How is the SDN landscape shaping up? (Part-2) – A market perspective

Will SDN and its accompaniments (NFV/NV) bring back the glorious days prior to the telecom bust, and pull the networking industry out of its technological plateau? I presume, most would say that the wave has already started. It is surmised that SDN has brought back venture money to networking after years of drought, years that were mostly sustained by bigwigs of the industry, through spin-ins and strategic investments in startups. SDN has found huge favor with VCs, with startups in this space having raised nearly $500M in 2013. Successful exits in the last couple of years, including Nicira Networks (VMWare), Contrail Systems (Juniper), Vyatta (Brocade), Tail-f (Cisco), Xpliant (Cavium)  and Cyan (IPO), have further spurred VC funding in the SDN market.

I will explore the SDN market landscape in this post, having covered technical aspects in my previous post.

What business potential does SDN hold?

To start off with vendor perspective, there are 2 facets to be understood –

1. How will SDN impact customer spending in existing market?
2. What is SDN’s potential for new market creation?

Roughly 30% of the total networking spend from Service Providers, Enterprises and Web Hosting companies is expected to be related to SDN. So, existing market players need to buckle up and be ready with committed SDN roadmaps and solutions, to still be relevant in the SDN driven networking market, as the technology is emerging as a significant influencer in network purchasing decisions. Customers are increasingly seen to evaluate how solutions and equipment procured today will fit into an SDN environment in the future. Market research firms (and VC firm Lightspeed Venture Partners) forecast impact of SDN to exceed $25B per annum, which could potentially be as high as $35B, by 2018. In comparison, the overall networking TAM is estimated to grow from the current value of $75B to $90B by 2018.

Figure – SDN existing market impact (Source: Plexxi)

Except for speeds and feeds, networking innovation has been lagging behind compute (servers) and storage, the other two key blocks in any data center infrastructure. The advent of SDN/NFV/NV should help effectively virtualize any IT infrastructure environment by complementing compute and storage solutions, and propel new market creation, at a pace faster than seen with server virtualization in the mid-2000s. According to IDC, the new SDN market TAM will reach a total value of $3.7B by 2016, and touch $8B by 2018.

Figure – SDN new market potential (Source: IDC, Image Source: IT World)

Moving on to customer perspective, SDN assures businesses outcomes of better revenues (by enabling network monetization through improved service velocity), and lower TCO (through automated control and higher network resource utilization). As with any emerging technology, customers are apprehensive whether SDN can deliver on its promises, and are unsure of its potential to become mainstream. Broad incumbent support for SDN and significant open community efforts are expected to accelerate maturation of SDN technology, and help realize usecases.

While SDN related needs have mostly been latent, Google (a founding member of ONF) developed an in-house solution for its inter-datacenter WAN deployment with centralized traffic engineering, using OpenFlow based SDN, as early as 2012. Other marquee SDN adopters include Amazon, eBay, Rackspace and Baidu.

What are the leading usecases?

Key usecases for SDN include public & private cloud, WAN traffic optimization, dynamic WAN interconnects and re-routes, network virtualization, automated network management, service chaining, network analytics, automated malware quarantine, granular flow based DDoS mitigation et al. [I could plan to cover each of these in detail in some future post.]

The usecases span Data Centers, Enterprise campuses, Cloud Providers, Service Providers and even SMBs, as latter segment could amply gain from SDN’s value proposition of IT infrastructure simplicity.

It wouldn’t thus be an exaggeration to conclude that SDN is going to impact every customer segment and use case of the networking market, and thus no customer or vendor is going to be immune to SDN driven change.

The Ongoing Controller War

SDN has driven the emergence of a new class of products, the SDN controller. With the controller being a strategic control point of any SDN network, vendors are vying for significant mindshare of their respective SDN architecture and controller solution, to eventually translate it into a sizeable market share.

Most dominant vendors in the industry are working on their own controller offerings [Refer next section for list of SDN controllers] to better chart the course of controller evolution and development, turn on potential software differentiation and hardware-assist features, and effectively orchestrate their range of infrastructure equipment offerings.

