Outside-in always wins!

I produced a paper for a client on “Why mobile SD-WAN is the ‘new cellular’ for ‘cloudular’ remote working”. Sharing it as it is of general interest.

Why mobile SD-WAN is the “new cellular” for “cloudular” remote working

I am sharing with you here a piece of work that I did for a consulting client — LiveQoS Inc. I am doing it because I feel it is of general interest, not because I am contracted to do so, or because the client has asked me to. (I’m working on a forgiveness basis here, not permission.) As another client recently wrote to me: “I know you only promote what you truly perceive and believe.”

For readers who are not hardcore telcoheads, this piece should give you some insight into what’s going on in telecoms. Because we’ve collectively failed to take control over quality, customers are buying hardware and software devices (“Software-defined Wide Area Networking” or “SD-WAN”) that “fakes it until telcos make it”.

These “edge” devices and software can bond together different access networks (like fixed and wireless broadband), reallocate that bonded supply to diverse competing demands, and (some) can route important traffic over private cloud networks instead of the public Internet. SD-WAN has become very popular in places like branch offices, but the challenge is now the “gig worker”.

Business travel can result in memorable cultural encounters. I have a vivid recollection of the early 2000s, when I delivered a workshop first in Chicago, and then again in Helsinki. The Americans were insistently talkative, and the Finns stereotypically taciturn. Yet despite their comparatively few words, what really stuck in my mind was a telecoms truism the Nordics taught me: “outside-in always wins”.

The context at that time was the initial explosion of cellular voice and data adoption. The whole world still gets its mobility needs met by building macrocells, whose signal penetrates inside of each building. We don’t set up radios inside all occupied buildings, and then try to cover the world from the inside-out. This wasn’t always obvious, as British investors in the ill-fated Rabbit network in the early 1990s can attest.

Cellular is not the end game of mobility

As time has passed, the demands for mobility have evolved. This first generation of mobility was about making a single device usable in many different places. We are now engaged in a second generation of mobility, moving from “cellular mobility” of devices to “cloudular hypermobility” of application services. This demands not only variability in place, but also in term of activity.

No longer are we taking a desk-based job and making it mobile, as in the “mobile worker” paradigm. Instead, a single person is likely working on multiple simultaneous projects for different clients, each of which may have many tasks. While a video of a field service incident is uploading for one customer to an Amazon-hosted application, you are dealing with a contract negotiation with another via an Azure UC service.

The “one job for life” long ago turned into a “life of sequential jobs”, and is now fully inverting into a “life of many concurrent jobs”. This places new requirements on the ICT service infrastructure to meet complex and concurrent application demands. Specifically, the mobile worker needs not only connectivity, but also suitable performance and a secured identity to access enterprise compute and data resources.

Mobile SD-WAN is the new “outside-in” way of meeting these “cloudular mobility” needs. By dealing with the hardest cases first, it eventually owns the whole problem space.

If you must gamble, then bet on a certainty

While the need for worker mobility is now obvious, the value of it is also worth emphasising. Despite many confounding factors that make definitive analysis hard, remote working appears to be both more productive and cheaper than office working. For instance, according to Forbes“91 percent of people who work from home feel that they’re more productive than when they’re in an office”.

This productivity data is confirmed by other sources. The much-cited Ctrip study — a Chinese travel agency — was covered by Inc thus“While Ctrip originally thought the money it would save in space and furniture–about $1,900 per employee for the length of the study–would offset a drop in productivity, at-home worker output wasn’t hampered a bit. … In fact, compared with office counterparts, those working from home made 13.5 percent more calls, quit 50 percent less, and said they were much happier on the job.”

Data from Owl Labs gives us a more refined picture: such workers are biased towards individual contributor roles in smaller companies, and are concentrated in sales, product development, marketing and IT roles. They are faster to hire, and easier to retain. That remote working is critical to competitive success is now established fact, not futuristic speculation.

Remote working is becoming the default means of delivering knowledge work, and is having widespread impacts across sectors and lifestyles. According to The Guardian, 18% of new UK residential units in 2016 were conversions of offices to homes — a 50% rise in a single year. A new academic discipline of “virtual leadership” has emerged to study how best to manage distributed teams using collaboration tools, and is being taught at management schools.

Whatever solves the problem for remote workers is likely to be the solution for everyone over time.

“Stopped apps” are the new “dropped calls”

In the “gig economy plus plus” world, we no longer just “work anywhere” (like an out-of-office employee, with “OOO” as new default). We must also “work on anything” and “for anyone and with anyone”. We are under continual pressure to increase the number of tasks and applications we work with, and to deliver against shorter cycle times. After all, we are all running hard to maintain our human edge against intelligent automation systems.

Mobility is one way to service work requests sooner and faster. As we all frustratingly know, cellular mobility isn’t a free lunch. Apart from the obvious device and service costs, you also need to be able to cope with loss of signal and consequent dropped voice calls. This familiar problem mutates into a whole new world of difficulty as we go from “cellular” to “cloudular” access.

The new IT lifecycle management problems manifest at both an organisation and individual level. Organizations of all sizes frequently require vendor technicians, contractors and other non-staff members to carry out work that requires remote privileged access. Meanwhile, individuals have to deal with many corporate interfaces, and it’s not appropriate to have a locked-down managed device for each “gig”.

