What is network as a service (NaaS)?

The day is coming when enterprise IT professionals will be able to order network infrastructure components from a menu of options, have them configured to fit their business needs, and have the whole thing delivered and running and managed in perhaps hours.

The concept is called Network as a Service (NaaS), and it has been around in a number of different forms for a few years, mostly in the service provider arena.

But for enterprises the as-a-service concept is taking hold as companies embrace cloud computing and its model of consumption-based biling. For example, more than 75% of network infrastructure at edge locations and up to 50% of data-center infrastructure will be consumed in the as-a-service model by 2024, according to research firm IDC.

According to Forrester, the evolving technology landscape is driving the need for more flexible consumption models. The pandemic, too, has accelerated adoption of as-a-service offerings, the research firm reports: “The events of 2020 meant IT plans and priorities had to change. Nearly two-thirds (64%) of IT leaders began accelerating the shift of IT spend from capex to opex and to consider flexible consumption models like as-a-Service for the future.”

Another trend driving NaaS is that licensing and software-management components of enterprise networking are increasingly offered via subscription, IDC reports.

What is NaaS?

The definition of NaaS is somewhat of a moving target and prone to hype at this point, but there are some solid NaaS characterizations.

“NaaS models are inclusive of integrated hardware, software, licenses, and support services delivered in a flexible consumption or subscription-based offering,” wrote IDC senior research analyst Brandon Butler in a white paper.

“Instead of buying network equipment, installing it, and operating it, a network-as-a-service provider owns, installs and operates the equipment, and organizations pay a monthly subscription for the network services,” said Neil Anderson, senior director, network solutions, at World Wide Technology, a technology and supply chain services provider.

There are different degrees of NaaS, according to Anderson, including:

• Subscription hardware: Instead of outright purchase (Capex), you pay a monthly subscription (OpenX) for the hardware, but you still install and operate it.
• Managed service: Subscription-based hardware plus a managed service to operate it.
• True NaaS: The provider owns, installs, and operates all equipment, and you simply pay a monthly fee for the turnkey service.

Jay Gill, senior director of products and solutions, with Pluribus Networks, said that “any virtualized network construct that is abstracted from underlying network infrastructure and provided by one entity to another, even within a single company, could be considered NaaS.”

“The foundation of NaaS is network virtualization, which allows the networking constructs a user sees to be abstracted (or decoupled) from the physical network devices and equipment that support them,” Gill said.

Essentially, enterprises that end up using NaaS can more simply consume and scale products and services as they need based on what their business requires.

How is NaaS implemented?

A recent example of how NaaS will be brought into the enterprise is Cisco Plus. While Cisco expects to roll out what will likely be myriad service options under that brand, for now it is introducing two. The first, Cisco Plus Hybrid Cloud, includes the company’s data-center compute, networking, and storage portfolio plus third-party software and storageall controlled by the company’s Intersight cloud-management package. Using an API, customers can choose the level of services they want for planning, design and installation. Cisco Plus Hybrid Cloud, which will be available mid-year, offers pay-as-you-go with delivery of orders within 14 days, according to Cisco.

The second Cisco Plus service will bring together the company’s secure access services edge (SASE) components, such as Cisco’s SD-WAN and cloud-based Umbrella security software. 

NaaS cloud connections

Other NaaS services will be delivered differently. For example, many network connectivity services offered by traditional telecom network providers can be considered NaaS, Gill said. 

“Metro Ethernet Services and other L2VPNs, L3VPNs including IPsec and MPLS VPNs, and, more recently, SD-WAN services all provide a virtualized connection service that abstracts the underlying physical network. Some connectivity offerings also include other virtualized functions such as vCPE, firewalls or remote access gateways,” Gill said. 

Service providers such as Megaport and PacketFabric also own network infrastructure but focus on providing a narrower range of highly flexible and cost-effective NaaS offerings sometimes referred to as software-defined interconnect services. Their primary value is streamlining connectivity to public cloud and other service providers at major colocation and internet exchange points, Gill said.

Newer service providers are creating SD-WAN or other NaaS offerings without owning any of the underlying infrastructure.

“As an example, Alkira can provide a completely virtualized NaaS built on the infrastructure of public cloud providers. This type of service offering may be the first thing that comes to mind today when someone says NaaS, but it would be a mistake to define NaaS as only including such offerings,” Gill said.

Purchasing NaaS will typically involve a one-, three- or five-year commitment, and organizations can either pay upfront or through annual or monthly billing, Anderson said. “Pricing is determined by factors including the number of users, number of square feet and bandwidth used, or all of the above,” Anderson said. 

NaaS use cases

Some early adopters are already utilizing NaaS. For remote access, it’s starting to go mainstream, Anderson said earlier.

