451 Research: Extending into the cloud- CohesiveFT redefined for its VNS network software

From the 451 Research Group (subscription required to view)
Analyst: William Fellows
29 May, 2013

CohesiveFT is doubling down on its Virtual Network Server (VNS) networking smarts and is seeking a role as a provider of network function virtualization (i.e., enabling users to extend their networks into the cloud). It’s no coincidence that the arrival of Chris Swan as CTO – and following an influx of new investment in the summer of 2012 – has led to an overhaul of the company’s message, positioning, direction and portfolio. It’s been predicated by the rise of cloud and the need to solve the network ‘problem’ by the use of software-defined network (SDN) techniques.


An organizing principal for CohesiveFT may best be regarded as NFV, or network function virtualization, which is a longtime (but little used) acronym that implies the delivery of software-based network functions and services. Moreover, it refers to doing what commonly runs on proprietary hardware and abstracting it to run on x86. It’s not only overlay, and not only SDN. Enabling users to extend their networks into the cloud is important in a number of ways. It means users will be able to take advantage of the most suitable environments for running/hosting jobs and applications (best execution venue) securely. It also means they will gain the opportunity to create additional relationships with partners that take advantage of multi-party ‘meet me’ venues, where organizations can meet by prior arrangement and have that environment virtualized for a specific activity. Moreover, it addresses a very basic requirement, namely the need for a single secure network that flows from inside the enterprise and back, which remains largely unmet. VPNs and physical networks that can directly connect a customer to their clouds so the cloud resources look like an extension of their networks are rudimentary today.

Business model

CohesiveFT received an undisclosed series B round of funding in the summer of 2012, which it’s using for consolidation rather than growth. It’s previously raised three investments (starting with $1.5m raised in October 2006), which were rolled up as a conventional series A in 2008. Although a sub-$5m-revenue company, it has some 20 staff, and claims to have added 170 subscribers in 2012 – it said it had more than 100 coming into 2012. Existing users are getting larger, and small deals are turning into big deals.


Server3 (server cubed) is the image factory for which CohesiveFT was originally founded. Then christened Elastic Server on Demand, this lives on in the SaaS offering (see below). It enables users to assemble, test, and deploy custom stacks and servers for most operating systems, virtualization formats and clouds – a ‘recipe’ for virtual appliances. The resulting Elastic Server Images can be composed of open source, third-party or proprietary software components from multiple vendors, and saved as templates, updated, augmented or redeployed in minutes. Each Elastic Server Image provisioned using Server3 comes with a detailed description expressed in a modified OVF – XML format with extensions to document all the installed components, not just the base image. Elastic Server is the SaaS implementation of Server3. Smart Elastic Server is the implementation Cohesive FT has created for use in conjunction with IBM’s SmartCloud. After all, there aren’t too many ways to get onto IBM’s SmartCloud. Google’s GCE could be an opportunity, given its rudimentary image management functionality. While mechanisms such as OpenStack’s Glance enable users to choose images to deploy from a library, it has no visibility into the image itself, unlike Server3, CohesiveFT argues.

Context3 (context cubed) provides automation of ‘topologies’ in the cloud, especially where applications span multiple machines and involve some degree of dependency mapping. It supports configuration management, server role version control, and compatibility with frameworks such as IWD, Chef, Puppet, RightScale RightScripts and CFEngine, as well as scripting languages (bash, PowerShell). It ships as a virtual/cloud appliance. It provides runtime scaling up and down, and acts as a repository for scripts and roles. Context3 is currently used in CohesiveFT’s Cloud Container Solutions offerings, and will be available as a stand-alone product.

Ultimately, Server3 and Context3 are conduits for the sale of CohesiveFT’s VNS, formerly VPN-Cubed. Going forward, this overlay mechanism is the spear tip of the company’s focus, and the other products are being deemphasized. VNS is not only for VPNs – hence the name change – since overlays can be within a cloud, between clouds, between a private datacenter and a cloud (or clouds), or between multiple datacenters. Overlays provide security as they operate encrypted tunnels, additional protocol support that the service provider doesn’t, and consistency of addressing. VNS provides what the company describes as SDN capabilities for public, private and hybrid cloud deployments. It’s an overlay and is available in a number of editions, from free (with one manager, five client packs, one IPsec endpoint and one tunnel) to the $750-per-month Enterprise version (which comes with two managers, 50 client packs, 16 IPsec endpoints and 64 tunnels).

VNS3 Managers are virtual routers, virtual switches, SSL VPN concentrators, IPsec VPN concentrators, firewalls and protocol redistributors – configurable in a mesh arrangement. They can be used to run activities that have been moved to a cloud, but need secure access to corporate datacenters. They can provision development infrastructure on the fly, allowing ‘N’ identical copies of virtual servers to be run simultaneously. They integrate with existing edge and DMZ equipment like IPsec extranet boxes, intrusion prevention, intrusion detection and stateful inspection. VNS3 Manager images are available for IBM SCE, Amazon EC2, Amazon VPC, GoGrid, Terremark vCloud Express, Flexiant, ElasticHosts and CloudSigma. CohesiveFT can provide VNS3 Manager Images in various virtual formats, including VMware, KVM, Xen and Parallels.

CohesiveFT plans to deliver a range of ‘recipes’ for different kinds of VNS deployment scenarios. Infor’s Lawson Software ERP shop is a reference client that uses VNS as the containment and staging environment for each new customer that is on-boarded. For Cohesive reseller Zenprise, each new customer is a VNS user. It’s been using Amazon DevPay, but is moving to the AWS Marketplace so that it can bring its new AMI into play and have the free edition sit in an Amazon tier. The DevPay environment mandates small charges – a trip hazard that is overcome by going to the marketplace. It should move into other marketplaces as they get traction.


Amazon (VPC, Direct Connect), Rackspace (Cloud Connect) and other providers have some overlay artifacts. CohesiveFT sees them as potential opportunities rather than as competitive. It believes it can add functionality to VPC – for example, VPC only provides a single IPsec connection back; it couldn’t support a meet-me environment. VPC is also a single-availability zone – CohesiveFT says it can span regions and providers. It recommends running VNS inside VPC. Azure has a VPC-like capability, while GCE has a network-oriented implementation, and has announced IPsec, but not yet revealed it. CloudSwitch was a late entry to the overlay market, and got an offering to market quickly. However, it has somewhat disappeared from view since its acquisition by Verizon. Indeed, CohesiveFT says it’s now getting inbound inquiries from Verizon’s own Terremark unit to provide this capability.

SWOT Analysis



VNS effectively delivers SaaS via single-tenancy experience, solving one of the key challenges for cloud adoption: data protection/security in shared environments. In the face of Amazon, Rackspace, and others in the market with what might be considered early and perhaps ‘good enough’ technologies, CohesiveFT will need to become a designated expert for extending networks into the cloud.



Opportunity appeared to have been knocking on a number occasions. CohesiveFT is still searching for a breakout move, but it’s now pointed directly at a key challenge for enterprises as they seek to take advantage of cloud. CohesiveFT has effectively incubated a bunch of independent activities over its lifetime – from identity management to image manufacture/automation, virtual network overlay and RabbitMQ, with the latter being the one that achieved escape velocity and was ultimately acquired by VMware. Can it drive Server3 the same way in order to focus on VNS?

By: Margaret Valtierra