This GigaOm Research Reprint Expires Mar 4, 2025

GigaOm Radar for Cloud Networkingv3.0

1. Executive Summary

Cloud networking software enables data transmission within and between clouds by deploying and orchestrating virtual networking functions. Cloud networking is entirely software driven, with each virtual function playing a role in defining how various cloud entities communicate at a logical level, and enables connectivity among different data centers and cloud providers.

Cloud networking solutions use the native networking capabilities from each cloud provider, orchestrating them from a central management solution. Additionally, cloud networking vendors can provide specialized functions such as gateways, exchange points, or routers with more features compared to the native counterparts offered by the cloud providers.

With these capabilities, cloud networking vendors address everyday networking-specific challenges—such as network design, deployment, management, and security—but with a cloud twist. Network segmentation now must span multiple distributed environments, monitoring and observability tools will have larger and more complex networks to understand, optimization should include cloud-to-cloud intelligence, and even routing brings in new networking functions such as transit gateways.

The best way to address these challenges is to abstract all networking constructs and present them in a single orchestration solution that can handle multiple types of infrastructure and provisioning of networking instances with minimal configuration. This consolidated view changes the cloud networking experience from an overwhelming problem to a much more casual activity. Connecting another public cloud environment should feel like just another instance to connect rather than a whole architecture overhaul.

At this higher level of abstraction, service-to-service connectivity and content-aware traffic processing are two of the most important use cases that cloud networking solutions must address. Rather than having the networks team handle constructs at Layers 3 and 4, a cloud networking solution can automatically provision Layer 3 and 4 instances, allowing the DevOps teams to work exclusively at Layer 7 and focus on content-aware, service-to-service connectivity.

With this type of capability at the development teams’ fingertips, applications are no longer bound to a single region or provider, and use cases can expand to multicloud, hybrid cloud, and edge locations. Cloud networking also reduces the amount of vendor-specific knowledge required to interconnect environments by offering a unified and consistent management interface. Rather than adopting an unsophisticated “connecting multiple environments” approach, we can reframe cloud networking as one of the core enablers of developing and maintaining cutting-edge applications using all the available types of infrastructure.

This is our third year evaluating the cloud networking space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 13 of the top cloud networking solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading cloud networking offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

2. Deployment Types

To help prospective customers find the best fit for their use case and business requirements, we assess how well cloud networking solutions are designed to serve specific deployment models for networking appliances and management platforms (Table 1).

For this report, we recognize the following deployment models for networking appliances:

  • Physical appliance: These are integrated hardware appliances such as routers. They can be deployed on customer premises or in co-location environments to support connectivity to cloud resources.
  • Virtual appliance: These are images that run within virtual machines (VMs) or containerized environments.
  • Public cloud image: These are used to provision appliances directly from a public cloud provider marketplace, and they run within the cloud environment.
  • Software: These appliances can be installed and run from any compatible operating system.
  • SaaS: The functionality of the appliance is delivered as a service, deployed and managed by the cloud networking vendor.

We also recognize the following deployment models for management platforms:

  • Virtual appliance: The platform can be run from a VM or container.
  • Public cloud image: The platform is available from public cloud marketplaces and runs within the public cloud environment.
  • Software: The platform can be installed on top of compatible operating systems.
  • SaaS: The platform is delivered via a web portal and is deployed and managed by the vendor.

Table 1. Vendor Positioning: Deployment Models for Networking Appliances and Management Platforms

Vendor Positioning: Deployment Models for Networking Appliances and Management Platforms

Network Appliance Deployment Model

Management Platform Deployment Model

Vendor

Physical Appliance Virtual Appliance Public Cloud Image Software SaaS Virtual Appliance Public Cloud Image Software SaaS
Alkira
Arista
Arrcus
Aviatrix
Broadcom (VMware)
Cisco
Cohesive
emma
F5
IBM
Isovalent
Juniper
Prosimo

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).

3. Decision Criteria Comparison

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

  • Vendor agnostic
  • Virtual network functions
  • Management and orchestration
  • Network monitoring
  • Cloud awareness

Tables 2, 3, and 4 summarize how each vendor included in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

  • Key features differentiate solutions, outlining the primary criteria to be considered when evaluating a cloud networking solution.
  • Emerging features show how well each vendor is implementing capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
  • Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization.

These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating Cloud Networking Solutions.”

Key Features

  • Secure traffic and segmentation: Secure data transmission in cloud environments is typically achieved using various security functions such as firewalls, gateways, and virtual private networks (VPNs). In addition, cloud networking security includes network segmentation, by which a set of entities such as VMs belong to a network that is segmented, or closed off, from outside environments such as the public internet through the use of firewalls.
  • Observability and optimization: Observability in the context of cloud networking provides end-to-end visibility of the whole cloud estate on a variety of metrics, as well as more advanced functions. With the observability prerequisite, the solution can optimize traffic flows within a cloud environment and help administrators troubleshoot and resolve network issues.
  • Declarative network provisioning: This feature evaluates a solution’s ability to define and provision networking constructs in a declarative manner, typically by integrating with infrastructure-as-code (IaC) tools, supporting automation and scripting, and integrating with CI/CD and version control systems.
  • Content-aware traffic processing: This criterion evaluates a solution’s features for content-aware traffic processing, which means that the solution is operated at Layer 7 to understand the type of content transmitted, such as emails, file transfers, or HTTP-based API calls.
  • Solution management: Solution management involves the way the cloud networking service is consumed and the way administrators can define and deploy cloud networks.
  • Application-to-application connectivity: Traditionally, the network team has been responsible for providing the underlying infrastructure that application teams can build on top of. Today, with an application-first mentality, the underlying infrastructure is provisioned to support services and applications, including scaling up as required.
  • Container and microservices networking: Due to its ephemeral nature, container networking presents a different challenge compared to other types of compute infrastructure. Containers are typically managed using orchestrators such as Kubernetes, which employs a set of plug-ins to manage connectivity within the same pod, between pods, and between clusters and services.
  • Hybrid and multicloud networking: Multicloud networking refers to connectivity across public cloud environments, while hybrid cloud networking refers to connectivity across on-premises and co-location facilities and private and public clouds.

