• Eliminates N x N manual tunnels to cloud with cloud gateway aggregation • Interoperable IPsec for no touch legacy DC • End-to-end encryption Automatic VPN setup. Branch Site. Non-VeloCloud Enterprise DC. Enterprise DC
Confidential ©2018 VMware, Inc. Vmware SD-WAN by VeloCloud Use your WAN links in a smart way Tomás Michaeli Solution Architect / NSBU / VMware Nov-2019 VMware SD-WAN by VeloCloud Benefits Software Defined WAN Overlay VMware SD-WAN Orchestrator Cloud Gateways Branch Edges Private /MPLS 3G/4G LTE SD-WAN Overlay Internet Broadband SaaS / IaaS Datacenter Edges Simplified WAN Management Zero-touch deployments, simplified operations, one-click service insertion Confidential ©2018 VMware, Inc. Assured Application Performance Transport independent performance for the most demanding apps, leverages economical bandwidth Managed On-ramp to the Cloud Direct cloud access with performance, reliability and security 2 Enterprise/Over-the-Top Deployments Hub for SD-WAN to data center including private links Hosted gateways for SD-WAN to SaaS/IaaS Hub-less design for legacy data centers "Site to site SD-WAN plus benefits of cloud gateways for SaaS" Edge: Appliance or Virtual SaaS Public Internet Private Circuit SD-WAN Orchestrator SD-WAN Gateways with Embedded Controller Internet Private MPLS Legacy Enterprise Data Center Confidential ©2018 VMware, Inc. Provider Edge Provider Edge Edge Cluster Hybrid Data Centers: Enterprise or Cloud 3 Global Gateways 30 Regions 63 Orchestrators Confidential ©2018 VMware, Inc. 440+ Gateways 99.99% Reliability SLA 4 Solution Components Virtual Edge VMware SD-WAN Edge Flexibility in deployment · Purpose-built hardware · Virtual Edge for cloud or white box · Services platform for VNF For branch, datacenter & cloud VMware SD-WAN Orchestrator and Controllers Multi-tenant cloudbased management, configuration, and monitoring portal VMware or SP hosted, and onpremises at Business policy abstraction APIs enterprise Enables fast deployment, zero-touch operations Optimized cloud onramp to the doorstep of SaaS / IaaS VMware SD-WAN Gateways Fully managed and operated by VMware and SPs Multi-tenant Strategic world-wide locations, top-tier network PoPs Confidential ©2018 VMware, Inc. 5 Confidential ©2018 VMware, Inc. 6 Use Case 1: Better Application Performance Confidential ©2019 VMware, Inc. 7 Dynamic Multi-Path Optimization in Action "Assured application performance over any type of link" SD-WAN Enhancements Excellent voice quality! MPLS Comcast Cable Continuous Link Monitoring · Automatic real-time link quality monitoring: Latency, Jitter, Packet Loss · Drives automation and optimization Dynamic Per Packet Steering · Sub-second steering without session drops · Aggregated bandwidth for single flows On Demand Remediation · Protects against concurrent degradation · Enables single link performance Confidential ©2019 VMware, Inc. 8 Dynamically route and replicate data for real-time traffic Increase availability and reduce latency with real-time remediation and steering Branch Packet loss: MPLS link .10..151%% Broadband link DuRpelriocuate packets MPLS CCoonnfifdideenntitaial l ©©22001198VVMMwwaarere, ,InInc.c. Broadband link Packet loss! HQ Multiple links Dynamically route and replicate data for real-time traffic Increase availability and reduce latency with real-time remediation Packet loss: Broadband link 20.001% Branch Duplicate packets CCoonnfifdideenntitaial l ©©22001198VVMMwwaarere, ,InInc.c. Broadband link HQ Single link Dynamically route and replicate data for transactional traffic Increase availability and reduce latency with real-time remediation and steering Branch Buffered 1 2 3 4 Packet loss: MPLS link .120.1501%% Broadband link MPLS CCoonnfifdideenntitaial l ©©22001198VVMMwwaarere, ,InInc.c. Broadband