Security domains give a partial answer, shifting perimeter security into new VPN models with richer identities and delegated authority. Virtual desktop (VDI) technology acts as a “mirror”, allowing you only to externally interact with the presentation layer outside. This is much like Web did in the 1990s, but demanding one browser for all apps and contexts, which is a poor fit for this new model. Companies like Tehama have made great progress in providing such temporary secured access solutions.

Managed application performance is the missing link

Secured enterprise access may be a solved technical problem, but application performance remains the Achilles’ heel of remote work. Not only do we have a greatly increased variability in application performance demand, but also in term of broadband supply.

We now have many different kinds of broadband access technologies in use, some with dedicated access links (like Ethernet or DSL) and some with shared access (like WiFi or LTE). The highest levels of variability in shared access networks creates the hardest scheduling and flow control protocol problems. This is before we begin to consider how these are bonded and blended to service the many different data flows, or how ISPs vary in competence and quality.

There has until now been no easy solution to constructing a suitable supply to meet the variable demand. Fixed SD-WAN is by definition not mobile, targeting a specific venue. It is at best portable, for example letting you relocate the hardware from your main home to your second holiday home. The alternative is to just accept “best effort” delivery and the public Internet (with unmanaged failure).

Users can instead engage in expensive and possibly slow mitigation of access quality, like buying better access for home, or temporarily relocating into a “hot desk” type office. They can also effectively self-insure against the risk of application failure by taking on less work, or by offering longer delivery times.

None of these mitigation approaches come for free: hence there is significant business value in predictable performance and making bad experiences sufficiently rare — at least compared to making acceptable experiences even better. This is important: the reward is in fixing the worst case — which is what the remote worker faces — and not in improving situations that are already good enough (but are easier to address).

Perfection is not available, so compromise is necessary

In an ideal world, we wouldn’t be facing these problems. After all, we typically don’t have to worry whether there will be enough electrical power for our laptop where we work. But broadband isn’t like that yet. We don’t have truly engineered performance, and that isn’t going to be fixed by 5G “slicing” — or anything else in the near future. Our transport protocols like TCP/IP are 1970s prototypes, and replacements like RINA are still in the lab. Even if these existed as products today, they are “best case” and not “worst case” for the remote worker.

Nonetheless, we can dream: a true on-demand and flexible supply that meets any need, with a low cycle time to provision it for “lean” work, and pricing aligned to business value. The order of failure in overload would be managed to the value of both the task and customer. The maximum possible “experience yield” would be squeezed out of the communications resources on offer.

The pragmatic reality is we have Internet Protocol (with no association awareness or native security domains), TCP (with the worst possible control span and least possible stability), and no standard form of demand awareness in networks (but lots of DPI and traffic management to try to recreate it). All kinds of fixes and workaround are often applied, but Lusser’s Law (failure grows with the number of serial components) dictates that this results in uncontrolled and out-of-order application failure modes.

Without something to take control over the experience, we face a descent into complexity of network operator interaction and application failure. The benefits of mobile working will be lost to reversion to legacy methods with long provisioning times, or foregone to more flexible competitors in an outsourced service economy.

Mobile SD-WAN solves the “experience yield” problem

Fixed SD-WAN is the “inside-out” model: it Is focused on the needs of the place and space, not the transient user or application. It is fundamentally not suitable to the “cloudular mobility” task, in the same way that fixed phone could be made “cordless”, but no more. Evolution of the broadband gateway can only go so far.

Mobile SD-WAN is the “outside-in” for “cloudular mobility”. It is targeted at the problems of the individual, and address the variability of application flow needs. It starts by coping with overload cases (e.g. LiveQoS’s MASV service) and work inwards to easier cases. It is a natural evolution of the enterprise VPN, able to route traffic to the relevant private cloud over private access. Furthermore, it is “boxless” in the same way a cell phone is “wireless”, using software to scheduling access to a shared resource.

Mobile SD-WAN doesn’t solve the underlying need to get the access network engineering right — you still get “dropped calls for apps”, yet the trade-off of more mobility for lower quality is worth it in most cases. Over time the improved engineering of the underlying access networks will make this less of an issue, similar to the move from 2G to 3G to 4G has done for cellular. As mobile SD-WAN builds upon existing cloud access networks, it can add in edge performance assurance as such capabilities become available.

By locating at the edge device, you are already in the appropriate context to participate in graceful degradation under load. In contrast, fixed SD-WAN will effectively be a man-in-the-middle attack, trying to unpick the flows in the same way ISPs have attempted and often failed. Only mobile SD-WAN matches the security domain model that is emerging as the requirement for remote working.

Outside-in really does always win!

There is a parallel here to the underestimation of cellular technology in the early 1990s, where analyst predictions were all backwards, seeing mobile as a small add-on to a massive established fixed market.

But it was the other way around: mobile was the new default, and came to eat the fixed market over time. And for a good reason: while the history of mobility doesn’t repeat itself, “outside-in always wins” does rhyme just right!


For the latest fresh thinking on telecommunications, please sign up for the free Geddes newsletter.