Print Friendly, PDF & Email


Over the last year and a half, VMware has been aggressively bolstering its network security capabilities, whether with the acquisition of Velocloud (Nov. 2017), Avi Networks (June 2019), Carbon Black (Oct. 2019), Octarine (May 2020), or Lastline (June 2020).

Today, VMware took another significant step with its new Secure Web Gateway(SWG)/Secure Access Service Edge (SASE) solution in collaboration with Menlo Security and expanded partnership with Zscaler.

In the last couple of months, I had the opportunity to sit down with senior VMware and Menlo Security executives to understand direction and aspirations. As I look back at today’s announcement against those conversations, three key takeaways come to mind:

1. VMware has strong fundamentals to deliver cloud-based security with Velocloud

We expect the physical appliance market for network security to decline 5% this year according to our data. Meanwhile, the virtual appliance and SaaS (i.e., cloud-based) markets for network security will grow 6% and 27%, respectively. 2020 is trending to be the first time the physical appliance market does not grow while virtual and SaaS markets do. The ongoing pandemic has hit the physical appliance market in two ways, by decelerating physical infrastructure projects and accelerating preference for cloud-delivered security.

VMware is banking on its Velocloud business unit to provide the platform and know-how to excel in the cloud-based network security space. Since its founding in 2012, Velocloud has been perfecting how to deliver cloud-based SD-WAN solutions over an ever-increasing global footprint, now with over 2700 cloud gateways across 130 points of presence (POPs). I believe the experience and knowledge gained from their SD-WAN solution will translate well to running a network security application, like SWGs. While Velocloud’s global network size may not be on par with Akamai or Cloudflare, two content-delivery/edge-compute vendors who are also entering the SWG space, they are on par with direct competition, such as Cisco Umbrella or Zscaler. With time we can expect that Velocloud’s scale will continue to increase, but even today is already a suitable foundation for delivering cloud-based security.

2. VMware needs to own the SWG, but until then, a partnership with Menlo Security is a good bridge on the journey to SASE

According to our data, the Secure Web Gateway market has been on a tear recently, growing 17% Y/Y in 1Q20 and 14% Y/Y in 2Q20. We expect it to close out the year with 15% Y/Y growth. This growth is remarkable, considering the challenging market environment created by the pandemic. For example, we expect the firewall market to post low single-digit Y/Y growth for the full year 2020, which has not happened since the great recession of 2008. With SWGs hot and firewalls not, VMware is the latest vendor to enter the SWG market in partnership with Menlo Security.

Menlo Security was founded in 2014 and is a late-stage startup that we started tracking here at Dell’Oro recently. Only this year did they begin introducing feature sets, such as CASB (Cloud Access Security Broker) and DLP (Data Leakage Prevention), for them to qualify for our SWG tracker. Most of their history, they’ve been better known for their work in web and email isolation technology and products.

I believe a vendor should directly own all core technology and expertise for their solutions in a perfect world. However, I see the partnership between VMware and Menlo Security a good bridge since making any acquisition takes time, and time is of the essence for VMware. Moreover, Menlo Security isn’t an unproven, early-stage startup, but also not so large to immediately give rise to competitive or strategic direction challenges. It remains what VMware is planning long term – I have no direct knowledge – but I stand by my assessment that VMware should own all the core technology, in particular, to improve the chance of success for the emerging SASE market. I’m currently working on a SASE Advanced Research Report and, in a future blog will hit on some of the key takeaways.

3. VMware hedging bets by keeping Zscaler close

On the one hand, VMware announced their intent to enter the SWG market today, but on the other, they also announced extending their strategic partnership with Zscaler. According to our data, Zscaler has been growing aggressively in the SWG market, as evidenced in 2Q20 with a 19% market revenue share and overtaking Cisco (Umbrella) for the #2 market spot. If they continue current growth velocity, they may take the #1 position before long.

VMware recognized that Zscaler isn’t going away, and customers will continue to seek best of breed deployments, with Zscaler owning the SWG and VMware owning SD-WAN. Few details were released on how VMware and Zscaler will further integrate, but on the face, I see a détente between both vendors, all aiming to reduce thrash near-term.

In summary, VMware continues to deftly expand its sphere of influence in the network security market, and we will be watching their developments with keen interest.

