By Sanjay Uppal, SVP and GM of the VMware SD-WAN business unit, VMware
There is a buzz about S.A.S.E. (Secure Access Service Edge), especially as enterprise IT responds to the need to make remote employees remain productive and engaged in these unprecedented times. But what is SASE, what makes the VMware SASE Platform special and what does it have to do with the guitar riffs of Frank Zappa ? Read-on!
The Case for SASE
While SASE was conceived in 2019, COVID-19 is driving its adoption. As a result of COVID-19, the nature of work has completely changed over the last six months, and as VMware’s CEO, Pat Gelsinger has said “we’ll never work the same.” A significant numbers of employees will continue working from home in the future, according to experts. There has been a massive increase in adoption of applications like Zoom, WebEx, and Microsoft Teams to support remote collaboration. Companies are shifting workloads to public clouds or adopting new SaaS offerings to support the new way of working. Over the last six months, many enterprises have been forced to react quickly to embrace these dynamics, but now they are realizing that legacy networking and security solutions don’t scale well.
To that end, VMware has constructed a suite of service offerings that accommodate how people work, regardless of whether they are in an office, at home, or away. In addition, these services allow the IT professionals to have one consistent way of managing workers’ technology and access methods.
Over six years ago, when enterprises sought to simplify, scale, and “cloudify” the wide area network, SD-WAN was developed. SD-WAN collapsed routing, firewalls, path control, and WAN acceleration into one platform that used common policies to ensure application delivery. For those now looking to embrace work from anywhere and the continued rise of cloud and SaaS applications, VMware SD-WAN gives you a solid base on which to build, as it was natively built for the cloud. Today, VMware and its partners support SD-WAN services via over 2,700 gateways installed at more than 100 points of presence around the world. The VMware SD-WAN architecture is purpose-built for the cloud and now it is expanding to support the additional components of SASE, including cloud web security, next gen firewall, and zero trust network access.
In fact, VMware Secure Access, our Zero Trust Network Access solution, is rolling out today and will be available globally next quarter. This service provides the unification of enterprise branch access with remote and mobile access, with both being delivered as a cloud service, both providing the advantages of zero trust while reducing the attack surface.
VPNs Are Not Enough
VPNs don’t scale very well because they require a lot of basic infrastructure to terminate the remote connections, and because of the changes necessitated by the pandemic, enterprises need to scale this infrastructure overnight. This is where the service angle is so important because architects can no longer just place this infrastructure at the edge of a private data center or tunnel in on a single VPN. Since applications can reside anywhere remote access is best handled in the cloud at the SASE POP, and user can then be steered to the accessed application directly without having to hairpin the traffic via the VPN termination point in the data center.
Frank Zappa and VMware’s View on SASE
“He said for a nominal service charge, I could reach nirvana tonight” – Frank Zappa, Cosmik Debris
Well, Frank composed these lyrics well before SASE emerged, but it struck me that what he sang about fit our SASE pretty well. VMware SASE is akin to Networking Nirvana, – you can typically get it for a nominal service charge of a few bucks per employee per month and the gratification is immediate. Deployments are services based and both networking and network security is available as subscription services at the touch of a button.
Our SASE comprises three primary tenets.
Number one is that it is a way to provide a complete set of security and networking services from the cloud. It necessitates that enterprises move away from what most have always done in the past, which is locate their IT infrastructure on their premises. In order to do this, services must be offered in the cloud, and that’s critical. Because SASE is cloud-oriented, the enterprise needs to embrace cloud access and cloud-delivered applications to realize the full value.
The second tenet is the element of scale and it’s been elevated in importance given what has occurred in response to COVID-spread prevention – mass numbers of employees moving to a work from anyplace type of model. As employees shift to primarily working from home, they should be able to retain the same level of experience and access that they had when in the traditional office, to remain connected and productive. Accommodating hundreds or thousands of enterprise users who end up working away from the office is difficult and delivering services swiftly and at scale to make this happen is also critical.
The third angle is providing a platform that delivers all of these requirements, but not having to start from scratch. From Day 1, VMware SD-WAN (and before the VMware acquisition, VeloCloud) has touted that “the cloud is the network” and it’s all about delivering services directly from the cloud. It’s well understood now that SD-WAN is an edge-to-edge technology in that communication typically starts from a branch edge and goes to a data center edge. Now, however, instead of traffic coming just from the branch edge, it includes traffic from each individual client thru the cloud and even to an individual container. Edge-To-Edge has been extended to Client-To Cloud-To Container.
These three tenets encapsulate the significance of SASE as enterprises adapt to a new normal of how they operate and how people work. A key component of this new paradigm is to ensure network security in a massively distributed workforce scenario.
For the next blog in the series, we’ll dive more into network security functionality and what you need to consider when building a robust SASE platform.