Segmentation is the process of dividing the network into logical sub-networks called Segments by using isolation techniques on a forwarding device such as a switch, router, or firewall. Network segmentation is required when traffic from different organizations and data types must be isolated.

In the segment-aware topology, different Virtual Private Network (VPN) profiles can be enabled for each segment. For example, Guest traffic can be backhauled to remote data center firewall services, Voice media can flow direct from Branch-to-Branch based on dynamic tunnels, and the PCI segment can backhaul traffic to the data center to exit out of the PCI network.

To configure the Segments using the new Orchestrator UI:

  1. In the Enterprise portal, click the Open New Orchestrator UI option available at the top of the Window.
  2. Click Launch New Orchestrator UI in the pop-up window.
  3. The UI opens in a new tab displaying the monitoring and configuring options.

In the new Orchestrator UI, click the Configure tab.

Note: The Configure tab is available only when the Operator has enabled the option. If the tab is not available for you, contact your Operator.
  1. Click Configure > Segments.
  2. The Segments page displays the existing Segments.

  3. Click Add to add a new Segment and configure the following details:
    Option Description
    Segment Name Enter a name for the Segment. The maximum number of characters allowed is 256.
    Description Enter a descriptive text for the Segment. The maximum number of characters allowed is 256.
    Type Choose the Segment type as one of the following:
    • Regular - The standard segment type.
    • Private - Used for traffic flows that require limited visibility in order to address end user privacy requirements.
    • CDE - VMware provides PCI certified SD-WAN service. The Cardholder Data Environment (CDE) type is used for traffic flows that require PCI and want to leverage the VMware PCI certification.
    Note: For Global Segment, you can set the type either to Regular or Private. For non-global segments, the type can be Regular, CDE, or Private.
    Service VLAN Enter the service VLAN identifier. For more information, see Define Mapping Segments with Service VLANs.
    Delegate To Partner By default, this checkbox is selected. If this checkbox is not selected, the Partner cannot change the configurations within the segment, including the Interface assignment.
    Delegate To Customer By default, this checkbox is selected. If this checkbox is not selected, the Customer cannot change the configurations within the segment, including the Interface assignment.
  4. Click Save Changes.

To remove a Segment, select the Segment and click Delete. You cannot delete a Segment used by a Profile.

For more information, see Configure Segments.