VMware: A Virtual Edge Solution for Managed Branch Services

vCloud NFV is an open, carrier-grade NFVI platform. It delivers a tightly integrated solution with virtual compute, storage and networking resources coupled with intelligent operations and management capability.

Viptela SD-WAN has achieved VMware Ready Status for NFV. SD-WAN solutions, on vCloud NFV, enable service providers to deliver elastic bandwidth, advanced services and greater flexibility in terms of cost and QoS. The Viptela SD-WAN platform opens up new opportunities for service providers by unifying WAN connection management (MPLS, Internet and 4G/LTE), segmenting traffic, providing zero touch provisioning and supporting application aware routing for enterprise customers.

This webinar will highlight the key elements of vCloud NFV and SD-WAN in providing a fully packaged solution for Service Providers including:

  • How to accelerate and automate instantiating, provisioning and managing of virtual network services (including SD-WAN)
  • Deliver carrier-grade network availability and multi-tenancy
  • Provide advanced networking and security VNFs including switching, routing, QoS and monitoring
  • Enable single pane of glass visibility, monitoring and policy based automation


ariful huq
Ariful Huq Head of Product Management, Viptela
vanessa little vmware
Vanessa Little Sr. Manager of Global NFV Ecosystem Architecture, VMware


Ariful: Hey, my name is Ariful Huq. With me I have Vanessa Little from VMware. I am part of the product management team here at Viptela. Vanessa is actually part of VMware. She leads the global NFV ecosystem architecture. She actually interfaces with companies like ourselves to bring in the NEV ecosystem at VMware.

We have a very exciting presentation for everyone today. The topic of discussion is around the SD-WAN capability and the branch together with the VMware vCloud NFV Platform. We’ll probably get started right now. The way the presentation will flow is Vanessa is actually going to start talking about what VMware is doing in this space – talk about the VMware vCloud NFV product. Then I’m going to step in and talk a little bit about what is the combination of VMware product at Viptela and what we’re actually doing from a go-to-market solution perspective. With that, I’ll actually let Vanessa take it away. Vanessa, go ahead.

Vanessa: Thanks, Ariful. Hello, everyone, I’m Vanessa Little. As Ariful mentioned, I lead the integrated solutions for all of our ecosystem partners here at VMware, particularly in the NFV space. I’m going to go into some details about the VMware platform for vCloud NFV – some of its benefits and some of the technical capabilities. Then we’re going to discuss how that interleaves with the Viptela SD-WAN solution. If you have any questions at any time, there is the question capability in the BrightTALK presentation platform. Please type your questions in. Ariful and I will try to address them as they come up, and we will leave some time at the end to address them, as well. So feel free to ask as many questions as you’re able to.

The SD-WAN market drivers are getting more and more popular every day. We see there are mobility use cases. We have adoption-to-cloud use cases, and the enterprise adoption. What we mean by this is, as the enterprise opportunities need to consolidate their networks, integrate branch offices, the complexity of those networks and the ease and capability of deploying and maintaining these networks gets more and more difficult, more and more cumbersome, and more and more expensive as time goes on as new services are added – or security capabilities, et cetera.

The opportunity for SD-WAN right now is perfect. When we look at SD-WAN as a primary [end-use] case as compared to other use cases within the NFV case, SD-WAN is hands down the most popular use case being deployed in NFV deployments today. This is what we’re seeing both at VMware as well as across the entire industry.

The transition from traditional legacy WAN with hardware-based appliances to SD-WAN networking has a number of challenges. The legacy WAN has expensive bandwidth, complex WAN infrastructure, data-center locked dependencies, hardware-locked dependencies, unpredictable application deployment, the physical hardware dependencies, complex integration for monitoring telemetry, and the list goes on and on. I’m sure this is not news to anyone who’s watching this presentation today, because you are members of an SD-WAN conference.

When we look at what the benefits are for service providers who want to offer an SD-WAN solution to enterprises as a value-added service, it addresses all of the needs for growth. It addresses reducing operational costs so that service providers are now able to offer very robust, very integrated solutions with a number of different value-adds that are service chained-on, like firewalling, BPN, even Dropbox-type capabilities at a much lower cost than they could do it traditionally with hardware-based appliances.

It also eliminates the network management complexity, because you can now centralize all of your monitoring telemetry deployment management in central dashboards in one data center – maintain a very large network of customers that are all segmented from each other, all very elegantly in one common interface. This also provides a very firm and robust capability to add additional value-added services as time goes on by either integrating with other ecosystem partners or new capabilities that are coming out of companies like Viptela every day.

