Magic Quadrant for WAN Edge Infrastructure
Magic Quadrant for WAN Edge Infrastructure - Gartner
Published 18 October 2018 - ID G00351467 - 61 min read
WAN edge infrastructure is changing rapidly as I&O leaders responsible for networking face dynamic business requirements, including new application architectures and on-premises and cloud-based deployment models. I&O leaders can use this research to identify vendors that best fit their requirements.
Strategic Planning Assumption
By year-end 2023, more than 90% of WAN edge infrastructure refresh initiatives will be based on virtualized customer premises equipment (vCPE) platforms or software-defined WAN (SD-WAN) software/appliances versus traditional routers (up from less than 40% today).
WAN edge infrastructure enables network connectivity from distributed enterprise locations to access resources in both private and public data centers as well as cloud (as a service). It is typically procured by senior networking leaders within an infrastructure and operations (I&O) organization. This market has evolved from traditional branch routers (often called “customer edge routers” in a Multiprotocol Label Switching [MPLS] implementation), and is undergoing dramatic change, driven by the needs of digital business transformation and the demands of line-of-business managers.
This market transition has seen the influx of incumbent and emerging vendors from multiple markets (routing, security, WAN optimization, SD-WAN), each bringing its own differentiators and limitations. Gartner often sees two or three incumbent and one or two emerging vendors competing for each customer opportunity. As a result, we have created the first Magic Quadrant to cover this market.
The market for branch office wide-area network functionality is shifting from dedicated routing, security and WAN optimization appliances to feature-rich SD-WAN and vCPE platforms. WAN edge infrastructure now incorporates a widening set of network functions, including secure routers, firewalls, SD-WAN, WAN path control and WAN optimization, along with traditional routing functionality. Basic and advanced product capabilities are defined in the Inclusion and Exclusion Criteria section. The advanced product capabilities highlight areas of differentiation.
Vendor profiles are not vendor feature matrices, as each vendor brings differing approaches and capabilities. The profiles are meant to highlight factors that will be most relevant to enterprise buyers.
WAN edge functionality can exist on or off the enterprise premises via physical or virtual appliances, and is typically sourced from network equipment providers (and their channels), network service providers (NSPs) or managed service providers (MSPs). WAN edge infrastructure must be agnostic to the underlying network transport provider and services.
In the North American market, historically more than 60% of deployments are do-it-yourself (DIY), while in much of the rest of the world, a managed service approach is favored. Additionally, large organizations are more likely to favor a DIY approach. As this market has evolved, many companies are now comparing DIY and managed service options as part of the evaluation process. Consequently, a balanced vendor go-to-market approach is required for long-term global viability.
Figure 1. Magic Quadrant for WAN Edge Infrastructure
Vendor Strengths and Cautions
Aryaka is a privately held company headquartered in San Mateo, California. Aryaka’s SmartCONNECT provides a fully managed SD-WAN network as a service (NaaS) solution to more than 800 customers. SmartCONNECT uses the Aryaka Network Access Point (ANAP) CPE and includes features such as application acceleration, data loss mitigation and SmartACCESS, which is a clientless SD-WAN solution for mobile employees. SmartCONNECT is based on Aryaka’s global network backbone. Customers connect securely to a local point of presence (POP) for both branch connectivity and direct cloud provider (i.e., as a service) gateway access. Noncritical traffic and latency-insensitive traffic can be can be offloaded from the Aryaka backbone to the internet. In addition to SmartCONNECT, Aryaka offers accelerated content delivery services through its SmartCDN product. Aryaka is well-suited for organizations that are geographically widely distributed that want SD-WAN plus WAN optimization controller (WOC) delivered as a service.
- Aryaka’s NaaS approach to SD-WAN provides a managed turnkey solution that can accelerate the deployment and integration of technology, and provides a WAN backbone infrastructure purposefully designed around application access and acceleration.
- Aryaka supports customers not located in a geography covered by one of its POPs by enabling connectivity to infrastructure as a service (IaaS) resources directly via a IPsec tunnel with integrated WAN path conditioning, which can reduce the effects of increased latency.
- SmartCONNECT service provides an encompassing feature set including WAN acceleration, SaaS provider gateways, error correction and integration with cloud-based security.
- SmartCONNECT may not be a fit for organizations that desire a DIY option for managing WAN edge infrastructure, because granular configuration changes must be made by Aryaka or its partners. The vendor has plans to deliver a self-service portal within the next six months.
- Based on client feedback and Gartner’s analysis, Aryaka is not a great fit for companies that have a small number of branches contained in a small geographic region.
- The largest current deployment is approximately 500 branches, therefore Aryaka’s solution is unproven for very large deployments as are common at many major retail and financial firms.
Barracuda, based in Campbell, California, is a vendor with more than 18,000 WAN edge customers, serving primarily small and midsize enterprises with its firewall products. Barracuda is privately held by the private equity firm Thoma Bravo. Barracuda offers a broad array of security and data protection products and services. Its flagship WAN edge offering is the CloudGen Firewall appliance (physical and virtual), which includes SD-WAN as a feature, managed by the Firewall Control Center application, and requisite provisioning, control, management and automation. The CloudGen Firewall can be deployed in public cloud deployments, namely Amazon Web Services (AWS), Azure and Google Cloud Platform. Barracuda is relevant to midsize clients in nearly all verticals and should be considered for security-led WAN edge opportunities primarily in North America, Europe and Latin America.
- Barracuda has strong next-generation firewall (NGFW) capabilities in its WAN edge products, including intrusion prevention system (IPS), SSL inspection and sandboxing, and VPN connectivity through multiple tunnels.
- Barracuda focuses on supporting IT organizations with limited technical resources by providing products with simplified operations and aggressive pricing/packaging, backed up with bundled support.
- Barracuda scored highly in our customer survey, with users noting quality of support and setup simplicity.
- Barracuda has limited experience in supporting large-enterprise WANs at scale (more than 250 sites), compared to several vendors in this research.
- Based on Gartner’s analysis, Barracuda’s GUI is very firewall-oriented and less intuitive than those of leading WAN edge vendors.
- The CloudGen products are only manageable on-premises and through IaaS deployments. Cloud management is planned for 2H19, according to the vendor.
Cato Networks is a small, privately held company based in Tel Aviv, Israel. Gartner estimates it has more than 200 WAN edge customers. The vendor’s flagship offering is Cato Cloud, which incorporates SD-WAN along with several security features including NGFW, secure web gateway (SWG) and anti-malware. The vendor’s offering comprises branch devices called Cato Sockets, which can be hardware or virtual machine (VM) appliances, or a Cato software client for mobile devices. Cato also offers the Cato Cloud service, which includes Cato POPs and a private backbone where security and optimized transport are provided; and requisite management via an over-the-top (OTT) cloud-based platform. Although Cato Networks is one of the smaller vendors profiled in this Magic Quadrant, it is rapidly adding customers and has acquired nearly all its customers in the past 24 months. Cato is relevant to Gartner clients in Asia/Pacific, Europe and North America. Cato should be considered by midsize organizations that are looking for both security and SD-WAN, with less than 100 remote sites.
- Midmarket clients like the simplicity and cost of Cato’s offering compared to traditional carrier-based managed WAN offerings.
- Cato provides deep and broad security functionality in its product, including SWG, deep packet inspection (DPI), TLS decryption, NGFW, IPS and anti-malware.
- The vendor’s vision and roadmap to deliver simplified and unified SD-WAN and self-healing security functionality within the next 18 months align with emerging customers’ needs, particularly in the midmarket.
- The vendor lacks experience and several capabilities compared with competitors in the market. For example, Cato currently does not support T1/E1 legacy interfaces, or WAN optimization. Also, the vendor is inexperienced in large-scale WAN deployments, as nearly all of its deployments are less than 100 sites.
- For locations that are not geographically close to a Cato POP (i.e., within 500 km or 25 ms), there can be application degradation. Currently Cato has a very limited number of POPs in Africa and South America.
- Cato does not manage last-mile connectivity, which many midmarket customers desire to be bundled with their provider’s equipment. As a result, clients must acquire and manage connectivity to a Cato POP on their own, or leverage one of Cato’s MSP partners.
