VMware SD-Access™ is a very simple and secure remote access solution that provides users with access to corporate applications or resources, no matter where the user or the resource is located. It securely connects remote endpoints and devices without hardware edges, while providing visibility and insight into the user’s application experience using integrated AIOps.
VMware SD-Access is also an integral part of VMware’s strategy for the software-defined edge, which is distributed digital infrastructure for running workloads across dispersed locations, placed close to endpoints producing or consuming data. Enterprises are searching for tools that help them produce better business outcomes at the edge. Read our blog from VMware Explore Las Vegas 2023 to discover how VMware SD-Access and VMware Edge Cloud Orchestrator™ will help customers plan, deploy, run, visualize, and manage edge environments.
When this blog was originally published in February 2023, VMware SD-Access (formerly called the VMware SD-WAN Client) was beginning to gain serious momentum with the select VMware partners and customers who were invited to try it. Now this revolutionary software is available to anyone—even if you do not use VMware SD-WAN.
VMware partners and customers are excited about the capabilities of the VMware SD-WAN Client. The software sits on your laptop, mobile device or IoT device and in front of your IaaS or data center resources. The Client brings the benefits of VMware SD-WAN™ to remote access: single-console control, integrated AIOps, rock-solid security, optimized connectivity, a superb end-user experience, and more. With a choice to use a software client or a hardware appliance, VMware SD-WAN offers an ideal balance of cost and performance optimization.
Today at Mobile World Congress Barcelona, VMware announced that the VMware SD-WAN Client is now available by invitation to select customers and partners. The experts know what they need from a remote access solution, and their evaluations across a range of use cases will inform VMware’s product development. The VMware SD-WAN Client is expected to be available in the first quarter of 2023. Read the press release with the news from Mobile World Congress.
Remote access should be simpler than it is
Employees working from anywhere want the same level of fast, secure connectivity that they have in the office. Contractors and partner companies want simple, frictionless access to the corporate resources they need to do business. Enterprises want to be able to use the cloud that’s best suited for each of their applications and provide resources in the simplest and fastest way to those who are authorized to access them.
But in the real world, most remote access is still hair pinned through VPN concentrators in data centers. Traffic is backhauled through VPNs and security stacks at centralized locations, creating bottlenecks that lead to slow connections and poor user experiences. Routing paths are unreliable and often at the mercy of best-effort Internet connections, with multiple possible points of failure. Several tools are often used on the same traffic, creating complexity. It’s a mess.
The VMware SD-WAN Client delivers a cloud-hosted, software-only solution to extend VMware SD-WAN as a remote access service. It can connect any user on any device to any application in a simple, scalable and more secure manner.
The VMware SD-WAN Client was developed to meet the needs of hybrid and remote employees who are working from wherever they happen to be—coffee shops, airports, mountaintops, or sofas. In some cases, a home-based worker would need the performance of a VMware SD-WAN Edge hardware device. An example would be a radiologist who needs to scan through gigabytes of images within a few seconds. But in many cases, it would be more cost-efficient and simpler to download a software agent.
“We were looking for a solution to better secure some of our remote IoT devices and automation equipment that operate over the 5G public networks. The VMware SD-WAN Client was a perfect fit and we were able to deploy it on the devices and build a direct link to our infrastructure within minutes. It was also a great fit for a remote pumping station that was able to use fixed 5G instead of an expensive hard-wired connection. The clients’ overlay network is transparent to our operations and makes it easy to deploy and secure without additional configuration on our network. I’m looking forward to more deployments across our infrastructure and user base.”
Keith Bradley, Vice President of IT and Security, Nature Fresh Farms, in a press release
How it works
To begin, a user downloads the VMware SD-WAN Client agent onto their tablet, laptop, or phone. The VMware SD-WAN Client can also be installed on a headless device such as an ATM, a retail kiosk, a robot arm in a factory, or a gas pump.
The enterprise can choose to install the VMware SD-WAN Client agent on a server or client connector in front of a server (see below), which could be in a data center or cloud, for example an AWS or Azure instance. The clients on the end device and on the server join a fabric that is dynamically created among all the participating end systems. This is similar to traditional SD-WAN, where a branch router can talk to any other branch router directly.
