 Hi, I'm Peter Burris and welcome to another theCUBE conversation. This week we're in our Palo Alto studios with Sarabh Sandhir. Sarabh is the Vice President of Product Management at Nuage Networks, which is a Nokia company. Sarabh, thank you very much for being here today. Thank you Peter, happy to be here. So tell us a little bit about, let's start off, tell us a little bit about Nuage Network. It's a new company out of a big company. What's the focus? How does Nokia helping? So Nuage, well, well it's new but it's not quite new. We have been in the market for four years. And the way Nuage started was it was part of Alcatel Lucent earlier and now a part of Nokia. We are really the SDN, BU or the SDN arm of Nokia. And what we have focused on from the beginning is building a platform for secure, automated connectivity for data centers as well as VAN. And we have built that platform and successfully introduced it in many enterprises and service providers. So the unique aspect of Nuage is while in terms of innovation, while in terms of go to market, we focus, we work as a startup. While we have the service and support that's offered by Nokia as a mother ship. So have the unique best in both worlds combination of a startup as well as a large company. Yeah, Nokia is still regarded as one of the finest brands in enterprise networking in the world. So you said SDN, software defined wide area networking. It's a term that a lot of people have heard something about but what are some of the high level benefits number one and the number two, why right now? Right, if you look at how enterprise connectivity services were offered down the ages, it was you had to get some kind of a VPN access, whether it was an MPLS or a VPLS access, you got a dedicated lease line, you got a specific device and that's how you would connect your enterprise branches to the network and to each other. And SDVAN, what it does is it changes that paradigm. It provides a secure, automated connectivity in line with cloud principles for enterprises across the board. And in terms of why now, I think it is the combination of factors that arise from how the modern enterprise is evolving and how there is a need to deliver not just connectivity but IT services over IP, whether it is access to the public cloud, whether it is access to SaaS applications like Office 365 or Skype, or whether it is the fact that you want not just pure connectivity but you want application aware connectivity. All those strengths coming together have created the demand and the need for SDVAN. So you mentioned the cloud principles and that has been a dominant feature of the industry. We call it cloud experience. And the cloud experience is typically associated with abstracting and virtualizing hardware. So in many respects what we're talking about is bringing that same class of technology to the wide area network, the circuits, the access points, everything else by having a software defined experience that allows the business to rapidly reconfigure based on what it's needs against the access to the underlying line network that it has. Have I got that right? Absolutely correct. So what SDVAN basically does is if you look at a traditional branch router, it has access to a particular type of network, MPLS or VPLS, it has a data plane, it has a control plane, it's a management plane by which you configure it. What SDVAN does is takes those control and management planes, puts it in the cloud, takes the data plane and sort of makes it agnostic to the access technology. So you run the data service irrespective of whether you are on internet, whether you are on LTE, whether you are on MPLS. And using those principles of centralized control, centralized management, standardized X86 based devices, offering CP services, and voila, you get SDVAN. So exactly correct. So I can see what the advantages to an enterprise are. I can reconfigure my business faster, especially a business that's more digital in nature. But is this going to be something that the service providers are going to embrace? Absolutely, absolutely. Well, the enterprise and the reason for services providers to embrace this is for the existing customers, it offers an upsell opportunity. For the people who are already on their VPN services, this is an opportunity to broaden the scope from just pure connectivity. This is an opportunity for them to access customers who were, where the cost to serve was too high, where they just could not go because they were outside of their geographic reach or outside of their existing business modeling or business plan. Or for example, you might be a mid-sized business that required a more expensive circuit or maybe not quite a more expensive circuit. The cost of setting the circuit up, servicing that customer center might have been too great. Absolutely. And that's what SDVAN sort of provides a level-flying field. In some ways, what it does is it delinks the service which is the VPN service from the transport and the transport can be internet, can be MPLS. And there you have the benefits for the service providers, for the enterprise in terms of agility, in terms of time to service, in terms of overall cost. But that's inside the nature of telecommunications-oriented services. Is SDVAN going to make it easier for service providers to perhaps start