Cisco is a large, publicly traded company based in San Jose, California, with more 100,000 WAN edge customers (primarily Integrated Services Routers [ISR] customers) including approximately 1,000 of its flagship Viptela SD-WAN offering. Cisco offers a broad array of infrastructure hardware and software. Its flagship WAN edge networking offering is Cisco SD-WAN powered by Viptela software, running on vEdge routers, ISR/Aggregation Services Routers (ASR) running IOS XE, and Enterprise Network Compute System (ENCS) managed by the vSmart and vManage controllers. The requisite control, management and automation capabilities complement these offerings. For particular use cases, Cisco offers Intelligent WAN (IWAN), its legacy ISR-based SD-WAN product. In line with competitive firewall products with built-in SD-WAN functionality, Cisco also offers Cisco SD-WAN powered by Meraki MX appliances. Cisco is relevant in all verticals and geographies. Cisco should be shortlisted for all WAN edge opportunities globally.
- Cisco has a broad portfolio of WAN edge capabilities (routing, unified threat management [UTM], WAN optimization) available in a variety of form factors with support for a broad set of interfaces (including T1/E1), and a broad portfolio of performance characteristics.
- Viptela SD-WAN provides proven scalability with rich segmentation and routing capabilities.
- The vendor’s vision and roadmap to deliver increasing levels of automation and uniform policy across multicloud environments align with Gartner’s view of emerging customer needs.
- Cisco has a broad array of products, options and features (Viptela, Meraki and IWAN), which Gartner clients report is confusing, with multiple code bases and management models with limited integration. Gartner does not anticipate this problem to be alleviated in the next 12 months.
- Gartner believes that plans to integrate legacy ISR features into the vEdge code and integration of vEdge Manager into DNA Center could impact the reliability and continuity of the Viptela product platforms going forward.
- Since the acquisition of Viptela, Gartner has seen unbundling of features and inconsistent pricing, which result in more complex proposals (eight-line bills of materials [BOMs] versus 40-line BOMs) that may increase the price offered to prospective buyers, based on deals Gartner reviews.
Citrix is a public company based in Fort Lauderdale, Florida with approximately 500 WAN edge customers. Citrix provides a broad set of products that include application/desktop virtualization, enterprise mobility management, file sharing, and networking and security products. Citrix’s flagship WAN edge products are its NetScaler SD-WAN appliances (physical, virtual and cloud), which are managed via the NetScaler Management and Analytics System (MAS). The solution is cloud-managed and includes optional fully featured WAN optimization. Security is supplied via an integrated stateful firewall in addition to support for SWGs from third parties such as Zscaler and Palo Alto Networks. Gartner recommends global customers in the healthcare, financial sector, manufacturing and retail segments consider Citrix, especially where prior investments have been made in other Citrix products.
- NetScaler SD-WAN is managed via the same UI as other Citrix products, which can simplify operations for existing Citrix customers.
- NetScaler SD-WAN offers sophisticated link bonding and path conditioning for loss and latency-sensitive applications such as unified communications as a service (UCaaS).
- The NetScaler SD-WAN suite of CPE covers enterprise site size requirements, from microbranch through the data center.
- Citrix has limited experience with very large deployments (more than 1,000 locations).
- NetScaler SD-WAN offers limited dedicated cloud gateway functionality as part of the service (via Microsoft Azure Virtual WAN). Organizations must deploy their own as virtual appliances for AWS and Azure (from the marketplaces or via bring your own license [BYOL]), and must bring their own license for Google Cloud Platform.
- Citrix has very limited NaaS with no standard offerings from Tier 1 service providers, which will add infrastructure complexity to potential customers who wish to consume NetScaler NaaS but remain with their incumbent vendor.
CloudGenix is small, privately held company based in San Jose, California with more than 200 WAN edge customers. CloudGenix is focused primarily on SD-WAN, and its flagship offering includes Instant-On Network (ION) devices, which support SD-WAN functionality as well as basic firewalling capability. Also, the vendor offers a visibility solution as a stand-alone product called CloudGenix Clarity, which can be upgraded to support SD-WAN. ION appliances are available in both hardware and software form factors and also exist in the AWS marketplace. The vendor’s management portal is delivered via an OTT managed service (and can also be on-premises). CloudGenix should be considered by enterprises in North America looking to deploy SD-WAN, especially if application-centric troubleshooting or DevOps integration is a key requirement.
- The vendor provides excellent visibility and application-centric troubleshooting capabilities that can reduce time to resolution as well as reliance on other dedicated tools.
- The vendor supports integrations with key DevOps tools including Ansible, Git and Jenkins.
- The vendor’s vision and roadmap to deliver increasing levels of DevOps integration and apply machine learning to deliver intent-based WANs and advanced security align with emerging customer needs.
- The vendor has a limited geographic experience and installed base, as more than 90% of its customers are headquartered North America.
- CloudGenix has lagged competitors in building out its sales channel, which has dramatically limited adoption of its product. This may continue to limit its growth in the market, particularly outside of North America; although, international expansion is underway.
- The vendor lacks several capabilities that competitors offer including support for T1/E1 legacy interfaces, WAN optimization, asymmetric SaaS acceleration, and native SWG and NGFW.
Cradlepoint is a privately held company headquartered in Boise, Idaho with more than 3,000 WAN edge customers. Cradlepoint offers a broad suite of branch office, mobile and Internet of Things (IoT)-focused products with an emphasis on 4G LTE data networking. Cradlepoint’s flagship WAN edge offering is its NetCloud branch solution, which includes Advanced Edge Routers (AER) appliances, NetCloud Manager, software-defined perimeter overlay and 24/7 support, delivered as a managed service. Cradlepoint also supports DIY implementations. NetCloud Branch can be augmented by NetCloud Perimeter to provide secure device-to-cloud connectivity. Integrated Wi-Fi access points, a firewall and “Wi-Fi as a WAN” are also supported. The NetCloud Manager is delivered as an over-the-top cloud-based service. Cradlepoint should be considered for WAN edge deployments in retail, quick-serve restaurants, public sector, hospitality, healthcare, transportation and financial services. Cradlepoint is suitable for organizations based in North America, Europe and Australia when LTE networking or mobility are important.
- Cradlepoint has broad and deep knowledge of wireless networking technologies that enables it to deliver highly optimized solutions, including advanced monitoring and analytics.
- Cradlepoint has relationships with major network service providers such as AT&T and Verizon, which extend its market coverage.
- Cradlepoint delivers highly integrated, cost-optimized platforms.
- Cradlepoint lacks support for legacy T1/E1 interfaces, WAN optimization and link remediation, which are required for many large deployments.
- Cradlepoint does not offer a virtual edition of its router software, making it unsuitable for network function virtualization (NFV) or cloud endpoint deployments. The vendor plans to deliver the software in 2H18.
- Cradlepoint’s troubleshooting is more cumbersome than the competition and requires logging into individual devices rather than making all information available via integrated application.
FatPipe Networks is a small, privately held company based in Salt Lake City, Utah with more than 1,500 WAN edge customers, primarily in North America. FatPipe offers a broad array of WAN products including secure routers, link aggregators/load balancers and WAN optimization. Its flagship WAN edge offering is the FatPipe SD-WAN, which includes the company’s MPVPN CPE (physical and virtual) and its Symphony orchestrator. The vendor provides a broad portfolio of WAN edge capabilities including requisite provisioning, control, management and automation applications. FatPipe was an early developer of SD-WAN technologies and has deployed its products across multiple industries. FatPipe should be considered for WAN edge opportunities primarily in North America, particularly when integrated security or WAN optimization is required.
- FatPipe was a pioneer in path selection, which is now a key SD-WAN capability; thus, it has extensive expertise supporting hybrid WAN use cases.
- FatPipe has a broad set of feature-rich products that have been deployed across customers ranging from multinational corporations to small and midsize businesses (SMBs).
- FatPipe offers sophisticated VPN/link bonding combined with fine-grain traffic steering.
- While international expansion is underway, FatPipe has limited market presence outside of North America, which limits the pool of networking personnel familiar with its products. This limits FatPipe’s ability to sell and support its products in geographies outside of North America.
- FatPipe has limited experience in complex deployments beyond 100 sites, which limits applicability for many organizations.