Table 2. Key Features Comparison

Key Features Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Key Features

Vendor

Average Score

Secure Traffic & Segmentation Observability & Optimization Declarative Network Provisioning Content-Aware Traffic Processing Solution Management Application-to-Application Connectivity Container & Microservices Networking Hybrid & Multicloud Networking
Alkira 3.5
Arista 2.8
Arrcus 3.9
Aviatrix 3.9
Broadcom (VMware) 3.9
Cisco 3.8
Cohesive 2.4
emma 3.3
F5 4.3
IBM 2.3
Isovalent 4
Juniper 3.6
Prosimo 3.9

Emerging Features

  • Cost optimization: Solutions can help organizations manage and optimize their networking costs by monitoring networking spend, generating cost forecasts based on traffic levels, routing traffic through the most cost efficient paths by taking into consideration egress costs or suggesting cost vs. performance traffic routes or optimization techniques.
  • Extended Berkeley Packet Filter (eBPF): This can be used by cloud networking solutions to run analysis at a low abstraction level in the stack with a low overhead compared to other techniques such as using IP tables.

Table 3. Emerging Features Comparison

Emerging Features Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Emerging Features

Vendor

Average Score

Cost Optimization eBPF
Alkira 2
Arista
Arrcus 2.5
Aviatrix 3.5
Broadcom (VMware) 1
Cisco
Cohesive
emma 2
F5 1
IBM
Isovalent 2.5
Juniper
Prosimo 3.5

Business Criteria

  • Ecosystem: Ecosystem refers to all the services and capabilities the cloud networking solution leverages from third-party vendors. This includes the breadth of integrations with cloud service providers (CSPs) and capabilities meant to orchestrate their native networking capabilities.
  • Cost and licensing: This metric looks at finance-related considerations, such as pricing calculators and transparency, licensing models, and the requirement for professional or managed services.
  • Service assurance: This metric refers to the solution’s ability to provide service assurance of high-performance networking, minimize redundant resources, and remove the need for routing through the public internet.
  • Ease of use: Evaluating ease of use comes down to the solution’s learning curve, supporting technical documentation, and a measure of how frictionless the network design and operations are.
  • End-to-end networking: This metric evaluates the solution’s capabilities for delivering end-to-end networking, which is particularly important for complex environments that have deployments across many cloud and on-premises environments.

Table 4. Business Criteria Comparison

Business Criteria Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Business Criteria

Vendor

Average Score

Ecosystem Cost & Licensing Service Assurance Ease of Use End-to-End Networking
Alkira 4
Arista 3
Arrcus 3.8
Aviatrix 3.8
Broadcom (VMware) 3
Cisco 3.8
Cohesive 3.2
emma 3.6
F5 3.8
IBM 3.4
Isovalent 3.4
Juniper 3
Prosimo 3.6

4. GigaOm Radar

The GigaOm Radar plots vendor solutions across a series of concentric rings with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Cloud Networking

As you can see in the Radar chart in Figure 1, most vendors are positioned on the Platform Play side, and most Leaders are found in the Innovation half.

In the Maturity/Platform Play quadrant, large networking vendors such as Arista, Broadcom (through the VMWare acquisition), Cisco, and Juniper deliver cloud networking as an extension of their existing networking solutions. These build upon their data center networking, network operating systems, and virtualized appliances to orchestrate public cloud networks.

The Maturity/Feature Play quadrant contains Cohesive Networks, whose solution is well established and focuses on provisioning virtual networking constructs across environments.

Isovalent and IBM are positioned in the Innovation/Feature Play quadrant. Isovalent heavily uses eBPF and focuses on multicloud and multicluster container networking, while IBM’s point solution tackles the challenges of connecting cloud applications across environments.

The highest concentration of vendors is found in the Innovation/Platform Play quadrant, and they offer purpose-built cloud solutions. While there is a lot of variety within this quadrant, these vendors offer comprehensive capabilities and can deliver on most metrics described in the report. Vendors featured here include Alkira, Arrcus, Aviatrix, emma, and F5.

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; there are aspects of every solution that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

5. Solution Insights

Alkira

Solution Overview
Alkira delivers a cloud network-as-a-service (NaaS) platform with on-premises, hybrid, and multicloud connectivity, integrated security services, and monitoring and governance capabilities. At the core of the Alkira solution is the Alkira Cloud Services Exchange (CSX), which consists of a cloud backbone of globally interconnected Alkira Cloud Exchange Points (CXPs), virtual multicloud points of presence (PoPs) powered by a full routing stack, and network services. CXPs deliver symmetric traffic steering for stateful network services and optimal routing to the cloud with no data center backhaul, and CSX can establish a global backbone network connecting multiple public clouds.

Alkira CSX automatically discovers public cloud instances based on the cloud credentials provided by the administrator. Upon discovery, users can select which cloud instances need to be connected to the Alkira CSX, and the solution provisions the network. Afterward, the CSX automatically distributes the required network reachability, so all public cloud instances can begin communicating with each other. The solution also enables connectivity by using a similar process for home offices, branches, campuses, software-defined wide area network (SD-WAN) sites, data centers, and co-location facilities. Alkira’s API and integration with IaC tools such as Terraform enable DevOps-friendly network automation.

Alkira CSX offers network segmentation capabilities that allow grouping of remote users, on-premises sites, public cloud instances, network services, and internet exit points into specific network connectivity segments. These capabilities apply equally to single cloud and multicloud environments. Alkira also offers selective cross-segment communication with firewall service insertion to support various shared application services use cases related to mergers, acquisitions, divestitures, and partner network connectivity. Furthermore, Alkira’s microsegmentation capabilities allow subdividing segments even further for even more granular security policy controls.

Strengths
The Alkira CSX Portal offers a comprehensive graphical interface for design, provisioning, and Day 2 activities. It enables organizations to insert network services and stateful firewalls into the Alkira CSX and leverage Alkira intent-based policies to steer the desired traffic from single or multicloud environments to the auto-scalable network services nodes.

One of Alkira’s distinguishing features is its Extranet-as-a-service, which allows organizations to connect customers, partners, and third parties to critical business data at enterprise scale, all while maintaining the utmost in control, visibility, and security.

Besides its strong capabilities for secure traffic and segmentation, observability and optimization, autoscaling, and solution management, Alkira’s fully as-a-service deployment model for both the networking appliances and management platform differentiates it from other vendors in this report.

Challenges
Alkira’s as-a-service delivery model may not be suitable for enterprises that require the level of control offered by physical, virtual, or software appliances. The same applies for deployment model requirements for the management platform. The solution does not currently offer container networking capabilities.

Purchase Considerations
Alkira operates its own network backbone, which means better control, observability, and security for traffic routed between environments. Alkira is one of the few vendors whose solution can deliver on both NaaS and cloud networking requirements.

The solution is suitable for a variety of use cases, which include multicloud networking, hybrid cloud networking, and NaaS connectivity.

Radar Chart Overview
The vendor is positioned in the Innovation/Platform Play quadrant of the Radar because the solution tackles a variety of use cases with a new and distinguished delivery model.

