5 Questions About VMware SD-WAN


As networks become more complex and enterprises adopt multi-cloud environments, IT organizations must look for new ways to drive wide area network (WAN) transformation while keeping their network secure. Many enterprises are looking to software-defined wide area networks (SD-WAN) to increase flexibility and agility, but SD-WAN comes with its own complexities.

Recently, we hosted a webinar on the Network of Clouds: Driving WAN Transformation and Convergence with Security. Steve Woo, co-founder and senior director of product management at VeloCloud, now part of VMware walked through how VMware SD-WAN™ by VeloCloud® provides a distributed network of VMware SD-WAN Gateways to provide scalability, redundancy, and on-demand flexibility while maintaining control all the way to the VMware SD-WAN Edge.

During this webinar, he answered several questions to help enterprises demystify VMware SD-WAN. Here are the five most important questions about VMware SD-WAN answered:

Q: Can secure access service edge (SASE) security be configured and managed through the VMware SD-WAN Orchestrator, or is another management screen needed?

A: For both the SASE security with our partners, as well as partner firewall virtual network functions (VNFs) that go directly on the VMware SD-WAN Edge, the VMware SD-WAN Orchestrator can manage the network connectivity. The network forwarding can be stitched up from the VMware SD-WAN Gateways to the different cog security points of presence (PoPs) or from the VMware SD-WAN Edge to the embedded security VNF. That being said, if you are using a partner’s security services, then as part of their security policy, you would revert to the partners screen. We do however manage our own security policies for our native embedded firewall.

Q: In the financial services enterprise, why would an enterprise require an SD-WAN solution if all the traffic is going through a data center?

A: This gets to the core benefit of SD-WAN, which is simplicity of deployment. Specifically, the ability to manage branch deployments and connectivity to multiple on-premises data centers, as well as the use of multiple lengths. For example, State Farm had a goal to expand bandwidth by adding broadband to their existing private Multiprotocol Label Switching (MPLS) for a hybrid network. Another option was to use wired broadband and LTE. With VMware SD-WAN, they were able to simplify the use of multiple links via the VMware SD-WAN Dynamic Multipath Optimization™(DMPO) technology. In addition to being able to simplify the use of multiple links, they could continuously monitor the status of the different links and move packets on a per-packet basis across different links depending on performance.

This is very important for broadband links that may have packet loss, intermittent packet loss, or intermittent jitter. DMPO assures that links have optimal performance when going from the enterprise branch to an enterprise data center. With a multitude of links, the simplicity of deployment is vital.

Q: What does client to cloud to container mean?

A: The VMware SD-WAN Network of Clouds can be directed to various cloud destinations, assuming all workloads are located in the cloud. In the case where some of the workloads are moving from an enterprise data center to the cloud, we are starting to see some workloads, certainly as a vision for the future, that may be moved all the way back out to the VMware SD-WAN Edge or branch. There are certain types of retail applications that may be Internet of things (IoT)-based, which will need to go through some local processing before sending summarized traffic to the cloud. For this reason, we have the ability to host a container on the VMware SD-WAN Edge at the branch to support this type of use case.

Additionally, we want to make sure that we not only connect the branch or the site to the VMware SD-WAN network, but that we continuously keep an eye out for our clients. This involves bringing in mobile workers as they walk out of the branch and work remotely through a secure virtual private network (VPN) into the VMware SD-WAN network, offering the benefit of our backend activity automation to a variety of applications, like Office 365 and Azure.

Q: Does VMware recommend WAN acceleration as well as SD-WAN?

A: It really depends on the customer use case. Often our customers tell us that the need for WAN acceleration is dropping as applications are being reformatted for distributed environments. Also, as the bandwidth improves with broadband, the requirement for traditional WAN optimization—in terms of the dupe and cashing—usually remain legacy deployments. That being said, if the service provider is using deployments for some of these legacy sites, they would deploy universal customer premises equipment (uCPE) to deploy a traditional lineup as a VNF and connect to the VMware SD-WAN VNF.

Q: What are the main differences between VMware SD-WAN Gateways and offerings from other vendors in the market?

A: Good question, and important to highlight, as there’s often confusion about that. As mentioned, VMware SD-WAN has multiple deployments. Typically, other deployments are virtualized single-tenant offers and while they may be labeled cloud, cloud nodes or cloud gateways, they are do-it-yourself deployments that provide a virtualized software instance of their SD-WAN solution. This means you would have to deploy, manage, and optimize it at multiple locations. Additionally, this setup only works for the front of infrastructure as a service (IaaS) locations. But, if you want to extend the SD-WAN in front of a typical software as a service (SaaS) location, you wouldn’t be able to deploy it directly at the SaaS location, because the SaaS provider would not provide hosting for your own virtual machine. In effect, you would have to try to build your own PoP in front of all the different SaaS PoPs. This is the key difference with the VMware SD-WAN solution.

The VMware SD-WAN Edge can be deployed by an enterprise directly in their virtual private clouds (VPCs) or virtual networks (VNets) for multi-cloud, IaaS destinations, SaaS destinations or cloud security destinations, mid-mile. The power of the VMware SD-WAN solution is how we have deployed the VMware SD-WAN Gateways as a service in front of multiple cloud destinations, with application programming interface (API) integration options. The simplicity of the VMware SD-WAN solution for any on-premises site with our cloud service option provides access to all of our VMware SD-WAN Gateways in all of our PoP locations. This is provided both by VMware and our service provider and cloud partners, making the VMware SD-WAN a scalable and economical solution.

Next steps to get started with building your Network of Clouds

This blog addressed some specific questions and concerns when building a Network of Clouds with VMware SD-WAN. For a full understanding of the opportunity and benefits presented by VMware SD-WAN, check out the free eBook, “Network of Clouds: Driving WAN Transformation and Convergence with Security”, or watch the webinar.


Leave a Reply

Your email address will not be published. Required fields are marked *