- FatPipe’s vision and roadmap are very incremental and do not align with Gartner’s view of emerging customer needs. FatPipe is largely focused on WAN edge virtualization and functional consolidation and it has not articulated detailed plans for IoT, improved user experience monitoring and improved automation.
Forcepoint is a privately held company, co-owned by Raytheon Company and Vista Equity partners. The vendor is headquartered in Austin, Texas, with more than 300 WAN edge customers. Forcepoint is a pure-play security company that offers SD-WAN as a feature on its NGFW platform. Its flagship product is the Forcepoint NGFW 321 hardware appliance. The vendor also offers software appliances, supports bare-metal deployment and provides images in the AWS/Azure marketplaces. The vendor provides a deep set of security capabilities including NGFW, DLP, anti-bot and SWG. Forcepoint is relevant to Gartner clients in most geographies, but has a very limited WAN edge installed based in China and Australia. Forcepoint should be considered by customers who want SD-WAN as a feature on their NGFW, or who desire SD-WAN and SWG from a single supplier.
- Forcepoint offers its own over-the-top SWG and cloud access security broker (CASB) functionality, either in-branch or as a cloud-resident service, while most competitors rely on a partner (such as Zscaler) for this capability. Thus, Forcepoint can deliver SD-WAN plus SWG via a single supplier.
- The vendor maintains a database of more than 7,000 known applications, which is several thousand more than most SD-WAN competitors. This gives the enterprise additional granularity when creating forwarding or security policy.
- Based upon customer feedback, Forcepoint’s NGFW platform has demonstrated consistently good feature quality, which we believe is relevant to its SD-WAN functionality.
- Gartner assesses the Forcepoint UI as less mature and intuitive when compared to SD-WAN vendors, as it presents as a firewall rule set instead of a WAN edge or SD-WAN interface.
- The vendor lacks support for several capabilities that are important including native T1/E1 legacy interfaces, full WAN optimization and asymmetric SaaS acceleration. Also, its management platform is not available as a cloud-managed service, although it can be deployed in AWS or Azure.
- Forcepoint’s primary focus is security, and it has yet to demonstrate the ability to consistently win against network-centric and SD-WAN competitors. This may limit Forcepoint’s ability to deliver advanced WAN capabilities such as link remediation and WAN optimization to the market in a timely manner compared to more focused network competitors.
Fortinet is a network and security player, headquartered in Sunnyvale, California, with roughly 15,000 WAN edge customers, ranging from small businesses to large enterprises. Its flagship WAN edge offering is the FortiGate SD-WAN firewall appliance (physical, virtual, cloud), which includes SD-WAN as a feature. It can be managed either on-premises (FortiManager) or from the cloud (FortiCloud), along with branch office WLAN and Ethernet switches through a single portal. Customers that deployed FortiGate products can incorporate SD-WAN capabilities through a software upgrade. Fortinet’s strength lies in its position in the branch security space, with a base of more than 300,000 firewall customers worldwide, and in its reputation of providing high-performance, cost-effective security. Fortinet should be shortlisted for all WAN edge opportunities globally, especially for organizations seeking a solution with strong security capabilities.
- The FortiGate product line is aggressively priced and includes key SD-WAN capabilities such as application visibility and steering with SSL inspection and high VPN scalability.
- Fortinet has a global channel and strong partnership ties with multiple key managed security service providers (MSSPs) globally. This means there is a large pool of security personnel familiar with Fortinet products who can aid with implementation and operation.
- The vendor’s vision and roadmap to deliver increasing levels of automation align with Gartner’s view of emerging customer needs on aspects such as automated updates of application and user-level policies.
- Fortinet has limited experience supporting large and complex enterprise WAN deployments, and lacks several capabilities including packet duplication, and T1/E1 legacy interfaces.
- FortiGate clients have indicated that major firmware upgrades come with substantial management UI changes, which can make administration difficult and involve somewhat of a learning curve.
- Fortinet has minimal exposure as a networking vendor and this can limit its ability to deliver advanced WAN capabilities compared to more focused network competitors.
Huawei is a privately held company headquartered in Shenzhen, China, with more than 20,000 WAN edge customers. Huawei offers a broad array of infrastructure hardware and software, including for networking, servers and cloud. Its flagship WAN edge offering is the AR series router, which is available as a software instance, single-instance appliance, and as a vCPE platform. The vendor offers multiple WAN edge network functions including routing, SD-WAN, NGFW, and basic WAN optimization, and the requisite management provisioning, service chaining, and automation delivered by Huawei’s Agile Controller. Huawei is relevant to Gartner clients in nearly all verticals and geographies outside of North America. Huawei should be considered for WAN edge opportunities outside of North America, particularly where a vCPE platform is desired supporting multiple functions from a single supplier.
- Huawei has a deep hardware portfolio, with a range of appliance options and supports a wide variety of interfaces, including legacy T1/E1 and embedded LTE.
- Huawei offers multiple WAN edge functions, including routers, SD-WAN and NGFW, which can all run on its vCPE platform and chained via the Agile Controller. This can simplify WAN edge device sprawl, improve operational agility and provide cost efficiencies.
- Huawei has a large installed base and has proven capability to support large WAN deployments, beyond 1,000 sites.
- Gartner assesses Huawei as being very late to market with support for several WAN edge functions, including full WAN optimization, SD-WAN, and availability of public cloud software instances.
- Huawei has limited brand visibility, experience, and installed base in North America and faces political headwinds, which limit its abilities to sell into this market.
- Huawei’s SD-WAN functionality lacks several capabilities that competitors offer including broad SaaS acceleration and advanced WAN optimization.
Juniper Networks is a large, publicly traded company based in Sunnyvale, California, with more than 20,000 primarily security-focused WAN edge customers. Juniper is a long-established networking and security vendor. Its flagship WAN edge solution is its Contrail SD-WAN, comprising its SRX Series Services Gateways (physical, virtual and cloud) and Contrail Service Orchestration. The vendor provides a full portfolio of WAN edge platforms including its NFX vCPE network function virtualization appliances, which can host WAN edge functions. Juniper’s strength lies in long-standing relationships with network service providers and its reputation for providing stable, high-performance products, particularly directly to large enterprises and service providers. Juniper is relevant to Gartner clients in nearly all verticals and geographies. Juniper should be considered for all security-led WAN edge opportunities globally, particularly those that will be consumed as a service.
- Juniper has a broad set of WAN edge network capabilities, including a variety of form factors, interfaces and performance characteristics along with a feature-rich service orchestrator (Contrail Service Orchestration), which simplifies deployment and management.
- Juniper has long-standing relationships with communications service providers, and a large and loyal installed base. This means there is a large pool of networking personnel familiar with Juniper’s products who can aid with implementation and operation.
- Juniper has integrations with leading WAN optimization and secure web gateway providers, which enable it to deliver a best-of-breed offering.
- Juniper is a late entrant into the rapidly transforming SD-WAN market and many of its target service providers have already aligned with several of Juniper’s competitors for SD-WAN. As a result, it may be difficult for customers to obtain Juniper-based managed services from their preferred service provider.
- Gartner believes Juniper’s service provider NFV-centric strategy is challenging and could compromise its ability to maintain its investments in WAN edge offerings.
- In addition to lacking core features like native WAN optimization and cloud management, Juniper’s offering is more expensive than a number of its competitors.
Nuage Networks is based in Mountain View, California and is a division of publicly traded Nokia, based in Espoo, Finland. Nuage has approximately 400 WAN edge customers. Its flagship offering is its Virtualized Network Services (VNS), which comprises its Virtualized Services Directory (VSD), the Virtualized Services Controller (VSC), and the Network Services Gateway (NSG) CPE (physical, virtual and cloud). Nuage provides a broad portfolio of WAN edge capabilities including requisite provisioning, control, management and automation, which are integrated with its Virtualized Cloud Services (VCS) data center network overlay. Nuage’s strength lies in its long-standing relationships with communications service providers and its reputation for delivering software that operates at global scale. Nuage is relevant to Gartner clients that require extreme scalability or that prefer to consume WAN edge solutions as a managed service.
- Nuage’s WAN edge and data center offering is based on a well-thought-out architecture that delivers an integrated end-to-end network with a common policy and automation framework.