Arista

Solution Overview
Arista delivers a cloud networking solution via its Cloud Extensible Operating System (CloudEOS) and CloudVision. CloudEOS is Arista’s multicloud and cloud-native networking operating system that enables a secure and reliable networking experience. To provide a scalable and automated network experience, CloudEOS integrates with Arista CloudVision, a multidomain network management solution built on the principles of telemetry, analytics, and automation.

CloudVision provides a consistent operational model across domains to simplify network operations with a single orchestration tool. It has integrated machine learning (ML) technologies that can help with use cases such as alert definitions, based on dynamically learned deviations from a reachability or latency baseline, as well as monitoring resource utilization trends and associated telemetry, to make predictive assessments.

CloudEOS integrates with tools such as Terraform, Ansible, Puppet, and Chef and supports streaming receiver solutions like the ELK stack and Prometheus. This integration and support enable CloudEOS users to declaratively provision and configure public cloud environments.

Arista also developed AVA, an AI-enabled decision support system that is integrated in the Arista EOS stack. Ask AVA uses a chat-like interface and natural language processing (NLP) to assist even a junior analyst with tasks such as configuring, troubleshooting, and analyzing policy configurations.

Strengths
Artista offers a comprehensive cloud networking solution that differentiates itself from others with its ML-based troubleshooting capabilities. It also has a strong focus on network optimization and operations.

Arista can enable multicloud path optimization using dynamic path selection based on changing network conditions, prioritizing production traffic over noncritical traffic and control over networking policies. To achieve this optimization, CloudEOS instances auto-discover the available paths to the others and automatically establish IPsec-based data plane encryption. For optimized forwarding and dynamic path selection (DPS), CloudEOS measures delay, latency, loss, and bandwidth for each potential path, then applies this data in real time to determine which path to use.

For observability, CloudVision’s multicloud dashboard allows customers to monitor cloud constructs like AWS virtual private clouds (VPCs), transit gateways, Azure VNets, and network performance metrics such as latency, jitter, packet loss, and bandwidth between and across multiple cloud providers. In CloudVision’s topology view, customers can visualize the cloud deployments to understand how networks are interconnected, what segment specific resources belong to, and what traffic is transiting the network.

Challenges
Arista does not offer Layer 7 functions, such as content-aware load balancers, as part of its cloud networking solutions. Similarly, the vendor does not facilitate service-to-service communication or offer a visual drag-and-drop network builder.

Purchase Considerations
Arista’s suites of cloud networking products are also available in data center networks, which means that customers can have a single solution for managing on-premises data center networks and cloud networks.

Arista’s solutions can deliver on multiple use cases, including multicloud, hybrid cloud, and container networking.

Radar Chart Overview
Arista is positioned in the Maturity/Platform Play quadrant, as the vendor is an established player in the networking space. Its solutions have been widely deployed and can address a wide range of cloud networking use cases, including on-premises data center switching.

Arrcus

Solution Overview
The Arrcus flexible multicloud networking (FlexMCN) solution delivers a scalable edge, hybrid, and multicloud network overlay that helps enterprises and telcos extend their on-premises data center network fabric to the edge and multicloud scenarios. FlexMCN supports multitenancy with role-based access control (RBAC), allowing CSPs, co-location providers, and telcos to offer multicloud connectivity as a managed service.

The Arrcus FlexMCN platform consists of ArcOS, ArcEdge, ArcOrchestrator, and ArcIQ.
ArcOS is a microservices-based network operating system deployed as a VM on hypervisor, as a container, on whitebox hardware, or on accelerators like SmartNICs to provide routing, switching fabric in the data center and at the edge.

  • ArcEdge is the control and data plane element that provides hybrid and multicloud connectivity and can be deployed on-premises, at the edge, or in the cloud. It can be deployed as a VM or container or on accelerators like SmartNICs.
  • ArcOrchestrator is the management plane available to manage and orchestrate the deployment of ArcEdges in cloud or on-premises. ArcOrchestrator is a modern orchestrator that dramatically simplifies and secures cloud connectivity with hyper-scale performance.
  • ArcIQ is a deep visibility analytics platform offering predictive analytics and actionable insights, which provides network-wide visibility over network traffic, including the cryptographic resource public key infrastructure (RPKI) based route origin validation (ROV) that prevents malicious routes from being injected in the customer’s network. Users can configure network traffic thresholds and alerts so that the network operations teams receive notifications in near real time. Further, ArcIQ can be integrated easily with third-party tools such as PagerDuty and ServiceNow.

The FlexMCN solution supports Terraform and Ansible integrations and offers a complete Rest API framework. ArcOrchestrator integrates with a Kubernetes orchestration solution as a controller to deploy and manage ArcEdge in the cloud and on-premises. Users can leverage the common templates to provision changes across all network layers, from routing updates to network access policy and application connectivity.

Strengths
A differentiating feature for Arrcus’s FlexMCN is the patented cost management technology, Egress Cost Control (ECC), which provides visibility and allocation of egress costs for enterprise business units, as well as dynamically and intelligently allocating traffic to be routed to regions with the lowest egress costs. Given a source and a destination in any geo location and across cloud providers, FlexMCN’s proprietary solution finds the single-hop and multiple-hop links that minimize egress charges. Administrators need to deploy ArcEdge in these intermediate hop locations to route the traffic.

FlexMCN scores high for content-aware traffic processing because the solution supports Layer 7 routing and load balancing with SRv6 FlexAlgo. It can differentiate between application traffic such as HTTP or secure-sockets layer (SSL) based on port and protocol at Layers 3 and 4 and using SRv6 segment identifiers at Layer 7. ArcEdge can encapsulate/decapsulate encrypted packets and uses equal-cost multipath routing (ECMP) to load balance traffic among multiple links.

For secure traffic and segmentation, the solution supports a wide range of segmentation methodologies, like using access control lists (ACLs), virtual routing and forwarding (VRF), virtual local area network (VLAN), Subnet, Layers 4 to 7 service insertion, security groups, and next-generation firewall (NGFW). Separation at the VRF/VLAN level allows a single ArcEdge to provide microsegmentation. Cross-cloud segmentation can be delivered by redirecting east/west and north/south traffic to a firewall where Layers 3 and 4 and Layer 7 inspection, decryption/encryption, and content filtering can be done, and the traffic is routed back to ArcEdge before being routed to its destination. Network policy can be integrated in GitLab’s CI/CD pipelines to ensure that anytime a new production or non-production VPC/Subnet is spun up, automatic secure microsegmentation is enforced.

Challenges
Arrcus’s offerings could be improved by adding application-aware features, such as application discovery, app-to-app connectivity, and content-aware load balancing.

