers, although not all reference customers completed the survey (n = 88).Analysts reviewed Gartner Peer Insights data for this market.

Critical Capabilities Methodology

This methodology requires analysts to identify the critical capabilities for a class of products or services. Each capability is then weighted in terms of its relative importance for specific product or service use cases. Next, products/services are rated in terms of how well they achieve each of the critical capabilities. A score that summarizes how well they meet the critical capabilities for each use case is then calculated for each product/service.”Critical capabilities” are attributes that differentiate products/services in a class in terms of their quality and performance. Gartner recommends that users consider the set of critical capabilities as some of the most important criteria for acquisition decisions.In defining the product/service category for evaluation, the analyst first identifies the leading uses for the products/services in this market. What needs are end-users looking to fulfill, when considering products/services in this market? Use cases should match common client deployment scenarios. These distinct client scenarios define the Use Cases.The analyst then identifies the critical capabilities. These capabilities are generalized groups of features commonly required by this class of products/services. Each capability is assigned a level of importance in fulfilling that particular need; some sets of features are more important than others, depending on the use case being evaluated.Each vendor’s product or service is evaluated in terms of how well it delivers each capability, on a five-point scale. These ratings are displayed side-by-side for all vendors, allowing easy comparisons between the different sets of features.Ratings and summary scores range from 1.0 to 5.0:1 = Poor or Absent: most or all defined requirements for a capability are not achieved2 = Fair: some requirements are not achieved3 = Good: meets requirements4 = Excellent: meets or exceeds some requirements5 = Outstanding: significantly exceeds requirementsTo determine an overall score for each product in the use cases, the product ratings are multiplied by the weightings to come up with the product score in use cases.The critical capabilities Gartner has selected do not represent all capabilities for any product; therefore, may not represent those most important for a specific use situation or business objective. Clients should use a critical capabilities analysis as one of several sources of input about a product before making a product/service decision.