3 Reasons Pica8’s PICOS® is (Already) Flourishing Across the Enterprise
I read with interest a blog post about the open source data center network operating system (NOS) SONiC. To date, SONiC has been deployed mainly by hyperscalers and other large cloud data center providers with very homogenous infrastructure and simple use cases, but a recent Gartner blog post predicted it will soon be adopted by enterprises. Hence, Packet Pushers responded with a recent post titled, “3 Things SONiC Needs To Flourish In The Enterprise.” The “3 things,” it turns out, are already being provided by Pica8 via PICOS, our open NOS that runs on open white box/brite box switches, and AmpConTM: •Commercial support, a la what Red Hat provides for Linux•Commercial management, configuration and automation tools•Sales and marketing to promote disaggregation in general and this NOS in particular. Lots to unpack here, so let’s get to it. The Background on SONiC SONiC is a NOS developed by Microsoft for its Azure data centers. The company later released the code as open source software and it is now a sub-project under the direction of the Open Compute Project (OCP) Networking Project Group. A Gartner blog post published in mid-March (the Ides of March, to be exact, for what that’s worth) made this bold prediction: “By 2025, 40% of organizations that operate large data center networks (more than 200 switches) will run SONiC in production environments.” The post talks about switching vendors that are “aggressively investing in and/or support SONiC including Dell, NVIDIA, Arista, and Juniper” and others including Cisco that “allow SONiC to run on their switches.” The blog post really served as a teaser for Gartner’s just-released Market Guide for Data Center Switching, which, of course is only available to Gartner clients. But it also prompted Packet Pushers to take a closer look at the claim, serving as something of a gut-check. Now, keeping in mind both the Gartner and Packet Pusher posts are talking solely about data center NOSs, let’s take a closer look at those “3 Things.”1. Commercial support, a la Red HatPacket Pushers correctly points out that a commercial version of any open source software provides much-needed support, including patches, updates and more. A commercial vendor also handles the “fiddly bits” (I like that) with respect to the ASIC abstraction layer, so customers don’t have to. The vendor simply provides the customer with a list of compatible hardware and that’s that. I couldn’t agree more – and this is exactly what Pica8 does for users of PICOS. Our proven abstraction layer is called vASICTM, and our extensive hardware compatibility list is right here. 2. Commercial management, configuration and automation toolsHere Packet Pushers, again, correctly points out that SONiC is a Linux-based NOS and thus can be managed by tools such as Chef, Puppet and Ansible. It then adds, “but network engineers may want something more tailored to their discipline.” The post mentions intent-based networking as well as a desire for “stripped down, simplified, and cloud-based” management tools. This again struck a chord because PICOS is likewise Linux-based and, thus, manageable by all the same Linux tools. In fact, we’ve developed a number of Ansible playbooks specifically for automating networking tasks related to deployment, configuration, license management and so on. Beyond that, however, Pica8 also has an automation framework, AmpCon, that addresses network switch deployment and configuration, automation of day-to-day activities, visibility across the network, and policy enforcement. In short, AmpCon can be thought of as a “stripped down, simplified, and user-friendly” version of the cumbersome Cisco DNA Center. It performs the core functions that most enterprises need – at a fraction of the cost. (Actually, it’s almost free as Pica8 does not believe customers should have to pay through the nose for controlling their networks.) It even addresses open, intent-based networking (OIBN) in a way that enables companies to dip their toes in the OIBN waters and adopt it at their own pace. (Learn more about OIBN in our recent white paper.) 3. Sales and marketing to promote disaggregation in general and this NOS in particularThis may be the one area where I have to disagree with the Packet Pushers post. It posits that while hyperscalers and cloud providers have a clear business case for an open, modular, disaggregated, customizable NOS, most enterprises don’t care about such things. “They want reliable software; support for core protocols; and tools to configure, manage, and troubleshoot the network–ideally delivered by a vendor partner,” Packet Pushers says. Well, OK, but why not both? Wouldn’t an enterprise be interested in a NOS that is at once reliable, supports core protocols, comes with effective management tools, is supported by a commercial vendor – but is also open, and works on your choice of white box/brite box hardware and Linux tools? The post correctly goes on to point out the benefits of the open approach, including being able to more quickly take advantage of hardware and software advances, greater choice and the ability to swap out hardware or software based on changing requirements. The fact that it’s lower cost is gravy. These are points we’ve been making for quite some time. But there’s one more rather big differentiator with regards to Pica8. Recall that both the Gartner and Packet Pushers posts were discussing only data center NOSs. Pica8’s PICOS is a L3 data center NOS, but it works equally well in enterprise campus and edge networks and workflows. So, with PICOS you’ve got a single open, disaggregated NOS running across your entire enterprise – from the data center to the access edge and everywhere in between. It’s all managed by the same tool – AmpCon. And it comes with support from an experienced commercial vendor, Pica8. We don’t have to wait till 2025. PICOS is already flourishing in more than 1,000 enterprise networks in 40+ countries. If you’d like your network to be next, just get in touch.