In addition, vendors (in collaboration with the Linux Foundation) have created an open-source platform for SDN, the OpenDaylight Project (ODP), to enable SDN adoption by accelerating technology development through ODP’s Open Controller.

A community-driven, common and trusted Open Controller would ensure network component interoperability across vendor offerings, both within and across architectural layers. The goal is also to promote multi-vendor environments, in comparison to today’s networks where each tier is typically populated with single vendor solutions. Network architects have been advocating open source/standard approaches to liberate customers from vendor lock-in challenges. Customers such as cloud and internet service providers, using such open standards based solutions, could still differentiate their end user offerings, by incorporating their secret sauce in the application layer. [Refer ‘SDN architecture’ section in my previous post for various layers].

Arguably, vendors who do not have their own controller but are participating actively in OpenDaylight community efforts seem to be betting the most for ODP controller to take off. Meanwhile, the controller war has heated up with the entry of other open source controllers which have been making news, namely Juniper’s OpenContrail and ON.LAB’s ONOS.

So, let us take a quick look at how these controllers differ.

ODP architecture has a single uber-controller and is primarily datacenter focused today, but could service WAN usecases as well.

ONOS targets SP WAN usecases with an architectural focus on fault-tolerance and state distribution across multiple controllers, to address high availability and bottleneck concerns with a single uber-controller. The challenge here is the need to orchestrate among these multiple controllers.

OpenContrail architecture is built for centralized control but with distributed physical components for fault tolerance. OpenContrail is very routing centric and focused on solving multi-tenant issues for SPs. Experts opine that its scope to extend to other customer segments is limited, given the lack of an abstraction layer to support multiple southbound/northbound interfaces, unlike ODP. [Refer ‘A Deep Dive into OpenDaylight components’ section in my previous post].

With vendors and communities tweaking their architectures and evolving their solutions over time, it is early to predict any potential winners. With SDN deployments being sporadic till date, it will be sometime before contenders evolve their offerings, prove their mettle in actual deployments and emerge successful.

The gamut of SDN offerings (ODP/ONF members only)

Given that there is a whirlwind of SDN activities in every nook and corner of the industry, I’ve opted to limit my evaluation to current members of ODP & ONF. To get a feel of the number of firms out there in the SDN ecosystem, refer list of players.

With SDN taking the world by storm [well, that might have be an exaggeration though – just got carried away for a bit, but here is what I wanted to say], I think it is inevitable for networking vendors to make their existing HW equipment and OS offerings SDN-ready, if they don’t want to be left behind. Also, a new group of players have emerged with niche SDN applications and orchestration platforms (e.g. PLUMGrid with its OpenStack Networking Suite).

While adding SDN capability to (legacy/existing) equipment and appliances would ensure investment protection for customers, SDN and orchestration applications (which are still taking shape and quite customer/segment specific) are key to delivering real customer value through SDN. However, adoption of SDN controllers, the pivotal component in the SDN architecture, is a precursor for customers to tap into potential of SDN applications.

I’ve chosen to focus my analysis in this post, on SDN offerings from (1) those who’ve taken the plunge by putting out (or working on) SDN controllers in the market, and (2) those who have built pure software switches, that can go with generic (x86?) hardware, towards realizing the joint vision of SDN/NFV/NV.

And, here we go with the list of SDN offerings!

(1) SDN Controller Platforms

Just a quick reminder that SDN controllers are only software platforms. And, yes, they do need a host to run on. [Would welcome inputs on hosts you’ve seen being used in SDN deployments.]

I’ve removed the term ‘Controller’ from product names in the below table. Thought it was understood.

