SD-WAN Cut Costs, Sped Branch Connections

The challenge

As a major enterprise, VMware has global offices that need to be interconnected to deliver support for unified communications, disaster preparedness, and operational efficiencies. While state of the art when deployed, the traditional router-based WAN VPNs currently utilized as the connection backbone between offices (and headquarters) have proven prohibitively expensive relative to other operations due to the labor- intensive nature of updating configurations.

The solution

The answer came in the form of software-defined WAN (SD-WAN)—an improved approach to traditional WAN—made possible by the VMware SD-WAN solution. Traditional WAN routers and their architectures were designed for another era, one where mass adoption of cloud applications, services, and similar resources was not an issue. VMware SD-WAN was designed specifically to operate and support the cloud, enabling VMware’s offices to easily meet unceasing end-user demands while offering unprecedented flexibility and connectivity.

Take back the drawbacks

VMware SD-WAN eliminates the drawbacks inherent with traditional WAN. SD-WAN delivers reduced connectivity protection and link remediation, plus superior scalability and flexibility. CapEx-centric hardware, individual site-by-site management, and exclusive dependence on MPLS are no longer challenges. In addition, VMware SD-WAN is simple to deploy and maintain, whereas premises-based routers are exceedingly complex to install, upgrade, and maintain—as well as require a lot of handholding by highly trained, skilled, onsite technicians.

A truly different way of connecting

VMware IT replaced edge routers, increasing overall performance for end users with the proprietary VMware SD-WAN Dynamic Multipath Optimization (DMPO), and deployed a new WAN standard for branch offices by using the Internet alongside MPLS as an additional method of transport. Depending on demand and the circumstances of individual offices, several remote offices use only a single circuit rather than costly dual MPLS circuits.

Routers are unable to proactively optimize regular traffic before congestion becomes an issue, thereby ineffectively managing multi-service inbound quality of service (QoS). With VMware SD-WAN, IT team members simplified overly complex QoS policies and resolved previous QoS router issues.

Safe and sound

With VMware SD-WAN, intelligence moves from the data plane to the programmable control plane. This enables the architecture to be transport independent; operate across any combination of public or private circuits; and offer secure connectivity to enterprise data centers, cloud and edge compute, and software-as-a-service (SaaS) applications. Standards-based encryption (such as AES) provides secure connectivity over any type of transports, forming a highly secure cloud network. Devices are only granted access after authentication in the management plane and, if they fully adhere to assigned business policies, prevent a rogue player from infiltrating connections.

Start local, go global

Like any major infrastructure shift, VMware IT began its VMware SD-WAN implementation in phases, starting in October 2018, with the migration of the Chennai office in India. Three more offices in San Francisco, California; Colorado Springs, Colorado; and Coral Gables, Florida have since been deployed with SD-WAN, replacing existing edge and Internet routers for VMware SD-WAN Edges.

In the San Francisco office, DMPO allowed automatic link monitoring; autodetection of which service provider was in use; and autoconfiguration of link characteristics, routing, and QoS settings. Enhanced QoS, via the business policy, optimized the application behavior that drives queuing, bandwidth utilization, link steering, and mitigation of network errors. Overall network performance was enhanced, and IT was able to eliminate the MPLS single point of failure. In addition, substantial cost savings were realized due to the replacement of the existing edge routers. After the deployment of VMware SD-WAN, VMware IT observed a 200 percent performance improvement as it could use both links using the DMPO feature.

Similar results were achieved in Colorado Springs. MPLS and Internet circuits were migrated to management by VMware SD-WAN rather than routers, improving network performance and eliminating the MPLS single point of failure. By taking advantage of this second site deployment, the team was able to utilize all three network overlays when communicating between two sites enabled with VMware SD-WAN. This offered additional performance improvements as well as better reliability, results that mirrored the San Francisco metrics.

A fourth pilot program in Coral Gables went live with VMware SD-WAN. During this maintenance, IT teams migrated Internet circuits to VMware SD-WAN and replaced two edge routers. This solution provides improved network performance and allows connectivity to VMware sites without using MPLS. VMware will also be able to use overlays when communicating with the San Francisco and Colorado Springs VMware SD-WAN sites, providing improved performance and reliability.

Always trust your pilot

Data and metrics demonstrated that the pilot programs have proven successful, solving the networking challenges posed by the legacy architecture. Results included:

• The MPLS single point of failure was eliminated for Tier 2 sites.
• DMPO and forward error correction (FEC) prevented packet loss and eliminated reduced connectivity situations.
• Upload and download speeds increased by 200 percent by sharing capacity on backup links.
• Second site deployment enabled the utilization of all network overlays in a mesh when communicating between two sites enabled with VMware SD-WAN. This contributes to additional performance improvements as well as better reliability.
• VMware SD-WAN addressed the single point of failure for sites with a single MPLS line.
• VMware SD-WAN provided VMware internal connectivity for sites using broadband rather than MPLS.
• DMPO allowed the use of all available WAN transports.

Branch Office with VMware SD-WAN

Branch Office with VMware SD-WAN