Retail company gains cloud security and high-performance SaaS access with SD-WAN

WAN Challenges

This large retail company with more than 500 Internet-connected sites uses cloud-based UCaaS, Office 365 and other cloud-based resources hosted by Amazon Web Services (AWS).

While Office 365 improved overall employee productivity, this company found that they lost control and visibility of traffic flowing from branch locations directly to cloud-based services. They desired to optimize application performance by steering traffic directly to the SaaS applications—therefore, not to backhaul traffic through the data center—but this impaired network efficiency as there was no longer a head-end performance bookend, the traditional role of the data center, for this cloud-destined traffic.

As the branch office sites were Internet-connected, they wanted to leverage cloud-based security, but found the integration complex and cumbersome to manage—integration with Zscaler required a VPN tunnel from each branch office site to Zscaler to enable cloud security services.

Another byproduct of their desire not to backhaul traffic through the data center was that each traffic flow from a branch site to each of the five AWS instances required a separate VPN tunnel. This created onerous VPN configurations and management: 500 sites, with 5 tunnels for each of the AWS instances results in 2500 tunnels to manage.

SD-WAN Solution Choices

A cloud-delivered, hosted management and gateway SD-WAN solution—the orchestrator and controllers are hosted in the cloud, along with leveraging cloud-based gateways already in place to front cloud applications such as UCaaS, Office 365 and AWS-based resources—improved the company’s application performance, significantly simplified their deployment, and enabled them to leverage Zscaler cloud security.

Instead of building individual VPN tunnels to Zscaler and each SaaS application, they now only needed to have a single VPN tunnel—automatically established by the cloud-based SD-WAN—from each branch site to the cloud-based SD-WAN gateway. This simplified a 2500-VPN-tunnel configuration down to 5 tunnels.

Traffic on the cloud-delivered SD-WAN is steered directly over the branch offices’ existing Internet connections to the SD-WAN gateways—already in place for the SaaS applications—to meet the company’s goal of not backhauling traffic via the data center. The cloud-based gateways also provide the bookend for optimizing application performance. The gateways act as a bridge between the company’s own network and cloud-hosted resources such as UCaaS, SaaS and AWS (current resources or new ones in the future), including all these pieces into a single, secure, virtual domain controlled by centralized access and security policies.

The hosted SD-WAN management solution delivered simple, one-click access to deploy new sites, to make changes to existing sites, to integrate with Zscaler security, and to add new cloud applications.

Benefits and Results

This company realized the following benefits from choosing an VMware SD-WAN solution:

• Leveraged a cloud-hosted management and gateway solution to achieve unprecedented control and visibility of traffic to SaaS applications.
• Enabled the integration of Zscaler cloud security for all sites in a matter of minutes.
• Optimized application performance access to Office 365 and AWS through the use of cloud-hosted SD-WAN gateways.
• Simplified the deployment of existing and new sites by providing instant security-over-Internet-connections, and simple, automated, VPN configurations.
• Reduced the requirement of 2500 VPN tunnels to 5.
• Dramatically reduced the cost and ease of security roll-out.
• Met the company goal of not backhauling traffic through the data center in order to enable security and performance optimization bookends, using Zscaler and cloud gateways instead.
• Positioned the company to easily add or change cloud applications and services in future based on business needs without complicating or compromising their network integrity or configuration.