Wow. A standards meeting that was anything but standard.

The MEF Members Meeting in Miami. Key observations that impact our collective future.

The MEF had its quarterly “members meeting” – the smaller working events at which the Board sets direction, technical committees norm, storm and edit, and the MEF members – the real, working, experts – attend and give talks in plenary sessions. I was pleased to attend and present at one of the plenaries, as part of a panel on “Hot Topics in SDWAN and Security” – among my favorite topics.

The MEF matters, because it focuses like a laser on real problems

I have always observed that in contrast to some industry groups that have more generic charters, the MEF gets real stuff done. I believe this is a clear case of “step #1 in any solution is defining the problem”. The MEF was formed to solve a concrete problem (standardize metro ethernet lines, LANs, ordering and lifecycle ops) and from that clarity came useful outputs, driven by service providers that wanted to speed time-to-revenue, and needed to pass orders efficiently between customers and SPs, as well as between wholesaling and prime contracting SPs.  With the SPs motivated, work progressed, and was implemented. Success.

But ethernet is a journey, evolving over time. Today the MEF is concentrating on APIs that automate those complex global SP-SP orders, on the end-to-end processes for their life cycle management, and now aspires to expand its reach beyond metro-E as it exists today, to metro-E and the security and SDWAN add-ons that are becoming table stakes for any leading SP selling to enterprises.

The recurring theme of automation

One of the recurring themes of the week was automation. Everyone agreed that automation was essential – not just for “hygiene”, or even for cost efficiency (which it is …) but also to deal with scale, real-time services and – in the opinion of many (me among them) – as the critical means of strengthening security, eliminating vulnerabilities and holes, and of addressing the growing gap between demand for security expertise, and the supply of experts – a shortfall in skilled labor that grows wider every year. What’s not to like?

The messier reality of automation

The reality is that automation in the wild is more of a mixed bag.

In some areas, such as ordering between SPs, there is an uncontested agreement that such is needed, and that the MEF APIs and associated work is helping make that possible.  I believe that there is a clear shift in thinking as well, towards agreement that standardized security, SDWAN and WAN offers, with clear products and automation of those assemblies and bundles, is both essential for industry success and a desired simplification to everything from medium businesses down to consumers small business. I even saw glimpses of what can be likened to app stores; — (NaaS stores) offered to enterprise buyers once they have a broadband pipe to the environment’s edge / ingress point.  It’s a model in which, once you hit this SP’s network, everything is dynamically available and automatically linked. Watch this space.

However, automation’s thorny issue centers on today’s largest enterprise revenue streams – WANs, SDWANs and security services, provided as managed services to global, Tier-1 businesses.  These are the globe’s commercial giants, with giant budgets – and giant lists of demands and customizations. These lucrative but demanding customers are forcing one-offs and stifling the investments that can only be made in products that are standardized and sold in volume, amortizing investments over huge scale. “Divide by n” product managers sometimes say, with n being a big number. Very big. AWS and Azure big, ideally.  The problem is that the more unique the set of requirements, the closer today’s “n” at the solution level is to “1”.  If we look at the component level, say individual SDWAN vendors that must be onboarded, modeled, integrated, tested, and automated, it’s bigger than 1, but maybe what, 10? 25? Certainly not a very big “N” by global standards.

MEF is expanding its reach into security and SDWAN – where real revenues can be accelerated

Is MEF coming to the rescue? Maybe, at least on going-forward basis, and at least for those customers that fall below “giant”.  The MEF is working on a series of standards and initiatives that would help standardize some aspects of SDWAN operation and measurement, as well as service definitions for SSE and SSE combined with transport that they call “SNASE”. Clever. Rather than try to define SASE (or SNASE) as a “thing” they are taking a tack I like – defining more atomic security functions that can be assembled into secure services. The next phase is rather than simply certifying, instead having a sort of continuous improvement culture where they define success metrics and the methods for testing success. Forgive the vagueness, it’s still in development and I’m not part of the team dealing with the details.

In fact, there was surprising agreement, at least to my ears, that the “shiny objectification” of SASE has been a true dis-service. Most experts I spoke with agreed that we are far better going back to the original tenets of SASE — which is that security ought to be, regardless of package, 1) Zero Trust, 2) enforced at the edge(s), and 3) administered from a central logical entity (originally called “cloud”, but to me that’s a red herring). Not long ago I thought I was the only cantankerous analyst saying this, and yet this week, at the MEF, I found myriad likeminded cranks. I call that progress and will go far towards an industry that speaks with one, clear voice, I hope.

Ecosystems for wholesale service ordering and their LSO: simpler and more automated

Beyond standards, there was a general current at this MEF meeting that an ecosystem is forming, emerging from earlier PoCs, to handle the generation of orders, the standardization of the format/API, the making of markets, the decomposition of orders, automated handling and – critically – the passing of lifecycle information such as observability data, and even SQA-like management of end-to-end services across multiple SPs, end-to-end. I witnessed engineers and management from a range of suppliers (orchestration, marketplaces, etc.) and what appeared to be very interested SP management and engineers, collaborating, chatting in hallways, and joining panels to evangelize the end-to-end process – not just standardizing an API with actual implementation as an “exercise left to the reader”.

In Summary

There’s a lot of work to make global and seamless enterprise WANs, with security, a reality. Much of that work resides in getting the details right; understanding the end-to-end process, defining what the services must deliver as perceived by end users, and making sure that not only order data, but also a steady stream of operationally critical data, flows over multi-party APIs.

At this MEF, I also heard far more about how to communicate our industry’s value, our services’ value, to end customers. I heard about education. I heard about defining services (products) in customer facing terms.  I even saw a member about to release a book explaining and evangelizing SASE/SSE (Jeremiah Ginn of AT&T, available through Amazon ).  That’s a far cry from a regular “standards meeting”, and in a good way.

Appledore will report in more detail as things are finalized and as we get additional insights into individual members’ offerings.

Piicture credit: Photo by Antonio Cuellar on Unsplash 

Jeremiah Ginn has generously offered our readers a discount code for his book. The code is 20SASE. The link to the publisher’s site is https://www.packtpub.com/product/diving-into-secure-access-service-edge/9781803242170