If you’ve been looking for a Security Service Edge (SSE) solution, especially ZTNA or VPN as-a-service, then you’ve most definitely heard the term PoP. Most vendors are quick to emphasize the number of PoPs they offer, and some have started talking about dynamic PoPs. With so many market and customer questions around PoPs, I thought I’d spend some time on the subject.
What is a PoP?
A point-of-presence (PoP) is a point or physical location where two or more networks or communication devices build a connection from one place to the rest of the internet. A PoP primarily refers to a location, facility or access point that connects to and helps other devices establish connections to the internet. Organizations and end users connect to PoPs, whether they know it or not.
It is worth nothing that some vendors specifically refer to PoPs that are in their own data centers rather than what is deployed in a Cloud Service Provider (CSP), such as AWS or Google Cloud. These legacy vendors are spending insane amounts of money to run data centers or rent space in co-locations. Buyer beware: these costs are passed on to customers, and the vendors are not taking advantage of economies of scale, or shared technology.
Dynamic PoPs are becoming more popular as well. A vendor can bundle SaaS software and drop it in various locations, such as customer sites or various CSPs.
Why Does the Choice of PoPs Matter?
In a nutshell, it matters because of the following:
- Performance / Latency – the closer the PoP location, the less time the traffic spends on the open internet. In most cases, a vendor using a CSP will use high-speed back channels to get traffic from location of the world to another.
- Availability / Stability – CSPs are built to support thousands of customers globally, where a vendor will only rely on itself and build for a much smaller set of customers in very specific area around the world.
- Compliance – PoPs and traffic may need to be various location based on local laws. This may be more severe when it comes to certain verticals, like financial and banking. It may also depend on the country, with China, for example, being a very special case.
- Security / Anonymity – shared responsibility models have evolved; in parallel, so have the location and how logs are stored. Vendors can choose to spread the data across various CSPs to limit the attack surface or possibility of a concentrated attack.
How CSPs Deal with PoPs
Some Cloud Service Providers (CSPs) also provide what I’ll call pseudo-PoPs, or lightweight PoPs. These may be seen as content delivery networks (CDNs) for public and private applications. Amazon’s CloudFront and GCP’s Cloud Premium Tier are examples.
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
Premium Tier delivers Google Cloud traffic over Google’s well-provisioned, low-latency, highly reliable global network. This network consists of an extensive global private fiber network with over 100 points of presence (PoPs) across the globe. By this measure, Google’s network is the largest of any public cloud provider. Google Cloud customers benefit from the global features within global load balancing, another Premium Tier feature. You not only get the management simplicity of a single anycast IPv4 or IPv6 Virtual IP (VIP), but can also expand seamlessly across regions and overflow or fail over to other regions.
The way Banyan’s solution has been architected offers the most portable solution on the market. Our general commercial offering is deployed in GCP and accessible globally using the above-mentioned Premium Tier IPs. Our solution is also available for some of our customers that have their own CSPs (such as Oracle) to quickly and easily deploy the full stack on their own servers. MSSPs may host the solution in their leased colocations. The solution is also elastic, and scales up and scales down as needed. Without needing to worry about limitations due to licensing or the cost of gateways/connectors/access tiers, like other vendors, the solution can realistically be deployed anywhere around the world in as many ways as administrators can imagine. While some vendors force you into their cloud, Banyan gives you the flexibility to be unique and take advantage of what you’ve already designed and built.