If an enterprise server is sitting behind a firewall or uses network address translation (NAT), the VMware SD-WAN client uses a client relay to make outbound connections to an end to end encrypted global relay service that VMware operates. The VMware SD-WAN Client constantly learns from these relay paths, measuring parameters including latency, jitter and throughput to provide the most efficient path and best performance for each resource on the fabric. In the future, VMware partners will be able to host these relays for greater granularity in choices such as geographic location and best path selection.
If a customer would rather not install the agent on servers, VMware SD-WAN Client systems provides the client connector. The client connector functions like the agent towards the fabric but is a front end for LAN-side resources. Both outbound and direct connections are supported. Just like SD-WAN, traffic is not sent to one site (such as a VPN concentrator). When multiple client connectors are sitting in multiple clouds, the client will choose the one closest to the target application. A client can be connected to multiple client connectors and multiple server-based agents at the same time—all encrypted end-to-end and optimized for the best path.
“The SD-WAN client from VMware is a really unique remote access solution that we think will be a big hit with our customers. We were delighted how quickly we had the solution up and running and were able to easily define access policies and services. We are looking forward to leveraging the client to extend the flexibility of our SD-WAN offering.”
Rehan Qadri, Solutions Architect, Presidio, in a press release
How the VMware SD-WAN Client will benefit your business
The VMware SD-WAN Client securely connects users to any cloud in any region with easy to deploy software and networking. It is supported on leading operating systems and devices, including Windows, Mac OS, iOS, Android and Linux, with support for other operating systems in development.
Flexible and easy to adopt: VMware SD-WAN Client management is cloud-hosted and can be deployed in minutes. With the Client, it takes only a few clicks in the VMware SASE Orchestrator to set up what used to take hours or days. The multi-tenant management system integrates with customers’ SSO, and greatly simplifies complex security policies using micro-segmentation techniques and pre-built virtual topologies such as hub-and-spoke and full-mesh.
High performance, high reliability: The VMware SD-WAN Client is not always-on. It transparently creates narrow connections on-demand—so no established tunnel, with its accompanying security risks, is necessary. Like SD-WAN, the Client can create any-to-any connections over its fabric, crossing firewalls if need be. Traffic is not backhauled through a data center, instead the VMware SD-WAN Client can provide direct access to applications or to other users. Similar to VMware SD-WAN technology, the Client is constantly measuring performance and hunting for the best-performing path for each resource on the fabric. This speeds traffic flow and application access and provides an excellent experience for end users.
Tight security across the SD-WAN fabric: With end-to-end encryption, encryption and decryption stay on the VMware SD-WAN Client or VMware SD-WAN Client connector and are never sent to the control plane, or anywhere in the fabric. Contextual access is based on zero-trust principles of user identity location, time of day, and end device posture, allowing per-user application access based on context of the user and end device. Policy management and visibility are granular, centralized and simplified with the VMware SASE Orchestrator—and the best security is the security that actually gets implemented because it’s simple to deploy and manage.
“We deployed the VMware SD-WAN Client in our cloud infrastructure lab and on several laptops and put it to the test. We were pleased with how easy it was to deploy and how transparent it was to use. Solving remote access challenges for our clients’ distributed workforces is a core part of our business and an easy solution like the VMware SD-WAN Client is an obvious fit. We are looking forward to building it into our offerings.”
Which of VMware’s awesome remote access solutions should I choose?
You may already be familiar with other remote access solutions in the VMware SASE portfolio: VMware SD-WAN Edges and VMware Secure Access™. The VMware SD-WAN Client adds another choice. Which product is the right fit for your company?
VMware SD-WAN Edge devices (hardware or VNFs) are the best choice for employees working in a fixed location away from a corporate building, such as home offices.
VMware Secure Access: If you are already managing devices with VMware Workspace ONE, VMware Secure Access can bring those devices into the SD-WAN fabric with zero-trust capabilities that augment Workspace ONE mobile device management features.
VMware SD-WAN Client is best suited for two use cases:
Remote workers who spend a lot of time traveling or working away from a fixed location
