Konstantin Emelyanov - Fotolia

Tip

VMware SD-WAN by VeloCloud optimizes edge device connectivity

VMware's SD-WAN product provides optimized edge device connectivity to deliver workloads and data to end users, but a few issues dampen its benefits.

VMware SD-WAN by VeloCloud prioritizes centralized, policy-based management and the ability to convert consumer-grade internet connections into enterprise WAN links. The product lets organizations place edge devices closer to end users, but it can introduce connectivity issues if it relies on a single, consumer-based internet service.

Multiprotocol Label Switching (MPLS) WAN circuits are expensive and often enforce a subscription-based service for every connected site. But a software-defined WAN (SD-WAN) with consumer-grade internet can significantly reduce per-site monthly WAN costs.

VMware SD-WAN by VeloCloud avoids operational complexity with policy-based management. The SD-WAN policy engine is a cloud-based software called VeloCloud Orchestrator, which enables a system to apply the same policy to multiple physical devices -- called edge devices -- at numerous locations. The edge devices check-in with the Orchestrator every few seconds to retrieve policy updates and report statistics.

Policies define how edge devices connect and control security, bandwidth, redundancy and network paths between devices and the internet. VMWare SD-WAN by VeloCloud is highly automated but does have disadvantages.

Organizations that roll out VMware SD-WAN on existing sites should implement careful management; organizations can achieve the most value with a broad deployment. This is true for any new WAN technology because transitions are sometimes complicated. VMware SD-WAN supports mixing existing MPLS circuits and internet connectivity to aid the transition process.

Optimize SD-WAN for edge computing

Edge computing involves placing enterprise applications closer to end users outside of data centers. The technology is like older branch office or retail store deployments, which put applications in offices that didn't have dedicated IT staff.

Post COVID-19, organizations will continue to have work-from-home policies that require staff to access enterprise applications and security policies from home offices. Edge computing allows organizations to deliver applications closer to employees through server placement in colocation data centers near their home offices.

Another use case is remote sites without IT staff that must have access to central enterprise resources to operate applications. Organizations can deploy VMware SD-WAN to each of these edge locations -- where the physical router resides -- and the central WAN team can control it with the Orchestrator console.

The physical edge device is end-user deployable, which means admins can click an emailed link from a laptop connected to the deployed edge to activate VMware SD-WAN. The edge device receives configurations from the web service, and it doesn't require on-site management once deployed.

Benefits of edge-optimized SD-WAN

Traditional WAN designs contain uniform routing at each edge location and deliver data to a central office. The central office then makes complex routing decisions, such as whether to send traffic to another office, internal servers or the internet. In an extreme case, traffic from a branch office in California might go to a head office in New York before traveling back to a web service located in California.

VMware SD-WAN places intelligent routing in the edge device where network traffic originates but controls network traffic through central policies. Organizations might route network traffic from Salesforce to travel directly through the internet connection, but they still require traffic from unknown websites to go through a security appliance located in the head office or a virtual security web service.

Traditional WAN vs. SD-WAN

Admins who make intelligent routing decisions at the edge can use network bandwidth efficiently and still provide complete security control.

VMware SD-WAN also contains gateway, which is a network node that receives secure connections from edge devices and forwards that traffic between devices. The gateway removes the need for fixed public IP addresses. Higher performance SD-WAN edge devices can also function as gateways to supplement the multi-tenant gateways that VMware operates around the world.

Disadvantages of VMware SD-WAN

The most significant risk of using VMware SD-WAN is the tendency to expect enterprise reliability from consumer services. An MPLS circuit might come with a standard four-hour response time for faults, but a consumer internet service unlikely has contracted response times.

Consumer internet connections can be unavailable for days at a time. To mitigate this risk, organizations can pair multiple independent consumer services with SD-WAN link failover policies to increase availability.

A digger that severs a fibre connection is likely to sever the backup Asymmetric Digital Subscriber Line service in the same pipe. A cellular backup is a great option in this case. Cellular backups rely on different physical paths out of an on-premises data center.

Organizations should also consider more downstream failures. If organizations rely on a single telecom service provider to support both their fibre and cellular connection, they risk fibre channel and cellular connection failure when the provider's local internet gateway goes down.

There's also some risk with subscription-based products, such as increased long-term investment costs and lack of subscription lifecycle management. It's possible that VMware might divest the SD-WAN product suite.

This isn't a risk specific to VMware; it's standard behavior amongst software companies. Changes in the software market often occur faster than in the telecom world. Generally, telecom operators keep older services running far longer than software product lifecycles.

Next Steps

Broadcom updates the VeloCloud SD-WAN

Dig Deeper on VMware networking