Skip to main content

Building and Consuming Cloud Application


When it comes to building, running and consuming cloud applications, predominantly, there are two approaches enterprises have opted for.


1- Total application software ownership approach:
Application deployed inside the VPC/VNETs and owned by the application owners or cloud admin teams. Examples are SAP S4/HANA, EPIC, etc.


2- Application Software as a Service (SaaS) approach:
Application deployed in someone else Data Center or Cloud accounts and consumed as a service. Examples are Zoom conferencing, Office 365 office suite, etc.


The majority of enterprises would use a combination of these two approaches.


Building and Consuming Cloud Networking


What about networking and security infrastructure? Can a NaaS/SaaS approach for business-critical applications such as SAP S4/HANA be adopted? 


NOTE: NaaS stands for Network as a Service


For networking, predominantly, the enterprise has two approaches.


1- Owning the network architecture approach


2- NaaS (derived from SaaS) approach


Lets take a look at following point and understand the pros and cons of both approaches. At the end, an enterprise must pick the approach that could solve their business requirement and challenges. 


Owning the Architecture Approach



  • Enterprises should own the architecture end-to-end. Do not fall into the traps of the early days of Cloud adoption, where shadow IT and DevOp guys took control and started building networking on their own

  • Almost all the Enterprises I talk to, they want to own control, data and operations plane. Similar to the way they owned the on-prem networking and security

  • How would you get deep monitoring, logging, and visibility from the SaaS platform? What I have seen is that if enterprises do not own the platform, then they are at the mercy (SLA) of the SaaS provider.


NaaS Approach


There are many disadvantages to opting for this approach. Some are discussed here


Trust Factors



  • How much do you trust a SaaS-based Cloud Networking and Security provider?

  • You must trust your CSP (AWS/Azure/GCP/etc.) I get that. Buy should you add an extra layer of trust as an enterprise?

    • It is trust (..cloud hardware) over the trust (cloud hyperplane) over the trust (cloud provider security model) over the trust (multi-cloud provider SaaS platform).



Competition Factor



  • Are you ok sitting next to multiple tenants on the same SaaS platform? One of them might be your competitors.

    • Again, this is something you have to decide as an enterprise.

    • There is a reason that some retail customers are not hosting their applications on AWS and going to Azure. You could apply the same logic here as well.

    • If this SaaS goes down, you and your competitor both go down. Not good because where is your competitive advantage then?



Pace of Innovation



  • The pace of innovation might be slow.

    • If there is a feature an enterprise needs, then in the SaaS model, it will be hard for enterprise to ask to add that feature into the product.



    • Typically SaaS providers need to support and enable a good number of tenants and it is not easy for them to quickly build and release new features.



Compliance/Audit/Governance/GDPR



  • In the SaaS offering, someone else dictates enterprise terms and conditions. It is hard for you as an enterprise to create their own policies, governance and operational model.


NaaS/SaaS is Good for Applications but not for Secure Networking


The SaaS is a good model for Applications because the Application is your destination.


Enterprises do not like SaaS for Networking and Security because you are sitting on shared infra. Hosted by a SaaS company.


Also, SaaS networking providers install a default route and/or mandate changing the DNS and take all traffic to their cloud.


So let’s say two VPCs sitting next to each other, all the traffic between them will go somewhere else and then hairpin back. This could lead to additional delays and security exposure.


Same issue with NGFW service insertion. Traffic will leave your corp boundary for inspection. So additional delays and security risks are involved there.


In essence, NaaS/SaaS for Secure Networking becomes another black box with no or limited visibility and control.


 


Conclusion


What enterprises need is an "Enterprise Backbone." The NaaS that they can own. The 3rd party NaaS might be enough for small companies but for enterprises, good enough is not good enough.

Be the first to reply!

Reply


Terms & Conditions