However, the internet infrastructure that supports these apps have changed little over this period.\u00a0 As Software-as-a-Service (SaaS) applications such as Zoom Video Conferencing<\/a> or Salesforce CRM <\/a>today run over the public internet with no priority or \u201cbest effort\u201d priority, users can experience congestion, latency and reliability issues, throughput throttling, and many other issues.\u00a0 The result is unpredictable performance for consumers, and even more so for enterprises.<\/p>\n\n\n\n One Example of the problems with public internet infrastructure is that latency and throughput are not optimized in the default Internet routing path. In Figure 1 below, you will see a comparison of a file transfer over the public internet or \u201cdirect download\u201d vs the same file downloaded using NKN\u2019s virtual network. The NKN network<\/a> is an overlay network on top of the public internet infrastructure that opens multiple concurrent paths in order to overcome these congestion issues. The result is 2-3x performance improvement<\/a>. The example above not only shows the problems that are inherent in the internet infrastructure, but also provides a glimpse into some of the solutions that innovative companies have developed to insure good performance in an uncoordinated open internet. I am calling these solutions App-centric Virtual Networks<\/strong>.\u00a0 These companies are developing networking technologies that are enabling the next generation of highly connected applications.\u00a0 In the following sections, I will further define the App-Centric Virtual Network and provide examples of benefits and use cases in which these technologies can be applied.<\/p>\n\n\n\n One of the biggest advantages of highly connected SaaS applications<\/a>, is that they often run within an internet browser like Chrome<\/a> or Firefox<\/a> and do not require the user to download, install, and configure any software to setup and maintain any network infrastructure.\u00a0 This gives users the ability to deploy and scale services quickly while only paying for the resources that are used.\u00a0 At the same time, users expect these applications to perform as well if not better than similar standalone or on-premise applications running on dedicated hardware.\u00a0 In order to accomplish this, an App-Centric network approach is required.<\/p>\n\n\n\n Let’s look at 3 different industries and see how companies in these industries applied an App-centric Virtual Network approach to adapt to modern applications and to improve their user experience.\u00a0 These industries include SD-WAN<\/a>, Gaming<\/a>, and Network Security<\/a>.<\/p>\n\n\n\n Software Defined Wide Area Network (SD-WAN) is an application of SDN<\/a> and utilizes WAN connections such as broadband internet, LTE, 5G<\/a>, or MPLS to dynamically connect enterprise locations and services over large geographic areas.\u00a0 One use of this technology is connecting the regional offices of an enterprise to a common company network in order to access shared internal and external applications and services.\u00a0 However, with more and more of these applications becoming external SaaS services such as Microsoft Office 365<\/a> or Google G-Suite<\/a>, SD-WAN solutions need to adopt a App-centric network model.<\/p>\n\n\n\n One such company is San Mateo, California based Aryaka<\/a>.\u00a0 Aryaka is a cloud first SD-WAN solution that uses a layer 2 meshed network<\/a> with over 30 PoPs<\/a> around the world. \u00a0 To provide good latency and performance for its enterprise customers, the company has direct or co-located connectivity to leading IaaS, SaaS, UCaaS and other XaaS service providers including AWS<\/a>, Azure<\/a>, Salesforce<\/a>, and more.\u00a0 See Figure 2 below.\u00a0<\/p>\n\n\n\n Aryaka\u2019s meshed network allows the service to optimize data flow and bandwidth for lower latency and improved performance for enterprise applications.\u00a0 The data flow optimization is key to their performance.