moving into more value-added data-oriented services above just the traditional communication services? That is the Holy Grail, right? That is really where the service providers are going and that's where enterprises want them to go. And the reason for that is today, when you look at what an enterprise branch or enterprise office needs to operate, there's connectivity, but then also there's security services, be it firewall, intrusion detection system, intrusion protection system, URL filtering, antivirus. Take it with, on top of that, there is transport optimization, VAN optimization services. There is emergence of IoT. There are Wi-Fi controllers. Now all of these services to the enterprise are being offered as a standalone appliance, as virtual or physical, and there is no centralized control. They are extremely rigid and all of these provide a lock-in. What SDVAN does is, from a Telco or a service provider perspective is, it also offers a platform to provide all of these services on top of SDVAN. So the benefit, it's a symbiotic relationship in the sense that benefits are both towards the enterprise because they get these services and the service agility. There is optimized resource utilization and cost, and from a Telco perspective, ability to sell beyond connectivity. That's one. So if I'm your counterpart at a service provider, I can now think in terms of bringing up new service that with cheaper connection, lower costs, lower risk, bringing the customer onboarding, at least if not better security, et cetera, because I'm now using a software-defined approach to making all those connections and also managing the service itself. That is correct. What it allows me to do is, in that role is to provide on-demand programmable services. So for example, a firewall. As an enterprise, I can go to a service provider portal and select which of my branch sites I need a firewall at what point in time, what kind of resources I want to assign to that firewall, and voila, on-demand, I have it in place. And from a service provider's perspective, it's additional revenue, it's additional service. It's a software-defined firewall and it's much more automated and much better organized because it brings all the possibilities of software-defined automations might include some machine learning, patent recognition, et cetera, to bear on the wide area network world. That's correct. That's correct. We've talked a bit about security itself. What are, it can just give us one or two clear differences in how the old world handled security and the software-defined world is going to handle security in the WAN regime. Right. So the thing with security is the security paradigm has changed massively in the old world, which wasn't that old, on that blogger. And still here in many respects. Still here, absolutely still here. The security was all about east-west, sorry, north-south protection, which means that you're protecting towards threats and traffic coming inside and going outside of data center or your branch office. But what has happened is most of the threats today, most of the attacks today are focused on east-west traffic, which is traffic within branches, from one branch to the other, within the data center itself. That's one. The second aspect is there is a multi-cloud aspect to the enterprise IT. You don't access an application only on the branch itself. You have applications that run in a data center that's owned by you. Private DC, you run applications that are in a public cloud, AWS Azure. You have access to applications that are offered as software as a service, be it Office 365, Skype, Salesforce, and so on. And that has fundamentally changed the threat surface or the threat perimeter that you have to deal with. And you have to know essentially deal with threats that are coming within this whole expanded branch or enterprise territory or perimeter. So you're effectively, by virtualizing all of these different elements, you're reducing the threat surface. Yeah, what we are doing with SDVAN is a few things. First and foremost is the fact that as we were talking about these value-added services, you can bring these up on demand. You can put a firewall at a particular branch location, for say, guest Wi-Fi traffic. You can be a specific. On this point, you can bring a new service up and not have it immediately associated with a whole bunch of capital expense. Exactly, exactly, on-demand programmable, right? That's one. The second thing is the aspect of pan-network visibility. You also have the ability to see what exactly is going on in your network, the network that's spread across the branch office, a private data center, a public cloud site, and you have full visibility and insight into who's talking to whom and at what time. At scale. At scale. Very, very big and very small. Very small. And we know that there's a whole bunch of mid-sized companies that can't afford a knock-type of capability, but now through SD-WAN, they get some of the same benefits that the big guys get. Absolutely, and the third aspect here is, using this information, you have closed-loop automation or machine learning, where, as opposed to saying, all of my traffic has to go through this possible intrusion detection function, because once in six months I might have an attack, versus I see an abnormal traffic