VMware Secure Access

Additional Info

CompanyVMware
Websitesdwan.vmware.com
Company size (employees)10,000 or more

Overview

VMware Secure Access, a key component of VMware SASE, combines the consistent, secure cloud application access functionality of VMware SD-WAN with the capability of VMware Workspace ONE to allow only trusted devices and users to access applications hosted on-premises, or in the cloud.

VMware Secure Access can be deployed on-premises with UAG (unified access gateway) or cloud-hosted. In the cloud-hosted model, the tunneling headend capability is hosted in the VMware SASE (Secure Access Service Edge) PoPs, terminating sessions from Workspace ONE clients. This allows quick scaling and redundancy of the service. Traffic coming from Workspace ONE users can be chained with other services such as Cloud Web Security within the SASE PoPs, for additional security.
In addition to flexible deployment options, VMware Secure Access provides:
• Identity driven access: VMware’s Zero Trust solution combines network security with user and endpoint context. Access can be scoped based on attributes and risks detected by Workspace ONE to ensure least-privilege access.
• Enhanced performance and comprehensive security: VMware provides the option to combine Workspace ONE as a Unified Endpoint Management (UEM) solution and VMware SD-WAN. Workspace ONE users can connect to the Secure Access service, either through the Internet or via the SD-WAN Edge appliance. These industry-leading VMware solutions deliver best of breed connectivity and security from the endpoint, whether in a branch, at the user’s home, or in a remote setting, to applications by handling client transport security (WS1 Tunnel), worldwide PoPs as well as network optimization.

How we are different

VMware Secure Access addresses very important enterprise concerns with:


1. Consistent, always-on, intrinsically secure access: With VMware Secure Access and Workspace ONE’s Zero Trust Network Access (ZTNA), a user will always be connected to enterprise applications. ZTNA vets/grants users and devices policy-based access centered on user and device identity for each connection. If the user is within the branch/corporate network, the VPN service will automatically be paused. If the user works from “anywhere” and tries to connect to their administrator-allowed applications, the network connectivity will transparently and automatically be applied with secure trust established with the device, and additional authentication can be applied as needed. Customizable per-client application policies can be fine-tuned to only bring what is needed to the remote access service, lowering user acceptance friction due to privacy concerns.


2. Productive work experience: The remote access client automatically connects to the closest VMware SD-WAN cloud PoP, and the user traffic (policy based) may be passed to a cloud firewall, web security service, to another enterprise branch/data center to an application or needed service. Only enterprise traffic will go to the enterprise site with SaaS/IaaS traffic being forwarded directly to Internet. This avoids latency inducing hair-pinned paths through an enterprise data center where strained VPN appliances might have been hosted earlier. As the traffic integrates into VMware SD-WAN, the benefits of its unique Dynamic Multipath Optimization™ (DMPO) will help protect the traffic against latency, loss and bandwidth contention.


3. Easy, Rapid Service Scaling for IT teams even in multi regions: Routing policy, security controls remain in the hands of the enterprise while the VMware SD-WAN cloud service handles scaling, management, upgrading and multi-region VPN service presence. The easier, productive user experience and the offloading of the service allows IT teams to focus on other critical tasks for the business.