\u00a0 The company has employed proxies<\/a> at different segments along the data path including first, middle, and last-mile locations to provide a multi-segment optimized route.\u00a0 In doing so, they have created their own overlay network to improve the performance of existing infrastructure.<\/p>\n\n\n\n Aryaka has raised $184 Million to date with its latest series F round of $50 Million<\/a> completed in 2019 led by Goldman Sachs Private Capital Investing.\u00a0 The company has seen tremendous growth since it was founded 2009 and services over 10 million users across 7,000+ sites.\u00a0 Recognized by Gartner as a visionary in WAN Edge Infrastructure<\/a> in 2019, Aryaka as of Q2 2019 held 3rd place in SD-WAN market share behind such industry titans as VMWare and Cisco.\u00a0 The company offers pricing based on either predefined regions or global infrastructure with smart bundles of 10 sites within North America or Europe for less than $2,000 \/ mo.<\/p>\n\n\n\n There are approximately 2.2 Billion gamers in the world<\/a> from the casual gamer playing the latest Pokemon Go<\/a> to the professional gamer in the highly competitive world of eSports like Fortnite<\/a>.\u00a0 However, for many of these players who play online, the network quality is frustrating and can even be the difference between winning or losing a match.\u00a0 This frustration usually comes as the result of increased latency or lag and reliability.\u00a0 Most online games need between 20-40ms for optimal performance and anything more than 100ms is considered unacceptable. Google Stadia<\/a>, which is Google\u2019s game streaming service, was measured by PC Gamer in November 2019 to be at least 125ms or higher for HD games<\/a> and even higher for those in 4K.\u00a0 The result was degraded video and jerky movement leading to a poor experience for gamers.\u00a0<\/p>\n\n\n\n Luckily there are a number of OTT providers that have stepped in to provide a better service for games.\u00a0 One such company is Haste<\/a>.<\/p>\n\n\n\n Like Aryaka, Haste built their own application centric optimized network.\u00a0 However, instead of enterprise applications, they were focused entirely on online videogames.\u00a0 Using a meshed network of relay servers and dedicated fiber links together with custom software for multipath transmission (see figure 3), they have been able to achieve better performance for gamers.<\/p>\n\n\n\n You can see from Figure 3 above, that often the default routing on the open Internet is not ideal.\u00a0 Providing multiple concurrent paths increases reliability from congestion in any one area of the network, and with dedicated fiber the network can offer much lower latency.<\/p>\n\n\n\n The Haste network only supports a limited number of optimized game titles today, but the list is growing. And the gamers are clearly willing to pay for such improved gaming experience.\u00a0 Haste has more than 600,000 registered users<\/a> and\u00a0 offers a free 14 day trial with plans starting at $10\/month.<\/p>\n\n\n\n While SD-WAN and Gaming are examples of App-centric Virtual Networks for performance, SASE takes the same approach for security. SASE brings together many of today\u2019s network security features such as Firewall-as-a-Service <\/a>and Zero Trust<\/a> and provides a holistic security solution for cloud native applications. These capabilities are delivered as a service based on the identity of the application, device, or user as well as real-time context and security policy. See Figure 4 below.<\/p>\n\n\n\n The main benefit of SASE is that it applies security directly to the application regardless of where that user is on a public or private network.\u00a0 This is important as enterprises and consumers use SaaS services in ever greater numbers and are more mobile than ever. Traditional network domain based security is no longer enough: e.g. security policy based on Intranet versus Internet.\u00a0 For this reason, SASE is often associated with SD-WAN networks since these networks combine public and private network resources to create their overlay networks.