SD-WAN

Inside VMware SASE PoPs: The Engine Behind VMware SD-WAN

Our blog series showcasing VMware SASE rolls on, providing a deep dive look at how SASE’s next-gen cloud networking and sophisticated cloud security capabilities help power enterprise-wide digital transformation.

In a recent blog, we spotlighted the three tenets of SASE — one of which was prioritizing VMware SD-WAN as your building block.

What’s the engine that powers VMware SD-WAN?

It’s all about a cloud-native architecture, consisting of 150 VMware SASE points of presence (PoPs) from VMware and its partners around the world. PoPs serve as on-ramps to SaaS and cloud services, delivering optimal network performance, regardless of location (e.g., branch, mobile, etc.) or endpoint type (e.g., IoT device).

SASE PoPs also serve as the first line of defense and processing for end-user traffic, safeguarding the network from destructive attacks and users from dangerous public Internet threats.

The PoPs’ global footprint provides VMware SASE with a springboard to launch new networking and security services and drive integrations with industry-leading third-party security partners.

And as you read this blog, there’s a good chance that a VMware SASE PoP is nearby as they serve 85% of the world’s major metropolitan areas.

This optimal placement ensures individual users will connect to the closest regional PoP to reduce latency, increase performance, and securely access enterprise resources (e.g., data center, campus, branches, users) and cloud services (e.g., SaaS applications, platform providers).

Exploring VMware SASE PoPs: Five key benefits

SASE PoPs combine software-defined networking and intrinsic security, enabling IT teams to seamlessly support user mobility in a zero trust environment.

1.  Application quality assurance: SASE PoPs deliver assured, reliable application delivery to mobile, branch, and campus connections — even under unfavorable network conditions.

2. Global PoPs: PoPs are strategically positioned around the world to create direct peering connections with popular SaaS/IaaS providers, with a goal of sub-5 ms latency between the SASE PoP and cloud apps.

This proximity speeds the on-ramp to cloud between user request, packet steering, security inspection, and application access.

3. Operational simplicity: Configuration and policy management are performed from a single, centralized cloud-based orchestrator for all services within the PoP.

4. Cloud-native solution: The PoPs’ cloud-based management model eliminates the burden of infrastructure management, empowering the platform to harness advanced scalability and resiliency capabilities.

5. Intrinsic security: From zero trust network access (ZTNA) and secure web gateways to cloud access security broker (CASB) functionality and firewall as-a-service (FWaaS), the PoPs’ integrated capabilities guard distributed workers and apps against internal and external threats at all levels.

SASE PoP use case #1: Connecting a branch user to a SaaS application

How can branch SD-WAN users leverage a PoP to effectively and securely connect to their SaaS application, such as Microsoft Office 365?

First, their traffic is directed locally to an SD-WAN Edge device, which connects to the PoP’s VMware SD-WAN Gateway — delivering a high-quality, assured, reliable network on-ramp to the app.

Next, the Edge device sends traffic to a nearby PoP via an SD-WAN overlay tunnel.  

Upon exiting the tunnel, VMware Cloud Web Security processes the traffic, based on the security policy.

If no security issues are detected, the traffic exits the PoP and is sent to the SaaS provider.

SASE PoP use case #2: Connecting a remote user to a SaaS application

Let’s look at a work from anywhere user who is working from home and off corporate premises. How do they connect to their SaaS app?

First, an agent on endpoint establishes a secure tunnel to the nearest PoP.

Next, the user and their device posture are authenticated and authorized by VMware Secure Access within the PoP.

After that occurs, their secured traffic is sent to an SD-WAN Gateway component, which then sends it to a cloud web gateway, based on security policy and user context.

Finally, Cloud Web Security applies the security rules before forwarding the traffic to the SaaS provider.  

Learn more

  • For a closer look at VMware SASE PoPs, check out the white paper, “Network Flow for VMware SASE PoP” here
  • Want to learn more about SASE? Register now for VMworld, which features almost 70 sessions, panels, hands-on labs, and keynotes related to SASE, cloud networking and the emerging edge.
  • Be sure to read the technical book, “Journey into the World of SASE” to get expert insights on SASE and why it’s important

Join us again next week, where our blog series continues, spotlighting VMware Edge Network Intelligence! See you there!