- Nuage has relationships with service providers in all geographies, making its offering available on a global basis.
- The vendor’s vision and roadmap to deliver increasing levels of automation and uniform policy across multicloud environments align with Gartner’s view of emerging customer needs.
- Nuage’s service-provider-centric route-to-market strategy does not match how a large portion of the market prefers to consume WAN edge infrastructure. This will limit buyers’ access to Nuage’s offering.
- Nuage has a very small installed base of enterprise accounts. This means there is not a large pool of networking personnel familiar with its products who can aid with implementation and operation.
- Nuage has very limited experience dealing directly with DIY midmarket buyers.
Peplink is a small, publicly held company based in Hong Kong, with more than 3,500 WAN edge customers. Peplink is listed on the Hong Kong stock exchange as Plover Bay Technologies. Peplink offers a broad array of WAN products optimized for applications where bandwidth is limited. Its flagship WAN edge offering is the SpeedFusion SD-WAN comprising the MAX Multi-Cellular Router (physical), FusionHub router (virtual and cloud) and its InControl 2 cloud management system. The vendor provides a broad portfolio of LTE plus wired WAN edge capabilities including link bonding and remediation, mobility, and fleet management. Peplink’s strength lies in strong wireless networking technical capabilities and its relationships with go-to-market partners that focus on Peplink’s targeted verticals. Peplink is relevant to Gartner clients in nearly all verticals and geographies that have demanding wireless requirements, are in bandwidth-constrained environments or that require mobile networking. Peplink should be considered for all wireless (LTE)-led WAN edge opportunities globally.
- Peplink can support a large number of links in its platforms and can bond multiple links (wired and wireless) into a single logical link to deliver high-bandwidth connections where others cannot.
- Peplink has a rich set of WAN management and troubleshooting capabilities, particularly relating to wireless issues.
- Peplink has vertical-specific capabilities such as ruggedized platforms and applications for time and attendance tracking and fleet management.
- Peplink is a small company with limited sales channels, which can make it difficult for buyers to obtain its products from existing suppliers.
- Peplink’s modest number of channel partners and its limited installed base mean there is a limited pool of networking personnel familiar with Peplink’s products.
- Peplink’s long-term success depends upon significant rollout and adoption of advanced wireless networking for fixed location access. This may affect Peplink’s ability to continue to invest in its products.
Riverbed is privately owned by Thoma Bravo and is based in San Francisco, California, with approximately 30,000 WAN edge customers and 1,000 SD-WAN customers. Riverbed’s flagship WAN edge offering is its SteelHead SD, which supports SD-WAN with WAN optimization in a single integrated appliance. Riverbed also offers the SteelConnect family of SD-WAN gateways, Ethernet switches and access points, which it positions for the midmarket and retail verticals. Riverbed devices are available as physical and virtual form factors and are centrally administered by SteelConnect Manager (cloud-based or on-premises). Riverbed does not offer vendor-hosted cloud gateways as a service, but virtual appliances are available on AWS and Azure cloud marketplaces and Riverbed supports Microsoft Azure Virtual WAN service. Riverbed is suitable for large and midsize organizations globally across verticals, particularly those who desire both SD-WAN and WAN optimization in an integrated device.
- The vendor has substantial experience with and understanding of large-scale WANs and enterprise applications, with more than 30,000 WAN optimization customers.
- Riverbed provides an integrated appliance that includes in-depth WOC and SD-WAN.
- Riverbed offers a simple, easy-to-use “one click” virtual cloud appliance deployment.
- Based on deals Gartner has reviewed through mid-2017, Riverbed has been substantially more expensive than SD-WAN competitors. Riverbed reports that it has adopted more aggressive pricing starting in June 2018.
- Riverbed lacks features that many buyers require including legacy T1/E1 interfaces, link remediation for loss-sensitive applications and SWG, and natively includes only basic stateful firewall capabilities.
- Riverbed does not offer vendor-hosted cloud gateways as a service, but automated deployment of virtual appliances is available for AWS and Azure marketplaces, and Riverbed supports Microsoft Azure Virtual WAN service.
Silver Peak is a privately held company based in Santa Clara, California with approximately 3,000 WAN edge customers. Silver Peak’s flagship WAN edge product is Unity EdgeConnect SD-WAN appliances (physical, virtual, cloud), with optional Unity Boost WAN optimization and Unity Orchestrator (on-premises or cloud), which has more than 1,000 customers. Silver Peak has integration partnerships with popular security providers including Check Point Software Technologies, Fortinet, Palo Alto Networks and Zscaler. Silver Peak’s strength lies in its real-time internet path intelligence, path conditioning, link bonding and optional integrated WOC. Silver Peak should be shortlisted for WAN edge opportunities in North America, EMEA and Asia/Pacific, especially when WOC functionality and path conditioning are required.
- Silver Peak’s WAN path conditioning, combined with Unity Boost WAN optimization, provides comprehensive support for internet links where performance is more variable when compared to traditional WAN circuits such as MPLS.
- The vendor has demonstrated a strong market understanding by delivering SD-WAN products well ahead of other established WAN edge vendors. This has enabled it to build a good understanding of customer deployment needs.
- EdgeConnect is available as a virtual appliance on AWS, Azure and Oracle Cloud, and has upcoming Google Cloud virtual appliance availability scheduled for August 2018.
- EdgeConnect lacks NGFW capability. Users who desire a next-generation firewall capability must acquire, deploy and manage it separately.
- Silver Peak’s limited number of service provider partnerships inhibits its ability to reach buyers that prefer to consume WAN edge capabilities as a service.
- Lack of cloud-resident gateways that are delivered as a service can make the solution less attractive from management, deployment and cost perspectives.
Talari is a private WAN virtualization vendor with a strong focus on WAN path control, headquartered in San Jose, California, with more than 400 WAN edge customers. Its flagship WAN edge offering is the Failsafe SD-WAN comprising its T and E series physical appliances, V and C virtual and cloud appliances, and its Talari Aware management system (on-premises or cloud). Talari’s strength lies in its sophisticated link aggregation and remediation, which provide seamless failover for sensitive applications such as UCaaS/VoIP. Talari provides native WAN optimization, a basic stateful firewall, and an optional embedded NGFW on its E100/E1000 appliances that is delivered via a partnership with Palo Alto Networks. Talari should be shortlisted for WAN edge opportunities for global midmarket enterprises, especially when link remediation and sophisticated traffic steering are required.
- Talari provides strong SD-WAN with good access aggregation capabilities, as well as strong quality of service (QoS) and path selection functionality for predictable application performance and WAN optimization.
- Talari has experience supporting complex deployments such as 911 for emergencies, military and large international call centers.
- Talari’s vision to support simplified resilient and unified SD-WAN capabilities align with emerging customer needs, particularly in the midmarket.
- Talari has limited experience supporting deployments beyond 150 locations.
- Talari lacks support for several capabilities that are important to many buyers such as support for legacy T1/E1 interfaces, asymmetric SaaS acceleration and public cloud resident gateways, which are delivered as a service,
- Talari has limited channel, and very limited carrier/cloud, partnerships outside of the U.S. compared to other vendors included in this research, which may limit buyers’ procurement options. Talari is targeting 2018/2019 for international and channel expansion.
Teldat is an established, privately held communications company based in Madrid, Spain and Nuremberg, Germany with more than 700 WAN edge customers. Teldat offers a broad range of voice and data products including LAN, WAN, wireless LAN (WLAN) and voice, and its IntegraT division provides integration, maintenance and support services. Its flagship WAN edge offering is the Teldat-iM8, an SD-WAN edge gateway and the Colibri NetManager (CNM). The vendor provides routing, SD-WAN, basic firewall and SWG functionality on its WAN edge products. Teldat operates globally, but focuses primarily on EMEA and Latin America, and delivers products primarily through carriers and managed service providers. Teldat should be considered for routing and SD-WAN by customers in EMEA and Latin America, who prefer operating their WAN edge devices via managed network providers.
- Teldat provides cost-effective solutions in this market, and can address customer branch challenges beyond just the WAN edge, including LAN and WLAN, from the same management console.
