All Tech Talks VMware VMware 2021

VMware SASE: Anywhere Workspace Integration

SD-WAN’s Evolution to SASE

Software-Defined WAN (SD-WAN) has been a hot topic in the networking industry for years. Rethinking the enterprise network to take maximum advantage of the connectivity options available between branches, data centres, cloud access, and Software-as-a-Service (SaaS) offerings was an understandable and necessary evolution. In many cases, it was a relatively simple migration too.

Secure Access Service Edge (SASE) is the next evolution of SD-WAN, integrating pervasive security and a zero-trust model into the distributed network enabled by SD-WAN. The pervasive part is what makes things a little more complicated. Where SD-WAN focused on evolving the traditional network, SASE extends the edge from the old perimeter model to the endpoints themselves. This granularity has the potential to create a more complicated undertaking as it involves multiple teams and disciplines.

VMware Anywhere Workspace and VMware SASE

VMware’s Anywhere Workspace integration with the VMware SASE offering addresses the challenges of SASE adoption by integrating the endpoint management into the same overall architecture as the SD-WAN components of the solution, creating a single management interface and policy definition point.

This approach dovetails nicely with VMware’s existing distributed global SD-WAN points of presence (PoPs), which provide consistent low-latency access (<10ms from 80% of the population and <5ms from most cloud providers, according to VMware) to clients regardless of their location.

Combining Anywhere Workspace’s ability to validate identity and security posture at the user and device level with SASE’s central policy control addresses zero trust without the headache of trying to integrate disparate approaches to the business need. It extends identity management and security posture compliance right down to the end user devices, finally allowing organizations to build security models based on what resources should be reachable by a given user or device. That’s a good step from the more common approach of trying to figure out what should be blocked before it becomes a problem.

The Whisper in the Wires

Perimeter security in enterprise networks has been slowly falling out of favour for years, and with good reason. Leaving aside the risks of assuming that some “inside” point is trustworthy, the concepts of “inside” and “outside” begin to lose meaning when our organizations grow from a single data centre to multiple data centres, to cloud deployments, and to mainstream use of software as a service (SaaS) offerings. What is inside and what is outside now?

Still, many organizations stick to the old models, not because they work but because a major rethink is required to move to something more effective. It doesn’t help that the tools to accomplish this tend to be incomplete and have poor integration with the other tools that are needed to create a complete system. Like many enterprise IT solutions, it’s hard to justify the expense when the existing system has (seemingly) worked just fine. The problem isn’t so obvious when we’re just dealing with SD-WAN and traditional SASE endpoints, but when we try to extend control to endpoints, many of which aren’t under organizational control, it becomes much more pronounced.

VMware’s Anywhere Workspace integration with their SASE product is a refreshing approach. Eliminate the traditional bottlenecks, create distributed access from almost any device from almost anywhere, but still maintain a centralized set of policies to address a multifaceted perimeter… and, most importantly, do it all from one cloud-managed interface that doesn’t require an organization’s IT staff to figure out how to assemble the solution from incompatible building blocks. Transparent integration is key, and VMware appears to have come to the table fully aware of this.

Learn more about VMware’s vision for SASE in this Gestalt IT Showcase:

About the author

Jody Lemoine

Network Greasemonkey, Packet Macrame Specialist, Virtual Pneumatic Tube Transport Designer and Connectivity Nerfherder. The possible titles are too many to count, but they don’t really mean much when I’m essentially a hired gun in the wild west that is modern networking.

Leave a Comment