Orange Business Services has laid the first cornerstone of its network-as-a-service platform with a security VNF offering.
Orange Business Services first started talking up its NaaS strategy earlier this year, and the security VNF is the first NaaS offering under its "Easy Go Network" brand. Orange Business Service started kicking the tires on NaaS during a year-long trial in France. (See Orange Plots Mass Network-as-a-Service Rollout.) The security VNF will be available across 75 countries by the end of the year.
"We've been developing our SDN/NFV architecture for some time now," said John Isch, Director of the Network and Voice practice for Orange Business Services in North America. "The architecture is out there and the first VNF we're launching within this platform is a Fortinet next-gen firewall."
Isch said the security functions, which will include URL filtering, web content protection, malware protection and firewall, would be virtualized on Orange's SDN-based PoPs. Multi-national customers can order the service via a customer portal, which is called My Service Space. Once customers click on the order link, they're shipped a self-install Cisco router to connect with the service.
The web portal gives branch offices the ability to order and provision services within minutes of ordering while the router saves Orange Business Service money on costly truck rolls.
Orange Business Services customers can manage a security VNF via their own web portals.
"The front end to the whole service is this self-service portal," Isch said. "Once they have the router, the rest of the work is automated. From there, they're interacting with our SDN architecture, which is in turn controlling the configuration and operation of the firewall itself. It's a fully contained, automated solution that leverages next-generation technologies, SDN and NFV, to deliver services to a customer."
While the security VNF is the first step, Orange Business Services plans on offering other VNFs, such as SD-WAN solutions, unified communications, other firewall technologies and compression-type WAN optimization solutions, down the road.
Instead of using just the PoPs, Orange Business Services' big picture plan is to utilize universal CPE, or white boxes, at the edge of networks. Isch said that Orange Business Services has issued an RFI as the first step in selecting a uCPE vendor for the future.
"So the bigger game here is deploying a software-defined network that allows customers to deploy functions in the network wherever they want them and in an on-demand basis," Isch said. "Where our customers deploy that VNF is dependent on what VNF they're deploying or what the end goal is with that VNF. For example, if you're trying to deploy a wireless access controller, it makes more sense to deploy it from the edge instead of from a PoP."
AT&T Inc. (NYSE: T) and Verizon Communications Inc. (NYSE: VZ) have also launched VNF services this year. While not speaking specifically to those offerings, Isch said there are a couple of approaches for VNFs. (See Q&A: Verizon's Lonker Maps Out Virtual Network Services and AT&T Getting Business VNFs to Market Faster.)
"The approach we've taken is to take a VNF and make it fully operational," he said. "There's another strategy to go here, which is to say I'm going to deploy VNFs but I'm going to use the NFV side of it and not worry about the SDN side of it. Orange has decided that it's going to look at this holistically, at least for this first rollout. We want to deploy something that is 100% contained within this SDN and NFV environment. So it's virtualized services and we're using the software-defined network to control it.
By contrast, other service providers have decided to split SDN and NFV apart so they can get to market faster "with something that isn't' fully complete as far as the SDN side of things," according to Isch.
Isch said because Orange is using OpenStack and best-of-breed vendors, customers aren't married to one function provider when it comes to VNFs. With NaaS, customers can deal with one service provider instead of several when there's a problem with a service that is external to the network.
"By offering a VNF as part of a network, it allows the customer to buy a service that's owned and operated by the same entity end-to-end," Isch said. "Our span of control goes from demarc to demarc. This allows customers to have a one-stop shop for both network functions as well as network services, and, of course, integration with the Internet, which is a big part of every customer we deal with today."
— Mike Robuck, Editor, Telco Transformation