<\/p>\n\n\n\n Among the players providing SASE services today, Palo Alto Networks<\/a> has a history of being at the forefront of cloud security.\u00a0 Palo Alto Networks, made famous for their Next Generation Firewall (NGFW), was one of the first to combine firewall, filtering, intrusion prevention, and application security with deep packet Inspection<\/a> all in a virtualized offering in the cloud.\u00a0 The company offers the Prisma Access SASE solution (see Figure 5) built on their own cloud platform with 100+ locations across 76+ countries.<\/p>\n\n\n\n Solutions like Prisma Access are SaaS services that can be integrated into any hybrid cloud environment to provide application security for your organization anywhere you are connected.\u00a0 Palo Alto also recently purchased SASE vendor, CloudGenix<\/a>, for $420 Million in March 2020 to help strengthen Prisma Access to offer a combined platform for complete SASE service. They take an App-centric approach to supporting security in the virtual network and cloud.<\/p>\n\n\n\n Prisma, which was launched in 2019, consists of Prisma Access, Prisma Public Cloud, Prisma SaaS, and VM-Series has approximately 9,000 enterprise customers. The SASE component, Prisma Access is priced based on bandwidth in increments from 2 Mbps to 1000 Mbps and users with tiers from 200 to 100,000 users. In Q4 2019, Palo Alto Networks touted their first over $10 Million deal for Prisma Access<\/a>, further helping to solidify their expansion into the SASE market. <\/p>\n\n\n\n The trend toward SaaS services on open Internet for both enterprise and consumers has accelerated, and these customers expect the same performance for cloud applications as is available for native local applications.\u00a0 However, the Internet was not designed for these highly connected applications.\u00a0 Application developers that rely solely on the open internet to provide their connectivity will be met with congestion, latency, and reliability issues.\u00a0 Therefore, a new kind of application focused approach to networking is needed, hence the App-centric Virtual Network.<\/p>\n\n\n\n The App-centric Virtual Network creates a software overlay using existing Internet infrastructure as well as dedicated network resources to enhance the performance or provide new functionality for cloud applications like SaaS<\/a>.\u00a0 Such a more dynamic network layer can improve performance and security for many applications for Enterprise SD-WAN, Gaming, and Security. \u00a0 Companies working on app-centric virtual network have seen great success in offering market solutions in these areas: for example Aryaka, which provides a mesh overlay network for better application performance for enterprise, Haste, using multi-path to enhance online gaming reliability, and finally Palo Alto Networks, enabling SASE in SDN\/cloud environments.<\/p>\n\n\n\n
<\/p>\n\n\n\nThe App-Centric Shift<\/h1>\n\n\n\n
![\"SD-WAN,](\"https:\/\/blog.nkn.org\/wp-content\/uploads\/2020\/05\/Screen-Shot-2020-05-14-at-11.36.01-AM-1024x428.png\")
SD-WAN<\/h2>\n\n\n\n
Gaming<\/h2>\n\n\n\n
Secure Access Service Edge — SASE<\/h2>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
![\"Direct](\"https:\/\/lh4.googleusercontent.com\/Ujzbk3Mrp1ZXLm7b4WrB34p6rci2OlNjdcauZbbVBWu21jqIe-fvp-SBTmvbEhCF59JbtlFlAApz3_fczDJXRKqFCas0yjN98mA6HbF_ano72Ddal1t3Nbuo2upFur_kH__AKqk1\")
![\"Aryaka](\"https:\/\/lh4.googleusercontent.com\/Vlf2SvMLaf7hNKxSr-meGWPRNR7fvqU9587PBjNrgsdPYF-s9QVqexSi6lE971u3kTB1_1oh5B2YRVwBdfyWGPjkG8CUCEjPAxHVTPj_5FzEFflX2HGP6KGNcVZs56k5Z7rAqlAU\")
![\"Haste](\"https:\/\/lh6.googleusercontent.com\/pZTWEot1GlH4Ty-UYoW2Qw1eu2FrzrT_yJOPXXA-ArHwJUOu7fzizv7fXJbwdFFgxjBCBsbN-FsHjUZZZncR7PEY_ysi-9QIvTxfAPYddNm31TDLTUY6HjYq_N6x3CquKaIB-EYR\")
![\"Secure](\"https:\/\/lh5.googleusercontent.com\/kNaifwT3h9HhlYT4VW6HLDD_fnGOpEUE5hPDPy6d78aNZyIweIwe2ptegtDIz1Ffq744-DnvHZI3XtLgoPnDpw463lFOR2E0m9gDkzl2hedrzZ5v50eU8E503EwO5lhaguhIR5yM\")
![\"Palo](\"https:\/\/lh6.googleusercontent.com\/HC_fdt934GWqwobdIy9WYdeq6DwUcifqtiDyNHu6-VX0WrPBy169IKh2qfEqHJyRLEMCy9MjtvGP3n2Z9I84f-x98exehi4-NjdiZDEJrvyeK4DXy6g_glMAcRfE72ZfEwj-OUZa\")