What Is NaaS?

This blog attempts to answer the question, “What Is NaaS?”. However, I’m limiting this to NaaS for enterprises.

What the acronym stands for is simple: NaaS stands for Network as a Service.

However, as with most trendy acronyms, it seems to have a somewhat flexible definition, as product vendors jump to attach the shiny new label to what they do. Definition creep?

Taxonomy of NaaS

So let’s take control and define NaaS for ourselves.

Well, sort of, I don’t have a big enough ego to think I can define it for the industry. But we can at least identify attributes and varieties of NaaS.

NaaS presumably includes the following:

• Some sort of web portal for ordering up one or more network services.
• Velocity (speed) is a potential driving factor. Getting access or Internet links installed remains comparatively very slow and painful, so it may or may not be part of the offerings.
• A managed service providing some form of networking connectivity, generally involving Cloud and/or CoLo or “local” (regional?) POP sites, and including (where relevant) virtual devices, software, licensing, and support services. For example, managed services encompassing Internet links and SD-WAN devices.
• Managed security services are another factor. Network World has pointed out they may be likely to become part of NaaS offerings, and I agree. Possibly a separately priced option, or not. Liability, trust, and other considerations may be a challenge for this. For the purposes of this blog, we’ll regard any managed security services as optional NaaS add-ons.

Cisco recently published a thoughtful blog about what NaaS includes and how it differs from a managed service (and touting their NaaS services, of course).

What likely varies is scope: how much of your network, and what services does the NaaS vendor supply?

What is relatively easy for a wannabe NaaS vendor to supply/automate:

• VPC/Vnet instance creation in the cloud
• Virtual firewall and SD-WAN router instances, aka “VNF”, in the cloud or sites they control
• Possibly other types of virtual devices, ditto
• Cloud provider connections and cloud routing to endpoints the CSP supports

This might be done in any cloud provider the NaaS provider has a presence at or an account with.

Connection services might be one- or two-ended. E.g., with a VPN connection, or a connection to a CoLo, you might have to set up and manage the non-cloud end of the connection. Or the NaaS provider might. (Good detail to nail down when comparing services – what is the demark, who does what?)

This gets broadened to include CoLo provider sites with portals/APIs that can do the same sorts of things. Or, alternatively, to include CoLo provider sites where the NaaS vendor has equipment or other ability to spin up some of the above items, where they provide any virtual devices and CoLo to cloud/CoLo connections. Let’s use “CCtoCC” for “cloud or CoLo to cloud or Colo connectivity.”

A third aspect is the last mile, which can be painful and slow to deploy, as usual. A couple of possibilities come to mind there:

• If your site has an Internet connection onsite, can the NaaS provider manage your SD-WAN or VPN-capable router and provide automated site connectivity to their core NaaS functions?
• If not, can / will the NaaS provider provide last mile circuits for you, either to a nearby CoLo they are present at or to the Internet?

Managed services for LAN, WLAN, onsite devices are just that, managed services; I personally don’t see them as NaaS.

As I write this, I see analysis of competing vendors ideally as a MATRIX. That is, checkboxes for each NaaS vendor for what they do and do not provide, or partially provide, with “via their portal and automation” as the criterion. I’m not going to show you a matrix because I feel that more specific columns are likely desirable, but I won’t be able to provide that info without a bigger time investment. So, I’ll stay a little more generic below.

That leaves us with something like the following list of coverage areas a NaaS provider might support:

• Cloud to Cloud (only)
• CoLo to CoLo and Cloud
• Integrated Cloud configuration (VPC or Vnet, transit, gateways, connections to Cloud)
• Integrated CoLo or NaaS Provider NFV configuration (and device/virtual device support)
• Last-mile endpoint management
• Last-mile circuit or VPN

For each vendor below, I’ll try to indicate which of these capabilities they have. All the descriptions below are based on what I know or can determine based on their websites. My impression is that currently, no one does it all. And, as one might expect, most offerings center on the vendor’s existing strengths and/or infrastructure.

You’re welcome to create your own matrix based on this and/or further research.

Network World’s article (see link below) adds degrees of NaaS: subscription hardware managed service on top of that, or “true NaaS” where the provider “does it all.” I’m more interested in “does it all” I don’t see subscription hardware or partially managed as being NaaS, period.

The Last Mile

I have the impression that at least some of the vendors don’t really want the last mile services, but maybe that’s just me seeing what I expected to see, or maybe it just isn’t sexy, so they don’t mention it on their (marketing) web pages.

As I ponder this, it strikes me that the last mile may be a differentiator. NetCraftsmen is providing managed SD-WAN services including last mile management (among other offerings).

