Sun under cloudscape, celestial background
SD-WAN Announcement Technical VMware

Network of Clouds: Extending SD-WAN Benefits to the Cloud

By Steven Woo, co-founder and sr. director products at VeloCloud, now part of VMware

Note: This is the first of a two-part blog series.

Organizations are increasingly embracing the digital economy through cloud adoption and moving more applications to the cloud. These applications and services are often distributed across a hybrid data center architecture that is multi-cloud in nature.

VMware’s vision is to deliver the digital foundation that enables any user on any device from any location to any application, across this distributed multi-cloud landscape. To achieve this vision, a different approach to connecting users to applications is needed. The VMware SD-WAN by VeloCloud Network of Cloud Services is emerging as the unique approach to address this any-user-any-connection need by leveraging the VMware hyperscale cloud infrastructure and ever-expanding cloud partnerships.

VMware SD-WAN: The Full Story

While we highlight the Network of Clouds here, it is only half of our story in enabling any-user-to-any-application access. The other half is our multi-services VMware SD-WAN Edge. Users in this any-to-any connection world must exist in the on-premises world, whether a large campus, a small remote office or branch, home or the road.

Legacy solutions only address the on-premises part of this problem, whereas others focus only on the cloud portion of the equation. Both solution types are inadequate and will quickly fall out of favor.

VMware SD-WAN is designed to cover both the on-premises and cloud aspect of any-user-to-any-application access. It provides a software overlay that extends from the user, on-premises sites, and legacy data centers to the distributed cloud destinations. The Network of Clouds serves as the other end of the overlay when the destination is anywhere in the cloud.

Shift to the Cloud and Challenges

Digital transformation through the shift of applications to the cloud offers unprecedented agility and efficiency. However, the reality of connecting users to these cloud destinations must still be addressed.

As organizations embarked on this journey, the natural initial step was to leverage the traditional enterprise network architecture.  Branches that connected over a private network to the enterprise data center would use this same network for cloud access. The enterprise data center would then provide extended private access to specific cloud destinations or provide a centralized Internet breakout. This leveraged the existing deployment mechanisms and the high-quality private networks, as well as existing security stacks in the enterprise data center. Even mobile users would connect through this hub.

While backhauling cloud traffic provides familiar operations, enterprise-grade reliability, and secure access to the cloud, it overloads the enterprise WAN and negates much of the benefits of distributed cloud applications. The performance benefit of bringing the application closer to the user, as well as the agility of deployment and scalability is severely compromised.

The shift to the cloud ultimately requires a fundamental change from this legacy approach. Gartner has declared that the shift to the cloud has made the traditional WAN obsolete.

Cloud vendors, whether SaaS or IaaS counter with their recommendation that enterprises should break out to the cloud as soon as possible–directly from each branch location. They tout their performance, scaling, and cloud service coverage to encourage local Internet breakout. The truth is that cloud service providers can only guarantee performance and security after traffic reaches the ingress point of their cloud. Direct Internet breakout, even with other SD-WAN solutions out there in the market, means “best-effort” delivery over the Internet due to “last mile” issues, regardless of the number of points of presence (POPs).

Additionally complex operations and lack of IT resources remain top challenges, specifically:

  • For IaaS instances or other services such as cloud security that require tunnel-based access, there is a significant manual and complex configuration on both branch and cloud sides to set up NxM tunnels.
  • Cloud solutions do not address the configuration of WAN edge appliances and services, a challenge for a large number of distributed sites without on-site IT staff.

The Solution: Network of Clouds from VMware

The multi-service VMware SD-WAN Edge provides zero-touch deployment, and in conjunction with the Network of Clouds, extends all the benefits of VMware SD-WAN to the cloud.

The benefits provided by the VMware SD-WAN Edge and Network of Clouds include (detailed in the VMware SD-WAN solution brief):

  • Dynamic Multipath Optimization (DMPO)
  • Dual-ended QoS
  • Automatic VPN and cloud-scale VPN
  • End-to-end business policies
  • End-to-end monitoring
  • Intrinsic security (segmentation, encryption, stateful firewall)

Network of Clouds extends all the benefits of SD-WAN to any cloud destination, and ultimately between cloud destinations. While we expect most companies to benefit from the Network of Clouds, using our VMware SD-WAN cloud is not required to get the benefit of our SD-WAN solution across your corporate sites. Corporate traffic is not required to traverse our cloud, and upon request, enterprises can even move our cloud-based management to their on-premises location.

Most enterprises will likely use a combination of on-premises and VMware-hosted and managed cloud capabilities to support their hybrid data center deployments.

Evolution to Hyperscale Cloud

An early step in the evolution to the cloud was the availability of virtualized appliances that enterprises could install in their initial IaaS compute clouds. VMware SD-WAN certainly continues to support this deployment model, and it has the benefit of enabling even private connections into the IaaS compute cloud.

However, supporting the migration to the cloud does not just require a virtualized version of an on-premises solution deployable in the cloud. Both operational and consumption model changes need to be considered. For organizations, here are some key questions to ask in the process:

  • Do we need to deploy, upgrade, monitor, and troubleshoot the infrastructure ourselves as an extension of our corporate sites, or does the network come with the same as-a-service benefits of the SaaS or IaaS clouds it is accessing?
  • Do we have to size and pay for fixed capacity at every cloud destination, or can it just be automatic and flexible like it is for SaaS applications?

An effective migration to the cloud requires a widespread distribution with flexible capacity. A small number of enterprise data center hubs ported to the cloud will only end up being chokepoints and result in backhauled traffic patterns. How to address this limitation?

Our answer is VMware SD-WAN and its hyperscale Network of Clouds. Our solution distributes POPs on a scale that supports a global distribution of clouds. Why is our solution better than a cloud-only one? Our hybrid SD-WAN approach leverages a VMware SD-WAN Edge to reach into the user site, versus the attempt by cloud-only solutions to locate cloud POPs near every possible user site. Our cloud Gateways are the “first hop” to the cloud and located within an optimal distance from all the global cloud destinations.

Here are some facts.

  • VMware SD-WAN is located in 100+ POPs and is comprised of 2,000+ stateless, horizontally scalable Gateways. These POPs include VMware colocation sites and IaaS sites, telco POPs and partner locations with “federated” access shared across cloud infrastructures. Our POPs in colocation facilities leverage Internet transit and public and private peering to IaaS and SaaS locations. VMware POPs in IaaS are interconnected via cloud mid mile networks, and SP POPs are interconnected via private network backbones.
  • Our multitenant architecture with multi-tier orchestration operated by global network operators enables the effective and efficient delivery of VMware SD-WAN as a Service. Organizations can easily consume the cloud service as our Gateways are automatically assigned, synchronize with Edge policies, and automatically scale out.
  • Let’s not forget about the performance advantages between the cloud POP and the on-premises Edge offered by VMware SD-WAN Dynamic Multipath Optimization (DMPO). It significantly outweighs any nominal additional latency between the cloud POP and destination cloud, and ultimately delivers optimized application performance.

Stay tuned for Part 2 of this blog where we discuss Secure Access Services Edge (SASE). For a preview, check out this press release.


Leave a Reply

Your email address will not be published.