DBSM	OBelle	Big Tap
Brocade Vyatta	Agility Multilayer WAN (MLWC)	XNC (ODP based), ONE, APIC (Insieme)
NetScaler	Intelligent Optical Control (IOC)	Blue Planet
Active Fabric	ETRI	ODP-based with extensions
Virtual Application Networks	Carrier-class SDN (SNC)	Programmable Network (PNC)
Sustainable SDN (ODP-based)	OpenContrail, NorthStar Network (NNC)	Virtual Network (VNC2.0)
Programmable Flow PF6800	Ryu OpenFlow (used by Pica8 too)	Virtualized Services (VSC)
Oracle	Plexxi Control	NSX (Nicira)
	OpenDaylight (ODP)

(2) SDN Packet Processing Platforms

Here is the list of software-based SDN packet processing platforms, built to run on generic hardware. These would technically fall under the gamut of SDN-ready NFV products, though they align with SDN vision.

6WindGate	Fast Path Accelerator	Switch Light
Vyatta 5400/5600 vRouter	Cisco vPE-F	Hyper-V vSwitch
MidoNet	ProgrammableFlow vSwitch	Integrated Open vSwitch

Interestingly, the ecosystem has also seen the entry of Intel into Ethernet switch market, with FM5000/FM6000 series of SDN-enabled ASICs.

Commercial SDN deployments

Now, let me run SDN through the market adoption test!

As we saw, there is no dearth of SDN offerings in the market. But, but, has SDN really taken off? I chose to evaluate this based on public customer references. I thought I’d be amply surprised if any vendor deployed SDN commercially and didn’t get their marketing folks to put together public customer references, or if carriers/web hosting companies didn’t want to make a splash of having adopted SDN. And well, I was surprised. Anyways, more on this later.

Going based on public references, here are the commercial SDN deployments of vendors. I’ve kept out in-house SDN solutions developed/deployed by customers such as Google, NTT, AT&T, Amazon, Microsoft, Facebook, given the number of makeshift offerings masquerading themselves as SDN solutions, and the many paths to realizing SDN benefits of programmability and improved service velocity.

SDN Vendors	Customers	Deployment Usecases
		SP Carrier Network
		Private Cloud
		Data Centers
		Cloud Data Centers
		Cloud Data Centers
		Data Centers (Prior to VMWare acquisition)
		Data Centers (Prior to VMWare acquisition)

Additionally, Cyan reports on its website that Blue Planet SDN platform has been implemented in 120 production networks, but I didn’t come across any other public material.

Seems too short a list right? Either these are the only commercial deployments or public references aren’t the way to go. Didn’t think that SDN customers (and not just startups like Versa Networks, GuardiCore) would be in stealth mode. If you know of any more SDN deployments, please point me to public references online.

If you could spare time for a deep-dive, do take a look at the links I’ve embedded (at the start of this section) on in-house SDN solutions being worked on by SDN “customers”. Interesting to see how boundaries are continuing to blur across vendors and customers!

May the best win (or atleast each find their niche) and the ecosystem prosper!

That was quite a long post! I really hope to limit the post length in future.

Meanwhile, if you have any feedback on this one, please post a comment or drop an email. I’m certain there’d be alternate views, especially given the murky state of the SDN market.

How is the SDN landscape shaping up? (Part-1)

“May you live in interesting times!” goes a Chinese curse! And interesting times, while challenging and marked with uncertainty, have immense potential waiting to be realized. The SDN canvas, dotted with hopeful startups, open source communities and networking behemoths edging their way in (seemingly a little too early, without giving startups a chance to have had a good run in the new market), is brimming with opportunities and promises to accelerate service velocity through automation and orchestration, while being cost-effective.

The famed SDN definition

To fast-forward through Software Defined Network (SDN) evolution to this date, SDN started off with a compelling vision to centralize network control plane in a network controller, and strip off intelligence from the distributed data plane, to provide administrators an environment that is generic, open, extendable and centrally manageable. With few takers to rebuild control plane solutions from scratch, the vision has evolved to accelerate deployment of end user applications in a secure and scalable manner.

Control Plane Approaches

OpenFlow’s imperative and OpFlex’s declarative model are the two main control plane approaches in the SDN market.

In the imperative model as in OpenFlow, the controller fully instructs routers and switches on how to move packets based on application requests, with no control intelligence embedded in the distributed data path network elements. The imperative model suffers from the drawbacks of centralized controller becoming a bottleneck and single point of failure in the network.

