VMware SD-WAN Zero Trust Service addresses the need to secure remote access for growing remote workforces. Credit: sd-wan VMware is boosting secure access for remote and mobile workers by mixing its Workspace ONE offering with its SD-WAN package. The resulting VMware SD-WAN Zero Trust Service promises to help enterprises handle growing distributed workloads for remote workers. The service also represents a big step toward secure-access service edge (SASE), a new secuity architecture with a growning portfolio of products across vendors that promise to blend SD-WAN networking and security technologies into cloud-based services. “The scope of SD-WAN is expanding to include remote desktops, laptops and mobile users and much of that expansion is due to the COVID-19 pandemic,” said Sanjay Uppal, vice president and general manager of VMware’s VeloCloud Business Unit. “There is a growing need for zero trust networks as companies don’t want to allow this influx of remote users to come into the network and go anywhere. IT needs to control device access to specific applications or containers.” Specifically, the VMware SD-WAN Zero Trust Service will be delivered through VMware’s service-node network deployed across more than 100 global locations, operated by both VMware and more than 120 telecom service-provider partners. It will also become part of its VMware Workspace ONE Intelligent Hub, which is used on millions of devices, Uppal said. According to VMware, the Workspace ONE platform securely manages end users’ mobile devices and cloud-hosted virtual desktops and applications from the cloud or on-premise. The remote-access client automatically connects to the closest VMware SD-WAN cloud PoP. Based on enterprise policy, the user traffic may be passed to a cloud firewall, a web security service, to another enterprise branch or data center, to an application or service that’s needed. The service employs split tunneling in which only enterprise traffic goes to the service; personal traffic gets forwarded directly to the internet. The idea is to avoid latency-inducing hairpinned paths through an enterprise data center where strained VPN appliances might have been hosted in the past, Uppal said. The service works with a variety of third-party services from vendors such as Zscaler, Uppal said. Routing policy and security controls remain in enterprise control while the VMware SD-WAN cloud service handles scaling, management, upgrading and multi-region VPN service presence, Uppal said. If users work from home or travel, the service establishes secure trust with their devices and grants access to authorized applications. The service supports multi-factor authentication, Uppal said. In the future the service will be integrated with AI-based network management and analytics that VMware recently bought from Nyansa. When VMware bought Nyansain January it said the technology would be targeted at boosting monitoring and troubleshooting for LAN/WAN deployments within its SD-WAN package. SASE on the rise The market behind SASE is growing, with VMware, Cisco and others including Palo Alto, Cato Networks, Fortinet and many more taking steps toward supporting it. Jeff Reed, senior vice president of product, Cisco’s Security Business Group recently wrote in a blog post: “The rapid adoption of SD-WAN for connecting to multi-cloud applications provides enterprises with the opportunity to rethink how access and security are managed from campus to cloud to edge. With 60% of organizations expecting the majority of applications to be in the cloud by 2021 and over 50% of the workforce to be operating remotely, new networking and security models such SASE offer a new way to manage the new normal.” At this point though vendors such as VMware and Cisco, while it is important that they support SASE concepts full-on, are still very early in the journey, said Lee Doyle, principal analyst at Doyle Research and Network World contributor. “VMware says VPNs are broken and hard to manage and don’t scale well; indeed its time for a new type of integrated, more cloud-oriented endpoint security and this new service is a good start,” he said. Related content news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news analysis Global network outage report and internet health check Cisco subsidiary ThousandEyes, which tracks internet and cloud traffic, provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz and Tim Greene Dec 06, 2023 286 mins Networking news analysis Cisco uncorks AI-based security assistant to streamline enterprise protection With Cisco AI Assistant for Security, enterprises can use natural language to discover policies and get rule recommendations, identify misconfigured policies, and simplify complex workflows. By Michael Cooney Dec 06, 2023 3 mins Firewalls Generative AI Network Security news Nvidia’s new chips for China to be compliant with US curbs: Jensen Huang Nvidia’s AI-focused H20 GPUs bypass US restrictions on China’s silicon access, including limits on-chip performance and density. By Anirban Ghoshal Dec 06, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe