گزارش موسسه گارتنر درباره تولیدکنندگان محصولات شبکه در سال ۲۰۱۸
تولیدکنندگان محصولات شبکه
بر اساس گزارش سال ۲۰۱۸ موسسه گارتنر وضعیت و جایگاه شرکت های تولید کننده محصولات شبکه به شرح زیر می باشد.
Magic Quadrant for the Wired and Wireless LAN Access Infrastructure
Strategic Planning Assumptions
- Smartphones, tablets and other mobile smart devices
- Networked office equipment
- Sensors and other Internet of Things (IoT) endpoints
- Other fixed or mobile devices communicating to a wired switch port or a wireless access point (AP) at the edge of the enterprise infrastructure
- Hardware — Physical network elements including:
- Wireless access points
- Wired switches
- Controllers (physical or virtual), if needed
- Software — Network service applications that are cloud-based, appliance or virtual appliance, including but not limited to:
- Network management, monitoring
- Performance management
- Guest access
- Onboarding services
- Authentication, authorization and accounting (AAA) security/authentication
- Policy enforcement
- Intrusion detection systems/wireless intrusion detection systems
- Location services
- Application visibility
- Network and vertical market analytics
- Security, including behavioral analysis
- Vendors providing their own wired and wireless infrastructure components, network applications and services
- Vendors primarily providing a specific connectivity option, such as either wired or wireless components. These vendors often focus on solutions addressing a unique set of market requirements, such as cloud-based management of a predominantly wireless LAN, or a vertical market such as retail or healthcare.
- Vendors using a strategic partner to provide some or all of the hardware or software components of an end-to-end access solution, including network services applications. The combined solution these vendors offer should provide differentiating functionality, in order to be considered a better option for enterprises that might otherwise buy solution components directly from the strategic partner.
Vendor Strengths and Cautions
- Aerohive bundles a basic version of HiveManager with all its campus switches and APs as Aerohive Connect. This provides organizations seeking simple access network connectivity with basic cloud network configuration and monitoring for no additional subscription cost, with an upgrade path to expanded features for policy management, guest access, security and network device visibility.
- Organizations have options for third-party campus switches that integrate with HiveManager, since Aerohive added Juniper as a partner. Organizations looking beyond Aerohive’s own limited wired switching portfolio and its core territories of North America and EMEA now have more global options for integration with Aerohive APs in Dell EMC and Juniper.
- HiveManager includes Aerohive’s Insight platform of open APIs, enabling developers to create solutions accessing information about network and client devices and applications connecting with the enterprise LAN.
- Aerohive relied on the Americas region for 63% of its access-network-related revenue in 2017, with 9% coming from what is currently its smallest region, Asia/Pacific. Customers must perform due diligence to ensure Aerohive or its partners provide sufficient postsale service and support in regions where it does less business.
- Aerohive global WLAN revenue declined 9.9% in 2017. Customers should monitor the company’s ongoing product development and improvements in areas such as machine learning capabilities for network management and assurance.
- Aerohive customers must rely on the vendor’s partners for wired switching hardware beyond its own basic branch switching product line, which, during the evaluation period for this research, did not include 802.3bz multigig campus switches.
- In addition to its Stellar wireless APs, ALE supports campus unified access layer deployments using APs from its OEM partner HPE (Aruba), managed with OmniVista 2500. Clients can deploy access control and guest access or bring your own device (BYOD) management via OmniVista 2500 or Aruba’s ClearPass Policy Manager solution.
- ALE’s core access layer technology includes its Intelligent Fabric, which enables automated configuration or reconfiguration of ALE network devices or applications, helping to reduce deployment time and potential configuration errors by automating network protocol configurations.
- ALE provides wireless mesh networking functionality for all of its OmniAccess Stellar APs, as a no-cost software upgrade. The function enables the APs to connect with each other via the low band of the 5GHz radio, using the 5GHz high band and 2.4GHz bands for client connectivity to the APs.
- ALE continues to rely on HPE (Aruba) as a strategic partner for large WLAN deployments with complex requirements, limiting the control it has over technology development to serve organizations with those needs.
- ALE’s network automation capabilities remain limited, with machine learning currently used for functions such as generating predictive analysis reports through the OmniVista management solution, or identifying potential network configuration change issues via the ProActive Lifecycle Management (PALM) solution.
- ALE’s indoor location solution, Stellar LBS, utilizes only Bluetooth low energy (BLE) technology that Gartner believes renders it too limited for some advanced enterprise location service uses requiring more precise asset location than BLE may provide.