In contrast, the declarative model implemented in OpFlex, allows for more distributed intelligence. The controller sets a central policy based on the application needs but gives power for network nodes to determine how best to execute the said policies and meet the application needs. In this approach, the network can sustain itself even if the controller fails, allowing for better availability and resiliency. The network can also scale better as the controller is no longer the sole brain of the network. Cisco’s Application Centric Infrastructure (ACI) framework is based on the declarative model.

Open Standards and Development Communities

Open communities such as Open Networking Foundation (ONF), OpenStack and OpenDaylight have played a pivotal role in bringing together IT, cloud and telecom service providers, compute, storage and network equipment vendors & silicon providers, technologists, developers and researchers, to streamline efforts in formulating open standards and following through with open source development, promotion and adoption of SDN.

Open Networking Foundation (ONF) is accredited with introducing OpenFlow, the first SDN standard and vital element of the open SDN architecture.

OpenStack – Unlike ONF which is limited to networking and is a standards community, OpenStack encompasses compute, storage and networking (refer figure below), and is a developer community focused on cloud environment solutions. OpenStack software is an open-source cloud operating system that helps control large pools of compute, storage and networking resources throughout a datacenter, allows administrators to manage resources through the OpenStack dashboard, and empowers application users to provision resources, through a web interface, transparently orchestrating across compute, storage and networking blocks.

OpenStack is architected to provide flexibility as businesses design their public/private clouds, with no proprietary hardware or software requirements and the ability to integrate with legacy systems and third-party technologies.

OpenStack has multiple official programs targeted for specific architectural blocks such as Nova (Compute), Swift (Storage), Quantum replacing earlier termed Neutron (Networking), Heat (Orchestration) etc. to provide plugins to deliver each of these blocks as a service, for e.g. Network as a Service in the cloud environment, and thus the value proposition of programmability in the SDN/SDCC paradigm, though in a cloud environment.

Figure – OpenStack Architecture – Sourced from openstack.org

OpenDaylight is an open platform that any enterprise or provider can use today, to enable SDN and NFV through programmability of networks of any scale. The software is combination of components and includes a fully pluggable controller, interfaces, protocol plug-ins and applications.

SDN Architecture

Towards realizing the SDN vision, Open communities and foundations comprised of business users, vendors, technologists and researchers, have arrived at a basic SDN architecture [captured in below figure], which consists of 3 main layers – Application, SDN controller and Network Infrastructure.

The SDN controller which houses the intelligent control plane, interfaces between user services & applications and the network on which they run (latter denoting the distributed packet-forwarding data plane in an SDN environment), with the goal of abstracting the network, so that application developers can tune the network to meet application needs, without having to understand the inner workings of the network.

Figure – Basic SDN architecture – Sourced from Datacenterjournal.com

Northbound APIs are used for communication between the controller and application layer, to enable efficient orchestration and automation of the network to align with needs of different applications, while Southbound APIs are used between the controller and infrastructure layer.

To demystify the term ‘orchestration’, as in a musical orchestra, this function in the SDN architecture ensures that various resources (for e.g. compute, storage and network blocks in a data center) are controlled by a common entity to align with or complement each other and work synergistically to meet the business application needs.

Let us now see how OpenStack, OpenFlow and OpenDaylight fit into the SDN architecture.

OpenStack allows for orchestration in a cloud environment to deliver networking-as-a-service, through OpenStack Quantum APIs that I discussed earlier in this article.

OpenFlow is a open-standard Southbound communication protocol that enables OpenFlow SDN controller  to add and delete flow tables entries in OpenFlow switches and routers, and thus control flows for optimal performance and eventually make the network more responsive to real-time traffic demands. More to this, when I explore OpenDaylight in the next section.

OpenDaylight is a complete implementation of SDN and I think the below framework summarizes it best. Let me also repeat how I introduced OpenDaylight earlier in this article. OpenDaylight is an open source software platform that implements a pluggable controller, northbound programmatic & southbound implementation interfaces, protocol plug-ins and applications, that anyone can use today (that’s right, today!) to evaluate, commercialize, and deploy SDN (and NFV – the topic I’ve saved for a future blog post). The controller is contained within its own Java Virtual Machine, and can be deployed on platform that runs Java.