Purchase Considerations
While the scope of this cloud networking report mainly relates to connecting services within and across environments, Arrcus’s networking solution is a core component of cloud and data center infrastructure that supports use cases such as data center networking for AI workloads.

Arrcus FlexMCN is suitable for large enterprises, CSPs, co-location providers, and telcos that need to extend their on-premises networks to multicloud environments and deliver multicloud connectivity as a managed service to enterprises.

Radar Chart Overview
Arrcus is positioned in the Innovation/Platform Play quadrant of the Radar chart, the vendor offering a comprehensive networking solution with a set of differentiating features. These innovations span both business use cases, such as cost management, and engineering use cases, such as implementing SRv6 Flex Algo.

Aviatrix

Solution Overview
Aviatrix is a household name in the multicloud networking space, with a comprehensive solution that ranks high on various criteria described in this report, including secure traffic and segmentation, observability, optimization and autoscaling, and solution management. With this platform, organizations can leverage a consistent deployment and operating model across enterprise multicloud networks, eliminating the need to use tools and services specific to individual CSPs.

For observability, Aviatrix offers CoPilot, a cloud monitoring solution that provides a global operational view of multicloud networks. CoPilot has comprehensive capabilities that support Day 2 activities for the NetOps and DevOps teams, with features such as dynamic topology mapping, analysis of global network traffic flows using FlowIQ, and global heat maps and time series trend charts that can help pinpoint and troubleshoot traffic anomalies. Aviatrix CoPilot also provides visibility into security services, offering end-to-end features such as resource tagging, resource clustering, infrastructure monitoring, and alerting, all purpose-built for multicloud operations.

The Aviatrix Centralized Controller is the main interface for the solution, a browser-based GUI that provides a visual method for configuring and deploying cloud-native networking constructs and advanced services from Aviatrix across multiple clouds.

Strengths
Aviatrix offers strong multicloud networking and security capabilities that enable enterprises to design, configure, and operate cloud networks easily across multiple environments.

Aviatrix offers strong security features, including multicloud segmentation, which extends secure network segmentation beyond cloud boundaries, enabling multicloud security domains with consistent, centrally managed global network segmentation and connection policies.

In May 2023, Aviatrix released Distributed Cloud Firewall, a feature that embeds network security features into the cloud network data plane. It distributes both inspection and policy enforcement into the natural path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services.

Aviatrix Gateways can be deployed to deliver transit network and security services such as intelligent dynamic routing, active-active network configurations, end-to-end and high-performance encryption, and the collection of operational visibility data. Aviatrix Gateways can also be deployed to provide distributed filtering services or to replace native-cloud provider network address translation (NAT) gateways.

The solution is integrated with Terraform, enabling network and security IaC automation across a multicloud environment. A key feature of Aviatrix’s integration with Terraform is its ability to export existing configurations as a populated Terraform file, giving the DevOps and NetOps teams the best of both worlds: a visual builder and code-based scalability. Aviatrix further supports DevOps processes using change and revision control by providing fully documented REST APIs.

Challenges
While Aviatrix supports Layer 7 security services such as intrusion detection and prevention services (IDS and IPS), the solution does not currently offer Layer 7 traffic routing and policy definitions.

Purchase Considerations
Aviatrix’s cloud networking solution can also be used for improving network spend compared to public cloud native appliances by using the Aviatrix distributed cloud firewall and NAT features.

Aviatrix can support a wide range of cloud networking use cases, which include multicloud and hybrid cloud. The integration with Equinix Network Edge can also provide customers private connectivity between clouds and on-premises environments.

Radar Chart Overview
Aviatrix is positioned in the Innovation/Platform Play quadrant because the vendor offers a purpose-built cloud networking solution with extensive security features being added and the ability to connect a wide range of environments.

Broadcom (VMware)

Solution Overview
VMware boasts an impressive portfolio of networking products that deliver comprehensive cloud networking capabilities. Its solution is composed of VMware NSX Networking, Advanced Load Balancer (ALB), Lateral Security, Tanzu Service Mesh (TSM), Aria Operations for Networks (AON), and Aria Automation. It ranks high on most key features in this report, such as secure traffic and segmentation, observability and optimization (with autoscaling), declarative network provisioning (including APIs and IaC integration), and app-to-app connectivity.

VMware’s cloud networking offering provides an end-to-end and fully featured stack from Layer 2 to Layer 7, supported by declarative APIs, integrations with IaC tools, and a low-code path for automation.

VMware’s main networking product, NSX, is a multicloud network virtualization and security solution that enables virtual cloud networking with a software-defined approach that extends across data centers, clouds, and application frameworks.

NSX and Aria Operations for Networks provide a native analytics engine that uses ML to offer suggestions and recommendations based on correlations between live and historical network traffic flows and compute workload inventory.

NSX also includes an advanced load balancer that provides multicloud load balancing, application analytics, and container ingress services. It identifies virtual services that may degrade performance due to traffic conditions, provides auto-scale load balancing capacity by spinning up new load balancer instances for the same virtual service, and automatically redistributes traffic.

For observability, Tanzu and Aria Operations for Networks offer multicloud monitoring suited to DevOps teams, developers, and Kubernetes operators. It supports app discovery and baselining, application topology maps and traffic flows, historical and near real-time metrics, and app-to-infrastructure correlation heatmaps that help discover root causes of application performance issues.

Strengths
VMware’s cloud networking solutions rank high on most criteria described in this report. The vendor offers extensive capabilities from Layer 2 to Layer 7, enabling enterprises with complex environments to modernize and optimize their infrastructure. One way VMware’s solution provides secure traffic and segmentation is by using both its Lateral Security capabilities, which consist of Distributed Firewall and Advanced Threat Protection. These provide a software-only Layer 7 firewall for both network segmentation and microsegmentation for east-west traffic. The NSX Distributed Firewall supports both segmentation types in private, public, and multicloud environments. When operating in a public cloud environment, the customer can use either the NSX Distributed Firewall’s native controls or the controls provided by the public cloud for segmentation.

Challenges
With a range of products that have extensive capabilities, VMware’s solutions are complex from a technical, licensing, and pricing perspective. VMware’s extensive capabilities go beyond cloud networking, and that brings an associated complexity. These solutions are typically suited to large enterprises with complex environments that can make appropriate investments and withstand long sales cycles. This makes VMware’s solutions less suitable for medium enterprises or single projects.

Purchase Considerations
Broadcom’s acquisition of VMware may have an impact on the licensing and procurements of these solutions. New and existing VMware customers should evaluate and understand how these solutions will be bought and delivered.