Ariful: Vanessa, at this moment we want to put out one poll question as you go through this so folks can start looking through the poll and voting. I’m going to start a poll real quick here. You can keep going Vanessa, but we’ll see some of these votes come in.

Vanessa: Okay. The SD-WAN deployment options – there are two we see most commonly at VMware. What we’re going to dig a little deeper into today with Ariful is the [branch-edge] use case. You’ll see from the diagram here that you have a centralized office where the main data center is located. Then you extend that network out to a branch office by leveraging the virtualization capabilities of VMware as well as including the virtualized network functions in Viptela. The virtual aggregation edge is also a feasible use case but a lot less popular in the market today. It’s included here for your reference as a possibility by leveraging these technologies.

The core platform that all this runs on is vCloud NFV. What this is is a suite of different software offerings from VMware combined in a very specific reference architecture and deployed and tuned specifically for NFV use case. The various components of this may be familiar to some of you. Those are standard vSphere or ESX virtualization compute platforms. There’s virtual SAN that virtualizes the disk offering. That’s an optional component of the deployment. NSX, which is Vmware’s SDN component – our software-defined networking…

Then we have two options for the virtual infrastructure manager. There’s vCloud Director, which is a complete, fully featured, multitenant VIM solution. We also have VMware-integrated OpenStack, which I’ll touch on a bit later, which is a completely supported OpenStack implementation that runs on the VMware ESX hypervisor. We offer those two options, or they can be run in parallel for your NFV deployment.

The other value-add that VMware brings to the table that really differentiates this platform are our vRealize operation suite. What that is is a very robust monitoring and managing suite with a fully featured API to extent and develop against it, as well as a very robust web-based interface to be able to have a single pane of glass view of what is happening in your infrastructure, what’s happening on your network, how your systems are performing, and where faults are located. Combined with vRealize Log Insight, which is our log aggregation platform, it gives you the ability to determine root-cause analysis in a number of clicks, as opposed to hours of forensic work by pouring over different logs in various systems.

Finally we have our vRealize Network Insight, which is a new product for VMware that integrates seamlessly with our NSX platform to give you detailed analytics on exactly what’s happening with your network as a package traverses your virtualized infrastructure.

The vCloud Director is one of our VIM offerings that I mentioned. The core features are it’s got a flexible UI and GUI combined with a very fully featured API so that it could be combined easily with management and orchestration platforms, or the UI could be used directly to manage your cloud infrastructure. It’s able to do different types of workload quality of service so that you can… You have a lot of flexibility to define certain pieces of infrastructure that are only leveraged by certain VMs. You can set affinity and anti-affinity rules to avoid collision. You have a number of extensibility options to be able to do things that are not standard, out-of-the-box features with this platform by a matter of a simple configuration or API extension.

Then we also have the very tight integration with NSX, where both the networking overlay as well as the VM deployments are all orchestrated from one common interface. It makes it a lot easier to not only build out these infrastructures but automate and manage them all from a centralized, seamless location.

Ariful: Vanessa, we’ll just pause for a quick moment here and go through the poll results. The first poll was, how seriously would you consider virtualizing your branch element? Sixty-three percent of respondents mentioned that yes, they would consider it as medium priority. Thirty-six percent of the respondents said it is high. Thank you for that feedback.

What I’ve also done is started the second poll. The second poll relates to how you would consume a virtualized branch solution. What we mean by that is there’s a couple ways you can do that. You can either do it yourself – so if you’re a large enterprise and would like to go ahead and deploy a virtualized branch solution yourself that would be relevant to you, would you consume it from a [unintelligible 00:10:43]? For instance, you would go to a large [201] carrier or [23] carrier and essentially have them offer a managed solution for the virtualized branch. Or it could be not relevant to you. The second poll is out. Keep those votes coming. Go ahead, Vanessa.

Vanessa: Thank you. The other VIM that is a possibility in the VMware vCloud NFV stack is VMware Integrated OpenStack. For those of you who are familiar with OpenStack, this platform is a fully featured, complete, OpenStack implementation with all of the OpenStack APIs exposed, so that all of the previous integration work that you may have done with other versions of OpenStack are completely portable to this one.

What makes this so attractive to our customers is it’s fully supported. You have that carrier-grade deployment for your NFV workloads but still leverage all the capabilities of OpenStack and all the APIs and robust features that are available for it. Now I’ll pass it off to Ariful to discuss the Viptela solutions.

Ariful: Thanks, Vanessa. Now that we’ve heard about what VMware is doing as far as the product space – how it’s relevant – we’re actually going to talk about, in the next couple of slides, what Viptela’s role is here. What are we doing in the SD-WAN space? I’m just going to do a very quick introduction of the solution elements as it relates to Viptela and then go into a use case where VMware and Viptela are actually working together.