pattern, and the system automatically optimizes that particular traffic flow to go through this particular function. And that allows it to be much more scalable, that allows it for much more on-demand in terms of how we perceive security, not just as a lock that needs to remain on a door at all possible points in time, but a function that can be instantiated when you need it. But I also got to believe and test me, I'm going to test you to tell me if I'm right on this, that the historical conversation between a service provider and an enterprise centered on the characteristics of the circuits that were being provided. And those circuits were often very much grounded in hardware associated with specific links, et cetera. And if you ended up with a security problem, you're now having a whole bunch of haggling and it's a very complex set of interactions. The mini brings SD-WAN in on that. Now you're talking about being able to use software in a software response, not necessarily a hardware response, to being actually able to identify, mediate, contain, et cetera, security threats on the WAN. Have I got that right? Correct, correct. Earlier, the conversation was really in terms of providing a circuit, providing connectivity. And what you were doing was you were providing this connectivity over some kind of a private IP, right? That's where you were as a service provider. That's what the service you were offering. Now you expand that same paradigm with security with access to cloud to really offer IT services on top of the IP layer. And that's the fundamental difference. That's the change. That break apart between the service and the transport. Absolutely. So I kind of said the old way and you corrected me and said, wait a minute. This is really the way we're trying to, SD-WAN is trying to make changes, trying to affect a new way of thinking. But there's another technology on the horizon here that actually could really accelerate this process. And that's 5G. We're not going to go too far out here, but tell us what some of the near term, how 5G and SD-WAN are likely to co-evolve, if you will. Right, right. They're two sides of the same coin, if you ask me. And the reason is while 5G, as with all the mobile technologies in the past, as we went from 2G to 3G to 4G is about speeds and feeds. And absolutely we'll have more bandwidth, low latency, sure. But what 5G is also about is access to applications from that reside in the cloud or reside whether closer to the users. And in that sense, what 5G turns out to do or sets to do is create network slices and provide access for applications such as self-driving cars, such as remote surgery. All of these applications not just need speeds and feeds, but require dedicated access all the way from the user onto an application that runs in a data center. And if you look at that paradigm, how SD-WAN plays in this is by providing a programmable network on demand services, by providing on-demand resource application, if you take SD-WAN, if you take 5G, then SD-WAN becomes a component of 5G because if you are a user, say, conducting remote surgery and you need access to an application that's in the data center, SD-WAN allows you to provide that overlaid network on top of existing services and with a certain quality of service with a guaranteed access that is critical to 5G. But as you said, it's the fact that 5G is going to promise such greater device density within a network, and in many respects, you're going to need SD-WAN to honestly take advantage of the benefits that 5G is going to provide. You may not need 5G to take advantage of the SD-WAN benefits, but you're going to need SD-WAN if you're going to take advantage of 5G. So that kind of suggests that the companies that start, the service providers and the enterprises that start early on this SD-WAN thing are likely to be in the best position to reap the full benefits of 5G when it shows up. Have I got that right? I absolutely believe so because at the end of the day, 5G is all about application-aware networking. A remote surgery application versus me trying to access Facebook cannot be treated the same way. And that's where SD-WAN comes in. And especially if you combine SD-WAN with some other technologies that are coming out of a company such as Nokia, then you have an end-to-end traffic-engineered path that is being created all the way from the user onto the backend data center that enables all these applications. Coming back to the point about security, there is one group that hopes you treat your Facebook and your surgery data the same way, and that's the bad guys. Absolutely, and that's what we need to protect against. Yeah, this is a fascinating subject and it's going to be a lot of discussion and change over the course of the next few years as multiple of these technologies co-volved, but it's pretty clear that SD-WAN has potential to further accelerate many of the changes that we're seeing in enterprises today as they try to become more digital in nature. Sure, SD-WAN is the future and it's here and now. Excellent. Once again, Saadir, I'm sorry. Once again, so you can cut this, I blew it. Sorry, Jack. Once again, Saarab Saadir, VP Product Management, Nuage Networks, a Nokia company. Thanks for joining us here in this CUBE conversation. Thanks, Peter. Thanks for your time.