Print Friendly, PDF & Email


Preliminary estimates suggest the small cell radio access network (RAN) market (excluding residential small cells) approached 1 to 1.5 M units in the first half of 2020, comprising a double-digit share of the overall RAN market. Aggregate small cell growth is tracking slightly below expectations, partly due to logistical challenges associated with the pandemic. At the same time, small cell RAN revenues improved more than 20% Q/Q in the second quarter, adding confidence the bulk of these transitory challenges are now in the past and are unlikely to impact the long-term demand for small cells.

The global growth outlook for small cells remains favorable, underpinning projections the technology will play an increasingly important role supporting the overall RAN network as operators and enterprises navigate new technologies, spectrum bands, and use cases. Cumulative global small cell RAN investments remain on track to approach $25 B over the next five years, advancing at a substantially faster pace than the macro RAN market. Helping to explain this output acceleration is broad-based acceleration across both the indoor and outdoor domains.

The high-level vision has not changed. We expect unlicensed Wi-Fi systems to coexist with cellular technologies. For upper mid-band deployments, operators will need to advance indoor deployments rapidly while the sub 6 GHz micro adoption phase will be more gradual.

Sub 6 GHz small cells, including CBRS, are projected to account for more than 80% of the cumulative small cell market, reflecting the need for operators to complement upper mid-band outdoor deployments with indoor small cells to optimize the combined experience.

Since the last forecast, we have adjusted the cumulative 2019-2024 outdoor micro-small-cell outlook upward, driven primarily by a more favorable outdoor mmWave forecast. With the North American operators leading the way in mmWave, the upward revision is primarily driven by the improved momentum in the Asia Pacific region. In addition to on-going large scale deployments in Japan, the Korean operators are moving forward with plans to deploy mmW for hotspot and smart factory applications. Activity is also picking up in China.

Reflecting back on how we envisioned the market would unfold just a few years back, it is fair at this point to conclude that the outdoor mmWave market has surprised on the upside. At the same time, the indoor mmWave market has disappointed somewhat, reflecting the uncertainty about the timing of this market opportunity. Recent developments with suppliers, including Samsung, announcing the commercial availability of indoor mmWave systems add confidence about future growth prospects.

Preliminary 1H20 estimates suggest the top 5 macro-RAN suppliers accounted for more than 90% of the small cell market. With nearly 30 suppliers planning to support various forms of small cell technologies capitalizing on new opportunities emerging with private wireless, CBRS, Open RAN, and mmWave deployments, it will be interesting to monitor the dynamics between the incumbents and new entrants or small cell suppliers with weaker RAN footprints.

About Dell’Oro Small Cells RAN coverage, please refer to:
  • Dell’Oro Group’s Quarterly RAN and 5-Year Forecast RAN Reports offer a complete overview of the non-residential small cell RAN market by RF output power (pico and micro) and technology (LTE, 5G NR Sub 6 GHz, 5G NR Millimeter Wave), with tables covering manufacturers’ revenue and unit shipments.
  • Dell’Oro Group’s CBRS Report offers a complete overview of the CBRS Small Cell RAN market opportunity.

If you want to get a copy of the above report(s), please contact us ( for more details.

Print Friendly, PDF & Email


I had the opportunity to attend Juniper’s annual analyst event held on September 15 and 16. During the two-day affair, Rami Rahim, CEO of Juniper, and his staff reviewed Juniper’s business and technology strategy. They were joined by a cadre of customers telling their story to why they chose Juniper. I also had the opportunity to sit down one-on-one with Samantha Madrid, VP of Security Business & Strategy and owner of Juniper’s security business, to dig deeper into their security strategy.

As I look back at the event from a network security purview, I see Juniper making three bets on growing security market share.

1. All Network Infrastructure is Security Infrastructure

Juniper seeks to position its entire product portfolio as part of its security vision and solution. They argue that security doesn’t stop at the network security solution, say a firewall, but extends to the total network footprint. They equally see the data center, WAN, and enterprise campus network infrastructure participating in their “Connected Security” security vision. Participation by the network infrastructure is two-fold. On the one hand, as a source of security telemetry, such as who is connected and where. On the other hand, as an enforcement point, where surgically precise remediation action can occur.

This bear hug of all infrastructure is a wise move by Juniper. According to recent revenue data in Dell’Oro’s routing, switching, and security reports, Juniper’s network security market share is nearly five times smaller than their routing market share and 50% smaller than their switching market share. Juniper is looking to leverage its more substantial non-security areas for the benefit of the security sales conversation.

