VMware SD-WAN supports bi-directional communication with the VMware SD-WAN Edge by using WebSockets. WebSocket is a full-duplex communication protocol over a single TCP connection. WebSockets easily enable communication between a Web browser (or other client applications) and a Web server with much lower overhead than HTTP polling. Remote Diagnostics uses a bi-directional WebSocket connection instead of the live-mode heartbeat mechanism to improve the responsiveness of the Remote Diagnostics in the VMware SASE Orchestrator.

The WebSocket communication involves the following two WebSocket connections for passing WebSocket messages from a Web browser to a VMware SD-WAN Edge and vice versa:
  • A WebSocket connection between a Web browser (Orchestrator UI portal) and an Orchestrator. This connection is responsible for all communications with the Web browser and for setting up the system properties needed for establishing a WebSocket connection.
  • Another WebSocket connection between an Orchestrator and an Edge. This connection is persistent and setup on Edge activation for processing heartbeats from the Edge and sending back responses to the Orchestrator.

While establishing WebSocket connections between a Web browser and an Edge, in order to ensure Web security against Distributed Denial-of-Service (DDoS) and Cross site request forgery (CSRF) attacks, the browser origin address that is used to access the Orchestrator UI is validated for incoming requests.

In most Orchestrators, the browser origin address/DNS hostname is the same as the value of the network.public.address system property. To support scenarios where the address used to access the Orchestrator UI from the browser is different from the value of the network.public.address system property, the following system properties are added newly for WebSocket connections:
  • network.portal.websocket.address - Allows to set an alternate address/DNS hostname to access the UI from a browser if the browser address is not the same as the value of network.public.address system property. By default, the network.portal.websocket.address system property is not set.
  • session.options.websocket.portal.idle.timeout - Allows to set the total amount of time (in seconds) the browser WebSocket connection is active in an idle state. By default, the browser WebSocket connection is active for 300 seconds in an idle state.

VMware SASE Orchestrator enables you to run various Remote Diagnostic tests on a selected Edge. To run Remote Diagnostics on an Edge, perform the following steps:

  1. In the SD-WAN Service of the Enterprise portal, click the Diagnostics tab.
  2. The Remote Diagnostics page displays the existing Edges.

  3. Click the link to an Edge.
  4. A connection is established to the Edge and the Remote Diagnostics window displays all the possible Remote Diagnostics tests than you can run on the Edge.
  5. Choose an appropriate Remote Diagnostics test to run on the Edge and click Run. The diagnostic information is fetched from the Edge and displayed in the screen.

For more information about all the supported Remote Diagnostics tests, see the "Remote Diagnostic Tests on Edges" section in the VMware SD-WAN Troubleshooting Guide published at https://docs.vmware.com/en/VMware-SD-WAN/index.html.