Cloudflare reheats network-as-a-service buffet with WAN plan

Try, try, try to understand, it's a Magic WAN

Network infrastructure biz Cloudflare on Monday plans to launch a service called Magic WAN to allow companies to bring geographically dispersed data centers, offices, devices, and cloud services under a single cloud-managed wide area network.

It has nothing to do with Magic Wan, a restaurant in Grandville, Michigan, though the eatery could deploy the service if it had relevant IT needs.

Last October, Cloudflare CEO Matthew Prince, talked up the idea of wide-area networking and security as a cloud service when the company was touting its Cloudflare One product.

Well, now Cloudflare actually has the WAN component ready. And along with a set of partners dealing in SD-WAN (software-defined) kit, it's eager to cater to businesses looking to oust legacy networking gear from the local server closet, or at least minimize the presence of dust-collecting, rack-mounted kit.


Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare's protocol proposals to protect privacy


Magic WAN, in conjunction with the previously released Magic Firewall, wants to provide businesses with cloud-based networking and security without hardware boxes and Multiprotocol Label Switching (MPLS), a timeworn WAN transport scheme destined to be killed by SD-WAN in a future anticipated by Gartner's researchers.

"Companies burn significant resources provisioning and maintaining legacy connectivity technologies like MPLS," said Matthew Prince, co-founder and CEO of Cloudflare, in a statement. "With Magic WAN, we’re leveraging Cloudflare’s global network to offer reliable, faster, much more cost-effective connectivity with security built in."

Magic WAN can incorporate both remotely working employees on commercial internet connections and facilities with more elaborate networking setups.

"Customers may use different on-ramp mechanisms to connect their traffic to Cloudflare’s network depending on the source," Rustam Lalkaka, director of product at Cloudflare, told The Register in an email. "For example, they can configure Anycast GRE tunnels to connect offices with SD-WAN appliances or basic router hardware, and install the WARP client on employee devices to connect traffic from remote workers. Customers will be able to enforce security policies in one place to apply across traffic from any sources/destinations they connect."

Bigger plans

The service also serves as a potential replacement for VPNs. The company says Cloudflare for Teams and Magic WAN offer a way to transition away from traditional VPNs and their potential performance drawbacks.

"Employees can install the WARP client on their devices to send traffic to Cloudflare's network, where it can be authenticated and routed to private resources in data centers or VPCs that are connected to Cloudflare via other traffic on-ramps," the internet biz said.

"This architecture solves the performance and capacity issues customers often experience with legacy VPNs – rather than sending all traffic through single choke point devices, it’s routed to the closest Cloudflare location where policy is applied at the edge before being sent along an optimized path to its destination."

Cloudflare's preferred world of tomorrow is built upon a model known as SASE, or Secure Access Service Edge, wherein wide-area networking mingles with firewalls, private networks, and others networking niceties to form an easy-to-swallow cloud-based service.

It's a vision that becomes confusing when described: "Cloudflare acts as a conceptual hub in a hub-and-spoke architecture, but the hub is our global edge network," the company explains in a blog post.

It's a hub. It's an edge. It's both at once. It's Cloudflare as far as the eye can see.

Certainly there's something to be said to being able to plug everything into the same SD-WAN network, to be able to set security policies for everything, and to be hardware agnostic enough to let businesses bring their own partners to the dance. But there are plenty of other networking firms vying to provide that service to enterprises, like Cisco, Fortinet, VMware, and so on.

It also may be too soon to count MPLS out. IT biz Avant Research and Analytics in January published its 2021 State of Disruption report in which the firm noted that while roughly 60 per cent of 500 "enterprise decision makers" surveyed expect to increase SD-WAN usage by the end of 2021, about 59 per cent anticipate an increase in MPLS usage during the same period. And with SD-WAN able to handle transport services like MPLS, the two seem likely to co-exist for a while. ®

Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022