VMware’s solutions cater to a wide range of use cases, which include multicloud, hybrid cloud, and container networking.

Radar Chart Overview
Broadcom is positioned in the Maturity/Platform Play quadrant, as its solutions are suitable for a variety of use cases. These products have been developed over a long period of time, with newer developments including the as-a-service deployment model.

Cisco

Solution Overview
Cisco’s networking solutions are present in almost all networks, so it is unsurprising that the vendor would expand its capabilities to cloud networking. Cisco can deliver multicloud and hybrid cloud connectivity as follows:

  • For multicloud networking, Cisco offers a tightly integrated solution made up of Cisco Cloud Network Controller (previously Cisco Cloud APIC), Cisco Nexus Dashboard Orchestrator, and Cisco Catalyst 8000v.
  • For hybrid cloud connectivity, Cisco provides on-premises switching, network policy, and configuration using Cisco Nexus 9000 Series Leaf and Spine switches, Application Policy Infrastructure Controller (APIC), and Nexus Dashboard Fabric Controller (NDFC).

For cloud networking configuration, Cisco’s Cloud Network Controller (CCNC) solution can capture intents and translate them into native policy constructs for applications deployed across various cloud environments. It translates policies into cloud-native constructs using public APIs to create a single, consistent policy abstraction across multiple on-premises and public cloud instances.

Strengths
Cisco’s Cloud ACI solution ranks high on key features such as secure traffic and segmentation, application-to-application connectivity, and declarative network provisioning with its APIs and integration with IaC tools.

The Cisco Cloud Network controller along with the Cisco Nexus Dashboard Orchestrator provide, among other functionalities, automated connectivity for multicloud network environments, operational visibility, Layer 4 to Layer 7 service integration and traffic redirection, consistent security and segmentation on on-premises-to-cloud or cloud-to-cloud networks, and business continuity and disaster recovery.

For application-to-application connectivity, the solution can define the application tiers and provide rules to classify application workloads into various policy groups. Based on the configured policy, the solution automates the connectivity by configuring the necessary route tables and security group rules for application workloads to be able to communicate with each other.

Cisco AppDynamics operates at Layer 7 to discover and map application topology and application performance. Cisco Nexus Dashboard integrates with AppDynamics to map the application and network performance parameters for a holistic view of the networks and applications and to lower the mean time to innocence (MTTI) to identify root causes of an outage.

Challenges
At the time of writing, troubleshooting and diagnostics capabilities are available only for on-premises and co-location deployments, not extending to hybrid and multicloud. The latter are part of Cisco’s roadmap, however.

Purchase Considerations
With Cisco’s acquisition of Isovalent and Valtix, the vendor will have access to more extensive security and container networking capabilities. Buyers should evaluate how these vendors’ features have been integrated into the Cisco portfolio and whether these features are available in Cisco Cloud Network Controller and Application Policy Infrastructure Controller.

Cisco can deliver a wide range of use cases, but its strengths lie particularly in its extensive data center and enterprise networking portfolio, which, when combined with the public cloud networking features, can deliver very comprehensive hybrid cloud networking features.

Radar Chart Overview
Cisco is positioned in the Maturity/Platform Play quadrant, as its solution caters to a wide range of use cases and has been widely deployed across enterprises. Cisco’s Outperformer arrow reflects the acquisitions of Isovalent and Valtix, which will make available a wide set of new features.

Cohesive Networks

Solution Overview
Cohesive Networks’ VNS3 Network Platform is used to build a network overlay to, through, and across an organization’s cloud infrastructure—integrating with their data centers, carriers, and customers.

VNS3 is an API-driven cloud controller that allows users to define network topology and secure data across public and private clouds. VNS3 is a virtual router, switch, firewall, protocol re-distributor, and SSL/IPSec VPN concentrator. The network virtualization software creates a customer-controlled overlay network on top of the underlying network backbone.

Each customer gets a fully isolated and encrypted compute subnet. The VNS3 controllers are connected to VNS3:ms, a management console used for alerting, backups, admin access management, and visibility into the network. VNS3:ms enables administrators to control their network’s connectivity, security, and admin controls. With VNS3:ms administrators have full visibility into the network topology and the ability to manage and automate backups and to architect for high availability.

A new development for VNS3 is a plug-in that addresses these issues for applications requiring broadcast functionality, which can be migrated to the cloud with minimal setup and no changes to the existing code or application workflow.

Strengths
VNS3 is a mature solution with great capabilities for edge networking, offering customers virtualized topology management features.

VNS3:ms stitches together all the component identification information surfaced by the cloud provider into a single page, providing details such as addresses, routes, and ACL and security group rules for the VLAN and the instance running in the VLAN. Once a controller has been added to a VNS3 topology that is part of a virtual network, clients will have visibility over infrastructure health, network topology, controller configurations, peering information, client status, local IPsec tunnels, route tables, and high-availability configurations.

VNS3 offers Terraform or Cloudformation templates, as well as an API to configure the network using your language of choice. Moreover, VNS3 also operates as a network edge plug-in, running any containerized function in path, allowing full customization of network edges. This functionality can support use cases such as edge-hosted intrusion detection, load balancing, and monitoring.

Challenges
VNS3’s capabilities are limited when it comes to troubleshooting and diagnostics, application-to-application connectivity, and content-aware traffic processing.

Purchase Considerations
Cohesive Networks uses its existing VNS3 architecture to deliver SASE services, which include partner, workforce, and customer connectivity, on-premises to cloud connectivity, and multicloud API connectivity.

VNS3 can deliver on a wide range of use cases, which include multicloud connectivity, data center connectivity, network segmentation, and end-to-end encryption.

Radar Chart Overview
Cohesive Networks is positioned in the Maturity/Feature Play quadrant because the vendor offers a consistent and well-established solution. The vendor is mainly focused on defining the network connectivity between environments rather than connecting services and applications across clouds.

emma

Solution Overview
emma, which stands for “enterprise multicloud management application,” was founded in 2018 and delivers cloud networking capabilities as part of a wider cloud management platform. This “cloud networking baked into cloud management” is a distinctive approach, and the vendor also operates its own network backbone, a feature which is available only from a select group of vendors in the report.

emma offers a managed solution, which means that some of the features evaluated in this report are not exposed to the end customers but rather enforced by emma on behalf of those customers.

Customers can also deploy virtual appliances from third-party vendors such as Juniper, Checkpoint, Palo Alto, and Cisco, with the solution enabling service chaining, allowing traffic to be strategically directed through these appliances. These third-party services, alongside other security and observability tools, are available in the emma marketplace.

