VMware Explore was held last week in Las Vegas. While much of the show was focused on the company's bread and butter – virtualization – and multi-cloud, there were several networking sessions. VMware has built a strong network portfolio, particularly in the WAN, via the 2017 acquisition of VeloCloud.
One of the more interesting SD-WAN sessions was a case study with Nature Fresh Farms. The agriculture company operates a technologically advanced system of greenhouses in Canada, the U.S., and Mexico. In its different facilities, Nature Fresh Farms grows bell peppers, tomatoes, cucumbers, and organic strawberries. The independent produce grower uses the Internet of Things (IoT) and artificial intelligence (AI) to collect data from each location, which helps monitor sunlight reflection on the greenhouses and the health of 2.3 million plants, so the company is generating 1.8 gigabytes of data each week.
About five years ago, Nature Fresh Farms operated three individual plants, including two in close proximity with each other in Canada. Significant segmentation between the plants resulted in disjointed operations and a lack of communication among the plants. The grower initially implemented a corporate grade virtual private network (VPN) to address the connectivity challenges. The implementation was a typical hub and spoke design, which connects all branch offices and users through a central location. This is the most straightforward configuration but is sluggish and inefficient as all data is backhauled through a central location. This type of configuration is not ideal from a security perspective as VPNs provide open access to the entire network. This leaves them vulnerable to security threats quickly propagating across the network, requiring constant maintenance and updates.
Nature Fresh Farms then turned to VMware’s software-defined wide area network (SD-WAN) solution called SD-Access, which is point-and-click software that can be run on various operating systems (OSes) like PC, Mac, Linux, iOS, and Android. During a proof of concept for SD-Access, the grower set up a new sales office connection in hours, showcasing the solution’s efficiency.
“A lot of our customers wanted a lightweight, middle-ground solution, and that’s where SD-Access comes in. It focuses on optimizing network traffic. This solution uses a single WAN connection and then finds the best path for all the applications that you’re using,” said John Turner, director of SASE customer marketing at VMware.
SD-Access consists of several key components which are the:
- Client: The software that runs on any OS.
- Client Connector: Acts as a bridge between users and the resources they need, but it can also function as a VPN concentrator.
- Headless Client: This is software that does not require a user interface, making it ideal for IoT devices where there are limited configuration capabilities.
- Orchestrator: Helps manage configurations without being in the direct connection path.
- Relay: Assists in path discovery between clients and their desired resources, even if there’s no direct connection.
One major advantage of the solution is its on-demand nature. Connectivity tunnels are established as needed, ensuring optimal bandwidth usage. The system always chooses the most efficient route, depending on the resources being accessed, such as computeing, storage, and network services.
When it comes to security, users are categorized into groups and policies are defined based on those groups. This approach allows for precise access control. For example, a senior-level employee gets more access privileges than a junior-level employee. Traditional VPN clients connect users to the network, but users have access to the entire company network where VMware’s SD-Access client enables granular access control so, if the user is breached, the “blast radius” is limited.
After deploying SD-Access, Nature Fresh Farms was able to optimize bandwidth usage and prioritize access. It also allowed the grower to consolidate its data centers from the two Canadian plants, thereby promoting a more centralized and cohesive data system. According to Keith Bradley, vice president of IT and security at Nature Fresh Farms, with data now housed in one place, growers began communicating more efficiently.
When Nature Fresh Farms wanted to share real-time data on soil moisture levels across its greenhouses, SD-Access ensured a seamless data transfer by intelligently prioritizing the network’s traffic. The solution also proved invaluable during the COVID-19 pandemic, enabling data analysts to remotely access crop yield predictions without setting foot in the greenhouse. Instead, they used the Client Connector to tap into crop data securely.
Another significant enhancement was the integration of 5G robots. The robots used the Headless Client to collect plant health data. For instance, once a robot detected a section of bell peppers showing signs of pest infestations, it sent the data through Relay in SD-Access. Relay then determined the best path to send this data, ensuring that the farm’s pest control team received instant alerts.
Finally, the introduction of the SD-Access enabled Nature Fresh Farms to overhaul its security protocols, said Bradley. The grower now has a streamlined way to allow access while maintaining high-security standards, which is especially beneficial for the multiple networks it manages. This has led to innovations like enabling the harvesting robots to integrate seamlessly into Nature Fresh Farms’ primary network, as shown above.
In essence, SD-Access didn’t just connect Nature Fresh Farms, it brought about a synergy where data – e.g., crop yield, pest infestation –traverses the network consistently, decisions are made quickly, and the company's overall efficiency has improved. The grower was able to make better use of its data and adapt to new challenges during the pandemic by implementing VMware’s solution.