OpenDaylight Framework – Sourced from OpenDaylight.org

A Deep Dive into OpenDaylight components

In this section, I’ll go over various protocols and stacks that you would hear of in the SDN context and see how they fit into the SDN architecture, based on the OpenDaylight framework [refer figure above].

Northbound Interfaces

Northbound APIs are the most critical in the SDN environment, as the value of SDN is closely tied to the innovative applications it can potentially support and enable. Given that they must support a wide variety of applications, a variety of possible interfaces currently exist to control different types of applications via an SDN controller. Consolidation of these interfaces is yet to happen, given that SDN usecases are still evolving.

OpenDaylight supports OSGi framework and bidirectional REST for northbound APIs. The OSGi framework is used for applications that will run in the same address space as the controller. In comparison, REST (HTTP based) APIs are used for applications that do not run in the same address space or even necessarily on the same machine, as the controller.

Northbound APIs are also used to integrate the SDN controller with automation stacks such as Puppet, Chef, Salt, Ansible and CFEngine. As we saw earlier, they also help interface with orchestration platforms such as OpenStack.

SDN Applications that can be optimized via Northbound interfaces include load balancers, firewalls and other software-defined security (SDSec) services.

Southbound Interfaces

The southbound interface is capable of supporting multiple protocols for (1) managing physical and virtual network elements, (2) operating on the control plane to allow for controller driven programmability, or communicating network state/events and (3) configuring data forwarding plane on distributed physical and virtual network elements. Networking equipment vendors implement one or more protocols in the above categories, to add SDN capability to their legacy equipment, thus ensuring investment protection for their existing installed base, during the move to SDN.

NETCONF, OF-CONFIG using YANG data models, SNMP and XMPP operate in the management plane and allow for network device configuration and monitoring.

I2RS, PCEP, BGP-FlowSpec and BGP-LS are protocols that operate on the control plane and either update routing tables in a programmatic way, allow for creation of MPLS-TE tunnels from a central controller and communication of computed LSP paths to network nodes, automate distribution of traffic filter lists for DDoS mitigation or help export link/topology/tunnel states through BGP to the controller.

OpenFlow (v1.0, v1.3), LISP and OVSDB are protocols that allow the controller to configure flows tables and influence the forwarding behavior of physical and virtual devices.

[I could explore these protocols in-depth in another blog post, to limit the length of this one.]

SDN Controller

As discussed earlier, the controller is the key arbitrator between network applications and network infrastructure, and forms the crux of the SDN network. To be able to effectively centralize the intelligent control plane, the controller typically implements base network functions to provide host/node service, flow service, topology service, path service to setup and manage a path based on specified constraints, multi-tenant network virtualization, network statistics, security, centralized monitoring etc. In addition, it provides a collection of pluggable modules in the Service Abstraction Layer to support a variety of southbound interfaces.

[I’ll delve more into the SDN controller war among commercial and open source variants, in my subsequent post. I plan to post “part-2” of this topic soon, which will cover SDN market potential, overview of vendor architectures/solutions, SDN ecosystem of controllers, SDN-ready routers/switches and trending vendor solutions.]

To be continued..

Look forward to hearing your thoughts in the comments section. Would be glad to address any questions as well.

A peek into Security in the context of BYOD, Cloud and IoE

Is IT team’s worst security nightmare unfolding with rampant BYOD due to unsurpassed mobility, adoption of cloud and exploding interconnections foreseen in the world of Internet of Everything? Gone are the days when the most effective policy was to build a controlled environment, and secure oneself through limited access to the external world.

Increasingly sophisticated attacks, dynamic nature of threats, advanced persistent threats (APTs), thriving underworld hacking industry, attackers innovating in lockstep with evolving technology and cloud-based solutions stress the need for enhanced, integrated and scalable security solutions focused on prevention, detection, mitigation and remediation of attacks, across the entire span of user and network touch points, without leaving any security gaps due to fragmented solutions stitched together using disparate products.