link NACK packet 3! HQ Multiple links Dynamically route and replicate data for bulk traffic Increase availability and reduce latency with real-time remediation and steering Branch CCoonnfifdideenntitaial l ©©22001198VVMMwwaarere, ,InInc.c. Packet loss: MPLS link .120.1501%% Broadband link Aggregate multiple links! Broadband link Broadband link Broadband link HQ Multiple links Use Case 2: Multitenancy and Segmentation Confidential ©2019 VMware, Inc. 13 End to end security and segmentation End to end services, analytics and policy VeloCloud Orchestrator and Controller Corp-HR 10.1.0.0/24 Voice 10.1.0.0/24 Corp-HR 10.2.0.0/24 Corp-MKT 10.2.0.0/24 Voice 10.2.0.0/24 Corp-MKT 10.3.0.0/24 PCI 10.3.0.0/24 Guest 10.4.0.0/24 Branch 1 Branch 2 Retail 1 Data Center NSX routing domain Corp-HR HRIS Payroll NSX routing domain Corp-MKT VeloCloud Edge CRM Analyst NSX routing domain PCI PCI Network VMware NSX VMware ESXi CCoonnfifdideenntitaial l ©©22001198VVMMwwaarere, ,InInc.c. Roadmap SD-WAN analytics VMware vRealize Network Insight & Ecosystem Policy automation via API NSX Manager - Security policies Simple enterprise-wide segment creation Segment-aware topology Isolation & overlapping IP Segment-aware policies On-premises and cloud 14 Outcome Driven Segmentation Simple enterprise wide segment creation Segment Aware Topology Isolation & Overlapping IP Corp Cloud & On-Premises Corp Segment Aware Policies On-Premises and Cloud Confidential ©2019 VMware, Inc. 15 PCI DSS 3.2 Certified SD-WAN AOC* Summary Confidential ©2019 VMware, Inc. Orchestration · Multi-tenant · TLS 1.2 · Role-based access control / Radius · 2-Factor authentication · Event and firewall logs / APIS · Built-in certification server Data Plane · IPsec with AES 256 · PKI · Local access control · Segmentation for hosted controller * AOC: Attestation of Compliance 16 Multitenant CPE Software Store-in-Store / Multiple Tenants · Per tenant management portal view · Per tenant QoS and Dynamic Multipath Optimization · Overlay Bandwidth Cap Tenant A Tenant B Tenant C Confidential ©2019 VMware, Inc. Per Tenant QoS and DMPO 17 Use Case 3: Connecting to Cloud Confidential ©2019 VMware, Inc. 18 Cloud Scale VPN SAAS EXIT CLOUD SCALE VPN HUB Edge Cluster CLOUD SCALE VPN and Cloud Regional Exit Confidential ©2018 VMware, Inc. · Enables both simple and secure access with integrated PKI · Enterprise-Wide and Cloud · Automated VPN to 3rd party cloud applications · Virtual VeloCloud Edge automates VPN to IaaS · Scalable any-any connectivity · Dynamic branch-branch tunnels · One-click enablement 19 Optimized Performance for Cloud Apps Office 365 · O365 on a Single Link (Brownout condition) from Branch in Thailand to Gateway in Singapore VeloCloud Non-SDWAN Confidential ©2018 VMware, Inc. 20 On-Ramp to Azure Virtual WAN Sept 2018 Announcement + Branch A VeloCloud Edge VeloCloud Gateway Hub vNET A Azure Virtual WAN Hub vNET B Hub vNET C Branch B VeloCloud Edge VeloCloud Virtual Edge Branch C VeloCloud Edge Confidential ©2018 VMware, Inc. · Azure provides low latency, optimal routing within Azure global network · Simplified one-click secure connectivity · Optimized last mile access 21 Use Case 4: Simplified Operations Confidential ©2019 VMware, Inc. 22 Business policy Transactional Real Time Available for link selection = preferred and service class = Real Time or Transactional One-Click VPN Deployment Automatic VPN setup · To enterprise DC hub with dynamic branch to branch · Eliminates N x N manual tunnels to cloud Branch Non-VeloCloud with cloud gateway aggregation Site Enterprise DC · Interoperable IPsec for no touch legacy Enterprise DC DC · End-to-end encryption Incremental and Interoperable SD-WAN Rollouts Replace OSPF, BGP OSPF, BGP Co-exist VMware SD-WAN Edge by