- All products, including industrial-grade switches, use the same operating system (AlliedWare Plus) for uniform functionality, support, migration and upgradability.
- Vista Manager EX/AMF can be deployed on-premises or as a multitenant cloud option, providing deployment flexibility while simplifying network management and automation. Vista Manager EX supports multivendor monitoring, requiring SNMP configuration for visibility and monitoring of other vendor network devices.
- Vista Manager EX/AMF can also be integrated via an API with Allied Telesis Secure Enterprise Software Defined Networking (SES), an SDN controller that integrates with the firewall to manage policy enforcement.
- Allied Telesis has limited functionality for basic applications, such as guest access. It does not provide a captive portal that automatically issues guest access through SMS or email.
- Allied Telesis does not provide location-based services and has limited capabilities for IoT segmentation, real-time traffic analysis and security behavioral analytics. This impairs its near-term ability to deliver on advanced enterprise requirements.
- Allied Telesis operates globally, but 60% of its revenue is derived from the Asia/Pacific region. Clients should validate that the reselling partner has the ability to provide sufficient local support capabilities.
- Ruckus Cloud Wi-Fi platform enables remote configuration and management of compatible wireless APs, plus the ability to switch to an on-premises management solution using the same APs.
- Ruckus’ Cloudpath Enrollment System provides wired and wireless network access management, policy management, onboarding and guest access for user or IoT devices, as either a cloud-based or on-premises solution, available as a software purchase or SaaS.
- Ruckus offers a versatile IoT solution via its IoT Suite that comprises the vendor’s SmartZone controller, compatible Ruckus APs and IoT Modules that attach to the APs. These modules enable connection to the WLAN of non-Wi-Fi IoT endpoints using connectivity standards such as Zigbee, BLE or LoRa. The controller enables a single management interface for both the WLAN and the IoT access network.
- Current and potential customers should require details of the ICX development roadmap as well as integration between ICX and the Ruckus cloud management platform to determine if these products can meet their unified network requirements.
- Ruckus trails its large-enterprise competitors in delivering advanced enterprise capabilities, such as network automation, and in the accuracy of location-based services supported by its Smart Positioning Technology (SPoT) location engine and analytics software.
- Ruckus does not support multivendor management of the enterprise access layer through its cloud management platform. The vendor has an OEM relationship with Dell EMC for access networking, aimed primarily at enterprise verticals and service provider customers.
- For organizations with hybrid environments, Cisco’s roadmap for 2H18 is to continue developing DNA Center as a platform that is a single touchpoint providing automation, analytics, and the ability to tie the Aironet/Catalyst and Meraki product lines together.
- For customers requiring an access networking strategy for IoT, Cisco has created a fully featured solution by integrating its IoT capabilities with its Enterprise Networks organization. Components include the analytics of DNA-C; Time-Sensitive Networking capabilities supported by the IE 4000 industrial switch line; and virtual segmentation supported by Software-Defined Access (SD-Access).
- For enterprises deploying iOS client devices, Cisco’s relationship with Apple allows its infrastructure to uniquely acquire telemetry data directly from Apple clients with iOS Wi-Fi analytics.
- Organizations with hybrid cloud and on-premises management requirements should realize that although DNA Center provides central management functionality for Catalyst/Aironet and Meraki, there are differences in how some features might be implemented, rendering hardware components and some software functionality incompatible. These differences are a consideration for migration between platforms if needs or requirements change.
- Clients report that Cisco ONE/DNA bundling options are a shift from previous licensing and include in the subscription components for automation and assurance capabilities that they find complex and that may provide overlapping or unneeded services. Mandatory term licenses for some products also create uncertainty and can increase ongoing costs. Enterprises must review the capabilities and pricing in each licensing tier before making purchase decisions.
- Clients report that implementing IoT segmentation using SD-Access is complex and difficult to deploy. Enterprises should confirm that they have adequate resources and training to ensure that they achieve the intended business functionality.
- Dell EMC provides a large ecosystem for access network services, including AirWatch for unified endpoint management; Impulse SafeConnect for network access control (NAC); and Dell’s RSA NetWitness suite for security behavioral analytics.
- The vendor supports IoT device management with VMware’s Pulse IoT Center solution, which used an open-source agent to identify and then onboard “things,” with policy enforcement at the access switch or AP.
- Customers buying Dell EMC’s unified access network infrastructure benefit from the company’s global support infrastructure, which is more developed than those of its OEM partners in such regions as Latin America and Asia/Pacific.
- Dell relies on Aerohive and Ruckus for wireless technology development in applications such as wireless network analytics and location-based services, raising the risk that having no direct control over partner roadmaps hinders its ability to respond quickly to changing WLAN market requirements.
- Dell has indicated its relatively new OEM relationship with Ruckus is focused on service provider and public venue networking. The companies have not outlined any plans to leverage the relationship for product development specific to enterprise campus and branch office use cases.
- Dell EMC lags its major competitors in delivering advanced enterprise capabilities such as network automation and location services, which rely heavily on the capabilities of its OEM partners in those areas.
- D-Link is a low-priced solution offering a broad range of indoor and outdoor wireless APs, plus managed and unmanaged wired campus switches suitable for basic networking use cases.
- Basic guest access features are included at no additional cost with D-Link’s DAP and DWL access points, DWC wireless controller and DES, DGS and DXS managed switch models.
- D-Link’s Auto Surveillance VLAN (ASV) utility for its Smart and SmartPro managed switches enables customers to route both data and video from IP surveillance cameras through the same switch, instead of requiring a dedicated switch just for the video feed.
- D-Link’s business is concentrated in emerging markets, Asia/Pacific and Europe, and in the consumer and service provider markets, which account for about 80% of its business. Enterprise customers outside of those domains should ensure the vendor provides an appropriate level of support both geographically and for their specific networking requirements.
- D-Link’s web-based, subscription network management solution, D-View 7, does not support multivendor deployments, only the vendor’s switches and access points, limiting its utility for mixed-vendor environments.
- D-Link’s portfolio does not provide location-based service applications or support machine learning features for automating access layer connectivity, limiting its utility to basic enterprise connectivity and management requirements.
- Extreme’s management team continues to provide strong leadership, and the sales management team has extended the vendor’s reach geographically as well as across vertical markets.
- Extreme Fabric Attach provides an access layer fabric that also addresses the need for enterprise IoT segmentation across its wired and wireless LAN product portfolio.
- Extreme’s Product Management organization has done an excellent job integrating the access networking products of its recent acquisitions, Avaya and Zebra, into a cohesive roadmap focused on common hardware and a unified operating system, which is important to clients developing a three- to five-year strategy.
- Customers with hybrid deployments may not initially be able to deploy newer Extreme Network applications both on-premises and in the cloud. For example, Extreme’s user and entity behavior analytics (UEBA) offering was initially released as a cloud offering with an additional release for on-premises flexibility. Organizations need to validate applications can be deployed in the specified location.
- Extreme continues to lag behind providing location capabilities that lack the location precision of competitive offerings. Organizations using location solutions from ExtremeWireless or ExtremeWireless WiNG should specify their requirements and test to ensure that the technology addresses the use case.
- Customers purchasing Extreme products or that continue to own legacy products from the companies it has acquired must be aware of the challenges in combining the access layer offerings of several organizations. Organizations with existing Avaya or Zebra products need to ensure that they have a migration and product integration plan and that any new products or applications meet their solution needs.
- Fortinet integration of security hardware into its access layer infrastructure provides the architecture with seamless network security without overly complex configuration and operation.
- FortiManager offers unified management tools for single-pane-of-glass management of thousands of devices across security, wireless and wired network devices.
- Fortinet’s extensive use of GUI configuration tools can reduce requirements for learning new CLI commands for full functionality. Look and feel is similar across devices, which should reduce total cost related to adoption and ownership over the long term.
- Gartner clients do not commonly report end-to-end Fortinet deployments; the lack of cross-vendor network equipment management in Fortinet’s unified management platform does not account for the multivendor environments in which it may be deployed.
- Overlapping FortiGate and FortiWLC positioning can be a potential source of confusion regarding the targeted scale of deployment. Both products offer “enterprise-class” features and functionality, but Fortinet positions them to small and large enterprises respectively. This lack of clarity in positioning and use cases also extends to the Fortinet large offering of access points.
- FortiSwitches are targeted at small to midsize enterprises, while Fortinet wireless products can be scaled to support large enterprises, a difference that large enterprises looking to consolidate their networks around the Security Fabric platform should be aware of.
- The basic license for AirWave includes basic connectivity analytics, while AP licenses include ClearPass guest access software, mirroring similar offers from other vendors aiming to keep costs competitive for basic networking requirements.
- For campus aggregation and core switching, the 8400/8320 chassis switches include network analytics and policy-based integration with monitoring and security tools.
- HPE (Aruba) updated development of its capabilities for network service assurance with NetInsight, a new cloud-based offering feeding 400 data points into a machine learning engine to provide user connectivity and radio frequency insights for recommended network configuration changes.
