The VMware SD-WAN Network of Clouds is realized by both our hyperscale architecture and the broad ecosystem of partners who share the same Network of Clouds vision and leverage our architecture. The extensive ecosystem of partnerships further simplifies and automates operations and connectivity, increases the distribution of our VMware SD-WAN Gateways, and ultimately enables the introduction of simple and integrated consumption models.
As part of our Network of Clouds, the VMware SD-WAN overlay extends to the following clouds:
SaaS clouds: Collocated with all the major SaaS clouds, such as Microsoft Office365. Many UCaaS partners have deployed VMware SD-WAN Gateways within their clouds.
IaaS clouds: Simplified connectivity into all the major IaaS clouds. For example, we recently announced a capability with fully automated provisioning to Microsoft Azure Virtual WAN, as well as collaboration to deliver further integration between Azure and our Gateways deployed inside Azure.
Security clouds: VMware is partnering with all the major cloud security vendors with recent additions of Check Point cloud, Menlo Security’s patented Isolation platform, and Netskope security with an integrated mid-mile.
Telco clouds: One of the unique capabilities of VMware SD-WAN is our Gateway on-ramps into the private telco backbones and data centers.
Mid-mile clouds: These are useful when accessing distant clouds. For example, if one geographic region must access an application hosted in a different region, mid-mile clouds help to optimize application performance. While these can be overlays over traditional private backbones, the more interesting are overlays over the Internet or optimized cloud backbones. Azure Virtual WAN, which provides optimized connectivity between different vNETs via vNet hubs, is a great example. We recently announced an automated access setup capability using Azure APIs. Netskope, a new security cloud partner, also provides a mid-mile extension. Finally, VMware SD-WAN has its own extended software capabilities for an optimized mid-mile cloud overlay in “tech preview” – ask us about this if you have relevant use cases.
Network Exchanges: A variation of a mid-mile cloud, these Internet Exchange Points or cloud exchanges peer or exchange traffic between different networks or Internet service providers. Our Network of Cloud Gateways are already deployed at Equinix, an IXP leader. We also announced the validation of our VMware SD-WAN Edges for DIY deployment on the Equinix virtual infrastructure called the Network Edge. This provides more cost-effective and better performance connectivity to multiple clouds.
Analytics clouds: Plixer and SevOne, along with VMware vRealize Network Insights (vRNI) and VMware SD-WAN Orchestrator, are examples.
Our VMware SD-WAN Gateways hosted by VMware or our partners extend SD-WAN to the doorstep of all these different types of clouds, creating our Network of Clouds that enables easy multi-cloud adoption and offers assured application performance. If tunnels are required, VMware SD-WAN orchestration simplifies the set up through fully automated connectivity by leveraging the partners’ cloud APIs.
The Right Platform for SASE
Gartner’s recent market trends report introduces the concept of Secure Access Service Edge (SASE)1. The increasing use of cloud services makes the traditional enterprise data center—along with its centralized security stack—obsolete. Security should be distributed to a “thin edge” at the branch—or a user location— and the rest should be delivered at distributed cloud locations in proximity to the cloud destinations. With more distributed users, implementing a full security stack at the source is uneconomical, a management nightmare, and increases the attack surface. A critical point highlighted in Gartner’s report is that this thin edge should include SD-WAN, not just the thin security functionality.
VMware SD-WAN is the right platform for the convergence of security and networking into this SASE architecture for the following reasons:
It is critical to offer both on-premises as well as cloud-delivery, which has been offered through our unique SD-WAN architecture from inception.
Enterprise multi-services requirements mean that both the Edge and the cloud need to support multiple services, more than security. Our VMware SD-WAN is intrinsically a multi-service platform, supporting SD-WAN overlay, security, and more.
Cloud providers and enterprises alike have recognized that to move services to the cloud requires the extension of an “enterprise-grade” WAN with high application performance, reliability, security, and visibility to the cloud. Best-effort delivery that was okay for web surfing is not acceptable for business-critical cloud applications.
The reality is that typical enterprises will continue to have hybrid architectures in the foreseeable future. Their data centers will include a hybrid of enterprise sites as well as cloud sites. Their connectivity will use a hybrid of private and public/Internet networks. A platform that supports not only cloud destinations with a SASE architecture, but also existing on-premises applications with security requirements is needed. VMware SD-WAN supports this hybrid enterprise requirement.
When seeking a SASE solution, CIOs, security and IT leaders should be careful not to adopt solutions quickly delivered to fulfill the missing component of a SASE solution without a complete vision of SASE. You should look for a true multi-services Edge, with robust SD-WAN capabilities for supporting large and complex networking configurations. You should also look for this edge to provide access to a diversity of cloud services, including but not limited to security services. SASE, after all, is a convergence of networking and security. It requires an industry leading network solution in addition to the security services distributed between the edge and the cloud.
Cloud security providers such as Zscaler, Checkpoint, Forcepoint, Symantec, and recently Menlo Security and Netskope have all recognized the advantage of our two-pronged approach of multi-services edge and cloud. VMware, together with our partners, delivers a world-class SASE solution.
From the built-in security perspective, our VMware SD-WAN Edge already has the complementary stateful firewall and segmentation as intrinsic security across all the distributed sites, while NSX security follows workloads across enterprise data centers. In the future, you can expect more of VMware’s own portfolio of security capabilities integrated into our unique Network of Clouds platform. Our platform will support our partners leading security solutions, as well as unify VMware’s security offerings.
The Multi-Cloud Future
Our Network of Clouds provides the automated and high performance on-ramp to many cloud services, supporting a multi-cloud environment. It addresses the “last mile” challenge of connecting increasingly distributed users to more and more clouds. Our Network of Clouds vision and roadmap encompasses two natural extensions to this multi-cloud world. First the benefits of SD-WAN programmability, automation and visibility are increasingly desired for cloud to cloud connectivity and traffic as well. Other solutions that only address the cloud-to-cloud connectivity have the same shortcomings of not connecting the users and on-premises sites to the edge of the cloud. Second, increasing our ability to “federate” or share Network of Cloud resources between VMware and different cloud service and telco providers promises to further increase its ubiquity and reach. The future is exciting! For more information, visit www.velocloud.com.
Market Trends: How to Win as WAN Edge and Security Converge into the Secure Access Service Edge, July 29, 2019.
