11/7/2023: VMware Edge Network Intelligence is now VMware Edge Intelligence! Announced at VMware Explore Barcelona, Intelligent Assist for VMware Software-Defined Edge will bring VMware Edge Intelligence together with generative AI to provide intelligent remediation and security for both OT and IT environments. Read our blog post to learn more.
SD-WAN has emerged as a game-changer for organizations seeking to optimize network performance and enhance connectivity across geographically dispersed locations. However, to get the full benefit of SD-WAN, you need effective operational and monitoring practices. This becomes increasingly important due to the operational and security challenges that arise as SaaS applications become more popular and end users can work from anywhere.
VMware SD-WAN™ has powerful capabilities, including VMware Edge Network Intelligence™, that will help you identify and address network issues before they become problems, use resources to their fullest potential, and deliver an outstanding user experience. This blog and video explore some of the best practices for operating and monitoring an SD-WAN network, with a focus on real-time performance monitoring, security monitoring, and application visibility.
Watch the video for a visual walk-through of these features. (If you don’t see the video here, click for the YouTube link.)
Real-time performance monitoring
Visibility into real-time network behavior is essential to ensure optimal network performance and proactively identify and address potential issues. Here are some SD-WAN best practices:
Monitor network health: The VMware SASE Orchestrator provides granular visibility into network performance metrics such as latency, jitter, and packet loss of every available WAN link. While the Dynamic Multipath Optimization™ (DMPO) feature automatically takes sub-second action to mitigate against link health issues, it can also monitor real-time network health and bandwidth consumption to proactively identify and address any performance bottlenecks.
Enable alerting mechanisms: Configure alerts to network performance management platforms for network parameters for metrics like link utilization, packet loss, or deviations in application performance. This enables timely notifications when performance deviates from expected levels, allowing for proactive troubleshooting.
Streaming metrics such as those provided by Webhooks and NetFlow may be ingested and analyzed to provide a near-real-time view of network conditions and performance. On-demand mechanisms such as SNMP and API calls may also be used to periodically pull an automated snapshot of network conditions.
Utilize AI/ML analytics: Advanced network analytics platforms provide valuable, actionable insights into SD-WAN edge networking environments. VMware Edge Network Intelligence utilizes artificial intelligence (AI) and machine learning (ML) techniques to collect, analyze, and process network telemetry data in real-time from edge devices.
VMware Edge Network Intelligence enables users to perform real-time monitoring, anomaly detection, predictive analytics, security insights, visualization, reporting, integration, and automation. It continuously monitors network traffic and performance metrics at the edge, and can detect anomalies and abnormal patterns in network behavior.
Implement continuous benchmarking: Employ continuous monitoring tools to collect and analyze performance data on an ongoing basis. This enables the identification of patterns and trends, empowering network administrators to make informed decisions for capacity planning and optimization. It also captures valuable historical performance baselines that may be used to determine if network changes resulted in performance improvements or degradations. Periodic automated reports may also be used to provide valuable historical insights and points of comparison.
While all of these mechanisms may be used, most organizations will benefit by focusing on a subset that best suits their operational requirements and performance goals. The integration capabilities of any existing organizational logging and alarming platforms may also play a role in selecting which alerting mechanisms work best.
Also, an integrated AI/ML solution such as VMware Edge Network Intelligence may reduce the need to off-board metrics to a third-party solution for analysis, and shorten mean-time-to-resolution.
Application visibility
To ensure optimal performance and user experience, it is crucial to have comprehensive visibility into application traffic. Consider the following practices:
Leverage application-aware routing: Application awareness provides an additional way to control traffic, meet an organization’s business intent, and utilize available network resources more efficiently. For example, higher-priority critical or sensitive application traffic may be configured to use more secure private links, while lower-priority applications can remain on lower-cost internet links. VMware SD-WAN enables application-aware routing, allowing you to prioritize critical applications over less important traffic, and the ability to dynamically move application traffic from one link to another should the need arise.
Use Application Performance Monitoring (APM) tools: APM tools provide deep insights into application performance metrics, including response time, throughput, and transaction success rates. These tools help administrators identify application-related issues and troubleshoot them effectively.
Monitor user experience: Implement end-to-end monitoring of user experience, including response times and application availability. VMware Edge Network Intelligence provides visibility into user experience, allowing administrators to proactively address performance issues.
VMware Edge Network Intelligence provides dynamic benchmarking of real-time applications like Zoom, and alerts on any significant deviations from that benchmark. It also correlates related indications and provides root-cause suggestions, reducing mean time to resolution and in many cases, allowing operations to address the solution before it affects end users.
Security monitoring
Ensuring the security of your SD-WAN network is paramount. As SD-WAN becomes part of a larger integrated SASE solution, it is important that the transport and security teams also integrate their operational policies to ensure that monitoring, logging, alarming, and reporting are coordinated, consistent, and managed together. Rather than two separate activities, a unified approach ensures that both teams have “the big picture” when it comes to network conditions.
Here are key practices to implement SD-WAN best practices for security:
Use secure connections: Secure protocols such as IPsec should be used to protect the confidentiality and authenticity of traffic traversing the SD-WAN network overlay. VMware’s SD-WAN uses an IPsec-based encrypted overlay to provide authenticity and privacy to traffic using WAN transport networks. IPSec and GRE-based tunnels are also supported to connect to non-SD-WAN destinations.
Implement next-generation firewalls (NGFW): Organizations have the option to leverage VMware SD-WAN’s integrated edge-hosted application-aware firewall, IDS and IPS, and VMware Cloud Web Security™ to inspect and filter traffic for potential threats. Integration with third-party NGFW solutions is also supported. This provides a layered security approach against malicious activities, as well as granular visibility into attempted malicious activities. This visibility is crucial for quickly analyzing the threat and taking mitigating steps against it if necessary.
Monitor security events: Utilize security information and event management (SIEM) solutions to monitor and correlate security events across the SD-WAN network. By analyzing logs and generating alerts, administrators can swiftly respond to security incidents.
Security events can be recorded and analyzed via firewall logging and integration with SIEM platforms. The VMware SASE Orchestrator also offers a real-time dashboard of threats detected, including impacted locations, threat distribution, and threat origins.
Conclusion
The decision to adopt SD-WAN for an organization’s evolving transport needs is only the first step. Once deployed, a comprehensive strategy for SD-WAN best practices to operate and monitor the network efficiently is vital for ensuring optimal performance, security, and application experience.
By following best practices such as real-time performance monitoring, security monitoring, and application visibility, organizations can proactively identify and address issues, optimize resource allocation, and deliver an exceptional user experience.
VMware SD-WAN, with its powerful VMware Edge Network Intelligence feature and integrations with security and monitoring tools, provides robust capabilities to help organizations achieve these objectives.