The solution can monitor networks in real-time and uses an AI engine to analyze the behavior of workloads and predict further changes in network consumption and utilization. The solution supports global load balancing, deep packet inspection (DPI), and firewalls.

The solution incorporates pre-configured network architectures, encompassing VPCs, peerings, and direct connects. This architecture is abstracted away from the customer, providing a streamlined and user-friendly experience without compromising on the efficiency and capabilities of the underlying network infrastructure.

Administrators can define routing and security policies such as specifying the way data should flow within the network, access controls, and encryption, and they can manage security groups to regulate internet access and intra-compute communication. The solution supports the definition of policies for multicloud and hybrid cloud traffic flows, ensuring consistent and secure network configurations across diverse cloud environments. Administrators define and manage routing tables and routing based on traffic patterns, configure high availability setups, and set up automated failover mechanisms to redirect traffic and maintain service continuity in case of failures.

The solution supports automated provisioning of networking resources, such as VMs, storage, and network configurations to establish connectivity between the specified source and destination addresses. The solution can discover compute or storage infrastructure as well as discovering and mapping applications and services.

Strengths
emma offers extensive cost optimization features, which can be used to monitor networking spend, cost forecasts based on traffic levels, and cost versus performance traffic routes. The solution provides visibility into the costs associated with network resources, allowing users to track expenses, identify cost drivers, and optimize resource allocation. By analyzing historical data and current usage patterns, the platform provides predictions and estimates of future costs. emma provides features to optimize cost versus performance considerations in traffic routing. This involves intelligent routing decisions based on cost metrics and performance requirements. For example, it dynamically routes traffic through more cost-effective pathways while ensuring performance meets specified criteria.

Challenges
As a managed service, emma’s cloud networking solution may not be suitable for organizations that need a tool to provide full control over the networking and security infrastructure.

Purchase Considerations
Considering that emma offers a full-stack infrastructure management platform, the solution can deliver on the end-to-end management requirements of an entire organization. While an all-in-one approach is not entirely suitable for multinational enterprises, small-to-medium organizations can take full advantage of the platform’s benefits.

emma is one of the few vendors with a focus on integrating with edge service providers and content delivery networks.

Radar Chart Overview
emma is positioned in the Innovation/Platform Play quadrant, the vendor subscribing to a comprehensive multicloud management strategy that involves both the networking and network security elements.

F5

Solution Overview
Following F5’s 2021 acquisition of Volterra, Volterra’s cloud networking solution became part of F5 Distributed Cloud Services, which delivers a comprehensive cloud networking solution via Distributed Cloud Network Connect and Distributed Cloud App Connect. What differentiates F5 from other product-based entrants in the cloud networking space is its global private fiber network backbone and comprehensive set of networking functions, which allow the vendor full control over the performance and delivery of services without dependencies on third parties. F5’s cloud networking solutions provide integrated services from Layer 3 all the way to Layer 7.

Distributed Cloud Network Connect and App Connect rank high on the secure traffic and segmentation key criterion. At ingress, inbound traffic is secured with native distributed denial of service (DDoS) protection, Layer 4 and Layer 7 firewalls, and API protection before the load balancer for each service at Layer 3, Layer 4, or Layer 7 forwards the request. In the workload, microsegmentation policies are either applied automatically via native Kubernetes service discovery or manually configured for each load balancer service at the origin.

Strengths
F5 ranks high on most metrics defined in the report, offering a comprehensive cloud networking solution suitable for all the architecture models defined.

Observability is available at multiple levels of information density, from global site interconnections down to individual flows per microservice, per app. Application endpoints and structure are detected automatically and are displayed on a topological map showing endpoints, interconnections, microservice response times, and API request call stacks through microservices. Application topology is provided by API discovery to map connections among nodes inside the service mesh, including health stats per microservice.

For troubleshooting and diagnostics, F5 Distributed Cloud Services can set up alerts to be triggered by metrics and time series anomaly detection. Anomaly detection for each application uses a baseline of request rate, error rate, latency, and throughput (RELT) to detect spikes or drops, seasonality patterns, and variation from learned seasonality patterns. Network issues can be reduced using redundant connections from every Distributed Cloud Mesh site to the distributed control plane and other Distributed Cloud Mesh sites, which enables self-healing.

The vendor ranks high on the observability and optimization key feature. Distributed Cloud Mesh performs Layer 7 load balancing for HTTPS as an ingress/egress controller and for REST APIs as an API gateway. Distributed Cloud Mesh nodes are provisioned automatically and installed on a public cloud, deployed as VMs on a private cloud and data center, or installed as industrial-grade off-the-shelf hardware for edge.

Challenges
F5 could improve its user experience further by providing a drag-and-drop service builder for a more intuitive network and security configuration process.

Purchase Considerations
F5’s Distributed Cloud platform can deliver capabilities that go beyond cloud networking, which includes web application and API security, application delivery controllers, and edge compute.

F5’s solution caters to a variety of use cases, which include multicloud and hybrid cloud networking, container networking, and intercloud connectivity using a private backbone.

Radar Chart Overview
F5 is positioned in the Innovation/Platform Play quadrant of the report. While F5 is also a networking infrastructure provider like the ones featured in the Maturity/Platform Play quadrant, the vendor’s core solution features were inherited from acquiring Volterra, which is a comprehensive and fast evolving product.

IBM

Solution Overview
IBM Hybrid Cloud Mesh is a cloud networking solution released in 2023. Delivered as SaaS, Hybrid Cloud Mesh offers multicloud, multicluster, application-centric connectivity.

The solution provides an overlay network that is managed by software gateways. These are automatically deployed to manage application and service endpoints. The software gateways are deployed like appliances in their own VM, close to the application and service deployments. The software gateways provide an overlay addressing scheme that ensures packets entering the overlay are delivered to the correct service instances.

Mesh automatically configures software-defined networks for microservices-based applications. It creates an overlay network that abstracts and provisions the virtual networks supporting Amazon Cloud, Microsoft Azure, and Google Cloud.

Applications and services are the main points of connectivity in Mesh. For example, an application in the Store Kubernetes namespace that needs connectivity to a service in the Inventory Kubernetes namespace requires that Mesh is aware of the deployment location of both the application and service, even as their deployment location changes over time.

The solution supports infrastructure discovery by creating an inventory of an enterprise’s multicloud deployment infrastructure. The discovery process can take place at regular intervals so as to maintain a current model of an enterprise’s cloud infrastructure. The solution uses infrastructure models to correlate applications and services with their supporting infrastructure. Examples of infrastructure include VPC, Kubernetes clusters, security groups, and others. Hybrid Cloud Mesh’s security capabilities include end-to-end encryption and policy controls that can define microsegments.

