VMware SD-WAN: Usage, Configuration, and Case Scenario

VMware SD-WAN by VeloCloud® is a cloud-delivered solution that enables enterprises to create a more agile and efficient Wide Area Network (WAN). It allows organizations to use any combination of transport services, including broadband, MPLS, LTE, and even satellite, to connect their branch offices and data centers. This article will provide a technical overview of VMware SD-WAN, including its usage, configuration, and case scenarios.

What is VMware SD-WAN?

VMware SD-WAN is a software-defined networking (SDN) solution that provides a centralized platform for managing and optimizing WAN connectivity. It uses a combination of virtual appliances, called SD-WAN Edges, and a cloud-based orchestrator to provide secure, optimized connectivity to applications and data. The SD-WAN Edge can be deployed as a physical or virtual appliance, and it can be used to connect branch offices, data centers, and cloud services. VMware SD-WAN is a fundamental building block of VeloCloud SASE, which brings cloud-delivered networking, security, AIOps, and compute to support ubiquitous access for branch and remote workers as well as digital transformation at the edge1.

The rise of digital disruption and cloud adoption has placed increased demands on branch office connectivity. Branch offices need to connect to each other, headquarters, data centers, and various cloud services, while also supporting remote users2. VMware SD-WAN addresses these challenges by providing a flexible and scalable solution that can adapt to the changing needs of businesses.

VMware SD-WAN Gateways optimize data paths to all applications, branches, and data centers, along with the ability to deliver network services to and from the cloud. A distributed network of gateways, deployed around the world or on-premises at service providers, provides scalability, redundancy, and on-demand flexibility3.

The VMware SD-WAN Orchestrator is a cloud-based management platform that provides a single pane of glass for managing the entire SD-WAN. It allows administrators to configure and monitor the SD-WAN Edges, define and enforce business policies, and troubleshoot network issues.

VMware SD-WAN Features and Capabilities

VMware SD-WAN offers a wide range of features and capabilities, some of which are detailed below:

• Dynamic Multipath Optimization (DMPO): DMPO is a core feature of VMware SD-WAN that enables intelligent routing of traffic across multiple WAN links. It constantly analyzes the performance of each link, considering factors like latency, jitter, and packet loss, and dynamically steers traffic to the optimal path. This ensures consistent application performance and a high-quality user experience, even when some links experience issues3.

• Zero Touch Provisioning (ZTP): ZTP simplifies the deployment of SD-WAN Edges by allowing administrators to pre-configure them and ship them to branch offices. When an Edge is powered on, it automatically connects to the Orchestrator, downloads its configuration, and joins the SD-WAN. This eliminates the need for on-site IT staff to manually configure each Edge, saving time and resources3.

• Security: VMware SD-WAN provides a robust security framework with features like a built-in stateful firewall, intrusion detection and prevention system (IDS/IPS), and support for third-party security services. The Enhanced Firewall Service further strengthens security with capabilities such as DDoS attack prevention and centralized firewall logging4. VMware SD-WAN Edges are also FIPS 140-2 validated5.

• Cloud VPN: VMware SD-WAN offers a cloud VPN service that enables secure connections between branch offices, data centers, and cloud services. This eliminates the need for organizations to manage their own VPN infrastructure, simplifying network management and reducing costs3.

• Application Visibility and Control: VMware SD-WAN provides granular visibility into application performance. It can identify and classify over 4,000 applications and prioritize traffic based on predefined business policies. This ensures that critical applications receive the necessary bandwidth and maintain optimal performance6.

How to Configure VMware SD-WAN

Configuring VMware SD-WAN involves the following steps:

1. Deploying the SD-WAN Edges: The first step is to deploy the SD-WAN Edges at the desired locations. VMware SD-WAN offers a variety of Edge models to suit different needs and bandwidth requirements, such as the Edge 510, Edge 540, and Edge 38007. The choice of Edge model depends on factors like the required throughput, the number of connections, and the desired features.

2. Connecting the SD-WAN Edges to the Orchestrator: Once the SD-WAN Edges are deployed, they need to be connected to the VMware SD-WAN Orchestrator. This can be achieved through various methods, including Zero Touch Provisioning (ZTP), where the Edges automatically connect and download their configuration upon startup. Alternatively, manual configuration can be used for more customized setups.

3. Configuring the SD-WAN Edges: After connecting to the Orchestrator, the SD-WAN Edges need to be configured. This includes setting up WAN links, defining business policies to prioritize and control application traffic, and configuring security settings such as firewall rules and intrusion detection.

