Written by Sanjay Uppal, senior vice president and general manager, Service Provider and Edge, VMware
Even before the pandemic began, IT teams were reimagining the design of networks to improve the security and performance of the apps and devices that connected to them. While the pandemic and shift to remote work certainly accelerated this redesign, the wheels were already in motion as a result of several converging trends.
- Apps have evolved. Applications are not just hosted in the data center anymore. Today, an organization’s app mix may include web and SaaS apps running in an on-premises, cloud or edge compute environment—or a combination of those environments. In addition, an app’s makeup is more dynamic than ever. A single app can run in multiple environments, and microservices let IT teams run certain app functions in different environments simultaneously.
- Remote work is here to stay. Employees now access these apps from the network edge in remote work sites and home offices. And their network needs vary drastically. A radiologist who reads patient charts with graphics-heavy applications requires a different kind of network than a writer who uses only a handful of productivity apps. The volume of remote workers and their differing performance needs puts unprecedented pressure on traditional networks.
- Security threats are increasingly complex. With apps and users everywhere, the traditional “trusted” security perimeter has completely dissolved. Threats across the network are harder to detect, and attacks are getting more sophisticated.
Considering these converging trends, the traditional network and security model is now obsolete. That model involves serving up an app over a server to a headquarters or branch location that’s behind a security firewall. A new model conceptualized by Gartner is fast gaining momentum as a viable solution—Secure Access Service Edge (SASE). This new model brings together networking and security and delivers both as a service from the cloud.
But First, a Word About SD-WAN
To understand the significance of SASE, it’s important to first understand the shift from legacy, hardware-based networks to software-defined networks. This shift has been underway for some time.
In the past, an enterprise would deliver an app by connecting users to a data center where the app resided. This data center was typically located behind a security stack at the company’s headquarters. This can be described as the ‘hub-and-spoke’ model.
As the cloud entered the picture, IT needed a way to keep the app behind the security stack while deploying it outside its data center. This need forced them to employ one of two inefficient models:
- Hairpin traffic back to the cloud. Application traffic takes a roundabout route from a data center, to the cloud, and back to the data center—all before getting to the user. Performance suffers.
- Connect every branch to every cloud. This model is also known as ‘mesh.’ IT operations knows it as ‘a nightmare.’
A Software-Defined Wide Area Network, or SD-WAN, creates a WAN overlay that connects branch locations with the app, no matter where it’s located. The WAN overlay provides the optimal app experience and performance by taking care of all the connectivity and automation on the backend. The WAN overlay can be thought of as the ‘application traffic cop’ model.
Why Shift from SD-WAN to SASE Now?
The saying ‘what got us here won’t get us there’ now applies. Although SD-WAN made significant strides in delivering apps to users, it’s optimized for connecting branches and certain home workers. Today, enterprises have a growing number of remote users, devices and services outside of the branch. This means businesses must again route everything through the data center. SASE takes SD-WAN to the next level that businesses need today.
As noted earlier, Gartner defines SASE as joining network and cloud security and delivering them as a service. It pairs the network performance benefits of SD-WAN with a simpler way to deliver security services on-demand, wherever they are needed. Security services then become just like any other cloud service.
VMware is building a global fabric of points of presence (PoPs). These PoPs serve as an onramp to SaaS apps and other cloud services. When users, devices or apps connect in a branch or via remote access, each PoP can apply the full suite of enterprise security functions.
VMware SASE, for example, combines industry-leading SD-WAN capabilities with cloud-delivered security functions, including cloud web security, zero trust network access, firewalling, as well as edge network intelligence. These capabilities are delivered as-a-service from a global network of more than 150 PoPs distributed globally.
The VMware SASE platform delivers these cloud-based security functions on-demand. Customers can apply the full suite of security protections anywhere, without having to maintain hundreds of point products distributed around the globe.
Going Beyond Security
SASE is the future of networking and security. And while the focus has been on the ‘secure access’ component of SASE, the ‘service edge’ component is now critical. Security services are just one of many capabilities that can be delivered to the edge from a SASE platform. The true potential of SASE lies in creating a service edge platform that’s extensible and enables delivery of capabilities such as edge computing on-demand using a subscription-based model.
While the SASE space is white-hot, the journey is just beginning. With an eye on the horizon, there are limitless possibilities for the variety of services that can be delivered over the VMware SASE platform, ultimately unlocking new potential for VMware customers and partners.
VMware SASE Platform is the secure access service edge solution that combines cloud networking and cloud security, including VMware SD-WAN, VMware Secure Access, VMware Cloud Web Security and cloud firewall (firewall-as-a-service). The platform gives partners an extensible service edge platform to help their customers:
- Ensure mission-critical application performance and meet the technology requirements of their remote workforces.
- Reduce demands on IT staff to deploy and maintain separate WAN and security solutions.
- Save on operational costs while migrating to SASE at a pace aligned to their business needs.
Want to hear more from Sanjay?
- Listen to this episode of VMware’s Partnership Perspectives Podcast. Sanjay joins host, Kathleen Tandy, to discuss the accelerating shift to cloud web security services and how secure access service edge (SASE) is becoming a growing area of focus for VMware’s customers’ success.
- Connect with him on LinkedIn and Twitter.