Firewall (FaaS) & WiFi (WaaS) as a Service.
Firewall (FaaS) & WiFi (WaaS) as a Service.
Wake up & get real for the masses
Based upon research and live customer experiences dating from Q4 2017, I have come to the opinion that the FaaS & WaaS add to the long list of technologies where vendors over rate the value of their wares to the folks that have to pay for them.
Back in September 2017, Airfibre won a tender to supply connectivity to a Government funded business park with infrastructure comprising a 100Mbps Internet Leased Line, a Firewall and 40 Access points.
In hindsight, the specification was massively over engineered given the usage made of the infrastructure, which reflected the profile of the customers involved. In short:
- a) the 100Mbps backhaul never saw greater than 5% utilisation;
- b) the Palo Alto security solution, whilst fine technology, went way beyond the requirements for SoHo environments that would never avail of its features; and
- c) the networked Cisco Wi-Fi infrastructure was more expensive than necessary.
Further learning followed this initial installation as we fulfilled additional firewall requirements elsewhere based upon the Palo Alto platform.
In contrast to the business park, these were customer driven purchases where the users clearly had a cast iron case for the absolute best of breed technology to satisfy highly sensitive blue-chip corporate requirements. In these cases the investment was, in hindsight, worthwhile. (It was worth noting that these customers had full time dedicated professional IT staff.)
Others to whom we introduced the Palo Alto solution accepted that whilst the technology was fantastic, they could not justify the cost and some were wary of being able to provide appropriate resource for managing the solution. (NB, these organisations did not have dedicated full time IT staff.)
From this it was clear that the majority of enterprises do not have full time IT staff, but:
- still need an appropriate level of security;
- are budget conscious and will not typically have extensive funds reserved for data security; and
- will have installed a firewall at some point but may be unsure if it is operating to the current environment or even if the license for the solution is in date, inviting the question as to whether or not they have any protection at all?
Approaches from existing customers also indicated an appetite for a cost effective solution for which there was a single point of contact for any issues arising. In a nutshell, many organisations find it irksome to determine whether any fault may be due to the backhaul circuit, the access router, the Firewall or the WiFi and, moreover, when an issue arises they can be frustrated by the challenge of identifying its root cause, particularly where vendors become defensive and operate denial.
It struck us that whatever we designed had to be:
- a) delivered at a compelling price;
- b) supplied as a managed service to a published Service Level Agreement; and
- c) provide an appropriate level of protection.
Having looked across the board we identified Netgate as an appropriate 2021 Firewall platform for small to medium businesses.
Whilst not uber fancy, that Netgate is trusted by the US Navy and Army was a bonus as far as we were concerned and that it’s cost does not make your eyes water makes a lot of sense.
Recognising that the SME / SoHo environments are relatively straight forward – typically requiring a limited number of SSIDs on a single unit we established that Ubiquity was a perfectly good solution for most – forget about complex WiFi tech and servers with fancy reports and over powering control facilities.
Moreover, my own pub based research found me talking to Landlords bemoaning poor Internet performance and whinging customers. Not as I explained, because the backhaul circuit was inadequate, but because some bozo decided to place the Access Point under a shelf in the corner of a room behind the television.
It was obvious that good straightforward advice with regards locating a device for optimum coverage was another key missing element in the mix – but of course, design and engineering expertise in this regard does not come cheap and I for one don’t want to fund it through the increased cost of my pint.
For our part, we scrapped the idea of selling hardware and opted instead to bolt on a service based upon a low monthly recurring charge and a zero or near zero installation cost.
To make sure that proposed pricing would be attractive it had to be tested in situ to ensure that it was viable to deliver at the intended price point – without quality of service compromise. We also needed to learn what the real-world demands would be.
We proved concept in a variety of locations and customer environments.
- 1) Indoor/Outdoor integrated multi AP solution with FaaS and backhaul at Dublin’s most prestigious development.
- 2) Indoor/Outdoor integrated solution at a steel fabrication plant.
- 3) SoHo locations (backhaul, Firewall & single AP) for Ireland’s leading property management company.
- 4) A multi-tenanted apartment complex in a converted Dublin Georgian property.
In all respects we were satisfied that a satisfactory service can be delivered at a price that folks want to pay.