2. Ease of Use Still Matters

Most, if not all, network administrators will say they feel like an unsung hero in their IT organization. When the network works, rarely does the network administrator get congratulated. But when it does go down, fire and brimstone readily come raining down. This means that network admins are eager for solutions to help keep the network going.

During the customer fireside chats, Juniper had the network director from a US municipality tout how Juniper’s SRX firewall solution had facilitated a significant reduction in the number of rules compared with their previous vendor. This customer further detailed their satisfaction with the day-to-day management environment spanning physical appliances on-prem and virtual appliances in the cloud.

Focusing on ease of use is never a bad bet. All too often, security solutions turn into science experiments that are more pain than gain.

3. Cloud-Based Security is the Future

Our data shows that we are at an inflection point in the network security market regarding form factor preference and market direction. We track three form factors in our network security program: physical appliances, virtual appliances, and SaaS (Software as a Service). Until recently, all three form factors were on a growth trajectory. However, due to the pandemic limiting physical infrastructure projects and a growing customer preference for cloud-delivered security, we expect the market in 2020 for physical appliances to decline 5%. The virtual and SaaS form factors will grow 6% and 27%, respectively.

Juniper sees the same writing on the wall and looks to pivot the cloud to a greater degree. Most of Juniper’s competitors have already entered the SaaS-based network security market (e.g., Secure Web Gateways). While no SaaS-based solutions were announced during the analyst event, the Juniper team made it abundantly clear that their direction was cloud-based and to expect future product announcements.

In summary, Juniper is making common sense bets, and we will be watching their developments with great interest.

To learn more about Dell’Oro Group Network Security and Data Center Appliances market research program, please check out the Network Security page for more information.

Print Friendly, PDF & Email

During the Huawei AirPON Commercial Release Conference last week, Huawei formally introduced its AirPON solution, a combination of a blade OLT (Optical Line Terminal) and Digital Quick ODN (Optical Distribution Network) equipment designed specifically to be deployed at existing cell sites. Though Huawei is first out of the gate with a blade-based OLT designed to deliver FTTH from distributed, non-cabinet locations, we fully expect to see other vendors address this space in the near future. The target market for the AirPON solution and those expected from competing vendors is existing mobile carriers looking to expand their service portfolio by adding FTTH (Fiber-to-the-Home) access by taking advantage of their existing cell sites and fiber infrastructure.

These distributed solutions aim to capitalize on the trend towards fixed-mobile convergence among global operators that have only recently been accelerated by the COVID-19 pandemic. The pandemic has shown that universal access to premium broadband services is absolutely critical, and operators are responding by ensuring they can provide premium broadband services across both their fixed and mobile networks. Additionally, the proliferation of national broadband plans or subsidized broadband expansion efforts include both fixed and mobile network options to speed the availability of broadband throughout entire countries.

AirPON Specifics

At the heart of the AirPON solution is an OLT on a blade that can be deployed either on a pole or the wall of a building. The unit can be installed alongside an existing cellular BBU (Baseband Unit) and either draw from an existing DC or AC power source or be deployed with a new power source. The blade OLT is environmentally hardened to withstand extreme temperatures and wind. The unit itself weighs less and is smaller than current strand- or pole-mount OLT nodes, because typical antenna installations on building rooftops are quite a bit smaller in diameter when compared with traditional utility poles.

The blade OLT a maximum of 1,024 subscriber connections, depending on the split ratio the operator selects and how much bandwidth they want to deliver. For mobile operators beginning to offer fixed broadband services, this range is ideal for addressing buildings where either cable, DSL, or 3G/4G fixed wireless connections were only available or where no fixed connections existed previously.

During the online event, Peter Lam of Hong Kong Telecom (HKT) noted that the AirPON solution allows them to deliver fiber services to over 700 villages in remote islands and rural areas of Hong Kong. For HKT, the AirPON solutions solve two significant issues: limited access to existing fiber and the typically high costs associated with delivering FTTH access. The vast majority of HKT’s FTTH offerings are via OLTs located in central offices. However, in remote areas, those central offices are often limited in their reach and limited in their ability to deliver FTTH connectivity.

In a similar presentation, Joel Agustin of the Philippines’ Globe Telecom, which is the country’s largest mobile network operator, noted that the AirPON solution allows the company to deliver residential broadband services, where it is estimated that the penetration rate remains near 20%. Some of the challenges that have hindered operators’ ability to deliver universal fixed broadband services in the Philippines include extremely long fiber spans, owing to an insufficient number of central office locations, particularly in suburban and rural areas, and extremely long times for civil works projects to be completed.

