VMware SASE service with SD-WAN built in
SD-WAN Zero Trust Service addresses the need to secure remote access for growing remote workforces
26 June 2020 | 0
VMware is boosting secure access for remote and mobile workers by mixing its Workspace ONE offering with its SD-WAN package.
The resulting VMware SD-WAN Zero Trust Service promises to help enterprises handle growing distributed workloads for remote workers. The service also represents a big step toward secure-access service edge (SASE), a new security architecture with a growing portfolio of products across vendors that promise to blend SD-WAN networking and security technologies into cloud-based services.
“The scope of SD-WAN is expanding to include remote desktops, laptops and mobile users and much of that expansion is due to the COVID-19 pandemic,” said Sanjay Uppal, vice president and general manager of VMware’s VeloCloud Business Unit. “There is a growing need for zero trust networks as companies don’t want to allow this influx of remote users to come into the network and go anywhere. IT needs to control device access to specific applications or containers.”
Specifically, the VMware SD-WAN Zero Trust Service will be delivered through VMware’s service-node network deployed across more than 100 global locations, operated by both VMware and more than 120 telecom service-provider partners. It will also become part of its VMware Workspace ONE Intelligent Hub, which is used on millions of devices, Uppal said.
According to VMware, the Workspace ONE platform securely manages end users’ mobile devices and cloud-hosted virtual desktops and applications from the cloud or on-premises.
The remote-access client automatically connects to the closest VMware SD-WAN cloud PoP. Based on enterprise policy, the user traffic may be passed to a cloud firewall, a web security service, to another enterprise branch or data centre, to an application or service that’s needed. The service employs split tunnelling in which only enterprise traffic goes to the service; personal traffic gets forwarded directly to the internet.
The idea is to avoid latency-inducing hair-pinned paths through an enterprise data centre where strained VPN appliances might have been hosted in the past, Uppal said. The service works with a variety of third-party services from vendors such as Zscaler, Uppal said.
Routing policy and security controls remain in enterprise control while the VMware SD-WAN cloud service handles scaling, management, upgrading and multi-region VPN service presence, Uppal said.
If users work from home or travel, the service establishes secure trust with their devices and grants access to authorised applications. The service supports multi-factor authentication, Uppal said.
In the future the service will be integrated with AI-based network management and analytics that VMware recently bought from Nyansa.
When VMware bought Nyansain January it said the technology would be targeted at boosting monitoring and troubleshooting for LAN/WAN deployments within its SD-WAN package.
SASE on the rise
The market behind SASE is growing, with VMware, Cisco and others including Palo Alto, Cato Networks, Fortinet and many more taking steps toward supporting it.
Jeff Reed, senior vice president of product, Cisco’s Security Business Group recently wrote in a blog post: “The rapid adoption of SD-WAN for connecting to multi-cloud applications provides enterprises with the opportunity to rethink how access and security are managed from campus to cloud to edge. With 60% of organisations expecting the majority of applications to be in the cloud by 2021 and over 50% of the workforce to be operating remotely, new networking and security models such SASE offer a new way to manage the new normal.”
At this point though vendors such as VMware and Cisco, while it is important that they support SASE concepts full-on, are still very early in the journey, said Lee Doyle, principal analyst at Doyle Research.
“VMware says VPNs are broken and hard to manage and don’t scale well; indeed it’s time for a new type of integrated, more cloud-oriented endpoint security and this new service is a good start,” he said.
IDG News Service