- Teldat has a large installed base of customers using its traditional routers, and a proven ability to support large-scale WANs of more than 1,000 locations. We believe this will carry over to its SD-WAN offering.
- Teldat offers a management console that is available as an over-the-top service, which many customers prefer to simplify operations.
- Teldat has limited expertise with DIY enterprises as it is heavily focused on selling through carrier and MSP partnerships in Europe and Latin America.
- Teldat’s SD-WAN product is relatively new, with limited customer adoption (less than 50 customers), and limited advanced features. The vendor has not yet shown it can consistently compete and win against focused SD-WAN competitors, which may limit its ability to grow in the market.
- The vendor lacks several capabilities that other vendors offer, including: software instances within AWS/Azure marketplaces, high availability for SD-WAN devices, WAN optimization, first packet application recognition and asymmetric SaaS acceleration.
Versa is a small, privately held company based in San Jose, California with more than 500 WAN edge customers. Versa focuses on branch and WAN functions including routing, security and SD-WAN. Its flagship WAN edge offering is Versa FlexVNF software, and the requisite management and orchestration. FlexVNF supports routing, SD-WAN and multiple security functions, as well as third-party virtual network functions (VNFs). FlexVNF can be delivered as a branded appliance, in AWS and Azure cloud marketplaces, and as a software appliance. Versa should be considered for SD-WAN opportunities in North America, particularly when SD-WAN and security functions are desired.
- Versa offers advanced feature depth/capability for both security and SD-WAN, with support for NGFW, mean opinion score (MOS)-based steering, SaaS acceleration, forward error correction, striping and packet duplication.
- Clients choosing Versa often cite the integration of SD-WAN and NGFW/UTM via a single management interface as a strong differentiator versus competitors.
- Several network service providers including CenturyLink, Colt Technology Services, Verizon, Tata Communications and others have general availability offerings based on Versa technology, which indicates product stability and scalability, and should help Versa to compete long term in the market.
- Versa has limited adoption in large-scale branch deployments (beyond 1,000 branches) and limited adoption outside of North America, although international expansion is ongoing.
- Versa lacks several capabilities in this market including full WAN optimization and publicly available cloud gateways offered as a managed service; although, its service providers offer Versa gateways to their customers.
- Versa has limited direct enterprise DIY experience as much of its initial efforts have gone to working with MSP partners as its preferred route to market. This may limit its ability to serve buyers that favor a DIY approach.
VMware is a large, publicly traded company based in Palo Alto, California, and we estimate it has more than 3,000 WAN edge customers. In December 2017, VMware acquired VeloCloud. VMware’s flagship WAN edge offering is VMware NSX SD-WAN by VeloCloud, which includes edge appliances, orchestration and cloud-resident gateways. The vendor’s edge appliances are available as hardware or software, and are also available in the AWS and Azure marketplaces. VMware also offers cloud-resident gateways that are delivered as a service (NSX SD-WAN gateways). The NSX SD-WAN orchestrator is available on-premises, hosted or via an OTT offering. VMware provides a firewalling capability in addition to routing and SD-WAN functionality. VMware is relevant to Gartner clients in nearly all verticals and geographies, and should be considered for all SD-WAN opportunities globally.
- VMware’s dynamic optimization capability improves application performance across degraded links, including real-time applications such as voice, and even in single-link scenarios.
- VMware has consistently demonstrated the ability to win against other SD-WAN competitors in highly competitive situations with technologically astute customers, and, consequently, supports production WANs of more than 1,000 sites.
- The vendor’s vision and roadmap over the next 18 months to deliver intent-based networking for the WAN, end-to-end microsegmentation and integration with edge computing align with emerging customer needs.
- The vendor lacks WAN optimization, NGFW and secure web gateways in its products, which are often desired by global companies and/or companies doing direct internet offload.
- Compared to several competitors in this research, VMware has less experience in supporting complex WAN edge environments.
- We expect VMware to aggressively sell NSX SD-WAN into its extensive global ESX installed base, which will likely spread existing VeloCloud sales/support resources thin, possibly impacting implementation quality.
Vendors Added and Dropped
We review and adjust our inclusion criteria for Magic Quadrants as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant may change over time. A vendor’s appearance in a Magic Quadrant one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.
This is the initial WAN edge Magic Quadrant.
This is the initial WAN edge Magic Quadrant.
Inclusion and Exclusion Criteria
To qualify for inclusion, vendors must show relevance to Gartner clients via the following:
- Provide hardware and/or software addressing the emerging enterprise WAN edge requirements outlined in the Market Definition/Description section. Alternatively, they can address this need by delivering a managed service that uses in-house-developed hardware/software to deliver the service.
- Produce and release enterprise WAN edge networking products for general availability as of 1 June 2018. All components must be publicly available, shipping and included on the vendor’s published price list as of this date. Products shipping after this date, and any publicly available marketing information will only have an influence on the Completeness of Vision axis.
- Provide commercial support and maintenance for their enterprise WAN edge products (24/365) to support deployments on multiple continents. This includes (but is not limited to) hardware/software support, access to software upgrades, and troubleshooting and technical assistance.
- Show relevance to Gartner’s enterprise clients on a global basis by meeting both of the following criteria:
- One hundred fifty production WAN edge customers (under active support contracts) or 10 production customers with more than 500 branches deployed each. This excludes paid pilots and POCs.
- Demonstrate either: (1) active sales and support for enterprise WAN edge on at least two continents with at least 25 current customers based on each continent (with active support contracts); or (2) 250 WAN edge customers (with active support contracts) with at least 150 customers on one continent and at least five customers on each of two additional continents.
Basic Product Capabilities
Vendors must have generally available products that support all of the following capabilities. These capabilities must be supported natively on branch CPE:
- The ability to function as/replace the branch office router/CPE
- For product companies, a multi-interface physical CPE appliance form factor with a list price of under $1,500
- The ability to operate autonomously in the event of a loss of connection to the central management application or controller
- Support for static routing and BGP for connections to the enterprise core
- Support for the following WAN topologies — hub and spoke, partial mesh and full mesh — all with direct internet breakout at the branch
- Centralized management for devices, including visibility, reporting and configuration changes, and software upgrades
- Zero-touch configuration for branch devices
- The ability to centrally manage and configure devices via a GUI
- VPN (Advanced Encryption Standard [AES] 256-bit encryption)
- Dynamic traffic steering based on business or application policy (not limited to only DiffServ Code Point [DSCP]/ports or IPs/circuits)
- Support for traffic shaping and QoS
- At least 100 well-known application profiles included, and the ability to create customized app templates
- Support for customers to make granular device configuration changes rather than requiring the customer to contact the vendor to make the change
Advanced Product Capabilities
Vendors must have generally available products or services that support at least six of the following 16 capabilities:
- T1 or E1 physical interfaces
- Embedded 3G/4G LTE modems
- Physical and virtual form factors for branch CPE
- Software-based appliance form factors certified for public IaaS providers such as AWS and Azure
- Public cloud resident gateways that are delivered as a service
- Dynamic path selection that accounts for WAN conditions at individual branches, including circuit uptime and latency, and generalized application performance.
- Basic WAN optimization (minimum TCP optimization, compression, deduplication, HTTP[S] optimization)
- Optimized private backbone, offered by the vendor as a managed service
- UC optimization/remediation, which requires at least one of the following: forward error correction (FEC) or packet duplication across multiple circuits
- Firewall or next-generation firewall
- Secure web gateway
- Additional security capabilities such as DNS-based protection
- Support to install third-party VNF
- Cloud-managed capabilities (management plane delivered as a cloud-resident service, offered as SaaS)
- Asymmetric SaaS acceleration
- Proven ability to do first packet identification of common SaaS applications for traffic steering
- Vendors must show relevance to Gartner’s enterprise clients by meeting at least one of the following for 2017:
- Total one-time annual recognized WAN edge product revenue of at least $10 million
- Total one-time annual recognized WAN edge product revenue of at least $4 million, with a 2017 compound annual growth rate (CAGR) of more than 50%
- Recognized recurring license revenue of at least $5 million
- Recognized recurring license revenue of at least $2 million, with a 2017 CAGR of more than 50%
This Magic Quadrant will not focus on offerings that support extra-small-site deployment needs that are common in such retail markets as mall kiosks, convenience stores, gas stations and independent insurance agents. This use case will be covered in the companion Critical Capabilities research.
