SD-WAN is a highly-available, well-established, carrier class solution that facilitates on-demand, seamless and secure connectivity between any two points in a network. It is typically sold as a service with centralized, cloud-hosted orchestration and life-cycle management with zero touch deployment for rapid expansion of service footprint. SD-WAN is a disruptive technology that has the power to transform more than just branch connectivity. This article explains the overall architecture and benefits of integrating SD-WAN solutions into a vCD (vCloud Director) environment from both a provider and consumer perspective. Please see “why SD-WAN for hybrid cloud” for more information on the benefits of SD-WAN for enabling hybrid / multi-cloud.
VMware SD-WAN from VeloCloud has three main components, an orchestrator, gateways and edges / hubs. Orchestrator is a centralized, multi-tenant, cloud-hosted platform that provides roles-based access to a single pane of glass for deployment, configuration, life-cycle management and transparency in SD-WAN network operations. The gateway is also multi-tenant and can be deployed and hosted in the cloud and optionally on-premise data centers. It is the primary component of the control plane and facilitates route exchanges for the SD-WAN network. The gateway also allows connectivity to legacy data-centers that support traditional site-to-site IPSec VPN’s. The third component is a software defined edge that is deployed on dedicated, pre-qualified hardware at the branch site or as software on existing compute / storage resources. The VeloCloud edge (VCE) is not multi-tenant and deployed one per branch, establishes secure management plane connectivity to the orchestrator and control plane connectivity to the gateway. It builds on-demand, secure tunnels to other branches and hubs, enforces business policies and is the primary component of the data plane in the SD-WAN network.
In the diagram above, there is one VCE per organization VDC. The VCE terminates tunnels from remote branches and allows secure access to services / assets within the VDC. Remote branches could be other private data-centers or public cloud instances such as EC2 on AWS or Azure. The VCE is deployed and managed by the provider / partner north of the org-vdc and does not count against tenant quota. SD-WAN is sold as a managed service to the tenants.
Why do it?
SD-WAN is the underlying technology that allows the tenant Org-VDC in a publicly hosted VCD environment (VCPP partners) to become part of the customers digital transformation journey to hybrid / multi-cloud.
What’s in it for the provider / partner?
- Extend service footprint to remote branches at a reduced cost
- Build customer loyalty
- Workload migration
- Additional revenue stream from existing customer base
- Branch connectivity and hybrid cloud as a service
- New service insertion at the branch like cloud security, L2/L3 VPN’s
- Invest in your customers’ business outcomes
- Offer services that are relevant to customer business
- Seamless integration with public cloud
- Help customers take advantage of public cloud
- Seasonal elasticity / backup / disaster recovery
- Single pane of glass for network management, branch deployment and policy
- Centralized policy configuration with immediate enforcement at branch sites
- Rapid zero touch deployment of new sites (matter of hours)
What’s in it for the tenant?
- Single partner owns both data center and branch connectivity
- Partner owns both ends of the SLA
- Single point of contact – no finger pointing
- Flexibility to migrate workloads to cloud provider or public cloud
- Network and services are more relevant to their business outcome
- Appropriate services inserted at the branch
- Application awareness and prioritization
- Consistent Security policy for both public SaaS and hosted applications
- Reduced cost for remote connectivity
- MPLS only used for backup or when SLA’s violated
- Multiple broadband links for greater bandwidth
- Better service assurance and availability (Application performance)
- Brownout detection for service degradation
- Automatic reroute of service requests based on monitoring KPI’s
- Improved performance of SaaS applications (VoIP / Video calling)