CEO vision: Silver Peak’s quest to perfect the Wide Area Network

David Hughes, Silver Peak’s CEO and Founder, has spent much of his career refining the way the Wide Area Network (WAN) works. His PhD delved into traffic control for packet switching systems, and the very first major transition he witnessed was the movement from X.25 and leased lines to Frame Relay.

There was another big change in the early 2000s, when Frame Relay got replaced by MPLS, when people were beginning to deploy voice services over IP networks. “They needed quality of service and mesh-based routing that Frame Relay didn’t have, which really drove MPLS. I was at StrataCom and Cisco during that time, developing those technologies,” Hughes explains.

Silver Peak is a 15-year-old company — and when it started, there was no such thing as SD-WAN. “But what we focused on when we started Silver Peak was something called WAN optimisation, which is all about making the traditional WAN — built with traditional routers, firewalls, and MPLS services — work better by adding an additional appliance into the mix,” he recounts. The company today has moved beyond WAN optimisation to focus on helping enterprises transform their networks to smoothly transition to the age of the cloud.

We caught up with David Hughes for a detailed interview on the company and the technology, and how he sees the network — a traditional laggard in the modernisation race — evolve over the coming years. He guides us through the fine points of SD-WAN and its precise advantages over the traditional network chained to hardware.

How has the network changed in the cloud era?

For the first 10 years of Silver Peak’s life, the company focused on WAN optimisation. But about five or six years ago, almost every second discussion with our customer or a prospect turned to, ‘how does WAN optimisation apply when I’m adopting Office 365 or using a whole lot of SaaS, or if I’m migrating my workloads from my data centre into the cloud?’

What that fundamentally was doing was changing the traffic flows. Instead of being branched to data centres, all these traffic flows were now branched to the cloud. And when we peeled the onion with those customers, we realised it was more than just WAN optimisation.

If you looked at the traditional router and the traditional firewall in the branch, it was really difficult to be able to do things like implement per-application policies on whether to breakout or backhaul. It was really difficult to do things like straddle MPLS and the internet, and choose links based on which was the best fit for that particular traffic. It was pretty much impossible to use both links at the same time for the same kinds of applications and to spread your load.

We realised that WAN optimisation was still important, but a new market had come in; internally, we called it the WAN transformation market. Instead of optimising what you have, you really need to replace it — you need to replace the legacy firewall and move away from a dedicated to a shared network.

Broadly, if you look at the trends in IT, we’re going from a world where everything is dedicated — a dedicated data centre with dedicated servers running your dedicated application running over a dedicated MPLS network — to where people want to move to the public shared infrastructure. If you’re using the internet, hosting things on the cloud, you’re ultimately sharing that service with many other customers. And that gives you better economics, better agility — you can grow and expand what you’re using based on your needs.

But for IT, it has one major drawback: customers have concerns about loss of control, about loss of the ability to offer an SLA and potentially changing their security model to adapt to this. What Silver Peak’s all about is letting customers get the best of both worlds. We want them to be able to move aggressively, adopt cloud services, use the internet for everything, but not give up control or sacrifice quality of service or end-user experience.

Does the network lag behind the rest of the infrastructure stack when it comes to modernisation?

Yes, I think the network hasn’t changed.

The traditional network is still configured exactly the same way it was in 1990, using the same command line interface (CLI) — some things have been added, but we haven’t moved forwards.

A lot can be done in terms of moving to a business-driven, top-down kind of automation, where instead of configuring devices, you’re describing what you want your network to do, and then using automation and machine learning to make that happen. Users shouldn’t have to think about each device, configuring the CLI on that device, what features and functions to use on the device to get a business-level result. Instead they can say, “Here’s what I want to do for these applications. I want them to have this SLA, I want them to be treated this way from a security point of view.”

It’s a really different way of thinking and certainly, it’s high time that the kind of automation and innovation being applied in other areas is applied to networking.

How do machine learning and artificial intelligence come into the picture?

With a business-driven approach, you’re describing what you want to do at a very high level. In order to translate that into action, there’s often some ambiguity — you want to be able to deal with that. The other thing is, you want to be able to continually adapt to change.

Another area is in terms of identifying applications. If we repeatedly see a particular IP address generating a voice application, we may be able to use machine learning to infer that the IP address belongs to an IP phone. All these subsystems add up to letting you have a business-driven approach.

If you have 1,000 IP phones, you couldn’t possibly do that process manually.

You could, but it would be really, really laborious. It’s so much easier if you’re able to do it automatically and adapt if someone unplugs that IP phone and plugs in something different. We call that continuous adaptation; that’s where you need machine learning and to move beyond a basic kind of automation.

Some people, when they think of automation, think, ‘Okay, I’m going to templatise my CLI and for each branch I’m going to change these things in the CLI, I’m going to push out these templates.’ That’s a traditional view of automation. What we do at Silver Peak is continuous automation in a closed-loop way. We are continually evaluating what’s happening. Am I meeting my goals? If not, what can I change? Is there anything I need to alert the user to? Where we need them to intervene, we make sure to say ‘a link’s gone down, we’re going to automatically adapt so that that doesn’t affect us but ultimately, someone also has to go and open a trouble ticket to get the link fixed.’