Integrated security solutions, aimed at protecting network resources and content, could be on-premises or cloud based offerings. In the new paradigm of SDN, these solutions should allow for central policy management and distributed policy enforcement.

Security solutions typically build an intelligence ecosystem by analyzing and aggregating extensive telemetry data including web requests, emails, malware samples and network intrusions, to protect networks, endpoints, mobile devices, virtual systems, web and email from known and emerging threats.

Protecting Network and Virtual Resources

Network Security Solutions have evolved beyond traditional firewalls that control ingress and egress traffic flows according to predefined rules that help enforce a given security policy, be it through packet filters or application proxies. Traditional firewalls resort to stateful packet inspection (SPI) as against deep packet inspection (DPI), and are not capable of distinguishing one kind of web traffic from another. DPI is helpful in managing application and data driven threats by looking deep into the packet and making granular access control decisions based on packet header and payload data.

Secure site-to-site and remote user connectivity can be enabled through IPSec, SSL, L2TP or PPTP based VPNs. User authentication for remote access VPNs are typically carried out through RADIUS, TACACS, LDAP, Active Directory, Kerberos or SmartCards.

While earlier-gen Intrusion Detection Systems (IDS) passively scan traffic and report on threats, Intrusion Prevention Systems (IPS) sit directly behind firewalls, actively analyze traffic, thwart any denial-of-service (DoS) attacks & application hijack attempts, by dropping malicious packets, blocking traffic from the source address, resetting the connection and additionally notifying the administrator as IDSs do.

Unified Threat Management (UTM) systems perform multiple security functions such as DPI, IPS, IDS, NAT etc. in a single platform. Given that this approach involves multiple devices and separate internal engines that examine a packet multiple times to perform individual security functions, it adds packet latency resulting in degraded network performance, apart from increasing operational management overhead.

Next-gen firewalls (NGFWs) – With security requirements being critical to businesses, IT managers had to sacrifice on network performance to achieve network security using UTMs, until the advent of next-gen firewall solutions. NGFWs are application-aware and so can differentiate traffic flows, even if they share a common protocol/port combination. They perform optimized DPI to detect anomalies and known malware, by examining the packet only once and thus ensuring performance. In addition to DPI enabled application-awareness/granular control, and traditional firewall functions of NAT and VPN, NGFWs come with integrated signature-based IPS engine and ability to integrate intelligence from outside the firewall such as directory based policy, blacklists and whitelists.

Most important of all, apart from identifying and controlling use of predefined applications based on their signatures, NGFWs can learn new applications by watching how applications behave and alert administrators if there is any deviation from base-lined normal behavior.

NGFWs perform packet inspection and SSL decryption in high-performance hardware and so can perform full packet inspection without introducing latency.

Network Access Control (NAC) – Traditionally, NAC can restrict what devices get on a network and thus were intended to work well in a closed static environment with company-owned devices. The phenomenon of BYOD has caused security to move up to the application layer with IT teams enforcing access controls through mobile app wrappers and installation of device management profiles.

In addition to solutions for physical resources, Sandboxing is increasingly being used in virtual environments, to improve security by isolating a given application to contain damages due to malware, intruders and other users, especially in virtual desktop infrastructure solutions.

Network Security Solutions – Sourced from opennetworking.org

Securing Content

Content Security Solutions protect users, email and data from inbound and outbound web security threats, and have evolved from standalone to hosted offerings.

Email Protection – Email security appliances keep critical business email safe from spams and malwares, with good spam capture rate, minimal false positives, fast blocking of new email transported viruses to avoid proliferation in the network, effective zero-hour antivirus solutions, and ability to scale threat analysis.

Web Security – In addition to effective malware protection, complete web security requires solutions to provide granular and nuanced policy knobs to control how end users access the internet, and implement proprietary and confidential data access controls through deep content analysis. Thus businesses can control access for specific features and applications such as messaging, audio, video based on user’s business requirements, without blocking access to entire websites or internet.