In addition, we exclude NSPs offering managed network services that do not own their WAN edge technologies because they build their offerings with commercial vendor products as the underpinning technology. Further, most carrier services are not agnostic to transport.
Vendors of Note
There are more than 60 vendors that compete in the WAN edge market; many with very specialized offerings. Vendors listed below, along with several others, did not meet the inclusion criteria but are notable for their offerings and may be of interest to readers of this research:
- 128 Technology
- Bigleaf Networks
- Aruba, a Hewlett Packard Enterprise company
- Lavelle Networks
Ability to Execute
Product/Service: This criterion refers to core goods and services that compete in and/or serve the defined market. This includes current product and service capabilities, quality, feature sets, skills, etc. This can be offered natively by the vendor or alternatively through technology licensing, as long as the vendor provides additional technological capabilities beyond those provided by the OEM supplier.
It evaluates vendors by looking at their overall WAN edge networking portfolios, including all hardware and software aspects of WAN edge networking. This includes physical and virtual CPE, controllers, gateways, and the relevant automation, management and orchestration of those components. We consider the breadth and depth of WAN edge functions that the vendor offers, as well as automation and integration within broader networking workflows and orchestration. Particular attention will be paid to management that is application-/business-outcome-focused, not infrastructure (TCP/IP, command line interface [CLI] and/or DSCP)-oriented. We consider product and architectural migration strategies, and the ability to address customers’ multicloud deployment requirements, QoS, traffic steering, scalability and resiliency. We focus on vendors’ flagship enterprise offering and/or the products they lead with for enterprise accounts.
Overall Viability: Viability includes an assessment of the overall organization’s financial health; the financial and practical success of the business unit; and the likelihood that the individual business unit will continue to invest in and offer the product, and advance the state of the art within the organization’s portfolio of networking products. Geopolitical issues may also impact overall viability for some vendors in this market.
Sales Execution/Pricing: The organization’s capabilities in all presales activities and the structure that supports them are evaluated. This includes deal management, pricing and negotiation, presales support and the overall effectiveness of the sales channel.
This criterion evaluates presales and go-to-market activities of both the vendor and its channels, and includes analysis of how the vendor interacts with its customers and prospects. The second aspect of this criterion includes our evaluation of the cost-effectiveness of the solutions for purchase and support over their useful life, and the ability to recognize and position the most appropriate solution in specific sales situations.
Market Responsiveness and Track Record: This refers to a vendor’s ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve, and market dynamics change. It includes how well the vendor’s offering matches buyer’s requirements at the time of purchase. We assess the vendor’s track record in delivering new capabilities when the market needs them. This criterion also considers the vendor’s history of responsiveness to changing market demands. This evaluation is not limited to products, it involves pricing/licensing as well.
Marketing Execution: We evaluate the clarity, quality, creativity and efficacy of programs designed to deliver the organization’s message in order to influence the market, promote the brand, increase awareness of products and establish a positive identification in the minds of customers. This “mind share” can be driven by a combination of publicity, promotional, thought leadership, social media, referrals and sales activities.
This criterion focuses on how the vendor is perceived in the market, and how well its marketing programs are recognized. For WAN edge infrastructure, the evaluation focuses on how well the vendor is able to influence and shape perception in the market through marketing activities. An additional indicator for this criterion is how often Gartner clients consider a vendor as a possible supplier in a shortlist evaluation.
Customer Experience: Products and services and/or programs that enable customers to achieve anticipated results with the products that are evaluated. Specifically, this includes quality supplier/buyer interactions, technical support, or account support. This may also include ancillary tools, customer support programs, availability of user groups, service-level agreements, etc.
This criterion looks at all aspects of the customer experience, with a heavier weighting on postsales service and support activities. This includes customers’ experiences with the vendor’s WAN edge products and services used in their production environments. It includes initial provisioning, as well as day-to-day operation and management of WANs. Hardware and software quality and how existing customers describe their experience with the vendors’ products are evaluated.
Table 1: Ability to Execute Evaluation Criteria
Completeness of Vision
Market Understanding: This refers to the vendor’s ability to understand customer needs and translate them into products and services. It describes vendors that show a clear vision of their market — listen, understand customer demands, and can shape or enhance market changes with their added vision.
This criterion assesses the vendor’s ability to look into the future and drive new ideas into product roadmaps and offerings. This includes the vendor’s understanding of core WAN edge buyers as described in the Market Definition/Description section. In this market, we look at the vendor’s ability to address the challenges associated with distributed branch office locations. This may include, but isn’t limited to, simplified central management; large-scale deployments; latency/bandwidth challenges; automation; multicloud networking; changing application deployment scenarios including on-premises, IaaS/PaaS, and SaaS; architectures; openness; choice; and investment protection.
Marketing Strategy: This criterion considers clear, differentiated messaging consistently communicated internally, externalized through social media, advertising, customer programs, and positioning statements.
It evaluates the ability of the vendor to influence the market through its messaging and marketing campaigns. Further, this includes the extent to which the vendor articulates a differentiated message and communicates it consistently. We look for consistent communication throughout the organization and through its website, advertising, customer programs and positioning statements, as well as statements of direction and product roadmaps.
Sales Strategy: This refers to a sound strategy for selling that uses the appropriate networks including: direct and indirect sales, marketing, service, and communication. The vendor should have partners that extend the scope and depth of market reach, expertise, technologies, services and its customer base.
This criterion evaluates the vendor’s use of direct and indirect sales to extend the scope and depth of its market reach. This includes development of effective go-to-market strategies; alliances and partnerships leveraging value-added resellers (VARs), system integrators (SIs), master agents, NSPs, MSPs and OEM resellers as appropriate. In addition, this includes how the vendor exploits new business models that are emerging due to market and technology transitions.
Offering (Product) Strategy: This criterion refers to an approach to product development and delivery that emphasizes market differentiation, functionality, and features as they map to current and future requirements.
It evaluates how the vendor plans and invests in R&D to continue to innovate in the key market transitions identified in the Market Definition/Description and Extended Market Definition sections. This includes product roadmaps around existing and future WAN edge functions. This also includes not only the raw functions, but also the vendor’s overall architecture across the portfolio.
Business Model: The design, logic and execution of the organization’s business proposition to achieve continued success are evaluated. This criterion assesses the soundness and logic of a technology provider’s underlying business proposition.
Vertical/Industry Strategy: This refers to the vendor’s strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
It measures the vendor’s ability to address the unique requirements of particular verticals/industries and to employ the associated sales channels to build a sustainable business advantage.
Innovation: We evaluate a vendor’s direct, related, complementary, and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
This criterion measures the vendor’s ability to address emerging WAN edge requirements and/or to increase value to enterprise customers. We look at how the vendor invests in new technologies to move its business and the market forward, with a focus on technologies that are differentiated, unique and offer high value to the enterprise buyer. Specific examples include (but aren’t limited to) application centricity, intent-driven networking, improved management and automation, and even nonproduct innovations like consumption-based pricing and hybrid offerings that bundle product and managed services. A key attribute in the WAN edge market is vendor innovation in technology areas that best meet emerging enterprise market requirements around simplified management of hybrid WAN architectures, including increasing levels of automation. Innovation is not a checkbox of current and proposed product features. Innovation is not limited to product, it can cover multiple aspects of the vendor’s strategy.
Table 2: Completeness of Vision Evaluation Criteria
A Leader has demonstrated a sustained ability to address changing requirements for enterprise WAN edge. A Leader also can drive, shape, and transform the market, and maintain strong relationships with its channels and customers.
A Challenger has demonstrated sustained execution in the marketplace, and has clear, long-term viability in the market. However, a Challenger has not shown the ability to drive, shape and transform the market.
A Visionary has innovated in some key areas of WAN edge, such as path selection, link remediation, automation, operational efficiency and cost reductions. Visionaries often help to transform the market, from driving new ideas, including new business models, to solving enterprise challenges.
A Niche Player has a complete or near-complete product offering, but has limitations such as geographic reach or vertical market focus. A Niche Player has a viable product offering but has not shown the ability to transform the market or maintain sustained execution.