Just to do a quick introduction, the way the Viptela solution works is we have distributed forwarding elements – CPEs – that reside in small office branch, campus, data center, and even in public cloud environments. We’re capable of offering our solutions as a hardware or as a virtual network function. In this case, as far as this discussion goes, the most relevant piece is the fact that we offer it as a virtual network function that can be hosted on a VMware ESXi environment. So you have those distributed forwarding elements and can utilize any type of transport you want on the WAN going over internet MPLS 3G/4G/LTE, and you have a centralized control plane.

What we’re showing here is a centralized control plane that can be hosted in your environment. It you have a private data center where you’re utilizing virtualization technology today, you can certain instantiate our controllers in that environment, or if you’re going with a public cloud environment, that is fine as well. We offer the capability to host the controllers on Prim or in a public cloud environment.

Once the solution has been set up, really it’s all about defining the use cases, defining the business policies so this solution essentially uses dynamic routing across all your endpoints. We have security inherently in the solution. All your data going towards the WAN is actually all encrypted. We use IPsec to build an encrypted fabric across any transport. Our secure control plane actually resides over TLS, so even that is secure.

We offer a host of services, starting from service-chaining capabilities. We have QOS capabilities built into our devices. From an operational perspective, certainly this is a very easy to manage solution that has a single pane of glass. We have a management platform that actually gives you the ability to manage this entire solution through that portal.

Now that you have an understanding of what we’re actually offering in this space, we’ll really talk about what we’re doing together with VMware and what some of the use cases in this space are. Before I do that, I’m actually going to quickly turn off the poll here. We’ll go over the results, and then I’ll launch the next poll.

The deployment scenario that is most relevant relates to branch virtualization and secure connectivity to a data center. What I’m highlighting here is an instance where you have a virtualized branch platform. You’ve decided to go with a generic x86 platform at the branch. You have the VMware vCloud NFV solution residing on this x86 platform.

As Vanessa was highlighting, there’s a lot of capabilities that this solution offers. It’s not [suspicion] to just consider an x86 platform in the branch and throw in a hypervisor and assume everything works. Really what you need is the ability to manage that platform, manage the VM life cycle. Whatever you instantiate on a third-party platform, you need to be able to manage that VM. You need to do this remotely and need to be able to orchestrate third-party VNFs. If you have an SD-WAN router solution from us, that would be one VNF, but if you’d like to instantiate perhaps another VNF – so perhaps you make the choice of instantiating an IDS, IPS, or perhaps a firewall at the branch. You need the ability to be able to instantiate that, as well.

Really the VMware vCloud NFV solution offers the ability to give you an integrated solution on top of an x86 platform that does the VM life-cycle management, that does the VM orchestration. Then in the data center, that’s where your applications reside. If you’ve already gone with a VMware solution, you’re very familiar with the virtualization capabilities they offer in the data center.

Really what I’m showing you here is the ability to extend that virtualization capability from the data center all the way towards the branch. You can instantiate our [edge] solution at the branch. That’s certainly one of the goals. You’d like to extend segmentation from your data center all the way to the branch. There are a number of use cases related to this. We see a lot of our customers today consider segmentation and isolation a very important aspect of security. No longer is it efficient to assume that…

You want to make sure your applications that your users have access to are working in isolation. As you have more IP endpoints in your branch, you want to make sure those IP endpoints – if one of them becomes compromised, you’re not able to laterally move into another segment of your network. Being able to segment those endpoints at the branch becomes very interesting.

What I’m showing you here is you can do VPN segmentation on the branch device. I’ve highlighted VPN-A and VPN-B. You’re extending that VPN segmentation all the way to the data center. Within that data center, you’re terminating on the edge device that resides as a gateway. You can do VLANs, or perhaps if you’re already going with other virtualization techniques within the data center, like a VXLAN overlay, that can be your way of virtualizing within the data center, but extend that through VPN segmentation all the way towards the branch.

You can deploy this solution in a completely transport-independent manner. You kind of do this across an MPLS internet 3G/4G/LTE solution. Viptela builds the complete, secure IP fabric between the branch and the data center – does the end-to-end segmentation. Really the play from VMware’s perspective is it’s giving you the platform. It’s giving you the ability to instantiate the SD-WAN router solution at the branch remotely. It’s giving you the same solution that can be deployed in the data center to virtualize your application. Really it’s a [best-of-grade] solution Viptela and VMware can offer from your branch all the way to the data center.

That ends what I was going to talk about. I’m going to start the next poll here. The next poll relates to how important it is to extent application segmentation from data center to branch – so really what I was talking about here, related to extending segmentation from your data-center branch. Really we want to understand how important this is. If you’ve already been doing it, let us know. I’m going to hand it off to Vanessa. She’s actually going to take this to conclude the presentation.

Vanessa: Thanks, Ariful. The enterprise benefits to deploying SD-WAN – we touched on this a little bit at the beginning of the presentation, but I just wanted to reiterate some of these here. It really does future-proof your platform and allows scalability and a really flexible architecture, so that you can add new services almost on the fly, or dynamically as you need them. This gives you the best leverage for your hardware footprint. You use only the hardware that you desperate need to and no more. It gives you the ability to have an elastic environment to spin up new services as you need them and tear them down as you don’t. When combined with some of the more fully featured orchestration platforms, you can even do this automatically.

The VMware platform offers a number of different APIs to be able to build out and customize this type of capability. It leaves you a number of different possibilities to make an SD-WAN deployment that works the best for you. You can also centralize your cloud management. By leveraging a completely virtualized platform that’s virtualized all the way to the endpoints, you now can push all of that type of management capability into one centralized place, reducing your operational costs, reducing the number of people that you need to orchestrate and manage this solution, as well as have really deep insights into what’s happening in your network, because all of the monitoring telemetry is integrated. It gives you much deeper insights that you normally would’ve had with an appliance-based solution, without having to build very difficult, very complex monitoring solutions on your own. It gives you the flexibility for growth and network agility.

If you need to alter your network, reshape your network, or reconfigure your network to send different routes on different paths – even do things as far as, at certain times of day, changing your network routing – base it on the type of protocol, the quality of service – all these capabilities are now available to you by putting the Viptela solution on top of the VMware platform because they integrate so well together.

Being able to build in these capabilities and automate them is easier than it’s ever been before, especially when contrasted with the way it was traditionally done with appliance-based networks, which typically involve pushing new configurations and testing those configurations to an appliance. It was all a lot of manual intervention.

Now we have the ability to deliver secure and policy-driven access in cloud services, private data centers, and enterprise applications, as well as hybrid-cloud environments. Now we can make the most out of the hardware footprint that we’ve already invested in, because it’s all x86-based, but you can also burst into cloud-based environments and push those services that are less latency intense into less expensive cloud services, or those workloads that are only temporarily required can be pushed into cloud-based infrastructures like Amazon AWS, et cetera, and still be a part of your seamlessly integrated SD-WAN network.

The VMware NFV platform combined with the Viptela solution really removes the key barriers for business transformation when it comes to SD-WAN. We make it really easy for companies to adopt it. We offer a very reliable platform. It’s deployed in over 70 NFV implementations worldwide and growing every day, as well as we work very hard on our interoperability.

Viptela is one of our flagship telecom, technology-aligned partners. They’re one of our certified VNF partners. At the time this deck was created, there were 15. We’re now up to 26. That’s how rapidly that we’re adding these types of certified partners into our ecosystem. What we mean by certified is we actually load these solutions into our own VMware labs and really put them through their paces. We make sure they will behave appropriately in a VMware environment. Then we put the VMware ready-for-NFV stamp of approval on them so that customers are able to deploy them with confidence, knowing this solution is going to be stable and has been pretested very thoroughly.

As I mentioned before, the solution is very extensible. We have the ability to have hybrid-cloud and cross-cloud implementations. We have the ability to dynamically push workloads to different clouds as it’s needed. We can scale in, scale out, and have elastic cloud capabilities into private and public clouds, all in one combined, seamless infrastructure.

The really differentiating capability of VMware is what we bring to the table in our operational intelligence management platforms. That’s what I touched on earlier with the vRealize Operations Management Suite Log Insight and Network Insight. These tools are very tightly integrated directly with the hypervisor to give you the most visibility possible into what your infrastructure is doing and why.

Finally, VMware is one of the only NFV providers to offer what we call carrier-grade support. That’s a support level on the platform where customers are actually offered [publishable SLAs] based on our requirements. This really speaks to what service providers require in a platform, because they are held to SLAs by their customers. For service providers to be able to offer this type of SD-WAN solution to their customer, doing it on the VMware platform gives them the comfort that they have carrier-grade support behind them to keep the platform stable and performing in the best way possible.

That said, we’d like to thank you for your participation in our presentation. We have some time for some questions now. I see one question just popped up. It asks, can you highlight challenges to deploying a solution? Ariful, did you want to take this one, and then I can weigh in at the end?

