Editor's note: This article is part seven in a series that looks at SASE vendors and their platforms. These vendors were chosen regardless of size or ranking. Instead, they were selected based on enterprise interest and competitive bids that our expert has encountered while consulting customers.
When people think of virtualization and IT, most of them also think of VMware. So, it's no surprise that network professionals planning to virtualize their networks include VMware on their list of vendors.
VMware has stitched together a broad Secure Access Service Edge (SASE) offering that ticks all the right boxes. Does that then make VMware the SASE answer to enterprise networking and security challenges? Let's find out.
What is SASE?
As we've discussed in previous articles, SASE represents the convergence of networking and security capabilities. It's ideally delivered as a cloud-native service instead of using edge appliances that are common to IT.
While SASE encompasses about a dozen security capabilities, the focus is less on a feature-by-feature comparison and more about reducing complexity through integration. This integration enables IT to deliver consistent, accurate and high-performance security and connectivity to users globally with minimal administration and overhead.
It's that last part that's so important -- minimal administration and overhead. The capabilities SASE vendors provide are nothing new. We've long had firewalls, cloud access security brokers (CASBs) and the rest of the lot. What is new is the convergence of those technologies into a global, cloud-delivered service architecture. Those changes make for a revolutionary approach in the way SASE connects and secures the enterprise.
Components of VMware SASE Platform
VMware documentation describes VMware SASE Platform as a cloud-native platform that brings together cloud networking and cloud security "to deliver flexibility, agility, protection and scale for enterprises of all sizes." The company says it's unique in how its points of presence (PoPs) act as an on-ramp to SaaS and other cloud services.
Several VMware products comprise the VMware SASE Platform. To connect into VMware SASE, sites run VMware software-defined WAN (SD-WAN) edge devices; remote users connect through VMware Workspace ONE. VMware claims both options comply with zero-trust network access (ZTNA) principles.
The VMware SASE PoP strategy includes the following components:
- VMware Secure Access enables ZTNA-based access.
- VMware SD-WAN Gateway provides cloud access. VMware claims more than 3,000 cloud gateways are available in hundreds of PoPs worldwide.
- VMware Cloud Web Security integrates secure web gateway (SWG), CASB, data loss prevention (DLP), URL filtering and remote browser isolation (RBI).
- VMware NSX Cloud Firewall provides next-generation firewall (NGFW), intrusion prevention systems and intrusion detection systems.
In addition to VMware SASE Platform, the vendor offers VMware Edge Network Intelligence, which uses AI for IT operations (AIOps) to provide end-to-end visibility from the WAN to the branch and LAN.
As with Palo Alto Networks' SASE, the VMware SASE Platform appears to check the right boxes required to be a SASE platform. Yes, it has SD-WAN and is secure access-compliant with ZTNA. It also offers NGFW, SWG, CASB, DLP and RBI. The company's gateways are an important asset to bringing SD-WAN traffic closer to an organization's cloud instances.
VMware's SASE offering feels stitched together, however, a result of discrete acquisitions to create a SASE brand. The vendor added services over time: SD-WAN from the VeloCloud acquisition; mobile application management from AirWatch; endpoint and cloud web security from Carbon Black and Menlo Security, respectively; and others.
The PoPs touted by VMware are different than what we've seen from Cato Networks or Aryaka, where PoPs comprise a global private backbone that could replace an organization's WAN. VMware's 200-plus PoPs are often hosted in large data centers, such as Equinix, and provide connectivity to cloud applications and cloud data centers. Enterprises connect to those PoPs, and their traffic is routed to applications. For traffic to traverse regions, customers might need to use a third-party provider backbone.
VMware SASE uses the same cloud-hosted orchestrator for SASE services, including WAN, remote access, security and AIOps. But VMware's stitched-together approach brings along some of the complexity and costs that have long marked IT purchases.
Lots of features but not a lot of SASE
VMware SASE certainly provides many capabilities and offers integration with third-party security vendors. But enterprises expecting something new are likely to be disappointed. VMware's option is currently more like a custom product integration than a converged SASE platform.
Editor's note: This article was updated to reflect changes in VMware SASE capabilities and information.