Strengths
The solution scores high for application-to-application connectivity. It can identify and map the associated applications and services. Upon creating an inventory of an enterprise’s points of connectivity, the solution enables DevOps-driven policy intents to describe application and service connectivity. Leveraging the awareness of applications and services, administrators can write simple policies expressing the intent to connect endpoints wherever they are. Policies are enforced by the solution’s software gateway appliances.

The solution supports automated, on-demand, intent-driven, application centric connectivity by inferring network requirements from business intent. In future releases of the product, the solution’s intent-driven policy-based traffic engineering and network optimization will assign traffic flows to network paths based on data transmission costs, application service-level agreements (SLAs), network status, and current traffic conditions.

Challenges
While the solution provides an easy-to-consume mechanism for connecting services and applications, the platform currently lacks depth in functionality, especially with regard to security, observability and optimization, and content-aware traffic processing.

Purchase Considerations
IBM provides a good point solution for connecting applications and services within and between cloud environments. IBM also offers a wider portfolio of networking products, which includes Gateway appliances, IBM Cloud Direct Link, IBM Cloud Load Balancers, among others.

The solution’s main use cases are application-to-application connectivity in multicloud environments. Its intent-based approach makes it easy for the DevOps teams to provision the underlying network infrastructure that connects their applications.

Radar Chart Overview
IBM is positioned in the Innovation/Feature Play quadrant of the Radar because the product’s main use case is facilitating easy service-to-service connectivity.

Isovalent

Solution Overview
Isovalent Enterprise for Cilium is an enterprise distribution of the Cilium open source project, which was initially created by Isovalent and later donated to the Cloud Native Computing Foundation (CNCF). Cilium provides networking, security, and observability for cloud-native environments such as Kubernetes and multicloud networking architectures. It can run natively in any Kubernetes environment, operate as a virtual appliance in the form of a transit gateway, or run in the form of an agent on VMs and servers. Connectivity is provided at both the networking (Layer 3 to Layer 4) and service mesh level (Layer 7).

The solution can establish connectivity among applications, containers, Kubernetes pods, VMs, and bare metal servers using an embedded agent or network transit gateway. Isovalent Enterprise for Cilium offers Layer 7 load-balancing and extensive service mesh capabilities. The solution has full Layer 7 observability and can provide service and connectivity maps based on information composed at Layers 3 through 7.

Strengths
Isovalent Enterprise for Cilium has an extensive feature set, ranking high on a variety of key features, including secure traffic and segmentation, observability, declarative network provisioning (and intent-based networking), and app-to-app connectivity.

Cilium can provide identity-based segmentation across public cloud, on-premises, or Kubernetes environments regardless of whether networks are logically connected. Cilium’s network policy enforcement engine implements segmentation and microsegmentation by natively understanding public cloud provider concepts such as security groups and Kubernetes metadata. The policy enforcement layer is able to operate at Layer 3 through Layer 7 and enforces a strong security identity-based layer with optional support for mTLS-based mutual authentication.

For troubleshooting and diagnostics, Isovalent Enterprise for Cilium detects a wide range of network degradation events, including drops, policy violations, retransmissions, network latency measurements, transmission control protocol (TCP) zero-window events, continuous data delivery to application monitoring, detection of TCP timeouts, identification of routing loops, and domain name system (DNS) failures. The solution can detect various known traffic anomalies such as routing loops, maximum transmission unit (MTU) issues, mismatched encryption keys, and repeated DNS resolution failures. Failures are automatically recovered from by recreating data path functionality, automatic leader reelection of control plane components, and high availability of egress and DNS proxies and gateways.

The solution ranks high on the declarative network provisioning key feature because of its DevOps suitability due to integrations with IaC tools such as GitOps, Terraform, and Ansible. CI/CD integrations are typically used to define load-balancing, network policy, and egress gateway needs. All routing and networking intent can be defined via YAML or JSON and can be automatically generated or maintained via a CI/CD pipeline. All configuration aspects of Cilium, such as load balancing, network policy, mesh connectivity, egress policies, and VRF configuration are declarative and intent-based.

Challenges
While Isovalent’s networking and security features are comprehensive for containers and Kubernetes, its solution has not been designed for orchestrating and managing public cloud networking constructs.

Purchase Considerations
Cisco has announced in January 2024 the intent to acquire Isovalent. Cisco will focus on Isovalent Enterprise for Cilium’s security capabilities, but the product will remain distinct from Cisco’s data center and cloud networking capabilities, namely CNC, APIC, and NDFC.

As the creators and maintainers of the widely deployed CNI, Cilium, Isovalent is particularly well suited for container networking. These features have been extended for multicloud and multicluster use cases, while Cilium Mesh can now also bring the features to hybrid environments.

Radar Chart Overview
Isovalent is positioned in the Innovation/Feature play quadrant because its solution, newly available for enterprises, focuses on networking for containers and Kubernetes only.

Juniper Networks

Solution Overview
Juniper Networks delivers cloud networking capabilities through the newly released Cloud-Native Contrail Networking (CN2), which ranks high on secure traffic and segmentation, observability, and optimization. CN2 is a cloud-native software defined network (SDN) solution that automates the creation and management of virtualized networks to connect, isolate, and secure cloud workloads and services seamlessly across private and public clouds.

CN2 also offers equal-cost multipath (ECMP) load balancing built into the vRouter’s forwarding plane, distributing traffic across endpoints such as virtualized firewalls. In addition, the solution also provides an application-layer load-balancing function for content-aware traffic optimization.

CN2 features a cloud-native analytics stack that automates network design, deployment, monitoring, management, and security from a single point of operations. The portal supports RBAC, giving network administrators full access to the tools and resources needed to design, deploy, manage, and monitor network services while providing limited access to other users.

Strengths
Juniper’s Contrail products offer a mature cloud networking solution that delivers good capabilities for secure traffic and segmentation, observability, and network optimization.

With optional and configurable analytics for monitoring and troubleshooting, CN2 provides enhanced observability with plug-and-play usability for some of the most popular open source projects like Prometheus, InfluxDB, Grafana, FluentD, and ElasticStack for ease of use, platform flexibility, and low cost.

Juniper ranks high on secure traffic and segmentation. The vRouter forwarding plane brings high performance routing and microsegmentation into the server. There are several different isolation models, including network policies, custom pod networks, and isolated namespaces. The vRouter has built-in distributed Layer 3 and 4 firewall capabilities that allow users to define simple and abstract security policies between virtual networks, as well as NGFWs for Layer 7 traffic filtering.

Challenges
Juniper could improve its products further by offering a drag-and-drop network builder and application-oriented features such as app discovery and connectivity.