Ariful: Sure, I will. Absolutely this is a great question. From our perspective, really what we did was we got our solution working on the VMware environment. We actually had all our controllers working in the VMware environment for quite a while. Then we had ESXi support for our vEdge VNF, which was very simple – essentially making sure that we have support on the ESXi platform. That’s pretty much it, really, from our perspective. There were no specific challenges. It was just around making sure that all our elements work on top of the VMware environment and we were able to seamlessly interoperate and get the solution to work. Really the platform that VMware has built – making sure that we just have the right certification capabilities, the right hypervisor support – that’s sufficient for us to actually get this working. So it’s really a pretty extensible platform.

Vanessa: Just to add onto what Ariful mentioned there, one of the challenges that we always see in all [NFE] deployments is not necessarily getting it running or standing it up and having it deployed, or even doing the network cutover. The biggest challenge that we see is with companies actually operating the platform because it’s different from the traditional hardware-based appliance platform.

Now, there are a number of capabilities that are analogous in the VMware platform, but it’s important that companies actually spend the time to understand how virtualized platforms operate a little differently so that they can get the most out of it. What we’re seeing a lot of companies doing is just replacing a non-virtualized infrastructure with the VMware platform and then not really getting all the performance and capabilities out of it because they haven’t taken the time to learn what those features do. I would really say that’s one of the biggest challenges, which is really more of a business problem than a technology problem.

Ariful: Thank you, Vanessa. That’s very well put. We’d also like to just announce the results of the last poll from the audience. The last question was, how important is it to extend application segmentation from the data center to branch? Sixty-six percent of the respondents mentioned that yes, it is very important to extend application segmentation, which is very much in line and resonates with what I’ve been hearing from customers as well – the fact that you really need a way to do segmentation and isolation, not just within the data center, but being able to extend that seamlessly across a secure IP fabric all the way to the branch. Certainly the combined solution between Viptela and VMware places that message.

We do have a couple of other questions that are coming in. The next question is, what percentage of Viptela implementations were NFV deployments versus physical edges? Good question. I will kind of kick this off, and Vanessa, if you have any comments, feel free to jump in as well.

We’ve been shipping product for more than two years now. We have to admit, certainly there is a movement to doing branch virtualization, but again, branch virtualization in itself does require more than just being able to purchase an x86 platform and throw in a bunch of VNFs. As what Vanessa was highlighting, there are a lot of considerations you have to take. There are a lot of advantages to this approach, but those considerations have to be made.

For us, a large majority of our sales do rely on physical edges, but right now we are seeing the trend towards NFV deployments. We have a couple of [unintelligible 00:30:19] that actually are productizing our solution on top of a virtualized platform. Again playing to the question that I was asking earlier, how would you consume such a solution? [Unintelligible 00:30:32] are offering this solution, so we have a couple of service providers that actually are offering our software and our VNF riding on top of a virtual infrastructure. We do see the trend toward that, and we see a lot of our customers changing their silos. For instance, the network infrastructure team typically was not communicating with the compute team, but now those silos are being torn down. The network and compute teams do work together. We definitely see this as a trend, and we see this as something we’ll pick up moving forward.

Vanessa: Just to continue on that, we’re seeing the same thing from the VMware side, where we’ve previously seen physical edges as the predominant deployment but are seeing a very rapid shift towards virtualized edges. That’s specifically driven by this data center consolidation movement that we’re seeing globally, where the network team is now the same people as the infrastructure team and interface a lot more closely together in a seamless fashion. Because that’s getting easier and easier for companies to have deployed internally, they’re getting a lot more open to adopting the virtualized edges.

Ariful: The next question is, can you name any public references with vCloud NFV and Viptela? At this point we can’t name any public references. Some customers don’t allow us to make them public references, so we do not have any public references at this point. Certainly we will work towards making sure, as part of our go-to-market together, that we do announce a couple customers with specific use cases so it something that others can actually follow.

That is the last question we go. I think that pretty much concludes the presentation. I really appreciate everybody’s time here in taking the time to join the presentation and hearing what we have between Viptela, VMware, and the combined solution is offers. I hope you found this session useful. Please feel free to pose any questions through Twitter. You can tweet about this session as well. Definitely reach out to us if you have any followups. Vanessa, any concluding remarks?

Vanessa: No, just to continue what you said. Please feel free to reach out. You can go to vmware.com/go/nfv for more details on our platform. As well, reach out to us on Twitter, LinkedIn, and any other social media vehicle of your choice. Thanks again, everyone, for joining and spending time with us today.

Ariful: All right folks, take care. Thank you.

Watch Now