VMware Keeps Employees Productive from Home in Historic Pandemic with VMware SD-WAN

Keeping the workforce connected, productive, and agile

Like most leading enterprises, VMware relies on its WAN infrastructure to keep its 30,000+ employees connected, collaborative, and productive all around the world. The foundation of its critical business processes, the WAN, is in a constant state of motion, with IT driving continuous improvement. When existing infrastructure began to show its limitations, VMware realized that strategic changes were required.

“Our traditional WAN architecture was too expensive to maintain,” said Swapnil Hendre, Director of Solutions Engineering and Design at VMware. “All our sites were connected via MPLS, which is about three times more expensive than the Internet circuits. We also faced availability challenges, where some sites had single points of failure.”

The WAN also faced management and agility issues. “Our WAN infrastructure has about 60 sites, and administering them was painful, because we had to manage and maintain them separately,” said Hendre.

Fortunately, VMware’s IT team already had access to a solution right at its fingertips. “We realized that all of these challenges can be addressed by deploying VMware SDWAN,” said Hendre. “Since SD-WAN enabled us to use the Internet as a transport for branch-to-branch communication, we could eliminate the single points of failure associated with our MPLS architecture and take advantage of all the transport methods available to us.”

Migrating to SD-WAN would also enable VMware to take advantage of broadband Internet links for its enterprisegrade WAN, to dramatically reduce costs. “Over a period of time, we could even eliminate MPLS completely, to see a significant cost savings,” said Hendre.

Perhaps best of all, VMware SD-WAN unlocked new levels of business agility and optimized performance, enabling the company to move fast, innovate faster, and stay ahead of competitors.

“QoS can be set up very quickly, and with the VMware SDWAN Orchestrator, we were able to provide single-pane-ofglass management for all our SD-WAN sites across the globe,” said Hendre. “This allowed us to deploy consistent business policies and QoS, as well as consistent business profiles across the enterprise. And it helped manage and maintain our WAN infrastructure much more efficiently.”

Redefining workplace flexibility in a global pandemic

After making significant progress launching its SD-WAN deployment, VMware faced new challenges in early 2020, when the COVID-19 pandemic hit. The company had to move fast to accelerate its support for a hybrid work from home initiative.

Initially, KLM was not seeking internet circuits as a way to augment its existing business infrastructure. Its primary objective was to maximize the existing bandwidth it was currently using with MPLS. As part of its due diligence, KLM evaluated many solutions that claimed the ability to optimize available circuits, such as WAN optimization technology, but none were able to deliver on their promises.

“To help ensure the safety of our employees, a decision was made that everyone would start working from home,” said Hendre. “This resulted in a surge of Internet demand, and introduced some performance issues like latency, packet loss, and jitter, which degraded performance for businesscritical applications. It was also difficult to prioritize business-critical applications in the home, when families were using the same connection.”

When the pandemic escalated, Hendre and his team realized that they could extend all the benefits that they had experienced with their SD-WAN data center deployment to home workers.

“We initiated two proofs of concept,” said Hendre. “The first provided a fast on-ramp to the cloud for our colleagues working from home, so they could access SaaS services, such as Zoom, Office 365, and Horizon,” said Hendre. “We deployed VMware SD-WAN Edges in employees’ home networks, and created business policies in the VMware SDWAN Orchestrator, ensuring business critical applications would enjoy higher priority over non-critical applications.”

The intelligent SD-WAN approach enabled the team to take advantage of link remediation to help minimize issues like latency, jitter, and packet loss. If the Internet experiences performance or traffic issues, SD-WAN can proactively discover the issue and duplicate packets, reducing the need to transmit them again.

Maximizing security and privacy in work from home environments

The second proof of concept was built on the cloud on-ramp to support employees connecting to VMware using a VPN. For this use case, an SD-WAN hub provides connectivity from the SD-WAN site to the non-SD-WAN site. To keep sensitive employee communication safe, the hub is integrated with a network access control (NAC) solution.

“Security is very critical in any situation where we've provided access to our environment,” said Hendre. “To implement this securely, we ensure that only colleagues with a certificate will be able to authenticate and connect to the VMware network.”

“Once the connection is established between the VMware SD-WAN Edge and the SD-WAN hub, it will present its own certificate, and that certificate will be validated by the NAC solution,” he added. “After the certificate is validated and the three-way handshake is established, access will be granted to our user, and they will get a VMware SSID at home. The rest of the benefits remain the same. We still provide the connectivity to the business-critical applications via SD-WAN gateway, and the non-business critical traffic is sent direct.”

Privacy was a top concern as well, because many employees would be working in environments with a shared Internet connection.

“We were concerned about deploying the devices at our colleagues’ homes, and what would happen if other members of the household wanted to access the Internet,” said Hendre. “Since the traffic that routes through the SDWAN Edge and goes through the SD-WAN Gateway is inspected and routed, we needed to maintain the privacy of others in our colleagues’ homes. VMware SD-WAN lets us create a private segment with a different SSID. If you connect to that, your traffic is not inspected at all, and it completely bypasses the SD-WAN overall topology, going directly to the Internet without any inspection.”

Using VMware SD-WAN also allows the VMware SD-WAN Orchestrator to prioritize employees’ business traffic over other traffic, such as online classes or streaming entertainment, improving connectivity for work applications.

Improving performance to keep a flexible workforce productive

Extending the VMware SD-WAN solution to support its hybrid remote workforce produced some immediate benefits. Initial tests showed that employees working from home can take advantage of more consistent connectivity— for improved productivity and fewer instances of frustrating downtime.

“We asked the Tolly Group to evaluate and validate our VMware SD-WAN performance,” said Hendre. “Since we rolled out VMware SD-WAN, approximately 88 percent of our degraded network time has been mitigated. That translates to approximately 10.5 hours of total degraded network time per user, per month, which is significant. Without SD-WAN, our users would have experienced substantial service degradation.”

“And as time goes on, we expect to see more availability improvements,” he added. “Our initial results were based on users utilizing a single ISP, but over time we expect our colleagues to work with more and more ISPs.”

Communications quality has improved as well, thanks to the ability of VMware SD-WAN to remediate packet loss by dynamically sending duplicate packets. Tests by the Tolly Group showed that even with 10% packet loss, the voice quality on the VMware SD-WAN protected link was still rated as good (over 3.50) according to the mean opinion scores (MOS) scale.

“We found that VoIP calls experienced a quality improvement of almost 45 percent, all on a single band link. When it came to downloading a file at home, VMware SDWAN delivered a download time improvement of approximately 71 percent,” said Hendre. “Downloading a 215 MB file without SD-WAN would take about 13 minutes. With SD-WAN, users could complete the operation in about three minutes.”

Hendre and his team recently completed the rollout of the SD-WAN work from home solution to 16 countries, and more than 2,000 users. The data center rollout continues in parallel with the work from home solution. VMware is not only experiencing improved workforce agility and flexibility, but major cost savings in the data center that will only continue to grow.