The historically long lead times to complete fiber deployment projects pushed Globe to consider using its existing base station locations as distributed central offices where they could co-locate the AirPON OLTs to reduce the time and cost required to roll out FTTH services. In the Philippines, the typical ODN distance for a CO-based OLT was 7km. By moving to a more distributed architecture using the AirPON solution, Globe was able to increase the number of distributed OLTs and reduce the ODN distance to 1-2km. The reduction in the distance reduces the total fiber infrastructure while also making it easier to secure right-of-way access to add in additional fiber strands to the individual OLT locations. Finally, the approvals and construction process is reduced significantly because Globe doesn’t need to set up additional cabinets to deploy the OLT. Instead, the blade OLT can be placed on the existing rooftop site, taking advantage of existing power supplies and optical backhaul cables.

From the OLT, the feed fiber connection can be dropped directly to an optical distribution point located either on a utility pole or in the MDU to then distribute fiber connections to individual subscriber homes. Globe is taking advantage of advances in ODN equipment and connections to be able to quickly turn up new subscribers while also identifying and isolating faults, such as fiber impairments. The new ODN equipment eliminates the need for fiber splicing using pre-connectorized cable, while also eliminating the need for the technician to open up the optical distribution point unit when connecting a new feeder cable.

Distributed solutions for FMC will continue to grow

The AirPON solution and other vendors expected to enter the market are targeted initially at mobile operators in the Asia-Pacific region who face similar network or geographic constraints as HKT and Globe Telecom, where the re-use of existing rooftop antenna sites for the blade OLT makes economic sense. Countries in Southeast Asia are particularly ideal candidates for the solution, assuming they have determined that the competitive environment and ROI make it feasible to begin rolling out an FTTH service.

Beyond Southeast Asia, these solutions can be applied to operators in Central and South America, as well as parts of Europe, the Middle East, and Africa. Again, with operator consolidation occurring more frequently and with mobile and fixed technologies and architectures beginning to merge, solutions that distribute traditional CO-based platforms are certainly viable technology options. In many cases, there is simply no cost-effective way to deliver FTTH services to rural areas without a distributed platform that allows the operator to build out an FTTH service incrementally. The additional benefit of the AirPON solution and others that will enter the market is that operators can also re-use their existing investments in rooftop antenna locations to help further improve the ROI and overall business case of deploying FTTH.

Print Friendly, PDF & Email

With 5G now being deployed at full speed in the sub 6 GHz spectrum utilizing both the low-band and the upper mid-band, the focus is shifting to the next spectrum frontier. Even if the upper mid-band in conjunction with Massive MIMO has been a tremendous success story both from an economic and technical perspective providing far more aggregate capacity and throughput upside at a much lower capex than initially envisioned, the baseline scenario suggests mobile data traffic is projected to advance another 15x to 25x over the next decade, surpassing 1 Zettabyte (ZB) per month by 2030. While Massive MIMO and the sub 6 GHz spectrum will go a long way delivering another 5x to potentially 15x of upside, it will likely not be enough to meet the capacity demands of the next decade given the economic constraints the operators are facing.

As a result, all eyes are now on the next 5G spectrum frontier – also known as the 6 GHz spectrum (5.925-7.125 GHz). The Federal Communications Commissions (FCC) recently announced plans that make 1200 MHz of spectrum in the 6 GHz band available for unlicensed use permitting low-power device across the band and standard-power devices in 850 MHz. In order to maximize the overall efficiency and potential impact on the wireless-based economy, it will be imperative for other countries/regions to consider a more balanced approach between the unlicensed and licensed spectrum for the 6 GHz spectrum. The WRC-23 IMT identification for the 6425-7025 MHz band would provide service providers with a solid foundation to realize the 5G vision while at the same time providing consumers, enterprises, and industries with 600 MHz of incremental unlicensed spectrum to manage increasingly congested WiFi networks.

The baseline scenario assumes mobile data traffic will advance 15x to 25x over the next decade. While this initially might appear to reflect a slowdown in relative terms when compared with the growth rates in previous decades, the reality is that we are on track to consume as much data in 2030 as we did in the first twenty years combined of the smartphone era.

And there is no magic. Since the beginning of the first 1G networks through today’s 5G networks, operators have had three basic tools at their disposal to manage capacity growth including introducing more efficient technologies, deploying more cells, and using more spectrum.