Pica8 Earns Top 10 Spot on CRN.com's list of Cool SDN Networking Tools
There are far worse ways to start 2021 than to be named a company with one of “The 10 Coolest Software-Defined Networking Tools of 2020” by CRN.com. Even better, in these days of almost zero investigative technology journalism and pay-for-play marketing to get onto lists like these, it was a breath of fresh air to earn a spot on one of the endangered, merit-based “Top 10” lists where no money changed hands. So, a big “thumbs up” to CRN for putting Pica8’s open networking ThresholdTM SDN architecture right up there alongside Cisco’s DNA Center, Arista’s Adaptive Cloud Fabric, and Juniper’s Contrail Edge Cloud (among others). To riff off an old E.F. Hutton television ad, we made the CRN list “the old-fashioned way — we earned it.” CRN was motivated to put this list together because they foresee “a healthy growth outlook predicted for the SDN market for the next seven years.” Indeed, they should, as modern definitions of the SDN “market” no longer refer to the “over-exuberant” early SDN vision — and questionable business model — of replacing every network device on earth with the equivalent of a new flying car. Instead, “SDN” has morphed into the more enlightened view of discrete and, often automated, control of network behavior and security policies, which is exactly what “SDN” should refer to. (Ironically, in the very, very early days — before the fervor of university academics hijacked the software/hardware disaggregation movement entirely — this is what SDN was originally designed to do. What’s old is new again.) For the most part, this “new” definition of SDN also suits the traditional networking vendors just fine as they can now easily fit all of their proprietary — and uber pricey — software packages under the expanded SDN definition. This allows them to continue to sell generations of non-interoperable hardware — complete with built-in obsolescence — right alongside hugely expensive software suites, all without having to show any sort of even ephemeral roadmap involving SDN controllers, white box hardware, or open networking at all. And that’s a real shame. The dirty little secret hiding in this “new” world of SDN is that the state of the art in real open networking has advanced so far now that true open networking solutions, such as Pica8’s, mean that there’s no longer any engineering or ease-of-use reason to purchase expensive legacy networking solutions. Pica8’s PICOS® network operating system — the foundational building block of the Threshold SDN architecture — offers automated deployment and lifecycle management and is interoperable with not only existing legacy networking hardware but also with all major network access control (NAC) systems, such as Cisco ISE and Aruba ClearPass. It is the only networking solution on the market to offer users simultaneous control of every switch port in a network, whether L2/L3 or SDN/OpenFlow. Not even the legacy guys can do that. So, CRN, here’s a toast to you to start a bright New Year. And if you’d like to start your year by learning more about what a modern, open approach to networking looks like, download our white paper, “An Enterprise Approach to White Box Networking.”