Security Market

While the overall security market opportunity is very strong, content security and traditional appliance/software markets are seeing a decline. Growth in hosted/SaaS solutions is offsetting the above downward trend to keep the overall security market flat.

Network security and content security market TAMs are at $6.5B and $2.8B respectively, with each growing at around 4% YoY.

Cisco leads the network security market with nearly 35% market share, followed by Check Point with 15% share and Fortinet, Palo Alto, Juniper and McAfee capturing between 5-8% of the market each.

Leaders in the content security market are Blue Coat, McAfee (Intel), Cisco, Websense and Symantec with each of these players having captured about 10-15% market share. While no single player currently dominates the market, top vendors have been extending their market reach through strategic partnerships and acquisitions.

Where do we go from here?

In the new world driven by SDN and Big Data analytics, security solutions will be evaluated on their ability to glean and integrate threat intelligence from the ever-growing ecosystem, dynamically update privileges and trust profiles of any user, device or application in real time to thwart or remediate any attack, and most importantly scale to actualize IoE, while hiding solution complexity for IT operations. Unlike other technology areas, majority of the security innovation is embedded deep inside the hardware/software offering with no inkling to the operations team or network user. Security is also a field where solution effectiveness is evaluated on the misses and not on instances of job well done, and so is quite often relegated to the back burner until a major flare-up.

What important aspects of security landscape have I missed out?

Can Enterprises and Service Providers fully mitigate personal data risks due to mobile apps, social networks and cloud hosting? If not, what measures do end users have to take, and what are the technology gaps?

What insights do you have into the mobile security market, or security needs of IoE?

Feel free to share your views in the comments section.

Servers – A key block in Data Center infrastructure business

Businesses use servers to centrally host various applications such as email, collaboration, firewall, file and print in a secure manner. In this article, I will go over the server market, vendors, technologies and categories of product offerings.

Potential – To start with the market potential, worldwide server TAM is estimated to be roughly $54B in 2014. YoY growth is forecasted to be around 1.5%, as companies perform their cyclical IT infrastructure refresh, post the slowdown during the financial crisis. Servers come in various price bands starting from few ‘000 $s to a couple of million $s. Demand for servers in the public cloud is expected to be the primary driver for server market growth, while server consolidation and virtualization is foreseen to dampen unit demand. Modular servers – blade and density-optimized servers – represent distinct segments of growth for vendors in an otherwise mature market.

Unit shipments are expected to grow by 5.5% in CY14, with higher volumes from lower price bands. To get a better perspective of the size of server market, let us compare it with overall IT spending. Gartner has projected worldwide IT spending of $143B for data center systems, and $320B for Enterprise software during the year. Servers thus account for nearly 38% of the IT systems spend, and a little over 11% of the combined HW & SW IT spending.

Demand drivers – Strategic focus by enterprises on data center and server consolidation, with latter driven by virtualization technologies, and adoption of SMAC (social, mobile, analytics and cloud) applications are among the key trends that will determine demand for various form factors and types of servers. SaaS providers such as Facebook, Google and Baidu, and additionally service providers are seen driving growth, especially for hyper-scale servers.

Server generations – The 1st generation of servers was largely based on mainframes and terminals, while the 2nd generation has been driven by the client/server model in the PC era, which uses LAN and Internet technologies for communication. The 3rd generation of servers is instead built on a foundation of SMAC technologies, with exploding number of connected users and apps which demand hyper-scale processing capability.

Vendors – Over the years, IBM, HP and Dell have been the dominant players in the server market, with offerings for all types of servers – blade, density-optimized, rack and tower servers. Cisco, which had earlier partnered with these firms to sell its storage and networking products to Enterprise data centers, entered the server business by launching its blade server product line in 2009. The current pecking order of players by market share is HP, IBM, Dell, Oracle and Cisco.

