With VMworld 2021 kicking off tomorrow, we’re nearing the finish line of our exciting blog series on VMware SASE. Following last week’s blog on VMware Edge Network Intelligence™, today, we’ll spotlight how you can deploy SASE within your enterprise — explaining how to project scope, make design decisions, conduct tests and validation, implement the solution, and drive continuous improvement.
VMware SASE was designed to be easily rolled out, with minimal disruption to your enterprise. In fact, you can continue your existing operational practices as you generate the structures and processes necessary for a full SASE implementation.
This enables you to rapidly integrate new users and apps into your infrastructure and migrate existing resources when you choose — evolving your system from basic networking and security functionality to a fully unified policy and automated operations.
And by following our five-step gameplan below, you can DIY your SASE environment buildout in parallel with your current infrastructure.
Step 1: Scope your project
To effectively scope your project, start by defining your problem and goals. Where are the capability gaps and security risks? What operational challenges are you encountering? What compliance concerns do you have?
Finally, you’ll want to create standards to evaluate the ultimate success of your migration to SASE.
Step 2: Make design decisions
Once you’ve identified your goals, focus on organizing your architecture design and infrastructure specs. This is your chance to customize your SASE architecture to fit your needs. Here’s a quick checklist of elements to consider:
- Identify and inventory your resources and their locations — in the cloud and on corporate premises.
- Categorize your apps by type, business criticality, sensitivity, and physical requirements — including performance, bandwidth, and latency.
- Define your user types, device postures, and authorization levels.
- Understand network topology and internet connectivity details between sites — spanning vendor selection, connection technologies, bandwidth choice, and backup links.
- Define your security policy and how your infrastructure will connect to the broader corporate ecosystem.
Step 3: Test and validate
In this phase, you’ll have an early opportunity to show the benefit of SASE networking and security services and how your network can be migrated with little risk of disruption. The key is to start small by setting up a proof-of-concept demonstration, including a limited number of branches and a single data center.
Next, identify a set of users, devices, data, and applications for validation of end-to-end controls and traffic flow. Once that grouping has been successfully migrated, expand coverage to additional sets.
Step 4: Implement SASE across your organization
Implementation is where the rubber meets the road. After you’ve demonstrated success in limited trials, expand your scope to onboard new sites, applications, and users and migrate over existing enterprise infrastructure components to VMware SASE. Here’s a step-by-step approach for tackling it:
A. Establish network connectivity
In this first step, you’re establishing day-0 operations practices, building out your initial SD-WAN infrastructure and bringing up network connectivity, conducting a performance analysis, connecting to cloud services, and creating the framework for your business and security application policies.
B. Define users’ identity and context
After you’ve set up your network, VMware SD-WAN™ infrastructure and app policies, you can concentrate on user identification and authorization. By leveraging VMware’s intrinsic security capabilities, you can employ a ZTNA model that shifts security from a network-based process to one that focuses on defining users’ identity and device context.
C. Apply your security policy
Now that you’ve launched SD-WAN connectivity, you’re halfway home to rolling out SASE. Next up is integrated security, where you’ll implement a consistent end-to-end security policy across your enterprise. To do this, you must factor in user, device, and app perspectives, which would include managed and sanctioned entities, plus those outside of direct IT control.
D. Employ security as a service
In this step, granular cloud security services for cloud web security and a cloud firewall will help you assign the users and groups across your various business units to different resources, depending on their levels of access.
E. Perform validation and gain visibility
In this last step, you’ll want to ensure that your SASE global policy is effectively managing app traffic behavior. It should be monitoring work from anywhere user access and application permission consistency across network devices.
Finally, VMware Edge Network Intelligence will help you analyze performance across countless different security data points to gain actionable insights, automate your network optimization, perform self-healing, and continue security oversight.
Step 5: Power continuous improvement and perform lifecycle management
Now that your SASE solution is up and running, incorporate it into your team’s standard operational practices and look for new ways to ensure continued operation growth of the system — this will help you boost your SASE return on investment.
Lastly, lifecycle management is key. Establish processes that help your team manage the complete corporate lifecycle within the SASE ecosystem. This will enable you to optimize performance and ensure your operations run at full speed.
Learn more
- For a closer look at SASE deployment, read the white paper, “Steps to Roll Out SASE in the Enterprise” here.
- Want to learn more about SD-WAN and SASE? Register now for VMworld, which features almost 70 sessions, panels, hands-on labs, and keynotes related to SASE, cloud networking and the emerging edge.
- Be sure to read the technical book, “Journey into the World of SASE” to get expert insights on SASE and why it’s important
Join us again next week, where our blog series concludes, highlighting the six pillars of VMware enterprise edge services. See you there!