Our blog series showcasing VMware SASE rolls on, providing a deep dive look at how SASE’s next-gen cloud networking and sophisticated cloud security capabilities help power enterprise-wide digital transformation.
In a recent blog, we spotlighted the three tenets of SASE — one of which was prioritizing VMware SD-WAN™ as your building block.
What’s the engine that powers VMware
SD-WAN?
It’s all about a cloud-native
architecture, consisting of 150 VMware SASE points of presence (PoPs)
from VMware and its partners around the world. PoPs serve as on-ramps to SaaS
and cloud services, delivering optimal network performance, regardless of
location (e.g., branch, mobile, etc.) or endpoint type (e.g., IoT device).
SASE PoPs also serve as the first line
of defense and processing for end-user traffic, safeguarding the network from destructive
attacks and users from dangerous public Internet threats.
The PoPs’ global footprint provides
VMware SASE with a springboard to launch new networking and security services and
drive integrations with industry-leading third-party security partners.
And as you read this blog, there’s
a good chance that a VMware SASE PoP is nearby as they
serve 85% of the world’s major metropolitan areas.
This optimal placement ensures individual
users will connect to the closest regional PoP to reduce latency, increase performance,
and securely access enterprise resources (e.g., data center, campus, branches,
users) and cloud services (e.g., SaaS applications, platform providers).
Exploring VMware SASE PoPs: Five
key benefits
SASE PoPs combine software-defined networking and intrinsic security, enabling IT teams to seamlessly support user mobility in a zero trust environment.
1. Application quality assurance: SASE
PoPs deliver assured, reliable application delivery to mobile, branch, and
campus connections — even under unfavorable network conditions.
2.
Global PoPs: PoPs are strategically positioned around
the world to create direct peering connections with popular SaaS/IaaS
providers, with a goal of sub-5 ms latency between the SASE PoP and cloud apps.
This proximity
speeds the on-ramp to cloud between user request, packet steering, security
inspection, and application access.
3.
Operational simplicity: Configuration and
policy management are performed from a single, centralized cloud-based
orchestrator for all services within the PoP.
4. Cloud-native solution: The PoPs’ cloud-based management model eliminates the burden of infrastructure management, empowering the platform to harness advanced scalability and resiliency capabilities.
5. Intrinsic security: From zero trust network access (ZTNA) and secure web gateways to cloud access security broker (CASB) functionality and firewall as-a-service (FWaaS), the PoPs’ integrated capabilities guard distributed workers and apps against internal and external threats at all levels.
SASE PoP use case #1: Connecting a
branch user to a SaaS application
How can branch SD-WAN users leverage a PoP to effectively and securely connect to their SaaS application, such as Microsoft Office 365?
First, their traffic is directed
locally to an SD-WAN Edge device, which connects to the PoP’s VMware SD-WAN
Gateway — delivering a high-quality,
assured, reliable network on-ramp to the app.
Next, the Edge
device sends traffic to a nearby PoP via an SD-WAN overlay tunnel.
Upon exiting the tunnel, VMware Cloud Web Security™ processes the traffic, based on the security policy.
If no security issues are detected,
the traffic exits the PoP and is sent to the SaaS provider.
SASE PoP use case #2: Connecting a remote
user to a SaaS application
Let’s look at a work from anywhere
user who is working from home and off corporate premises. How do they connect
to their SaaS app?
First,
an agent on endpoint establishes a secure tunnel to the nearest PoP.
Next, the user and their device
posture are authenticated and authorized by VMware Secure Access within the PoP.
After that occurs, their secured traffic is sent to an SD-WAN Gateway component, which then sends it to a cloud web gateway, based on security policy and user context.
Finally,
Cloud Web Security applies the security rules before forwarding the traffic to
the SaaS provider.
Learn more
For a closer look at VMware SASE PoPs, check out the white paper, “Network Flow for VMware SASE PoP” here.
Want to learn more about SASE? Register now for VMworld, which features almost 70 sessions, panels, hands-on labs, and keynotes related to SASE, cloud networking and the emerging edge.