The WAN edge market (comprising SD-WAN plus traditional branch routers) is forecast to generate a CAGR of −3% in end-user spending from 2017 through 2022. However, this is the result of the robust growth of SD-WAN (37% CAGR) and the decline of traditional branch office routers (-21% CAGR). The decline is due to the lower average selling price of SD-WAN hardware and software.
During this same period, the dedicated WAN optimization market will experience a −24% CAGR, while the firewall market is forecast to grow by an 8% CAGR.
During this period, Gartner expects that functional consolidation of WAN edge functions into a new class of device may cause further declines in the number of devices shipped and the total market size. This bodes well for buyers, as multifunction devices typically sell for less than several dedicated devices.
The increase in WAN speeds from 1.5/2.0 Mbps legacy interfaces and 10 Mbps Ethernet interfaces to link speeds and throughputs of 1 Gbps and beyond will drive up the prices of WAN edge equipment, although at a slower rate than the increase in link speeds.
Popular and Emerging Topics
Internet Substitution for MPLS Connections
Many Gartner clients hope to fund their WAN expansion/update by replacing or augmenting expensive MPLS connections with internet-based VPNs, often from alternate providers. However, suitability of internet connections varies widely by geography, and service providers mixing connections from multiple providers increases complexity. SD-WAN has dramatically simplified this approach for the following reasons:
- Due to the simpler operational environment and the ability to use multiple circuits from multiple carriers, enterprises can abstract the transport layer from the logical layer and be less dependent on their service providers.
- This decoupling of layers is enabling new MSPs to emerge to take advantage of the above for customers that still want to outsource their WANs.
- Traditional service providers are responding with NFV-based offerings that combine and orchestrate services (SD-WAN, security, WAN optimization) from multiple popular vendors.
Automation and Agility
Currently, many WAN changes are manual and CLI-driven (more than 70% for many enterprises). Thus, in many inquiries regarding WAN, Gartner clients mention a desire to improve automation and agility. In some instances, the focus is on dedicated SD-WAN tools; but occasionally this desire is driving investment in no-traditional tooling such as Ansible or intent-based networking. Gartner clients report operation savings of 90% when comparing the better WAN edge solutions with traditional router-based deployments (administration time of five minutes per months versus one hour per month).
Routing From Nontraditional Suppliers
Enterprise routing has been the purview of a few trusted suppliers. The emergence of SD-WAN has demonstrated that routing has been democratized and that many vendors are as good, or perhaps even better, at branch office routing than the incumbents. As a result, trusted suppliers from adjacent markets, typically security and WAN optimization, are now aggressively competing for this business. Client inquiry often covers the suitability of these supplier solutions and the possible saving of as much as 50% when refreshing routing.
Feature Breadth Versus Feature Depth
There are two approaches to selecting WAN edge equipment. Some Gartner clients prefer feature depth and they often prefer dedicated devices per function in the belief that they can achieve a more robust solution via best-of-breed products. Others prefer the simplicity of a single device and management console in the belief that the consolidated function device is more than good enough, especially since it can be easier to correctly configure the entire technology stack via one interface.
Gartner’s view of the market is focused on transformational technologies or approaches delivering on the future needs of end users. It is not exclusively focused on the market as it is today.
This dynamic market with emerging client needs has created a deeply fragmented vendor landscape, with both large established vendors and smaller providers from multiple segments competing for deals. Differentiation can be feature-based (e.g., T1/E1 support, embedded NGFW), business-model-based (pure subscription, WAN as a service using proprietary technologies) got-to-market (direct, master agents, product-focused VARs or system integrators as MSPs). Some vendors focus on feature depth, while others choose an “all in one offering” approach. Scale of deployment and the ability to support complex environments remain differentiators at the high end of the market, where some customers require deployments of several thousand branches.
The WAN edge market is primarily driven by five factors:
- Refresh of existing branch office networking equipment that is at its technological or support limits (see “Know When It’s Time to Replace Enterprise Network Equipment”)
- Renewal of NSP or managed service contracts, where a new service provider also means new equipment
- The changing traffic patterns resulting from the increasing use of cloud resources, which renders the traditional hub-and-spoke WAN architecture obsolete
- The expansion of capacity (i.e., physical build-outs) within existing locations
- The desire to increase agility and automation in order to address the needs of digital business transformation and to lower operational expenses (and maybe the growing realization that WAN operations do not need to be the burdensome operational burden of the past)
Moving forward, Gartner views SD-WAN and vCPE as key technologies to help enterprises transform their networks from fragile to agile. We believe that emerging SD-WAN solutions and vCPE platforms will best address enterprise requirements for the next five years, as they provide the best mix of performance, price and flexibility compared to alternative hardware-centric approaches. Specifically, we predict that by 2023, more than 90% of WAN edge infrastructure refresh initiatives will be based on vCPE or SD-WAN appliances versus traditional routers (up from less than 40% today).
Vendor Landscape Changes
Just a few years ago the WAN edge market was dominated by a few suppliers with long histories of providing routing. Security and WAN optimization was often provided by dedicated appliances, and even when device consolidation was available, cost savings were small.
With the acceptance of SD-WAN and the demonstration that routing was no longer a magic solution that would be practiced by a very few, companies that often practiced coexistence are now aggressively competing.
This Magic Quadrant covers more than 10 well-known incumbent vendors, as well as a number of smaller suppliers. In total, the WAN edge market has more than 60 suppliers. Unlike most markets, we don’t expect this market to significantly consolidate to three or four suppliers over the next 24 to 36 months. It is likely that more than 10 mainstream suppliers will remain for at least that long.WAN refresh opportunities often now involve three trusted existing suppliers and one or two new providers. In many cases, vendors from adjacent markets are competing by bundling multiple functions (e.g., UTM plus routing) in a single offering that is priced only slightly higher than a single-function offering.
I&O leaders responsible for building and operating wide-area networks should:
- Evaluate at least two providers in addition to your incumbent WAN edge provider for any significant WAN expansion or router refresh.
- Evaluate the total cost of ownership (TCO) for any SD-WAN deployment. Savings may fund an early refresh, but a detailed end-to-end, life cycle analysis is required (see “Fact or Fiction: Does SD-WAN Really Save You Money?”). Many new WAN edge solutions have very different business models, with a strong shift from upfront capital expenditure (capex) to annual license subscriptions, which may dramatically increase your TCO. Quotes should include all platform, license and support costs for three to four years in order to perform a proper evaluation.
- Evaluate WAN as a service for your next refresh, even if you have traditionally pursued a DIY approach (see “DIY vs. MNS: Enterprises Must Reassess Their Network Sourcing Model to Prepare for SD-WAN”).
- Invest heavily in automation, including both time and resources, to create a “relentless automation” or “automation by default” mindset (see “Market Guide for Network Automation”).
- Favor WAN edge vendors that can facilitate automation. As a key part of vendor evaluation, include an evaluation of the operational model of any new WAN edge solution to determine potential savings and differentiation between competing vendors.
- Change your networking teams’ culture to one that manages risks appropriately, rather than one that avoids them at all costs (see “Bring Web-Scale Networking Concepts to Your Data Center”).
Extended Market Definition
Characteristics of the Market
Typical business outcomes — The fundamental business outcome is connectivity between enterprise users, applications and services that reside in distributed locations. Locations include (but aren’t limited to) headquarters, branches, corporate data centers, colocation/hosting facilities and cloud providers. Increasingly, buyers require improved agility, automation, flexibility, and application visibility and control, while significantly reducing operational complexity and time to manage the WAN environment.
Market — WAN edge infrastructure provides network functions that support connectivity for distributed locations (typically branches). This market includes functionality that Gartner defines as routers, secure routers, firewalls, WOCs, WAN path controllers and SD-WAN.
Typical buyers — Within the enterprise, CIOs, CTOs, the vice president of I&O, the director of networking, and network and telecom managers are typically the buyers of WAN edge infrastructure. Branch managers as well as enterprise architects can be strong influencers in larger enterprises; so can customers.
How buyers shape their buying decisions — When selecting WAN edge infrastructure, buyers typically focus on several factors including feature/functionality, price, performance, form factor, deployment options, ease of management, visibility/analytics, customer support/experience, overall product architecture, vendor incumbency and familiarity. Current decisions are strongly influenced by changing traffic patterns impacting the enterprise WAN.