The Benthic Sadness of Cisco Colony Collapse
Once upon a time, Cisco effectively was the networking industry, starting around the time I joined in 1989 to help the company put together its IPO. The cachet of being an early Cisco customer was very real, and, frankly, Cisco earned its moment in the sun back then, a moment that — to its full credit — lasted far longer than technology history would have deemed likely. In fact, one of the charts Cisco liked to show sell-side analysts during its IPO roadshow was a sine wave that demonstrated how no dominant technology leader of one “wave” ever became the dominant player of the next one. The mainframe leader (IBM) did not become the mini-computer leader (DEC), which, in turn, did not become the PC leader (Microsoft), and so on. The chart had a big “?” next to the empty sine wave slot for networking, which, of course, Cisco did ultimately win and happily filled in. (Not surprisingly, those sine wave charts have never seen the light of day since at Cisco as far as I can tell.) Now the new sine wave peaks are clear — Cloud, IoT, 5G and so on — and all have very little to do with Cisco today, leaving the company perhaps best described as “a dream of elegance on the crumbling edifice of the past” (to borrow an almost perfect phrase from the Japanese Wabi aesthetic). Today Cisco is way past worrying about cachet. It is, instead, forced to struggle with basic relevance while it goes about plundering its enterprise install base for revenue in a cash grab before AWS and crew turn Cisco’s high-profit bespoke hardware/software solutions into museum pieces. And open networking — inexpensive hardware plus inexpensive, but feature-rich, software like Pica8’s — in the enterprise campus is also amping up the existential pressure on Cisco. Almost every new open network campus deployment comes directly at the expense of some poor Cisco account rep who has to de-book that long-time customer from his/her forecast. Cisco knows all of this, of course. It missed the pivot to the cloud years ago trying to hold on to hardware gross margins, saw all the major web-scale data centers opt for open networking, and are now keeping a watchful — and nervous — eye on open networking’s increasing adoption rate in its cash-cow enterprise business. At some not-too-distant point Cisco will be forced to embrace the open networking business model and do more than just occasional head nodding and hand waving about its intentions here. But to those of us on the outside, that process is uncomfortably like watching the caveman invent the rock. As they’ve grown from my early days — when Cisco was a mere $27M/year revenue company — Cisco inevitably fell into a number of bad habits that largely stemmed from its basic DNA while the overall industry caught up and, in many cases, surpassed it in the market. Some of these habits — like making customers dependent on the complexity of its solutions to keep competitors out — worked, at least for a period of time. (I addressed some of these issues in earlier blogs like this one on Cisco’s “conservation of complexity problem.” Cisco was used to big margins from the start. It quietly raised the prices of its early routers twice just ahead of its IPO in 1990 to see just how much it could squeeze out of the market. Cisco never looked back and still tries to sell every customer an Airbus when the vast majority of them come in wanting, and frankly only needing, a Cessna. Simple, reliable, inexpensive, flexible and easy to operate is what customers are looking for. Kind of like the Cloud and open networking if you think about it. So Cisco, long known as “the masters of firmware,” is now desperately trying to reinvent itself as a software company via hugely expensive networking software suites. Exhibit A is the Cisco DNA Center automation framework, which can easily run into many millions of dollars to support even a modest-sized deployment. I almost hate to break it to Cisco that open networking now has a $10-per-switch-per-year solution in Pica8’s AmpConTM automation framework for open white box switches that does much the same thing. Amazingly, Cisco seems to think its enterprise customers won’t realize its luxury-tax software bundles like DNA Center and StealthWatch are as much vendor lock-down programs as anything else. Customers do, of course, and there are plenty of “look, the elephant is tip-toeing down the hall again jokes” flying around. In truth, as one of Cisco’s earliest and biggest promoters, this inevitable Cisco Colony Collapse is not particularly comfortable to witness. For me, one of the final nails in the coffin was the recent departure of thousands of Cisco’s best-and-brightest long-term employees in a combination of early retirement packages and layoffs. Anyone reading this post knows full well the “Check Engine” light is pretty much always lit in a large network, and Cisco, already under fire for lagging support, just said goodbye to many of the people who could respond despite its Covid-times pledge not to do that. In the early days Cisco could be thought of as the Burning Man of the networking industry — brash, innovative and responsive to the cultural and business trends. Now it’s more like Disneyland — bloated, expensive and full of customers waiting in very long lines. In closing, in addition to the Wabi reference above, Japanese aesthetics also embraces an element for “things that have lost their power,” such as the retreating figure of a sumo wrestler who has been defeated in a match. When I view what Cisco has become, this is the cause of the “benthic sadness” referred to in the title.