Enterprises don’t always have the in-house expertise to deploy their own SD-WAN. How does adoption work in those cases?

When we started out four years ago with EdgeConnect, the majority of our customers were early adopters; they took our technology, deployed it and managed it themselves. We worked hand-in-hand with them to understand what challenges they were facing as they deployed and how we could make it easier.

But now, as the market’s moving mainstream, there’re a lot more customers that want some kind of assistance with deploying the SD-WAN.

It may be that they want to have a fully managed service where a carrier or a system integrator (SI) does everything for them. They have one throat to choke so that the SI or service provider is going to do all the installation on all their sites, get it up and deployed and running, and then manage it in an ongoing way. If links go down or need to be repaired, the service provider will take care of all of that.

In between doing it yourself and fully managed, there are a number of options. Some customers want someone to help them deploy, but after the network’s been deployed, they want control to be handed over to them. Then there’re others that want to co-manage, where it’s kind of in between deployment assistance and fully managed — they want someone to help deploy, they want help managing it, but they want to have a degree of control themselves. We have a set of partners that span the full spectrum.

Orchestrating data and resources across clouds, on-premise, and in hybrid environments is getting more complex. How do you see the network evolve to keep up with that?

The most important thing is to stay close to your customers, application vendors, and other technology partners, to be continually evaluating what you can do to make the WAN support an organisation’s goals. The main way we stay ahead is, we work closely with customers to understand their challenges and what we think they’re going to be facing in the near future, and then develop and enhance our product to support that.

We think the move to the cloud is going to continue, as is the move from dedicated to shared resources.

There’s a plethora of new internet access technologies coming from 5G to low earth orbit satellites, so there’re going to be a lot of different options for customers in terms of the on-ramps to the network.

Another thing that’s interesting is the way the whole security landscape is changing, and that ties in with what’s happening with SD-WAN. Some of the things we see happening is a pretty rapid migration of security functions from being present in every location in a hardware-based firewall, to being cloud-delivered.

If you want to apply AI or ML algorithms to identify bad actors across all of the flows in your network, rather than trying to do that on a distributed branch-by-branch basis with a limited amount of hardware, it’s way easier on the cloud. You can do way more interesting things with the advantage of pooled resources.

A lot of what was done by next-gen firewall on the edge is going to move into the cloud. It’s really for policy to decide which apps to breakout locally, which to send to a cloud firewall service, which to bring to your traditional security stack — maybe sitting in a regional data center. For that, we work very closely with security partners like Zscaler, Check Point, Palo Alto, and others, to stay abreast of what’s happening.

Another trend is around segmentation. One of the things we let customers do is think of their traffic in terms of applications, and then segment those applications so you can keep IoT traffic separate from financial transactions, employee email, or voice and video conferencing. If at some point, one of those segments is compromised, we can contain that breach inside that segment. There’re lots of things that we see happening around the co-evolution of the wide-area network and the security space.

The segmentation that you talked about probably wasn’t possible before SD-WAN, right?

Many of these things, even if they were possible in theory, were so complicated. So much CLI had to be typed exactly right and applied exactly right, in hundreds of locations if you’ve got hundreds of branches. It really wasn’t practical.

Automation lets you do things consistently; it makes sure you’re augmenting something end-to-end across all your sites. That consistency is really important — with the old way of doing things, where you’re doing device-by-device configuration, even with templates, it was very easy to make mistakes.

A lot of network engineers are afraid that they’re going to be made redundant because of automation. How do you see that panning out?

As long as people are willing to learn, there’re always going to be more opportunities. I’ve never met a CIO who has said “My people aren’t busy.” Everybody’s busy, but are they doing the thing that most helps the business? Automation can eliminate the repetitive tasks, eliminate mistakes, and let people focus on the part of the job that’s often the most interesting.

They can make the business more efficient instead of being overwhelmed by tons of trouble tickets from people saying, “My voice calls are breaking up”. We can give IT staff and network engineers their nights and weekends back.

What technologies on the horizon excite you the most?

Well, I’m biased, because I think what we are doing is really exciting. This transformation of the wide area network is really needed for people that want to do digital transformation.

I also encourage customers, when they’re evaluating solutions, by saying, “This market’s moving so fast — don’t think about things in terms of products that are point-in-time.”

In a software-driven subscription world, you’re buying a subscription because the product’s getting better every year, and the product should be adapting.

I encourage prospects to choose, not just the product that’s the best at the time, but also to choose a vendor that wants to partner with you and who’s going to evolve the product to keep up with your needs.

We can see some of what’s coming, but no matter how good a crystal ball you have, the future brings surprises; you want a vendor that’s agile enough and dedicated enough to cope with those surprises. At Silver Peak, we’re focused on just one thing — WAN transformation. The only way we succeed is by helping our customers through this and continuing to prove ourselves year in, year out.