Does it make sense to envision future networks as having the following components:

• Sites and self-managed LAN etc.
• Large sites with dedicated links to CoLo or Cloud, and/or Internet, self-managed.
• Self-managed or purchased Managed SD-WAN connectivity to regional CoLo or other hub sites, or Cloud, including Internet and/or last-mile connections.
• Remote access (self-managed or outsourced as a service). RAaaS?
• NaaS centered on the CoLo, hub sites, Cloud, and interconnections of that tier.

The vendors I cover below mostly fit into that last item, which might be described as the new WAN core or something along those lines.

So is managed SD-WAN also NaaS, or is it just managed SD-WAN / SASE? It does seem like it ought to be NaaS, but I doubt anyone selling such services is going to describe it as NaaS. This comes down to the blog title question, what IS NaaS?

NaaS Vendors

Let’s take that for a test drive with some self-proclaimed NaaS providers or companies that fit somewhere into the above taxonomy.

To create some focus, I’m going to pretty much ignore companies with an SD-WAN or SASE offering, perhaps WAN + security, unless it can also do something more, like connect you to a couple of CoLos or Cloud Service Providers (CSPs). Otherwise, this blog will never get finished!

I’ll do my best to describe what each of the following does and does not do.

Cloud Providers: The biggest have been building their own huge global fiber backbones. They can provide you with automated connections between their points of presence over their backbones. They are, as one might expect, rather cloud-focused, and so far, I don’t see evidence they play well with others. So one might describe what they provide a NaaS within one CSP.

I did some Google searching and didn’t see anything on either the AWS or the Azure pages about NaaS. However, their web portal (etc.) service creation and global network of data centers clearly fall within my definition of NaaS.

Here’s one link I did find talking about Azure as NaaS provider:

https://www.ais.com/azure-as-a-naas-network-as-a-service-provider/

Equinix and Megaport have portals that automate connectivity between customer endpoints in “their” CoLo facilities (Equinix has CoLos, MegaPort has connections available in a variety of CoLo facilities). See also Equinix Fabric. Note that by “customer endpoints,” I do not mean to imply the connectivity is limited to the same customer. They can connect you to consenting (Letter of Authorization) business partners. They can also set you up with a virtual connection to the major CSPs they support. That connection probably uses a virtualized (VLAN or other) connection over shared fiber.

Neither one does any automation of the CSP end of things, so they’re CoLo-focused, BYOC (Bring Your Own Cloud).

On the other hand, neither one cares who you connect to as long as they’re in a CoLo they are in, so if you’re doing multi-cloud, they’re a better fit than any of the CSPs. Put differently, they’ve got good flexibility.

Equinix started (among other services) by providing meet-me services with a physical cross-connect service. They have since gone way beyond that and provide a fast portal-based virtual connection service, which is roughly what Megaport does as well.

Equinix also has configured its portal to provide VNF virtual devices for SD-WAN, VPN, and firewalling if you wish. See also Network Edge. They provide selected virtual devices from Cisco, Juniper, CheckPoint, Fortinet, Versa, Palo Alto Networks, Aruba, and VMware.  And they provide a marketplace connecting customers to services.

Megaport’s offerings look pretty similar and are available in their CoLo partners’ facilities.

Links: See the above link for their services and  https://www.megaport.com/megaport-enabled-locations/ for their (many!) locations.

Megaport offers cloud provider connections and cross-connects between CoLos. They offer Megaport Virtual Edge with Fortinet, Cisco, and VMware virtual devices. They offer a Cloud Router (virtualized routing between CSPs without physical hardware).  And they offer a marketplace. What I can’t tell from skimming their website is whether they will connect you to another company (with suitable Letters of Authorization). Since it is not mentioned explicitly, I would assume they do not offer that service.

PacketFabric has a portal for pricing and ordering EPL connections between any CoLo sites and CSPs where it has a fiber presence. The size of the connection ranges from 1 Gbps to 100 Gbps – you pick!

NetCraftsmen has partnered with PacketFabric due to the simplicity of their ordering process and their cost-effective and flexible pricing.

PacketFabric automates providing a logically segmented connection over a shared “fat fiber pipe” (my words). That is, you get a portion of a 100 or 400 G link. They manage the bandwidth. You will need to provide a Letter of Authorization to them or work with your CoLo provider to cross-connect your CoLo presence to them. As with Equinix and MegaPort, the physical cross-connect from you to PacketFabric is not automated and does take some time, varying based on the CoLo’s cross-connect SLA. Once you’ve got that,

PacketFabric’s main features of interest: very high speeds (if desired) with transparent, simple pricing, and you can order everything online rather than dealing with a carrier or optical provider sales cycle.

I grabbed the following screen capture off their website:

Note that the contract terms can be month-to-month or usage-based, so you can do things like order a fat connection to replicate data or do something large, then shrink what you’re paying for. Or try, then step up the size. They provide cloud-based visibility into your EPL connections. They also offer a “cloud router” function as well. They do not do the last mile, as far as I know.

