VMware SASE Solution Review

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

VMware holds the top spot in the SD-WAN market and builds on that status to deploy the VMware SASE offering built from best-in-class components. Additionally, VMware’s pioneering virtualization expertise has led to robust virtual network function (VNF) support that enables connections with a diverse range of third-party security tools.

For more details explore the following sections of this review:

To compare VMware SASE against their competition, see our complete list of top secure access service edge (SASE) solutions.

Who is VMware?

VMware pioneered virtualization software and helped develop our current IT environment. Founded in 1998, VMware has been subsequently owned by EMC and Dell, but went public in 2021 on the NYSE under the symbol “VMW.” In May 2022, Broadcom announced its intention to acquire VMware; however, the regulatory review process has delayed the completion of the acquisition.

VMware SASE

VMware built its SASE technology, recognized by Gartner as a Niche Player in the 2023 Magic Quadrant for Single-Vendor SASE, through the incorporation of various other technologies such as:

  • Carbon Black endpoint security
  • Menlo Security cloud web security
  • VeloCloud SD-WAN

Together, these components deliver the key SASE capabilities:

  1. Centralized control through a consolidated management console that provides a single interface to manage operations, security, and policies for the SASE environment and the associated physical and virtual appliances
  2. Monitored network status pulled from software defined wide area network (SD-WAN) capabilities that provide reports, artificial intelligence (AI) enhanced analytics, and control over network operations performance and security 
  3. Monitored user activity and data loss prevention (DLP) analysis through the VMware SASE secure web gateway (SWG) functions
  4. Inspected and decrypted traffic that blocks malware and malicious URLs through a centralized control and filtering through SWG and Firewall-as-a-Service (FWaaS) capabilities
  5. Controlled access to data and resources based upon user, device, and permissions through zero trust network access (ZTNA), SD-WAN, and next-generation cloud access security broker (CASB)
  6. Secured cloud-based assets such as applications, websites, and Software-as-a-Service (SaaS) resources through SWG and SD-WAN capabilities

The core VMware SASE subscription includes a bundle of VMware’s SD-WAN Edge, SD-WAN Orchestrator, and SD-WAN Gateway with Controller software. Customers then can incorporate VMware SD-WAN Edge appliances (physical or virtual) and optional add-ons such as payment card industry (PCI) compliance packages, external gateways, enhanced firewall service, and dedicated hosted components.

Remote users can access the SASE environment using the VMware SD-WAN Client agent which creates virtual private network (VPN) connections to the VMware SASE solution instead of backhauled connections through corporate IT infrastructure.

Customers can choose from 3 different levels of the solution:

  • Standard: Includes cloud orchestrator, dynamic multipath optimization, up to 4 data segments, up to 4 profiles, virtual services for NGFW Edge deployments, and hub to spoke auto VPN setup
  • Enterprise: adds up to 128 data segments, unlimited profiles, multicast routing support, automated edge tunnel setup via API to IaaS or third-party cloud security service, and dynamic B2B auto VPN setup
  • Premium: adds cloud gateway to SaaS and cloud security service without tunneling, non-SD-WAN cloud gateway connections, and automated gateway tunnel setup via API to IaaS or third-party cloud security service

For each solution, customers will need to select from one of 12 bandwidth tiers (10 Mbps – 10 Gbps), and 3 support levels (Basic, Production, Premier). Customers can also select one of four different deployment models:

  • On-Premise: Software VMware SD-WAN Orchestrator with software Gateway
  • Hybrid: Hosted or software VMware SD-WAN Orchestrator
  • Hybrid: Hosted orchestrator with software gateway
  • Fully hosted: hosted orchestrator and hosted gateway

Each combination will require various physical and virtual appliances to create the final SASE configuration needed.

Pricing & Delivery

VMware provides a pricing and configuration guide with no published costs but notes 1, 3, and 5 year contracts. Customers are encouraged to contact VMware directly or to go through reseller partners to scope out needs and determine pricing.

However, the different options for deployment suggest a very tailored and potentially confusing pricing. After all, considering the different tiers for the SASE subscription (Standard, Enterprise, Premium), the different service support options (Basic, Production, Premier), and the 12 bandwidth tiers, we have over 100 different potential price points.

To support the 12 different bandwidth levels, VMware offers 26 different Edge hardware configurations with initial purchase prices ranging from $550 to $10,000. Available hardware rental agreements can convert capital expenses to recurring operating expenses if desired. VMware lists 12 different Virtual Edge device configurations, but does not list the required cost or licenses to implement the virtual appliances.

The VMware SASE options start at $15,000 for payment card industry (PCI) compliance options and can reach $50,000 annually for dedicated hosted instances.

