VMware SD-WAN

by VeloCloud
Technical Overview

Confidential ©2018 VMware, Inc.

Agenda § Overview and Deployment Options

§ Dynamic Multi-Path Optimization (DMPO)

§ Zero-Touch Deployment

§ Flexible Network Insertion

§ End-to-End Segmentation

§ Service Insertion

Confidential ©2018 VMware, Inc. 2

Deployment Options

Confidential ©2018 VMware, Inc. 3

VMware SD-WAN by VeloCloud - Key Differentiators

VMware SD-WAN Orchestrator

Cloud
Gateways

Branch SaaS / IaaS

Edges Private /MPLS 3G/4G LTE
SD-WAN Overlay
Internet Broadband
Datacenter
Edges

Simplified WAN Assured Application Managed On-ramp

Management Performance to the Cloud

Zero-touch deployments, Transport independent Direct cloud access with

simplified operations, one- performance for the most performance, reliability
click service insertion demanding apps, and security
leverages economical
©2018 VMware, Inc.
bandwidth 4
Enterprise/Over-the-Top Deployments
A New Tier of Global Service for Broadband and Hybrid Networks

VMware SD-WAN Orchestrator

SaaS 2 by VeloCloud
VMware SD-WAN Gateway by
VeloCloud with Embedded Controller

Public Internet Internet

3
2 Legacy Enterprise
Branch Site with VMware SD-WAN Data Center
Edge by VeloCloud Private
Circuit Private
MPLS
3

Provider Provider
Edge Edge SD-WAN Enterprise Data Center
with VMware SD-WAN Edge by VeloCloud Cluster

Confidential ©2018 VMware, Inc. 5

Service Provider-Managed VMware SD-WAN Platform
A New Tier of Global Service for Service Provider Networks

SD-WAN for last Access to private Hub-less deployment in DCs

mile/access network for mid mile and non-SD-WAN sites

VMware SD-WAN Orchestrator by VeloCloud

Data plane in the

cloud, not just
management
3 Public Internet Internet

Provider Cloud Data Center

True multi-tenant SaaS with Provider Gateways
Gateways and Branch Site with
Private
Orchestrator VMware SD-WAN Edge by VeloCloud
Circuit

Private / MPLS 3
Multi-tier, role- 2
based management
for SPs Provider Edge Provider
and Gateways Legacy Enterprise Data Center
Edge

Confidential ©2018 VMware, Inc. 6

VMware SD-WAN for On-Premises Applications

• Hosted or on-premises
management of
VMware SD-WAN
Orchestrator by
SaaS VeloCloud and
Internet VMware SD-WAN
Branch Office
with VMware SD-
Controller by
WAN Edge by VeloCloud
VeloCloud
• VMware SD-WAN
MPLS Edge
Branch Office Data Center with VMware SD-WAN by VeloCloud
with VMware SD- VeloCloud Edge (Hub) Orchestrator by on-premises
WAN Edge by VeloCloud (physical or VNF)
VeloCloud On-Premises
• Ideal if applications are
LTE only on-premises
Branch Office
with VMware SD- • Accessing cloud
WAN Edge by applications is still best
VeloCloud effort

Confidential ©2018 VMware, Inc. 7

Solution Components

VMware SD-WAN Edge VMware SD-WAN VMware SD-WAN

by VeloCloud Orchestrator by VeloCloud Gateways by VeloCloud

Virtual Edge Multi-tenant cloud-based Optimized cloud on-ramp to

management, configuration, the doorstep of SaaS / IaaS
Hardware Edge and monitoring portal
Fully managed and operated
Flexibility in Deployment VMware SD-WAN by by VMware SD-WAN by
• Purpose-built hardware VeloCloud or SP hosted, and VeloCloud
• Virtual Edge for cloud or on-premises at enterprise and SPs
white box
Business policy abstraction Multi-tenant
• Services platform for VNF
APIs Strategic world-wide locations,
For branch, datacenter
top-tier network PoPs
and cloud Enables fast deployment,
zero-touch operations

Confidential ©2018 VMware, Inc. 8

VMware SD-WAN Business Models – Three Options

VeloCloud Telco Operated Enterprise Operated

1 Operated (Cloud) 2 (Cloud) 3 (On-Premises)

• OPEX MODEL à VeloCloud • CAPEX MODEL à Service • CAPEX MODEL à Enterprise

operates cloud service on provider purchases Edge purchases Edge CPE, HUB,
behalf of VARs, MSPs, CSPs, CPE & SW license for & SW license management
and SPs. gateways & management & control

• VMware SD-WAN by • Service provider operates & • Enterprise operates &

VeloCloud operates & manages the cloud manages the on-premises
manages the cloud infrastructure networking solution
infrastructure
• Edge CPE logistics are • Edge CPE logistics are
• Edge CPE are drop-shipped handled by service provider handled by service provider
to end-customer, or can be à Capex à Capex
stocked
• Annual or Monthly Billing for • Annual or Monthly Billing for
• Flexible Billing SW Licenses SW Licenses

Confidential ©2018 VMware, Inc. 9

Assured Application
Performance

Confidential ©2018 VMware, Inc. 10

Dynamic Multi-Path Optimization in Action
“Assured application performance over any type of link”
Excellent voice quality!
VMware SD-WAN Enhancements
Continuous Link Monitoring
• Drives automation and optimization

MPLS Dynamic Per Packet Steering

• Sub-second steering without session drops
Comcast Cable
• Aggregated bandwidth for single flows

On Demand Remediation
• Protects against concurrent degradation

• Enables single link performance

Confidential ©2018 VMware, Inc. 11

Assured Application Performance
Video Conference over WAN Link with 2% Packet Loss