- Aruba has progressed slowly in developing products for IT/operational technology (OT) convergence. This will limit its utility for customers in the OT space, especially with Time-Sensitive Networking functionality.
- Customers interested in cloud-managed access networks are limited by the current focus of Aruba Central cloud management suite on branch network deployments. It lacks the same complete functionality as its on-premises ClearPass and AirWave offerings to support campus switches, controllers and APs while the company continues developing the product.
- HPE (Aruba)’s Meridian product line has not extended yet beyond Wi-Fi and BLE functionality, which leaves some end users, for some use cases in target markets such as healthcare and retail malls, looking for more robust solutions. Clients continue to explain that location service applications require the use of Meridian APIs to allow integration with other technologies and applications, to create an expanded end-user experience.
- Agile Controller can be deployed on-premises and in the cloud, scaling to up to 6,000 APs and more than 1,000 switches. Software licensing options deliver functionality encompassing AAA security, onboarding, guest access management and security orchestration.
- Huawei has added 2.5/5 Gbps switches to its S6720-SI fixed-form campus switch portfolio, supporting its already strong foundation in fixed and modular switches that generally are priced lower than comparable products from its largest competitors.
- Huawei’s Cloud Managed Network (CMN) solution allows management of wired and wireless LAN infrastructure in a private or public cloud, including firewalls and access routers. Organizations that require a change from an on-premises to a cloud-managed deployment can do so by upgrading their software and their hardware licenses, without having to change hardware such as access points or switches.
- Huawei generated more than 87% of its access networking revenue from the China and EMEA regions in 2017. Risk-averse organizations, especially in areas such as North America where Huawei has faced political headwinds, should conduct due diligence to ensure sufficient support for implementation and service of Huawei solutions.
- Huawei’s end-to-end location services rely on partnerships that complement its broader customer value proposition. Organizations should ask for proof points and review Huawei’s ecosystem of partners for additional capabilities.
- Huawei trailed its major competitors in providing advanced automation for network service assurance, having just introduced its CampusInsight solution using analytics leveraging AI technology in March 2018.
- Juniper Sky Enterprise provides much needed cloud-managed management and configuration capabilities such as zero-touch provisioning to SRX, NFX and EX Series devices.
- SDSN functionality extends across networking products thereby centralizing and automating security policy in addition to providing real-time threat detection.
- Junos Fusion provides switch aggregation to support integrated management of multiple campus switches as a single logical device.
- Juniper’s wireless strategy relies on partners such as Aerohive and Aruba. This strategy limits the control Juniper has over its wireless technology roadmap, potentially delaying integration of customer-required features into its management tools such as SDSN and Juniper Sky Enterprise.
- Customers requiring a unified wired and wireless access experience cannot get it from Juniper due to its lack of in-house-branded wireless products.
- Customers adopting the new Sky Enterprise platform will be among the first to put it through varying production scenarios and scales, often for the first time until the platform builds up a solid in-production track record.
- LANCOM’s wired and wireless LAN portfolio is competitively priced with larger competitors for comparable hardware or network application capabilities.
- LANCOM’s LN-830E Wireless APs with integrated Bluetooth and proprietary Zigbee radios are the basis of the vendor’s IoT containment technology, using the AP as a gateway aggregating and segregating traffic from IoT endpoints. The solution currently is limited to LANCOM’s ePaper digital signage and labeling solution.
- The vendor includes software updates for its wireless APs, switches and controllers in the purchase price.
- LANCOM’s business is concentrated almost exclusively in EMEA. Enterprise customers outside of this region should ensure the vendor will be able to provide an appropriate level of support both geographically and for their specific networking requirements.
- LANCOM’s product strategy emphasizes integration of SD-WAN and wired/wireless LAN through its Management Cloud. This may limit the appeal of its solutions to organizations whose roadmaps do not prioritize this integration.
- LANCOM does not currently support 802.3bz. Organizations that require full performance from an 802.11ac Wave 2 solution using existing cabling will have to wait until LANCOM releases its 802.3bz switches and wireless APs, currently scheduled for year-end 2018.
- The Mist management team’s vision matches Gartner’s view of emerging customer requirements, with a strong product strategy, and has executed strong revenue growth and sales expansion to support global opportunities.
- The Mist wired and wireless access layer solution uses an in-line AI engine called Marvis, which includes a patented dynamic packet capture and unsupervised machine learning to automatically identify, adapt and fix network issues.
- Mist has an indoor location solution that provides one-meter to three-meter granularity and virtualizes BLE beacons, eliminating the need for physical battery-powered beacons.
