Network Segmentation

Segmentation is used in the data center, but it’s also needed on the WAN.

Segmentation enables a comprehensive, zero trust model for applications delivered over the network. It delivers consistent control over the network and application workloads. Segmentation needs to extend out to the branch locations for an end-to-end solution. SD-WAN makes this possible.

Segmentation: A Brief Review

SD-WAN can provide policy-driven network segmentation and security by user and data type from remote locations to the data center.

Segmentation is the process of dividing the network into logical sub-networks using isolation techniques on a forwarding device such as a switch, router, or firewall. Network segmentation is essential when traffic from different organizations and/or data types must be isolated. While there are many benefits to segmentation implementing it has been difficult using traditional methods.

There are many use cases for segmentation:

  • Line of business separation by departments for security/audit
  • User data separation: guest, PCI data, employee traffic
  • Enterprise uses overlapping IP addresses for different groups
  • Carrying segmentation to VPNs for connecting off-network sites

Segmentation: An Assessment

Network segmentation is essential when traffic from different customers and/or business entities must be isolated from each other. Full support for segmentation includes the isolation of management, control and data plane traffic.

Organizations are using applications in the enterprise data center and the cloud and expanding application access to more user groups. They need a way to easily isolate application traffic based on policies by organization and data type to ensure security and compliance.

Organizations need to have a system that provides centralized management of network segmentation that can be applied within the data center to support distributed applications and that can be applied over the WAN to ensure continuity as applications are delivered to remote users.

Segmentation over the WAN

Organizations can enable the creation of separate and unique topologies and rules for each segment, and the segments are carried forward the entire network seamlessly.

VMware SD-WAN by VeloCloud provides easy to configure segmentation across the WAN. Segmentation can be enforced by organization, by data type and location. Organizations can isolate guest and employee-facing application. Payment card data can be isolated for PCI audit compliance. Overlapping IP addresses can be provisioned to support acquired organizations. VMware SD-WAN provides a complete solution for segmentation over the WAN.

VMware SD-WAN can work together with NSX Data Center to enable segmentation end-to-end inside the data center and from the branch office to the data center.

NSX Data Center and VMware SD-WAN accomplish this entirely in software from a centralized controller, making segmentation policies automatable, adaptable, and flexible, so that security is as agile as the applications it protects.

Ready to learn more?

SD-WAN Delivers Automated Network Segmentation for the Enterprise

White Paper

Traditional methods of segmenting the network are no longer optimal, but with SD-WAN, enterprises are able to automatically and seamlessly extend segmentation across the network. 


Secure and Reliable Cloud-Delivered SD-WAN

Technology Brief

VMware SD-WAN by VeloCloud™ incorporates a distributed network of secure service gateways and SD-WAN orchestrators.


The Future of Retail: SD-WAN Is a Critical Component

Analyst White Paper

The seismic effects of digital transformation are reshaping the retail world. Many retailers are starting to use technology to enhance the customer experience.

VMware SD-WAN by VeloCloud™ Vision, Differentiator, Future 2018

VeloCloud founders Sanjay Uppal and Ajit Mayya share how VMware SD-WAN by VeloCloud has become an SD-WAN market leader, what is its differentiator, and what the future of SD-WAN holds.

Deploy VMware SD-WAN by VeloCloud in 2 minutes!

Receive your VMware SD-WAN Edge, plug in, and authenticate — your branch is up and running without IT involvement on site.