Why the Lights Just Dimmed at Cisco
In a clear echo of IBM’s ultimately futile efforts to cut costs in the early 90’s, October 5 was a watershed day for Cisco as over 2,000 of its best, and most senior, employees across the company took early retirement packages —technically, the Cisco Elect Program — and handed in their badges. We’re talking software engineers, SEs, TAC personnel, sales directors, product line managers, account managers, the works — most with over 20 years tenure at Cisco. Some of them had been with the company so long that I was actually their hiring manager at Cisco, and I left in 1995! As one member of the new diaspora put it on social media this week, “A lot of great talent that made Cisco is headed out the door today.” This new, diminished Cisco is worth a closer look. The people that “made” Cisco, who understood and represented its best interests, and who were trained in true customer advocacy, are leaving — in droves. And the 2,000+ that are now gone are just the beginning of this most recent talent outflow. In total, Cisco extended the ER (early retirement) offer to almost 7,000 of its top people. Many — perhaps most? — of the remaining 4,500+ who did not accept will now wait to see if they survive the coming layoffs that will be needed for Cisco to meet its stated goal of $1B in operational costs savings that Cisco told the Street about in August. There are two main themes roiling the Cisco alumni social media feeds about this event. One is the parallelism to IBM that I mentioned above, or, as another member of the diaspora stated, “It’s kind of sad to see Cisco playing the IBM game of layoffs and firings.” The other, far more dominant comment, is “there is life after Cisco.” While “There is Life After Cisco” is largely expressed in the forums as a form of personal encouragement for those who took the ER package perhaps less than willingly, it’s a phrase that current Cisco enterprise customers should also take to heart. With somewhere between 2,000 and 7,000 of Cisco’s best out — or on their way out — Cisco will be a less capable company when it can least afford to be. If you weren’t happy with Cisco responsiveness and support before, you don’t need me to tell you what’s coming. It’s fairly well accepted that Cisco already missed the overall industry pivot to the Cloud — and to Automation — so there’s obviously plenty of “life without Cisco” going on there. Now the combination of open networking and white box switching are proving to be an existential threat to Cisco both in the data center and, more recently with the strategic tie-up between Pica8 and Dell Technologies, in their home port of enterprise campus and access networks as well. If all 7,000 of the ER-targeted people do end up leaving, that will represent about a 10% reduction in Cisco’s overall workforce, a not uncommon number for Cisco to eliminate in the past. But, historically, those earlier reductions were for their worst performers, not their best. October 5, 2020 — a day that will likely be long remembered at Cisco. First, the company lost a $1.9B patent infringement case to a Virginia-based security company called Centripetal, and second, thousands of its best and brightest exited Stage Left.
Tech Blog: Network Access Control with Open Campus Networks
Years ago, Network Access Control (NAC) was a high-end security feature touted by legacy network switch vendors. But like so many other legacy vendor features, NAC has been successfully adopted by open network vendors and is ready for deployment in enterprise campus and access networks as part of a more modern architecture. NAC is a security solution that enforces policy on devices as they seek access to a network to increase network visibility and reduce risk. For example, NAC may be used to ensure anti-virus software is up to date and, if not, ensure that it’s updated before the device is granted network access. It can also be used to define what resources a given device can access, as well as what VLAN and what ACL should be applied to it. NAC integration is now becoming increasingly important to the network security of enterprises. From a high-level point of view, NAC is a typical SDN application, one that leverages a centralized controller to control the network access authentication and authorization of many switches. The NAC controller authenticates the devices accessing the network and sends instructions to the switches, which apply different policies to the end devices.