First of all big thank you to VMware Hands-On Labs resources, they are great and a very cool way to use for demonstrations and Learning
Lets talk about VMWare SD-WAN by VeloCloud, a company that was a acquired by the virtualization giant back in December 12, 2017 – The company was initially founded in 2012 and had a very successful run on their own and now operate as the SD-WAN arm of VMware.
VMware SD-WAN by VeloCloud – The components
- (VCE) VeloCloud Edge
- Virtual Edge
- Hardware fulfilled by Dell
- (VCG) VeloCloud Gateways
- Cloud on-ramp to the SaaS provider
- (VCO) VeloCloud Orchestrator
- Management, Configuration and Monitoring Portal
Hands on Lab
If you are as curious as I am, feel free to take a look at the VMware Hands on Lab – once you look for the HOL-1940-01-NET – VMware SD-WAN by VeloCloud. The labs are HTML5 ready, so you can play with the demo from your browser and so far nothing to install in my case
The VCO (Velo Cloud Orchestrator)
This is what is sold as the brains of the operation, all management, configuration and monitoring is suppose to happen here.
For Monitoring of the solution, you have visibility of the actual VCEs (VeloCloud Edges) configured in the solution, as well as some useful information like the links availability and their locations on the map.
The VCE (VeloCloud Edge) Configuration from VCO
VCEs can be configured directly from VCO when going to Configure –> Edges | This section displays the list of VCEs currently configured, at the top there is a New Edge button which we will use to create our first VCE
What this will do is create an email and sent to the contact Email specified when creating the VCE, this is then used by the receiver to activate the unit. This is what the “Zero Touch” mechanism is going to use, which is pretty cool! – however the user still needs to enter to a console and add the activation Key
Many more things can be configured in the VCE that we just created, so lets explore it a bit
VCE – Policy Configuration
One of the things that I’m most interested in is the application of the policies, lets dive into them
Lets configure a rule, very simple you can pick your source, destination and application, I was able to find Office 365 under the Business Collaboration Section. As you can see for QoS you can select a DSCP and match traffic based on QoS markings
The actions associated with my rule seem very easy to understand, so lets look at the most important
- Priority – Not too much too explain on this one, set it up to low priority if you want to piss some people off!
- Rate Limit – Once you click this one there is an outbound/inbound box that you use to enter how much bandwidth you want to provide.
- Link Steering – This one is based on one of their published features, which is intended to decide best on performance which link to use.
Now that was only the Policy from the point of view of my individual VCE, but in case you are looking to implement a standard Policy, you will have to go to Configure — Profiles and then Create your configuration Profile.
These configuration profiles are templates to take care of the following pieces of information from VCE o VCE:
- Device Configuration
- Business Policies
- Firewall
The Firewall
The Firewall capabilities on the VCEs are limited to regular Inbound/Outbound Rules and Allow/Deny type of scenarios, so there is no Next Generation Firewall embedded into the technology or anything of that nature.
VMware SD-WAN by VeloCloud uses technology partners to deliver multiple service
- Zscaler
- Palo Alto
- ForcePoint
- Fortinet
- CheckPoint
- IBM
- VMWare
Zscaler and Palo Alto are the only ones that seem to have a play that involves SD-WAN with VeloCloud, but the other I’m not so sure about the scope of the integration.
If you want to find out more about integrations with Zscaler and PaloAlto for VeloCloud tale a look at the following 2 links
What to look forward to?
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.
Pingback: SD-WAN Series – The Components (SD- WAN Series: P1) – Collaboration Engineer