Deliverables — The primary deliverables include network functions that enable connectivity for users at branches. Typical network functions include edge routing, secure routing and VPN, WAN optimization, WAN path control, and SD-WAN. These functions can be delivered to the enterprise as dedicated hardware appliances (such as a router, WOC, gateway, SD-WAN edge-device) or as a software instance of these functions (a VNF). The appliance may reside at the customer premises, in provider POPs or as a network-based/cloud service.
How providers package, market and deliver — Buyers typically source their WAN edge products either directly from network equipment suppliers, or via a network or managed service provider (that is, as a managed service). WAN edge infrastructure can be procured via purchase, lease, subscription or consumption-based pricing models. Further, there is a diverse set of deployment options for these networking functions, including via hardware appliances, software (VNF) or cloud-based services.
Characteristics of WAN Edge Solutions
WAN edge solutions are characterized by the following elements:
- Physical interfaces: This refers to physical interfaces to plug into the service providers’ circuits. Ethernet is rapidly becoming the default connection and link speeds are increasing to multigigabit speeds.
- Physical topology: Traditional hub-and-spoke WAN architectures are no longer suitable for most enterprises. Enterprises are altering their WAN architectures in support of new digital business initiatives and adoption of public cloud services. Digital business is a key priority for CEOs, with 42% saying that “digital first” or “digital to the core” is now their companies’ digital business posture. (See “2017 CEO Survey: CIOs Must Scale Up Digital Business” and “Digital Business Initiatives Will Require a Hub-Based WAN Edge for Sufficient Agility.”) The rationale behind this is that migration of applications to the public cloud can lead to distinct challenges, including:
- Network performance problems as traffic is backhauled, which typically increases latency.
- WAN expenses increase due to backhauled internet traffic.
Thus, we estimate that more than 50% of Gartner clients will deploy hybrid WANs within two years. However, this complicates the overall operation and management of branch office WAN equipment, as traditional WAN edge functions are difficult to manage at scale in a hybrid architecture.
Virtualized customer premises equipment refers to the use of industry-standard, typically x86-based devices for enterprise network edge functions, rather than using function-specific appliances. These devices can include WAN edge routers, WOCs and firewalls. vCPE is one delivery method for an NFV deployment (see “Network Function Virtualization Will Enable Greater Managed WAN Agility and Flexibility”). vCPE will increase the agility of enterprise networks, enabling them to respond to changing needs more rapidly. It should reduce the costs of adding additional functions at the WAN edge, reduce the effort and risk of deploying new functions, and allow the enterprise to consider smaller, specialist vendors.
Today, vCPE is primarily a carrier-driven technology, but as carrier offerings become mainstream, enterprises will be involved in the decision-making process regarding which network functions are run on the NFV/vCPE platform. Further, organizations that rely on carrier services will likely be consuming services that are underpinned by vCPE.
Routing and WAN Optimization
While SD-WAN and vCPE represent areas of high growth at the WAN edge, dedicated routers and WAN optimization controllers are still widely deployed in the enterprise. In fact, some SD-WAN deployments today haven’t actually replaced traditional routers; they’ve supplemented them for a variety of reasons, including risk aversion and lack of support for legacy T1/E1 interfaces and analog voice interfaces. However, moving forward, these dedicated hardware devices are evolving from stand-alone markets to features in emerging SD-WAN products and within vCPE platforms.
After many years of limited options, there are now several deployment methods available for the enterprise to consume network functions:
- Dedicated hardware appliance — This is the traditional style of deployment, in which a single network function is delivered as a turnkey integrated hardware appliance. This is still very common today, as many enterprises have dedicated physical routers, UTM and WAN optimization hardware appliances. Cisco 800 Series routers, and Riverbed SteelHead and Juniper NGFW physical appliances are common examples.
- Multifunctional integrated platform — This is a platform that combines proprietary hardware and software to deliver multiple functions, such as WAN optimization and routing, and may extend beyond just WAN functions to include voice, security or x86 compute capacity. Fortinet FortiGate appliances and Cradlepoint’s AER branch office routers are examples.
- Virtualized network function — This is a software-based instance of a network function that can be delivered on an x86-based computing platform. Nearly all routing, WAN optimization and SD-WAN vendors deliver a VNF version of their software.
- Virtualized CPE platform — vCPE is a multifunctional platform to support an NFV architecture, designed around industry standards to run multiple virtual functions, with possibly different vendors’ functions in the same device. The platform allows multiple VNFs to be installed, and typically makes use of industry-standard x86 devices, rather than function-specific appliances. Juniper Networks’ NFX is an example of a hardware vCPE platform.
- Cloud-based OTT — Network function is delivered via a cloud platform, and the enterprise subscribes to the functionality. Examples include Aryaka and Cato, which provide WAN optimization as a service.
Consumption Models for WAN Edge Infrastructure
Enterprises consume WAN edge infrastructure functionality in multiple ways, including:
- DIY — Enterprise owns and manages WAN edge functionality itself.
- NSP — Network service provider manages edge, usually as an extension to WAN transport.
- Managed network service (MNS) — Managed network service providers include system integrators and MSPs, which in some cases allow organizations to bring your own access (BYOA).
- Hybrid — This is a combination of at least two of the above.
On a global basis, most WAN edge infrastructure is provided as a managed service, either via a service provider or SI. Conversely, in North America, the predominant way of managing WAN edge infrastructure for a large enterprise is DIY.
In this research, we focus primarily on WAN edge functionality that can address multiple consumption models. Further, WAN edge infrastructure must be agnostic to the underlying transport model.
Gartner analysts conducted more than 2,500 Gartner client inquiries on the topic of wide-area networking between 1 July 2017 and 30 June 2018.
Market size forecast sources are from “Forecast: Enterprise Network Equipment by Market Segment, Worldwide, 2015-2022, 3Q18 Update.”
All vendors in this research responded to an extensive questionnaire regarding their current/future data center networking solutions.
We surveyed reference customers provided by vendors in this research. All vendors in this research provided reference customers, although not all reference customers completed the survey (n = 88).
Analysts reviewed Gartner Peer Insights data for this market.
Evaluation Criteria Definitions
Ability to Execute
Product/Service: Core goods and services offered by the vendor for the defined market. This includes current product/service capabilities, quality, feature sets, skills and so on, whether offered natively or through OEM agreements/partnerships as defined in the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of the overall organization's financial health, the financial and practical success of the business unit, and the likelihood that the individual business unit will continue investing in the product, will continue offering the product and will advance the state of the art within the organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities in all presales activities and the structure that supports them. This includes deal management, pricing and negotiation, presales support, and the overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to respond, change direction, be flexible and achieve competitive success as opportunities develop, competitors act, customer needs evolve and market dynamics change. This criterion also considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality, creativity and efficacy of programs designed to deliver the organization's message to influence the market, promote the brand and business, increase awareness of the products, and establish a positive identification with the product/brand and organization in the minds of buyers. This "mind share" can be driven by a combination of publicity, promotional initiatives, thought leadership, word of mouth and sales activities.
Customer Experience: Relationships, products and services/programs that enable clients to be successful with the products evaluated. Specifically, this includes the ways customers receive technical support or account support. This can also include ancillary tools, customer support programs (and the quality thereof), availability of user groups, service-level agreements and so on.
Operations: The ability of the organization to meet its goals and commitments. Factors include the quality of the organizational structure, including skills, experiences, programs, systems and other vehicles that enable the organization to operate effectively and efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision.
Marketing Strategy: A clear, differentiated set of messages consistently communicated throughout the organization and externalized through the website, advertising, customer programs and positioning statements.
Sales Strategy: The strategy for selling products that uses the appropriate network of direct and indirect sales, marketing, service, and communication affiliates that extend the scope and depth of market reach, skills, expertise, technologies, services and the customer base.
Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements.
Business Model: The soundness and logic of the vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of individual market segments, including vertical markets.
Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes.
Geographic Strategy: The vendor's strategy to direct resources, skills and offerings to meet the specific needs of geographies outside the "home" or native geography, either directly or through partners, channels and subsidiaries as appropriate for that geography and market.