4. Monitoring the SD-WAN: Once the SD-WAN is operational, it's crucial to monitor its performance and health. The Orchestrator provides comprehensive monitoring tools, including real-time dashboards, performance metrics, alerts, and event logs. These tools allow administrators to track network performance, identify potential issues, and ensure the smooth operation of the SD-WAN.

While this article focuses on the general configuration process, detailed code snippets for specific configurations and automation tasks are available in the official VMware SD-WAN documentation (refer to the VMware SD-WAN Administration Guide for detailed information)8.

Use Cases for VMware SD-WAN

VMware SD-WAN caters to a wide range of use cases, including:

• Branch Office Connectivity: VMware SD-WAN provides a secure and optimized solution for connecting branch offices to the corporate network. It enables businesses to leverage any combination of transport services, such as broadband, MPLS, and LTE, to ensure high-performance and reliable access to applications and data. By intelligently routing traffic across multiple links and prioritizing critical applications, VMware SD-WAN enhances application performance and user experience.

• Cloud Connectivity: With the increasing adoption of cloud services, VMware SD-WAN offers seamless and secure connectivity to cloud platforms like Amazon Web Services (AWS) and Microsoft Azure. It optimizes traffic flow to cloud applications and data, ensuring low latency and high throughput. This enables businesses to fully leverage the benefits of cloud computing while maintaining a secure and reliable connection.

• Data Center Connectivity: VMware SD-WAN can also be used to connect data centers to the corporate network, providing secure and optimized connectivity for critical data and applications. It enables efficient data replication, disaster recovery, and inter-data center communication, ensuring business continuity and high availability.

VMware SD-WAN enables enterprises to securely support application growth, network agility, and simplified branch implementations while delivering high-performance and reliable branch access to cloud services, private data centers, and SaaS-based enterprise applications3.

Deployment Models

VMware SD-WAN offers flexible deployment models to suit different organizational needs and network architectures:

• All On-Premises: In this model, all components of the SD-WAN, including the SD-WAN Edges, Orchestrator, and Controller, are deployed on-premises within the organization's network. This model is suitable for organizations that prefer to keep all network infrastructure within their own control and have not yet adopted cloud services extensively.

• Hosted SD-WAN Orchestrator/Controller: This model involves deploying the SD-WAN Orchestrator and Controller in the cloud while the SD-WAN Edges remain on-premises. This approach simplifies management and reduces the need for on-premises infrastructure while still maintaining control over data traffic within the organization's network.

• Hosted SD-WAN Orchestrator/Gateway: In this model, the SD-WAN Orchestrator and Gateway are hosted in the cloud, allowing for centralized management and optimized cloud connectivity. Cloud SaaS/IaaS traffic is directed to the cloud SD-WAN node, while data center traffic continues to flow directly to the data center node. This model is ideal for organizations with a significant cloud presence and a need for efficient cloud access6.

VMware SD-WAN and Edge AI

VMware is actively developing its SD-WAN technology to support the growing needs of edge computing and artificial intelligence (AI). The latest VMware VeloCloud SD-WAN Edge models (710-5G, 720, and 740) are designed to enhance enterprise branch networking capabilities and provide a foundation for edge AI. These new models offer increased performance, improved security, and enhanced capabilities to support the deployment of AI applications at the edge9.

Real-World Examples of VMware SD-WAN Deployments

Several organizations have successfully deployed VMware SD-WAN to address their network challenges and improve connectivity. Here are a few examples:

• Kimley-Horn: Kimley-Horn, a civil engineering consultancy, faced productivity challenges due to connectivity outages. By implementing AT&T SD-WAN with VMware, they achieved improved reliability, enhanced connection quality and speed, and significant cost savings.

• MD Anderson Cancer Center: MD Anderson Cancer Center needed a solution to provide secure and enhanced connectivity for their remote workforce during the COVID-19 pandemic. They deployed VMware SD-WAN Edge devices, enabling employees in home offices to have the same level of user experience as if they were working on-site.

• Michelin: Michelin, a global tire manufacturer, deployed VMware SD-WAN to over 200 sites worldwide, providing reliable and optimized connectivity for nearly 120,000 users. This deployment enabled Michelin to improve network performance, reduce costs, and support their global operations more effectively.

VMware SD-WAN Licensing and Support Options

VMware SD-WAN offers various licensing and support options to cater to the diverse needs of organizations.

Licensing Options:

VMware SD-WAN licensing follows a subscription-based model with three main editions:

• Standard Edition: This edition provides essential SD-WAN functionality, including Dynamic Multipath Optimization (DMPO), zero-touch provisioning, and basic security features.

• Enterprise Edition: This edition offers advanced SD-WAN capabilities, including enhanced security features like an intrusion detection and prevention system (IDS/IPS) and support for a larger number of edges and segments.