“Networking is no longer just about connecting things within private networks, because there is a world of networking to and between clouds to account for,” Anderson said. “For example, with private WANs, I typically networked my sites to my other sites like a private data center. Now, I need to network my sites to cloud services, and I may be doing so with public-internet services,” Anderson said.

There are NaaS use cases, such as a complete branch office or store-as-a-service, that include network, WAN circuits, and wireless rolled into a single monthly fee, Anderson said. These could include also other services like security and collaboration, Anderson said. 

In general, IDC’s Butler said that organizations that adopt NaaS models experience faster deployments because they are taking advantage of the expertise of partners and vendor specialists to expedite the planning process.

NaaS also provides access to new technology, including infrastructure like Wi-Fi 6 and 100 Gigabit Ethernet, with access to equipment refresh and upcycle opportunities to that ensure the network has the latest gear to operate at peak performance and can scale up or down to meet fluctuating demand, Butler stated. 

NaaS also improves refresh cycles because upgrades can be made wtih less downtime and improves performance thanks to use of newer equipment. Through constant monitoring, NaaS can identify outdated infrastructure within the network and replace, Butler stated. 

The best fits for adoption now are new facilities, temporary locations, and small branch offices, experts say. NaaS offerings could also be attractive to network remote, home and mobile workers who need secure, reliable application performance.

NaaS challenges

Security remains a point of contention in any NaaS implementation because many organizations like to control it directly, Anderson said. But with NaaS, a certain amount of security control will lie with the NaaS provider, which can be a big issue. “How will the customer still be able to do traffic inspection, or be able to feed security analytics tools with NetFlow, etc.? And who is liable for a breach, and how will it be remediated?” he said.

There are other concerns such as the ability to customize the service to very specific needs. “Like any managed service, there may be a tendency to install the cheapest equipment possible and use it for as long as possible,” Anderson said. 

That means service-level agreements become critical and need to address important metrics including:

•  Bandwidth per user, up time, app performance, etc.
• Guaranteed service level or up time
• How often equipment is updated to the latest technology?
• What tools will the NaaS provider use to proactively measure and manage capacity and performance?
• What are add/change costs and policies? For example, if a customer adds or lays off employees, how is the cost of adding or removing equipment and capacity handled?

Other experts have said that for medium-to-large organizations with significant investments in existing remote, branch, campus, and data-center networking network-security infrastructure, migrating to NaaS will be difficult and time consuming. Multi-vendor environments will further complicate the matter. Because NaaS is enabled by fast, low-latency, internet services, any interruption in WAN connectivity may seriously degrade or disable enterprise network operations. Because the service is relatively new, NaaS pricing is still uncertain, so business leaders may find that per-year operational costs may be more than they budgeted for.

The future of NaaS

It’s clear that enterprise customers’ move to cloud services is the primary driver for NaaS. And while the networking industry is only now sorting out how the cloud world will be effectively networked, NaaS could play a big role in the future.

Networking must be virtualized and automated to enable operations at cloud speed, Pluribus’s Gill said. “The big question is what services and business models will prevail. With most applications staying in private cloud environments, private cloud NaaS may be the most important.”

Another key market opportunity will come from NaaS offerings that simplify use of multiple public clouds, so users do not have to be experts in each cloud’s native networking stack to operate a multi-cloud environment, Gil said.

“With more and more applications moving to Cloud/SaaS, traffic profiles are shifting dramatically,” Anderson said. 

“We used to build campus networks with tremendous aggregation back to a core network – then to our private data center where our app workloads ran. In the future, if most traffic is headed to Cloud/SaaS, are core networks needed anymore? Or do organizations just need each of its buildings to be a very reliable ‘hot spot’ with high-speed internet access? I think we will see organizations rethinking their architecture, and it will make it easier to adopt a NaaS approach,” Anderson said. 

Security will be the sticking point in the future, Anderson said.

“There’s a great deal of security integrated into and relying upon the network today. If an organization turns its network over to a NaaS provider, they must consider whether they lose visibility and how to continue to provide data to their SecOps team,” Anderson said.

“Because of this, I think we will see combined NaaS/Security-aaS offers in the future. Secure Access Service Edge (SASE) is headed in that direction, for example. But trusting a provider with security will be a major sticking point, especially for large organizations and those with regulatory requirements like HIPAA, PCI, NERC/FERC, etc.,” Anderson said.

In the end, transparency, simplicity, and improved lifecycle services lead to better cost metrics and help ensure network usage aligns with business goals, IDC’s Butler said. 

“This leads to overall benefits of increasing agility, reducing network complexity, and enabling organizations to have an optimized network that supports growing and dynamic environments. IDC believes that enterprise use of NaaS models will increase significantly in the coming years as more organizations realize these benefits.”