Without VMware SD-WAN by With VMware SD-WAN by

VeloCloud VeloCloud

Confidential ©2018 VMware, Inc. 12

SD-WAN Solution – SaaS/Data Performance

10x faster response time

Dual 20Mbps Links / 50 MB Box File Transfer

Without VMware SD- VMware SD-WAN

WAN by VeloCloud
by VeloCloud

No Loss 22 sec 12 sec

2% Packet Loss 134 sec 13 sec

Confidential ©2018 VMware, Inc. 13

Zero-Touch
Deployment Agility

Confidential ©2018 VMware, Inc. 14

Simple and Quick Deployment – Pull Activation

1. Create Config and 3. Install, Authenticate

2. Device Ships
Send Key and Pull Config

IT Admin adds a new VMware SD-WAN Edge by Office Admin plugs in the device
VMware SD-WAN Edge by VeloCloud with factory default and connects to the Internet
VeloCloud config is shipped to the remote site. through VMware SD-WAN Edge
in the customer account. by VeloCloud WLAN/LAN.

IT Admin generates an activation Office Admin powers up the device Office Admin clicks on activation
key and emails it to the installer. and connects it to the Internet. link in the email. Edge is activated.

No IT visit required No site by site link knowledge required

No pre-staging, nor security risk if device lost No tracking by S/N required

Confidential ©2018 VMware, Inc. 15

Simple and Quick Deployment – Push Activation

Independent installer – no contact needed

Many of the same benefits, plus:
Staging mode prior to activation

3. Device Redirected
2. Device calls home to PARTNER VCO 4. Config Pushed and
1. Device PLUGGED in to REDIRECTOR Device ACTIVATED
STAGING

activate.velocloud.net
Installer powers up
Device Edge calls home to
REDIRECTOR and
Connects to Internet authenticates
(dynamic IP) without any
customization REDIRECTOR
pre-populated with
association to partner
Edge is redirected to the Enterprise or Partner
Partner VCO in staging pushes config
mode
“Pull” email can also
Edge assigned to activate
Enterprise account

Confidential ©2018 VMware, Inc. 16

Deployment Flexibility

Confidential ©2018 VMware, Inc. 27

 VeloCloud Hybrid WAN Architecture

SD-WAN CPE
VRRP

With VRRP

To Core Switch
(Campus/DC)
SD-WAN with
L3 SW and routing
protocol VCE
Cluster
OSPF/BGP
SD-WAN CPE

…
Hybrid Site

Non SD-WAN Site

Datacenter/Regional Hub
SD-WAN CPE
Internet only

Confidential ©2018 VMware, Inc. 28

Branch Deployment Options

Co-exist (L2) Co-exist (L3) CPE Replacement

CE E-BGP E-BGP/OSPF E-BGP E-BGP

MPLS MPLS MPLS
L2 SW L2/3 SW
VRRP

L3 SW

E-BGP/OSPF
Internet Internet Internet

• Use VRRP to make VCE the
default gateway when is it up
• Provide failover/redundancy
with existing CE
• Use routing protocol (OSPF or
BGP) to direct traffic to the VCE
when it is up
• Provide failover/redundancy
with existing CE
• VCE is the default gateway for
the branch traffic
• Deploy VCE in HA pair to meet
the redundancy/availability
requirement

Confidential ©2018 VMware, Inc. 29

Segmentation for
Enterprise

Confidential ©2018 VMware, Inc. 33

Outcome Driven Segmentation

Simple Enterprise Wide

Segment Creation
VMware SD-WAN Orchestrator
And Controller
Datacenter

Branch 1
Segment Aware Topology lin
g SBC

Media
a
gn
Si

Isolation and Overlapping IP Branch 2

VMware SD-WAN Edge PCI

Network

Segment Aware Policies

Retail Store

On-Premises and Cloud

Confidential ©2018 VMware, Inc. 34

PCI DSS 3.2 Certified SD-WAN

Ensure PCI compliance in a simple, efficient, and cost-effective manner

The first and only All VMware SD- Retailers benefit VMware SD-WAN
solution to offer WAN from VMware SD- by VeloCloud is a
PCI-Certified Cloud- by VeloCloud WAN by VeloCloud PCI DSS (v3.2)
Delivered SD-WAN components PCI AOC to simplify Level 1 Service
are PCI Compliant PCI Audit Provider

Confidential ©2018 VMware, Inc. 35

Service Insertion

Confidential ©2018 VMware, Inc. 37

Distributed Services Insertion
Cloud Security Service

VMware SD-WAN by VeloCloud Dynamic

Multipath Optimization delivers application
performance and reliability to cloud
Internet / web

Single-click Application-Aware Policies

for granular service insertion

c
Se
IP
n
a t io

la y
m iz

er
ti
Op

Ov
th VMware SD-
- Pa
Automated tunneling eliminates

n-
lti WAN
Mu

No
ic Gateway by
n am
site by site configurations Dy VeloCloud

Dynamic Multi-Path Optimization

VMware SD-WAN
Branch VMware SD-WANDatacenter
Edge by VeloCloud
Site Edge Hub
Hub

Virtual Branch Services On Premises Security

Corporate / Regional

Confidential ©2018 VMware, Inc. 38

Virtual Services Delivery

Micro to Small Branch Small to Midsized Branch Large Branch/DC

VMware SD-WAN VMware SD-WAN Edge VMware SD-WAN

Edge by VeloCloud by VeloCloud Services Platform by VeloCloud VNF

CPE

Analytics
SDWAN

IoT GW
NGFW

App X
File
VMware / vSAN
• No local apps • No local apps
• Cloud or • One networking VNF
integrated (e.g. NGFW)
• Local apps
security • Many VMs including
network services

Confidential ©2018 VMware, Inc. 39

Thank You

Confidential ©2018 VMware, Inc.