The role of these capacity vehicles has fluctuated over time as the cellular industry has evolved, however, one consistent theme across the board is that the low hanging fruit has been picked, and it is increasingly challenging to extract significant gains.

The shift from 4G to 5G provides ~20% to ~30% of spectral efficiency upside, assuming everything else remains constant. The global macro cell site installed base is advancing at a high single-digit rate annually. Small cell deployments are firming up, but at the same time, co-channel densification without the use of beamforming can increase the interference between the base stations constraining the upside.

Massive MIMO and beamforming technologies address the interference limitations associated with small cell densification by increasing the antenna count at the site, enabling operators to optimize the RF signals directed towards the targeted users while at the same time minimizing interference levels for the remaining users.

So from a technical perspective, Massive MIMO and beamforming represent the next most effective solution of the capacity tool kit. In addition, the more targeted beams are improving the cell range of the base stations, enabling operators to realize equivalent 2 GHz LTE coverage with the upper mid-band, reducing the need to add more sites to compensate for the higher path loss associated with higher operating frequencies producing comparable 5G coverage relative to the 4G coverage.

And since the coupling between mobile infrastructure investments and wireless capital intensity remains strong, implying that constrained operator revenue growth will ultimately impact operators’ ability to raise capex, the appeal of Massive MIMO in the mid-band is not difficult to conceptualize. The combination of the capacity upside and the resulting cost per bit benefits by not having to add more sites forms the basis for the success with Massive MIMO – the technology accounted for more than 70% of the 2019 5G mobile infrastructure market.

Not surprisingly, the outlook for Massive MIMO remains favorable, underpinning projections that operators will squeeze as much as they can out of this valuable mid-band spectrum using 32T32R, 64T64R, and eventually 128T128R antennas. It is challenging to pinpoint the exact upside at this juncture but it is not inconceivable that an effective Massive MIMO strategy could produce another 5x to 15x of upside, depending on the spectrum assets.

Regardless, Massive MIMO in the upper mid-band spectrum will not be enough to manage the baseline scenario of total mobile traffic surpassing 1 ZB per month by 2030. And it most certainly will fall short addressing any game-changing device introduction spurring a change in behavior and video consumption utilizing the mobile network. Though video consumption comprised the lion share of the 2019 mobile data traffic, the average smartphone user still spends only around 20 min per day streaming videos on the cellular network, and baseline projections are resting on the assumption that the typical smartphone user will spend no more than 45 minutes per day streaming 4K videos by 2030.

Unlicensed proponents prefer to allocate the majority or all of the 6 GHz band for unlicensed applications, implying they expect mobile data consumption growth will slow at a much faster pace than consensus estimates or Millimeter Wave (mmW) technologies can play an important role addressing the projected shortage.

With the 2020 mmW installed base projected to surpass 0.1 M base stations and mmW smartphone devices already delivering Gbps performance, most everyone agrees Millimeter wave (mmW) based 5G NR technologies have advanced at a much faster pace than initially expected. At the same time, it will take time before the economics become compelling enough for early and late majority operators to deploy mmW systems over wider city areas and before the technology can address a significant portion of the overall mobile data traffic given the constrained capex envelopes. Even with upward forecast revisions, mmW based 5G systems are projected to account for less than 5% of the radio shipments over the next five years.

But with 600 MHz of 6 GHz spectrum and macro based EIRP levels, operators would be able to deploy Massive MIMO systems with beamforming utilizing the existing macro grid, thereby providing operators with incremental capacity to navigate not just the baseline growth projections over the next decade within the constrained capex envelope, but also including some margin to navigate new game-changing device introductions or stronger than expected IoT/FWA usage.

And from a speed perspective, one of the more important requirements in the IMT-2020 standard and vision is that 5G networks should consistently be able to provide 100 Mbit/s data rates to all users – anytime and anywhere. So in addition to dimensioning the networks for capacity, operators also need to design the networks to deliver a consistent experience throughout the cells and the day.

In short, we don’t know exactly how much of the 5G vision will be realized over the next decade. But we do know what tools the operators have at their disposal to navigate this ongoing transition from MBB to eMBB and IoT. And while it is possible that growth on the mobile network will slow at a much faster pace than expected, spectrum policies also need to consider the alternative – what if people end up spending more than 5% of the day streaming video content on the mobile network?