• Premium Edition: This edition delivers the most comprehensive set of SD-WAN features, including advanced security capabilities like URL filtering and malicious IP filtering, along with support for the highest number of edges and segments10.

Pricing for VMware SD-WAN is based on contract duration and bandwidth requirements. For example, a 12-month contract for the Premium edition with 1 Gbps bandwidth and Premier Support costs $7,212.00. Longer contract durations, such as 36 months, can offer cost savings of up to 5%11. It's crucial to choose the appropriate hardware and software licenses based on the specific needs and bandwidth requirements of the deployment7.

Support Options:

VMware SD-WAN provides two primary support programs:

• Total Support Program: This program allows end customers to receive direct support from VMware's global team of technical support engineers.

• Backline Support Program: This program enables end customers to receive support from their partner, who provides Level 1 and 2 support. For more complex issues requiring Level 3 or 4 support, the partner escalates the issue to VMware12.

VMware's basic support offering provides a comprehensive level of support that may be sufficient for many organizations. It includes 24/7 call center support and access to online resources7.

Conclusion

VMware SD-WAN is a powerful and versatile solution that empowers organizations to transform their WAN connectivity. By leveraging software-defined networking principles, it provides a flexible, secure, and optimized platform for connecting branch offices, data centers, and cloud services. With its wide range of features, including DMPO, ZTP, and advanced security capabilities, VMware SD-WAN addresses the challenges of modern network connectivity and supports digital transformation initiatives. The availability of different deployment models and licensing options further enhances its adaptability to various organizational needs and network architectures. Real-world deployments by organizations like Kimley-Horn, MD Anderson Cancer Center, and Michelin demonstrate the effectiveness of VMware SD-WAN in improving network performance, reducing costs, and enhancing security. As businesses continue to embrace cloud computing and edge technologies, VMware SD-WAN plays a crucial role in enabling seamless and secure connectivity for the modern enterprise.

Works cited

1. VeloCloud SD-WAN Edge Platform Specifications - VMware, accessed on February 12, 2025, https://www.vmware.com/content/dam/digitalmarketing/vmware-sase/pdfs/sdwan-712-edge-platform-spec-ds-1020.pdf

2. VMware SD-WAN by VeloCloud: Not your Daddy's WAN - Gestalt IT, accessed on February 12, 2025, https://gestaltit.com/sponsored/vmware/velocloud-spring-2020/chrisgrundemann/vmware-sd-wan-by-velocloud-not-your-daddys-wan/

3. VMware SD-WAN by VeloCloud | VirtualizationWorks.com.au, accessed on February 12, 2025, https://www.virtualizationworks.com.au/SD-WAN-by-VeloCloud.php

4. VMware SD-WAN Enhanced Firewall Services: Security Solutions for Modern Networks, accessed on February 12, 2025, https://www.starwindsoftware.com/blog/vmware-sd-wan-enhanced-firewall-services-who-is-it-for-what-problems-does-it-solve-and-how-does-it-work/

5. VMware SD-WAN Product Compliance and Certifications, accessed on February 12, 2025, https://www.vmware.com/info/product-certifications-and-compliance

6. Software-Defined WAN Security - SD-WAN - VMware, accessed on February 12, 2025, https://www.vmware.com/info/velocloud-sd-wan/security

7. VMware SD-WAN (VeloCloud) Hardware and Licensing Guide - YouTube, accessed on February 12, 2025, https://www.youtube.com/watch?v=EyxVQEWa6Hg

8. TechDocs, accessed on February 12, 2025, https://docs.vmware.com/en/VMware-SD-WAN/index.html

9. Unveiling the Future of Networking: VMware VeloCloud SD-WAN Edge 710-5G, 720, and 740 - News & Stories, accessed on February 12, 2025, https://news.broadcom.com/sase/unveiling-the-future-of-networking-vmware-velocloud-sd-wan-edge-710-5g-720-and-740

10. VMware SD-WAN (Software Defined WAN) Pricing Document - GOV.UK, accessed on February 12, 2025, https://assets.applytosupply.digitalmarketplace.service.gov.uk/g-cloud-13/documents/92354/205153328576712-pricing-document-2022-05-17-0854.pdf

11. VMware SD-WAN - AWS Marketplace, accessed on February 12, 2025, https://aws.amazon.com/marketplace/pp/prodview-b2hkqbopmkb3g

12. VMware SD-WAN by VeloCloud, accessed on February 12, 2025, https://www.vmware.com/content/dam/digitalmarketing/vmware-sase/pdfs/sdwan-798-total-backline-support-ds-1119.pdf