Building Multi-Cloud Network (MCN) Architecture: Ownership vs SaaS Approach

When it comes to building and running the applications and networks, predominantly there are two distinct approaches available to Network Engineers and Architects:

1- Ownership Approach

2- SaaS Approach

Lets take a look at following point and understand the pros and cos of both approaches. At the end, an enterprise must pick the approach that could solve their business requirement and challenges. 

Owning the Architecture

  • Enterprises should own the architecture end-to-end. Do not fall in the traps of early days of Cloud adoption where shadow IT and DevOp guys took control and started building networking on their own
  • Almost all the Enterprises I talk to, they want to own control, data and operations plane. Similar to the way they were owning the on on-prem networking and security
  • How would you get the deep level of monitoring, logs and visibility from the SaaS platform? What I have seen that if enterprise do not own the platform, then they are at the mercy (SLA) of SaaS provider

Trust Factors

  • How much do you trust a SaaS based Cloud Networking and Security provider?
  • You have to trust your CSP (AWS/Azure/GCP/etc) I get that. Buy should you add an extra layer of trust as an enterprise?
    • It is trust (..cloud hardware) over trust (cloud hyperplane) over trust (cloud provider security model) over trust (multi-cloud provider SaaS platform).

Competition Factor

  • Are you ok sitting next to multiple tenants on the same SaaS platform? One of them might be your competitors
    • Again, this is something you have to decide as an enterprise.
    • There is a reason that some retail customers are not hosting their applications on AWS and going to Azure. You could apply the same logic here as well.
    • If this SaaS goes down, you and your competitor both goes down. Not good because where is your competitive advantage then?

Pace of Innovation

  • Pace of innovation might be slow
    • If there is a feature an enterprise needs, then in the SaaS model, it will be hard for enterprise to ask to add that feature into the product.
    • Typically SaaS providers need to support and enable a good number of tenants and it is not easy for them to quickly build and release new features


  • In the SaaS offering, some one else dictates enterprise terms and conditions. It is hard for you as an enterprise to create their own policies, governance and operational model.

SaaS is Good for Applications but not for Secure Networking

The SaaS is a good model for Applications because the Application is your destination.

Enterprises do not like SaaS for Networking and Security because you are sitting on shared infra. hosted by a SaaS company.

Also, SaaS networking providers install a default route and/or mandate changing the DNS and take all traffic to their cloud.

So let’s say if two VPCs sitting next to each other, all the traffic between them will go somewhere else and then hairpin back. This could lead to additional delays and security exposure.

Same issue with NGFW service insertion. Traffic will leave your corp boundary for inspection. So additional delays and security risks are involved there.

In essence, SaaS for Secure Networking becomes another black box with no or limited visibility and control.

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like3 Follow
  • 3 mths agoLast active
  • 122Views
  • 1 Following