- Mist continues to grow rapidly and can deploy updates as often as weekly, which may disrupt network performance or operations. Clients should set up testing environments to ensure there are no changes to functionality that require additional process changes or training.
- The focus of the Mist solution is cloud-based service delivery. Organizations that need on-premises or private cloud capabilities should test the functionality as part of the evaluation process.
- Mist uses partners to provide vertical market functionality for IoT or OT solutions such as Time-Sensitive Networking. Organizations in these vertical markets should test the end-to-end solution.
- The ability to deploy the solution in the cloud or on-premises provides the flexibility that is needed by many organizations.
- Federal Information Processing Standard (FIPS), Common Criteria and Federal Risk and Authorization Management Program (FedRAMP) certifications provide the ability for Mojo to be used for U.S. Federal opportunities that have these requirements.
- Network analytics is provided within Mojo Cognitive WiFi, with the machine learning and big data platform tracking more than 300 KPIs.
- Mojo has a limited IoT segmentation/containment strategy and limited UEBA for discovery, onboarding and management. Organizations must evaluate Mojo’s capabilities and whether ecosystem partners can provide an end-to-end solution.
- Mojo does not currently support 802.3bz and has no short-term plans to fill this gap. Organizations looking to do switch refreshes as part of an 802.11ac Wave 2 solution will have to look to other switch offerings.
- Many of the Mojo network and security applications are targeted toward “wireless” clients including wireless intrusion prevention system (WIPS), network analytics and management. Clients deploying an end-to-end solution using Mojo’s limited portfolio of campus switches need to ensure that the appropriate functionality is also available for wired clients.
- The Oasis platform provides wireless management from the cloud, including data analytics and basic device/user behavior analysis in a multitenant environment.
- New H3C has grown substantially faster than the market for both campus Ethernet switch and WLAN revenue, despite being restricted, so far, primarily to sales in China.
- New H3C has a strong foundation in switching, with a broad portfolio of fixed form and modular switches at competitive pricing.
- Under the agreement with HPE creating New H3C, the vendor is largely limited to selling networking solutions in Greater China. Organizations outside of that market should require detailed documentation regarding the level of vendor or partner support for implementation and postsale service and support available at their locations.
- The Oasis cloud managed network platform is offered only in China, with a lack of overseas application cases for private cloud that limits its appeal to organizations outside the region.
- Clients will find that, despite updates to New H3C’s CUPID indoor location service platform to integrate data from both Bluetooth beacons and Wi-Fi, the vendor has few partners outside of China, limiting the development of location applications outside of the region.
- Xirrus aligns well with Riverbed’s historical deep application visibility by providing similar application management functionality on the WLAN portfolio. Applications can be prioritized, throttled and excluded according to policy. Configuration is via the XMS-Cloud-based management or the SteelConnect cloud and on-premises management platforms.
- Riverbed provides strong automated onboarding tools for enterprise end users, guests, BYOD, and IoT devices via EasyPass, which has native integration via Office 365 and Google SSO.
- The vendor’s WLAN access points have a proven track record in high-density and challenging wireless environments and now provide complementary application prioritization functionality to Riverbed’s SD-WAN product through the common SteelConnect interface.
- Clients with legacy Xirrus WLAN deployments predating the Riverbed acquisition must ensure the vendor provides sufficient product integration support, given these are the initial set of integrations between Riverbed Xirrus and SteelConnect product families.
- Despite offering some attractive features, SteelConnect access layer switches do not offer the robust backplane bandwidth required to support higher-demand application traffic at high port densities.
- To ensure the ongoing integration of SteelConnect with legacy products meets their requirements, legacy Xirrus customers must exercise due diligence in monitoring Riverbed’s sales, future support and product roadmaps.
Vendors Added and Dropped
Inclusion and Exclusion Criteria
- Demonstrate relevance to Gartner clients in the enterprise access layer market by offering switching and WLAN hardware to address enterprise access layer networking requirements outlined in the Market Definition section.
- Demonstrate relevance to Gartner clients in the enterprise access layer market by providing one or more network service applications as outlined in the Market Definition section, with an annual network service application revenue exceeding $10 million.
- Produce and release enterprise access layer networking products for general availability as of 15 February 2018. All components must be publicly available, shipping and included on the vendor’s published price list. Products shipping after this date will only have an influence on the Completeness of Vision axis.
- Have at least 50 enterprise customers that use its access layer networking products in production environments as of 15 February 2018.
- Demonstrate production enterprise customers with at least five reference customers supporting access layer networks of more than 100 access points.
- Arista Networks
- Sundray Technologies
- Ubiquiti Networks
- Zyxel Communications