VeloCloud BGP VMware SD-WAN Edge by VeloCloud Legacy Confidential ©2018 VMware, Inc. VMware SD-WAN by VeloCloud Orchestrator VMware SD-WAN by VeloCloud Controllers Route Learning and Distribution Internet MPLS VMware SD-WAN by VeloCloub Hub Cluster OSPF, BGP · Cloud or on-premises orchestrator and controllers · Controller functions: route reflector, VPN control, link measurements 25 Branch Deployment Options L2 SW Co-exist (L2) CE E-BGP MPLS VRRP Internet · Use VRRP to make VCE the default gateway when is it up · Provide failover/redundancy with existing CE Co-exist (L3) E-BGP/OSPF L3 SW E-BGP/OSPF E-BGP MPLS Internet · Use routing protocol (OSPF or BGP) to direct traffic to the VCE when it is up · Provide failover/redundancy with existing CE CPE Replacement L2/3 SW E-BGP MPLS Internet · VCE is the default gateway for the branch traffic · Deploy VCE in HA pair to meet the redundancy/availability requirement Confidential ©2018 VMware, Inc. 26 ROI of SD-WAN WAN Simplification Assured Application Performance Architecture for the Cloud Key Features Zero IT touch deployment Outcome driven policies Remote management, visibility and troubleshooting Transport independent performance Sub-second brownout protection via mid flow steering & remediation Distributed cloud gateways-as-aservice Virtual Edges for public cloud ROI Opportunities o Reduce on-site IT visits, accelerate deployment o Minimize configuration and troubleshooting time o Enables use of optimal ISP by site o Increase utilization of circuits o Eliminate redundant / dedicated circuits o Enables use of economical broadband o Savings with "over the top" services eg VOIP o Reduced capex and opex for access to SaaS and hybrid cloud o Reduced redundancy & disaster recovery costs Flexible Services Platform VNF ready SD-WAN platform SD-WAN as VNF for vCPEs Distributed services insertion Automatic segmentation, VPN o Fewer truck rolls and capex o Reduced hardware warranty and spares o Eliminate per branch security expenses o Reduced audit & compliance expenses Confidential ©2018 VMware, Inc. 27 International Financial Services Provider: Allianz 2500 Locations in France The company provides insurance and financial services in France and internationally Before Cloud-Delivered SD-WAN · Agents complaining on availability of the network · No high availability no resilience With Cloud-Delivered SD-WAN · Better employee satisfaction and · Better application performance · High-bandwidth availability no calls to IT Competitive Advantage Outcome · Increased revenue from expanded services and consistent uptime Confidential ©2018 VMware, Inc. 28 Business Insurance: Simply Business 425,000 customers QoS for Call Centre Expensive MPLS Exceptional QoS expected for call center experience; Cloud application support UC Cloud Before Cloud-Delivered SD-WAN · Poor voice quality · Slow network connections · Lack of network visibility, management, and control · Inability to expand to new sites quickly and easily With Cloud-Delivered SD-WAN · Easy and simple network configuration and management · Implement change network-wide through a single profile · Optimized bandwidth and QoS Competitive Advantage Outcome · Serve more customers faster, easier, and with exceptional voice and data connections Confidential ©2018 VMware, Inc. 29 "VMware Named as a Leader in the Gartner Magic Quadrant for WAN Edge." - Gartner Confidential ©2019 VMware, Inc. Positioned Furthest on Completeness of Vision Leader in the Ability to Execute Source: Gartner, Inc., Magic Quadrant for Enterprise Mobility Management Suites, October 10, 2018. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from VMware. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 30 Thank You Confidential ©2018 VMware, Inc.Adobe PDF Library 11.0