One somewhat unexpected “cloud” provider that they connect to is Cisco Webex.

For the price of submitting your contact info (and the inevitable sales call), you can even try a demo copy of their GUI and check out their pricing. You may well be pleasantly surprised.

Cisco: Cisco’s initial NaaS offering appears to be in the area of SD-WAN / SASE. The following links are what I found on this topic:

• https://newsroom.cisco.com/press-release-content?type=webcontent&articleId=2150489
• https://www.cisco.com/c/en/us/solutions/enterprise-networks/network-as-service-naas.html

The “aaS” part seems to be somehow tied into the planned Cisco Plus (partner-) managed services, although the web pages about that seem to have more of a data center/cloud orientation than SD-WAN / SASE. Let’s say this looks like a case of “work in progress, watch the Cisco space” and move on…

I will note that NetCraftsmen does offer various managed services. In particular, we are currently managing some global and some smaller SD-WAN networks, each based on equipment from one of a mix of several SD-WAN vendors.

CloudFlare is known for its DNS, CDN (Content Delivery Network), and DDOS services. It turns out they have a hefty global backbone and have a NaaS offering they call “Magic WAN.”

Link: https://www.cloudflare.com/magic-wan/

It apparently uses direct connections into CloudFlare’s global network, and includes security services, and provides secure remote access.

I saw no mention of a portal, so apparently, this is more oriented around services for CloudFlare customers via more of a traditional salesperson model.

Alkira is a fairly new startup in this space, taking a cloud-first approach. They have two big selling points: simple portal-based connectivity/ordering and everything is aaS – no contracts. Alkira seems to be in startup mode, where you might do well to be clear about what is in production and what is coming, and when. (Update since this was first written: maybe a bit less startup mode than several months ago.)

Features: Cloud-neutral cloud dashboard (selected partner clouds), VNF SD-WAN (coming?), VNF firewall, cloud segmentation, Zero Trust. Cloud router (routing between VPCs). Cloud backbone (which they’re calling “WAN” – but I get the impression “backbone” is perhaps closer to what’s available). Check with them for details.

Exploring via Google, it appears there is a category: NaaS Providers for enterprise networks. As opposed to government or service provider or what?

A couple of such articles mentioned some of the above plus the following:

• Aryaka. Their offering appears to be managed SD-WAN, which includes SD-WAN and routing to multiple CSPs. It does apparently include Cloud VNF or virtualized cloud connectivity and routing (in a sense, SD-WAN to VNF routers in CSPs is “Cloud Router”).
• Perimeter 81. Their offering appears to be SASE (firewalls / SD-WAN) plus remote and browser access along with managed security.
• Amdocs  Amdocs seems to have an automation solution and a NaaS offering. It seems likely the NaaS offering leverages their automation solution. They have high glitz web pages with minimal details, which tends to turn me off.
• Akamai Aura Managed CDN. I poked around their website, they definitely do CDN (of course), but I’m not seeing anything that says NaaS to me.
• Palo Alto Prisma. I’m seeing SD-WAN, security, but nothing really says “NaaS” to me.

Conclusions

It looks like no one vendor quite does it all. Having a comprehensive portal that automates the NaaS order and builds for you (and estimates price in advance!) seems like a great differentiator but is still a bit of a “Work In Progress.” Or, to be fair, looking for the vendor to do it all is perhaps unrealistic for various reasons (ownership / support / security among them).

Equinix and Megaport are perhaps the most flexible: leverage a VNF (virtual device) to get you connected to them, and they can set up their end of things to connect you to the Cloud. They do not automate the cloud side for you – that keeps them out of the middle regarding permissions and billing for the cloud accounts, probably a Good Thing.

The CSPs AWS and Azure can provide a lot, too, including handing you configurations for your on-premises VPN router, if necessary.

Each of the companies listed above (and probably others) seems to have a core area of strength and then offerings somewhat peripheral to that. So knowing what’s most important to you might be useful in selecting a vendor. Ease of use, quality of support, and of course price are also clearly highly relevant!

Note: This substantiates something I’ve been saying or hinting at in my blogs: Getting your sites connected to CoLo or Cloud is the gateway to much faster, automated provisioning of backbone connections between the CoLos and clouds.

References

Here are some Network World articles about NaaS and related topics:

• What is Network as a Service (NaaS)?
• NaaS is the future, but it’s got challenges
• Cisco takes its first steps toward network-as-a-service
• The 10 most powerful companies in enterprise networking
• How to avoid the network-as-a-service shell game

There’s a very good point in the last of those links. What exactly are you getting for your money? What are the SLAs, are there gaps in responsibility, what service quality, outage response time SLA, etc.?

 

Disclosure statement