VMware does not list support prices, but does provide details on the support options for their software and hardware replacement. All software support is 24/7/365 by telephone and web-form customer service and includes all product updates. All levels of service include remote support, access to the VMware knowledge base, and unlimited requests.

  • Software support
    • Basic: Response times of 1 hour to 12 hours depending upon severity of the issue
    • Production: Response times of 30 minutes to 12 hours depending upon severity of the issue
    • Premier: Response times of 30 minutes to 12 hours depending upon severity of the issue; root cause analysis available for top severity issues upon request
  • Hardware support
    • Return (new device ships within 3 days of the request)
    • Next Business Day Replacement
    • 4 hour 9am to 5pm Replacement
    • 4 hour 24/7 Replacement
    • Optional onsite services for next day and same day replacement

Features

  • Full SASE Features: centralized control, monitored user activity, inspected and decrypted traffic, controlled access, secured cloud-based assets, and monitored network status and operations control
  • Vendor agnostic AI-enhanced IT Operations (AIOps) in VMware Edge Network Intelligence to provide self-healing ops performance, auto-discover end user and IoT devices, and monitor deviations
  • Multi-tenancy options for service providers or segregated business structures for compliance
  • Integrations with major cloud providers: Alibaba, AWS, Azure, Google Cloud, VMWare Cloud on AWS, Azure VMware Solution
  • Integrated remote browser isolation (RBI) opens web pages in a virtual environment and not on the user’s local device
  • VMware SD-Access agent supports Windows, MacOS, iOS, Linux, and Android devices
  • Robust virtual network function (VNF) support enables network compatibility with a large number of third-party security solutions

Pros

  • SASE Niche Player as recognized by Gartner in the 2023 Single Vendor SASE Magic Quadrant
  • Embedded multi-source inbound quality of service (QoS) in SD-WAN between global cloud services and users, enabling consistent WAN connections over MPLS, 4G/5G/SAT, and internet broadband
  • More than 200 PoP access points globally within 85% of the world’s metropolitan areas for less latency between users and point-of-presence (PoP) gateways to VMware SASE
  • Rapid cloud app access between branch offices and remote users for assured performance levels
  • Simplified WAN management thanks to zero-touch deployments, one-click service insertion, and simplified operation
  • Profile configurations speed deployment through standardized common parameters for a set of devices to reduce device-specific configurations
  • Full OpEx Option with available hardware rental agreements 
  • Uses familiar VPN technology to connect remote users to VMware SASE PoP without backhauling to local networks

Cons

  • No private backbone for high-speed SD-WAN connections; customers use public backbone resources or contract with backbone providers
  • Security functionality lags market leaders for data security and SaaS visibility and control
  • Advanced security options require additional products not controlled through VMware SASE such as Workspace ONE
  • Option overload can make it difficult to determine appropriate licenses and options required
  • VNF technology slows performance when used to integrate third-party solutions

Alternatives to VMware SASE

Organizations attracted to VMware likely already have an investment in VMware SASE or want the security of a prominent brand name. Other SASE solutions these buyers may want to consider include:

  • Barracuda SecureEdge: Barracuda offers a similar solution to VMware SASE but also offers options to bundle their leading email security to further protect remote users
  • Palo Alto Prisma SASE: Organizations seeking a full range of top-rated options for network operations and security may prefer Prisma SASE that also offers multi-tenancy
  • FortiSASE: Organizations already invested in FortiGate or other Fortinet offerings may find it easier to upgrade to FortiSASE and retain their investment in Fortinet appliances and training

How We Evaluated VMware SASE

VMware SASE is rated and ranked against seven other SASE competition in our top SASE providers article. That article explains the overall ranking and here we provide details specific to VMware SASE:

  • Overall Rating: 3.91 / 5 (#3)
  • Licensing Information: 3 out of 5 possible criteria
  • Monitoring and Managing: 5.46 out of 7 possible criteria
  • Asset Control: 4 out of 4 possible criteria (tied for #1)
  • Implementation and Administration: 3.9 out of 5 possible criteria
  • Customer Support: 3.12 out of 4 possible criteria

VMware SASE stands out as a leading brand name and one of the few multi-tenant SASE offerings. VMware can simplify deployment with bulk pre-configuration of classes of appliances and can support a large number of third-party technologies through expertise in virtualization.

Bottom Line: Best for Diverse Tech Environments

The return on investment (ROI) of a SASE deployment can be dramatically improved by integrating existing tool investments into the SASE solution. An organization already using VMware SD-WAN solutions or with heavy third-party tool investments will want to explore the VMware SASE as an option for possible upgrade to a full SASE solution.

Chad Kime Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required