“AaS”, and “As a Service” is the common buzzword these days and we are all familiar with them. Lots of companies and vendors are offering some form of their product, tech “As a Service”. So when I say “Wireless as a Service” or “Network as a Service”, we aren’t new to these terms.
When I started to see Nile showing up in my LinkedIn feed, I was very curious about their offering. When I saw that they were one of the presenters at the NFD32 event, I was looking forward to seeing their presentation and asking questions.
Before I jump into what Nile presented I want to share an On-Premise IT Podcast from Gestalt IT, Network-as-a-Service is the End of Network Engineering Roles. There have been conversations around AI, Automation, and “aaS” models killing engineering roles, during this On-Premise IT Podcast led by Tom Hollingsworth, Pat Allen, Drew Conry-Murray and myself share some of our thoughts.
Nile was founded in 2018 by industry veterans Pankaj Patel, Suresh Katukam, John Chambers, and Sri Hosakote; the late company was launched in 2022.
Suresh Katukam kicked started the Nile presentation and touched on some points on past, present, and ongoing Enterprise Network operations and functions.
Unlike many other vendors, to execute Nile’s vision, the company decided to also build hardware from scratch instead of merging or acquiring. In the technology industry, everyone talks about taking a proactive approach to resolving issues, Nile’s vision is to focus on eliminating issues from the beginning that may contribute to the issues later on, things as configuration errors, human errors, change management related errors, errors related to bad design, errors related to physical and logical connectivity, etc.
Nile opted to use an OpEx pricing model based on per user/SQ’ and consumption. Think of utilities like electricity, gas, water, etc.
How Nile Does it:
While many companies offer some form of NaaS, Nile offers a paradigm shift in how NaaS gets done; Nile offers a guarantee with financially backed SLAs for the following three key elements..
Not only simply offering an RMA of hardware in case of a failure but overseeing the whole process from Define, Design, Implement, Validate, Operate, Monitor and lastly Refresh.
Nile uses a concept of “Nile Service Block (NSB)” which comprises of the following hardware.
- Wireless Access Points
- Wireless Physical and Virtual Sensors
- Each access point has an additional radio that also acts like a sensor
- Access Layer switches
- Distribution Layer switches
All hardware is meant to be resilient, with no single point of failure. Switch failure in the Core, Distribution, and access layers will not bring down a huge section of the network. If an access point fails, per design there should be adequate secondary coverage for the clients. This does not stop here, continuous monitoring of SLAs, environment, and network using physical and virtual sensors, synthetic testing and other data available from the devices and clients ensures that the network is meeting all the agreed-upon SLAs.
But what happens if there are physical changes in my environment which start to impact the WLAN user experience?
The answer to this question was interesting, and I feel like it is worth sharing; Suresh used an example of physical and user changes. As depicted in the pictures below. If most of the users end up converging in the middle of the area, based on the SLA and requirements, Nile may install an access point or two and/or relocate APs to update the design.
It is imperative to mention here that certain pieces of the overall network/infrastructure design are the responsibility of the Customer and Partner. RADIUS, DHCP, Internet, etc are some of the things that either a customer will need to configure or a partner will need to take responsibility for configuring those things.
Day 0 and 1:
Austin Hawthorne discussed day 0 and 1 operations, what stood out for me here was their Work Flow for getting a site up and running. There is a Work Order section that focuses on three different tasks associated with provisioning a site. Nile collaborates with their partners to provide these services and Installers get rated based on their performance.
- Site Survey
Guest Wi-Fi access is a key component of networks these days, it can open up your network to security risks if not done properly. Generally Guest WLAN either will get routed directly through a separate firewall interface, or some kind of central forwarding device in the DMZ and then the firewall. Nile is making the process simple handling all the security, configuration, and policies to keep the Guest WLAN traffic separate from the rest of the network.
I want to discuss the Liability section that mentions “DMCA“. Nile takes over the legal liability when it comes to DMCA by sending the Guest traffic through their POP and using their IP addresses instead of customer Internet IP addresses.
Guest connectivity – iPhone XR. Third image on the right shows the IP addressing scheme Nile was assigning to the Guest devices.
Suresh digs into Guest architecture in the following video starting at 24:40
Suresh and Austin discussed some troubleshooting steps within the Nile Dashboard and how data can be used to figure out the root cause of the issue. Going to my.nilesecure.com and looking at my connection metrics was impressive. I can see this as an excellent Level 1 troubleshooting tool or even an end-user tool to determine the quality of their connectivity.
There is also an option to report an incident from the my.nilesecure.com user interface. It also allows you to grab a screenshot, attach it to the incident and send it to the help desk.
NOTE: I did not get to see which button or area on the screen brought up this incident reporting screen. I also need to understand the back-end process, for example, once you hit submit where does it go? Does it only integrate with ServiceNow or can it simply send an email to the help desk if there is one specified in there?