HP holds the number 1 position in the worldwide server market with over 25% revenue share, followed by IBM with nearly 24% share, Dell at roughly 17%, and Oracle and Cisco a little lower than 6% each. IBM which was seen to dominate to server market with over 35% market share in 2012, has not only dropped revenue share, but also announced its plan to offload low margin x86 hardware business to Lenovo. It will continue to play in this market with high margin System-z and non-x86 servers. Sales through ODMs such as Quanta and Inventec represented nearly 7% of overall server revenue. Majority of these sales were in the US market and primarily to Google, Amazon, Facebook and Rackspace.

Geography – US is the largest market for servers with nearly 39% of worldwide server TAM, followed by EMEA region with 22% and APEJ with 20%.

Server architectures – X86-based platforms have been the predominant architectural choice as it allows enterprises to run their non-mission critical applications at affordable price points. Non-x86 technologies such as RISC, CISC and EPIC were typically chosen for mission-critical applications and databases including ERP, CRM, data warehouses, business intelligence and analytics, where key considerations are reliability, availability and serviceability (RAS). The value proposition gap between non-86 and x86 servers has been shrinking due to advancement in x86 capacity and performance capabilities, and emergence of highly sophisticated x86 virtualization mechanisms. And so, the market for non-x86 technologies at high price points has been rapidly declining.

Market share by architecture – X86 servers account for over 78% of total server revenue. HP leads x86 market with nearly 30% market share, while Dell is next with 21% market share. Non-x86, the declining market segment, is led by IBM with nearly 70% market share. IBM controls most of CISC server market, and HP dominates EPIC server segment. IBM and Oracle are major players in RISC market, with IBM being the dominant player with 71% market share.

Product categories – Apart from technology, server offerings are also distinguished by form factor and are available as tower, rack, blade and density-optimized servers.

A tower server is a floor-standing unit with integrated processors, memory, I/O controllers and peripherals. These entry level server offerings are typically seen in SMBs which have no delineated lab space or data center facility, and are opted for when low cost is a priority, and there are limited scalability and network/storage connectivity requirements. The footprint usage of these units is limited.

Figure 1 – Tower server form factor

A rack-mounted server, as the name indicates, fits into 19” wide rack units. These servers come in heights that are multiples of ‘U’s, each U being 1.75”. These are used when each node is of fairly large capacity; overall server configuration consists of considerable number of nodes, and when scalability is important. The footprint usage of this type of servers is moderate. These help address fluctuating workload challenges through a varying balance of processing, memory, I/O and internal storage resources. These servers are plugged into a rack and then power, networking and storage equipment are connected.

Figure 2 – Rack-mounted server form factor

A blade server is a modular solution that slides into a chassis slot, and typically houses processors, memory, local hard disk storage, network connections and storage connections. Apart from servers, the enclosure would also house blades for network, storage and power. These are used when each node has to be reasonably small capacity; overall server configuration consists of considerable number of nodes, and when scalability is important. Blade systems are advantageous in that they are simple to setup and manage, and have a small footprint.

Figure 3 – Blade Server form factor

Blade servers form a primary building block for integrated systems in the datacenter, as enterprise customers evolve toward private clouds. Converged blade platform, with a compelling value proposition of reduced IT complexity, is an opportunity for pull-through revenue for storage, networking, software and services, beyond the servers. Blade servers form a growing segment and form a key element in the DC vendor’s portfolio for both revenue and profitability.

Density-optimized servers are a hybrid of blade and rack servers where multiple server nodes are available in 2U or 4U rack chassis, and are targeted for high performance computing and cloud applications, and typically in use by hosting companies. Density-optimized servers are utilized by large homogeneous hyper-scale datacenters to leverage scalability and efficiency of this form factor.

 

Figure 4 – Density-optimized form factor

Market split by form factor – Tower, rack, blade and density-optimized servers represent 14%, 59%, 14% and 13% of x86 units there were shipped in CY13. Blade server market is led by HP with 42% market share worldwide, followed by Cisco with 25% share and IBM with nearly 14% share.

Future action is in modular servers, namely blade and density-optimized servers, though they currently form only 17% and 6% respectively of total server revenue. Virtualization and SMAC adoption will continue to be key drivers for server demand across the globe. A converged server/storage/network offering is essential to fully tap into the business potential in data centers, in the era of Fast IT.