Purchase Considerations
Juniper will be acquired by HPE, so its cloud networking products will become integrated in the wider HPE portfolio alongside Aruba’s products. While there isn’t any overlap between the Juniper and Aruba products for cloud networking, buyers should consider any changes or updates to licensing and consumption models.

Juniper can cater to a wide range of use cases, which includes multicloud, hybrid cloud, and container networking.

Radar Chart Overview
Juniper is positioned in the Maturity/Platform Play quadrant, as the vendor’s networking features can tackle a variety of use cases and Juniper’s networking services are widely deployed.

Prosimo

Solution Overview
Founded in 2019, Prosimo offers a full-stack cloud networking solution that fulfills multiple use cases. These include interconnectivity of virtual networking constructs, applications, and services, network segmentation and access controls, ML-driven observability, and NetDevOps workflows that reduce operational efforts for deploying across multiple clouds. The vendor ranks high on a number of key features, including observability and optimization, declarative network provisioning, and app-to-app connectivity.

Prosimo provides gateways for customers to deploy within their data centers and co-location facilities. The solution orchestrates network connectivity from the gateways to the Prosimo fabric running in the public cloud network. The main data plane components of the fabric run within the customer’s public cloud environment. The Prosimo management plane uses cloud-native constructs to orchestrate the edge gateways in any region and to secure connections with all edge gateways in the fabric.

Prosimo maintains a comprehensive API and extensive documentation that lets DevOps teams incorporate the solution’s capabilities via API integration. Out-of-the-box integrations with IaC tools such as Terraform are available for deploying Prosimo’s cloud transit and corresponding policies in existing CI/CD pipelines.

Strengths
With full Layer 3 to Layer 7 capabilities, Prosimo addresses the main challenges around application connectivity within and between clouds, offering a superior user and application experience compared to solutions that use only Layer 3 and 4 functions.

The vendor uses ML-driven insights and real-time telemetry to offer topological visualizations, anomaly detection, path analysis, and optimization recommendations to detect and perform root-cause analysis of issues from an end-to-end perspective. Prosimo gathers multicloud telemetry from its global distributed infrastructure spanning multiple public clouds and user locations. This data is used by Prosimo’s ML engine, CIRRUS, which identifies the best path options to ingress clouds and routes within a cloud or across clouds, based on per-app policy definitions. Prosimo users get daily recommendations based on their traffic patterns to adapt their Application eXperience Infrastructure (AXI) footprint dynamically, which improves application performance and reduces cloud costs.

The solution also provides Layer 7 load balancing capabilities natively to spread the traffic across multiple target groups and map application topology based on access, load, and connectivity patterns. Requests can be routed to the right cloud region at a fully qualified domain name (FQDN) or URL level to improve application performance and availability. The AXI platform is built on a scalable Kubernetes-based architecture, which dynamically allocates compute and network resources as required with full orchestration capabilities.

Challenges
The vendor can further expand its container and Kubernetes capabilities. The vendor is currently working on further integration in this area, including integration with the Cilium CNI.

Purchase Considerations
In contrast with other purpose-built cloud networking solutions, Prosimo’s solution is distinguished because its initial product releases focused on Layer 7 networking, with the vendor then expanding into Layers 3 and 4 features. Today, Prosimo offers a full-stack (Layers 3 to 7) cloud networking platform.

Prosimo’s core strengths involve delivering multicloud networking features, but the vendor can also deliver good hybrid cloud and cloud connectivity and services as enterprise network backbone capabilities.

Radar Chart Overview
In the previous iterations of the cloud networking report, Prosimo was featured in the Innovation/Feature Play quadrant. In this version of the report, with Prosimo’s full stack networking features consolidated, the vendor is now positioned in the Innovation/Platform Play quadrant.

6. Analyst’s Outlook

While multicloud networking is not a table stake (aka, a required feature) in this report, it is no surprise that it is one of the most sought-after capabilities. All vendors featured in this report who support hybrid and multicloud networking ensure that both connectivity and their services span the supported environments. This coverage includes visibility, security, and network optimization techniques.

In the previous iteration of the report, we defined “application-aware infrastructure” as one of the most important criteria on which we were seeing different maturity levels. In this iteration, we have taken a more granular approach, defining both app-to-app connectivity—which includes other types of services that run in cloud and on-premises environments—and content-aware traffic processing as key features. As in the previous report, small and large vendors have varying capabilities here. Some enable cloud networking using Layer 4 constructs, while others deliver Layer 7 services. We expect that there will be additional focus on service performance and health, and this will lead all vendors to pursue delivery of Layer 7 capabilities such as service discovery, monitoring, content-aware load balancing, and traffic filtering.

To drive this application-first mentality further, support for DevOps, declarative networking via integrations with IaC tools, and availability of APIs are at the top of most providers’ lists. All vendors featured in the report offer comprehensive APIs and must also include out-of-the-box integrations with Terraform, Ansible, Chef, Salt, and/or similar tools.

Cloud networking solutions have an innate focus on Day 0 and 1 activities, enabling users to design and deploy new networks easily. This facilitation is achieved by using drag-and-drop visual builders or IaC tools or walking through a setup wizard in the solution’s GUI. For Day 2 (operational) activities, we’ve assessed vendors on their solution’s troubleshooting and diagnostics performance, which varies widely. Vendors with mature capabilities in this area offer ML algorithms for data analysis and predictive maintenance, which can be used to perform self-healing. Vendors with less mature capabilities offer only basic functions, such as setting up thresholds to trigger alarms when performance gets degraded.

With more cloud migrations on the horizon and more cloud-first companies and services entering the market, we expect the adoption of cloud networking to increase, largely because it enables organizations to take a more agile approach to their infrastructure. Rather than being limited by physical networking, cloud networking enables developers to access the resources and services offered by all types of infrastructure providers for on-premises workloads, multiple public clouds, and an increasing number of edge locations. As part of the application development process, developers will be able to spin up (and down) networking resources according to their own requirements, without low-level networking knowledge, creating bespoke infrastructure that best serves the given application.

To learn about related topics in this space, check out the following GigaOm Radar reports:

7. Methodology

For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.

8. About Andrew Green

Andrew Green is an enterprise IT writer and practitioner with an engineering and product management background at a tier 1 telco. He is the co-founder of Precism.co, where he produces technical content for enterprise IT and has worked with numerous reputable brands in the technology space. Andrew enjoys analyzing and synthesizing information to make sense of today’s technology landscape, and his research covers networking and security.

9. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

10. Copyright

© Knowingly, Inc. 2024 "GigaOm Radar for Cloud Networking" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.