Identity Based Access with Nile:
You can’t talk network, or wireless, and not discuss security. Nile decided to take a Zero Trust approach to security which means every single device that connects needs to be authenticated via Single Sign On or they will not gain access to the network. What happens to IoT/headless devices?
These devices will get quarantined and sit in the dashboard for Admin Approval. Nile can also support customer’s NAC/RADIUS if they prefer to use that instead of the built in portal authentication.
Nile Service Block supports MACSec (Automatically negotiates) from the access point to the switches, all traffic is always hardware encrypted, which adds a layer of security. NOTE: Not only the access points but the switches also support MACSec, all links and traffic is encrypted.
Todd Ellison (Principal Solution Architect) further explained additional security features
- Use of TPM Chipset in every hardware.
- Secure Boot – Ensures that the software is signed by Nile and there is no tampering
- Physical Security – No management or console port
- Each device validates other device
- Device and cloud authenticate each other
One important thing worth mentioning here is that the device and cloud validation do lock the device to the location it is supposed to be installed. If you take a Switch or an AP from Site X and try to install it at Site Y, it will not work. Should you need to move a switch from Site X to Site Y, Nile support will need to engage and move that switch.
Understanding how Nile Service Block routes traffic and secures it is worth discussing here; by default, each device is isolated, and there is no east-west traffic. There are two ways Nile is handling this traffic:
- All traffic gets routed to the firewall (Northbound) – This is the default and original method
- Nile added a new option and ability to leverage built in micro-segmentation.
I see being able to do micro-segmentation without complex NAC policies as a pretty good feature and would love to see it in action.
Simple Things Matter:
At times simple things make a huge difference and make us happy, I know they do make me happy. Because at times a solution to a bigger or a complicated problem is a simple one. I have been involved in many network migrations, installs, and refreshes. Trying to do this remotely means you have to create tedious documentation, graphics, etc for the installers which they either lose, never use, never take out of the box or their dog ends up eating it. Regardless of what happens, I liked the very simple approach that Nile took on their switches.
Each switch comes with graphics on the top and this can be extremely helpful for the installers and remote engineers when they are trying to install, provision, or simply troubleshoot.
Yes that AP on the right is a Wi-Fi 6E access point (NOTE: AP on the left is an outdoor AP)
- 2.4 GHz, 5 GHz, 6 GHz
- 4×4:4 in all three bands
- 1 Triband radio for WIPS/WIDS, virtual sensor
- 5 Gbps Uplink
My Final Thoughts and Wish List:
In my opinion, Nile offers a fresh and different take on NaaS and provides wired and wireless services. As I mentioned in the video above, I can see this as a good fit in multiple industries depending on a few factors:
- Do they prefer a CapEx or OpEx model?
- Do they have enough resources and skills in their IT Department to handle the needs of the users and a growing network?
- Do they have a budget to hire experienced Network and Wireless engineers, especially if most of their enterprise devices rely on WLAN for their connectivity?
- Think refresh cycles, for an IT Director and/or a CIO this may take away the burden of refreshing hardware every 3, 5, or 10 years.
- IT teams will also need to discuss internally and figure out how and where the solution fits.
- Depending on the business and technical requirements Nile can either be a full solution or focus on resolving specific needs, for example; An Enterprise may want their engineers to focus on core and above and use Nile for the distribution and/or access layer.
- An Organization may have certain locations that they acquired or are remote branches and do not have the time and resources to upgrade and integrate that network.
- At times an organization may not have the internal skills or time to handle WLAN design, deployment, and configuration, monitoring, troubleshooting. I can see an organization letting Nile handle all aspects of WLAN.
- Full or Hybrid approaches are a possibility.
Unfortunately, we ran out of time and were not able to look at the live demo that was also planned for the event. There is a big WLAN piece that also needs to be presented in some detail and discussed. Would love to see Nile present at one of the Mobility Field Day with a focus on Wi-Fi. Some of my wish list items:
- Work Orders – Would love to see a work order flow for each Project/Task where users can add notes, pictures, timelines, and toll booths so customers can see in real-time the progress.
- WPA3 support for MPSK.
- Nile SD-WAN/Firewall. Ideally, I’d love this SD-WAN/Firewall solution to be able to not just integrate with Nile hardware but also with other vendor hardware also.
- Possibly an integrated wireless AP option for smaller branch locations.
- LTE capabilities on the WAN side.
- Integration with Hamina.
- To clarify, Nile APs are already available in Hamina for a predictive RF modeling.
- Import/Export of a project is currently not available.
- Would like to better understand how the guest traffic is getting segmented from the rest of the network.
- NAC, NAC, NAC, would love to see a Nile NAC.
- Hospitality access point perhaps.
- Currently, Nile is using the OpEx model with per user/sq’ pricing model. I’d love to see a per-device model also.
Thank you for reading, if you have watched the Nile NFD32 presentation and/or have deployed the Nile solution. Would love to hear your thoughts and what would you like to see.